banner in aws: technical details - gabriel tocci · banner in aws: technical details gabriel tocci...
TRANSCRIPT
![Page 1: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/1.jpg)
Banner in AWS: Technical Details
Gabriel Tocci
10-OCT-2018 @ 1:30pm - 2:30pm
Session ID # 1016
![Page 2: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/2.jpg)
Session Format
• 60 minute time slot
• Touch on a lot of topics
• Q&A anytime
• AWS / DBA
• Can you see REAL good?
• gabrieltocci.com/talks
CoHEsion Summit 2
![Page 3: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/3.jpg)
CoHEsion Summit 3
AWS services• EC2 Instances• Docker container orchestration
• ECS• Load balancing and Service discovery
• ELB, ALB, HAProxy• Continuous Delivery
• Gitlab-ci, S3, ECR• Networking
• Route53, VPC• Serverless functions
• Lambda• Databases
• RDS: MS-Sql
Infrastructure as code (IaC)• Terraform • Puppet• DockerMonitoring• Prometheus• Alerts Manager• Slack• GraphanaSecurityDisaster Recovery
AWS Tech Summary
![Page 4: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/4.jpg)
CoHEsion Summit 4
Why Cloud?
• Efficiency and Scalability• Registration Spec’d Hardware• No need to guestimate capacity at time of purchase
• Self-Service Infrastructure• Dell, Cisco, Compellant, Who?
• Lower overall costs• Pay only for what you need• Cap-ex vs. op-ex
• Global resources• Global performance• DR
• Security First
• Elimination of hardware failures and upgrades
• Performance
![Page 5: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/5.jpg)
CoHEsion Summit 5
![Page 6: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/6.jpg)
• Market Leader
• Mature, robust, stable
• Support
• Well Documented
• Price
• CLI
• API
• Terraform Provider
CoHEsion Summit 6
Why AWS?
![Page 7: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/7.jpg)
CoHEsion Summit 7
![Page 8: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/8.jpg)
ETSU AWS Project
• Current State is hybrid could / on prem
• Timing with Banner 9
• Server Requisition
• Technology Change
• 2 DBA, 1 manager/director
• 4 senior programmers, 2 junior programmer
• 0 system admin
• 0 network engineers
CoHEsion Summit 8
![Page 9: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/9.jpg)
IaC
• Declares intent and interactions of resources
• Auditable infrastructure
• Increases recovery speed
• Reduces go-live errors
• Manages “drift” of configurations
CoHEsion Summit 9
Tools
• Puppet
• Terraform
• Docker
• Git
![Page 10: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/10.jpg)
Network
Compute Resources
Storage
Operating System
OS Configuration
Application
Application Config
TerraformCloudFormationetc.
PuppetAnsibleChefetc.
Provisioning vs. Configuration Management
![Page 11: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/11.jpg)
Terraform
CoHEsion Summit 11
resource "aws_instance" "foo" {ami = "ami-ae7bfdb8”instance_type = "m4.xlarge"subnet_id = "${module.vpc.private_subnets[1]}"key_name = "linux_ec2"private_ip = "121.43.22.41"vpc_security_group_ids = ["${aws_security_group.dban.id}"]
root_block_device{volume_type = "gp2"volume_size = "100"delete_on_termination = "false"
}}
![Page 12: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/12.jpg)
Apps in AWS on EC2
• Oracle: Banner, ODS, Degreeworks, UC4
• Jobsub / UC4
• ESM
• Degreeworks: Classic Server and Rabbitmq
• Small Instances• Informattica Cloud Agent (salesforce / Targetx)
• HAProxy
• dtncommerce
• dns
CoHEsion Summit 12
![Page 13: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/13.jpg)
CoHEsion Summit 13
![Page 14: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/14.jpg)
• https://git.etsu.edu/aws/terraform/blob/master/env-development/dadb.tf
• https://calculator.s3.amazonaws.com/index.html
CoHEsion Summit 14
![Page 15: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/15.jpg)
CoHEsion Summit 15
![Page 16: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/16.jpg)
Orchestration: AWS Elastic Container Service (ECS)
• ECS Task Management• Desired Task Count
• URL Routing
• EC2 Clusters• EC2 Hosts vs. Fargate
• Elastic Container Registry (ECR)
• Cloudwatch logs• 6 month retention
CoHEsion Summit 16
![Page 17: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/17.jpg)
Containerization
• Git Repo’s• Application
• Docker: Base Images
• ECS Service
• Externalized Configuration • Config Files
• Docker.ini
• Secrets.yaml
• Gitlab-ci.yaml• Push Tarball
• Application and Configuration
• Entrypoint.py• Configure Application
• Application Configuration
• Launch Catalina
CoHEsion Summit 17
![Page 18: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/18.jpg)
Admin Pages – Deployment Walkthrough
• Deploy via ESM to “dummy” host• Update repo w/war or new configuration settings:
• https://git.etsu.edu/ecs/AdminPages/tree/master/tsth
• GitlabCI executes deploy_to_s3.py• https://git.etsu.edu/ecs/AdminPages/blob/master/.gitlab-ci.yml
• Deploy_to_s3.py builds tarballs and pushes them to s3• https://git.etsu.edu/ecs/AdminPages/blob/master/deploy_to_s3.py
• Ecs task• https://git.etsu.edu/aws/terraform/blob/master/env-development/ecs-tasks/tsth-
BannerAdmin.json#L4
• Tomcat image has entrypoint.py• https://git.etsu.edu/docker/tomcat8-jre7-base/blob/master/entrypoint.py• Configures war (docker.ini)• Configures secrets (secrets.yaml)
• Secrets.yaml get updated on password rotations• https://git.etsu.edu/banner/password-fabric/blob/master/aws.py
CoHEsion Summit 18
![Page 19: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/19.jpg)
Containerized Banner Apps
• General Self Service
• Integration API
• SSB
• Banner Event Publisher
• TNCommerce
• RoboRegistrar
• Banner Extensibility
CoHEsion Summit 19
• Application Navigator
• Admin Pages
• Employee Self Service
• eTranscript API
• Goldlink (drupal portal)
• Student Self Service
• College Scheduler
• Banner Online Help
• D2L – LDI
https://git.etsu.edu/aws/terraform/tree/master/env-development/ecs-tasks
![Page 20: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/20.jpg)
CoHEsion Summit 20
![Page 21: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/21.jpg)
ECS Service Discovery
Application Load Balancer
ECS ECS ECS ECS …
HAProxy HAProxy
Elastic Load Balancer Elastic Load Balancer
*.infosys.etsu.edu *.etsu.edu
![Page 22: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/22.jpg)
On-Prem
• Evisions MAPS
• Intellicheck
• Portal (drupal)
• EIS / SSO Manager
• INB
• Dataguard
• BDM
• FSAAtlas
• Oracle Enterprise Manager
CoHEsion Summit 22
![Page 23: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/23.jpg)
Lambda Functions
• rave-rss
• ec2-start-parkable
• errors-remedy-to-slack
• pwebsql1-ip-check
• ebs-backup-worker
• Emailer
• trs-etl
• campus_tours_emailer
• com_webadmit_service
• SecureAccessMirror
• snsToSlack
• ebs-backup-prune
• ec2-stop-parkable
• TRS_Reminders
CoHEsion Summit 23
![Page 24: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/24.jpg)
Security
• IAM users
• 2FA
• Security Groups• Ingress / Egress Rules
• SSH Keypair login only• Same as On-Prem
• Puppet
• Iptables
CoHEsion Summit 24
![Page 25: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/25.jpg)
Disaster Recovery
• Single Region
• Multi AZ
• Snapshots
• Declarative Infrastructure = Infrastructure is easily rebuilt
• Dataguard on premise
CoHEsion Summit 25
![Page 26: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/26.jpg)
Banner Password Rotations / AWS
• Fabric
• AWS API
• https://git.etsu.edu/banner/password-fabric/blob/master/aws.py
CoHEsion Summit 26
![Page 27: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/27.jpg)
Monitoring
• Cloudwatch, yuk!
• Prometheus
• Alerts Manager / Slack
• Graphana
• Enterprise Manager
CoHEsion Summit 27
![Page 28: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/28.jpg)
CoHEsion Summit 28
![Page 30: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/30.jpg)
Summary
• Take inventory of current resources – network, hardware, software, personnel
• Get Comfortable with AWS services
• Learn how to use the AWS cost estimator
• IaC
• cattle not pets
CoHEsion Summit 30
![Page 31: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/31.jpg)
Whats Next?
• Containerize more apps
• Puppetize more vm configuration
• Create standby in separate region
• Increase usage of CI/CD
• Increase monitoring via Prometheus and alerting
• Greenfield
• AWS Fargate
• Kubernetes
CoHEsion Summit 31
![Page 32: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/32.jpg)
Questions?
CoHEsion Summit 32
![Page 33: Banner in AWS: Technical Details - Gabriel Tocci · Banner in AWS: Technical Details Gabriel Tocci 10-OCT-2018 @ 1:30pm - 2:30pm Session ID # 1016](https://reader033.vdocuments.net/reader033/viewer/2022042302/5ecdace1e6a6dc1a70664034/html5/thumbnails/33.jpg)
Resources
• http://www.gabrieltocci.com/talks
• BanDock: Docker Group• [email protected]
• https://bitbucket.org/edurepo/
• BannerInTheCloud: AWS Group• https://bannerinthecloud.slack.com
CoHEsion Summit 33