getting started with managed services | aws public sector summit 2016
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Joe Healy, Senior Consultant, AWS Professional Services
June 20, 2016
Getting Started with Managed Services
Why AWS managed services?
If you host your applications on-premises
Power, HVAC, netRack and stack
Server maintenance
OS patches
App/DB patchesBackups
ScalingHigh availability
App/DB installs
OS installation
you
App optimization
If you host your applications in Amazon EC2
Power, HVAC, netRack and stack
Server maintenance
OS patches
App/DB patchesBackups
ScalingHigh availability
App/DB installs
OS installation
you
App optimization
If you choose a managed service
Power, HVAC, netRack and stack
Server maintenance
OS patches
App/DB patchesBackups
App optimization
High availability
App/DB installs
OS installation
you
Scaling
AWS managed service eye chart
AWS Directory Service
Managed Active Directory
You can create a new directory or extend your existing directory by using AWS Directory Service or by creating one or more domain controllers in your AWS environment.
AWS Directory Service
Microsoft AD
Simple AD
AD Connector
AD Connector
AD Connector is a proxy service for connecting your on-premises Microsoft Active Directory to the AWS Cloud without requiring complex directory synchronization or the cost and complexity of hosting a federation infrastructure.
When to useAD Connector is your best choice when you want to use your existing on-premises directory with AWS services.
Simple AD
Simple AD is a Microsoft Active Directory–compatible directory from AWS Directory Service that is powered by Samba 4. Simple AD supports commonly used Active Directory features such as user accounts, group memberships, domain-joining EC2 instances running Linux and Microsoft Windows.
When to useIn most cases, Simple AD is the least expensive option and your best choice if you have 5,000 or less users and don’t need the more advanced Microsoft Active Directory features.
Microsoft AD
AWS Directory Service for Microsoft Active Directory is a managed Microsoft Active Directory hosted on the AWS Cloud. It provides much of the functionality offered by Microsoft Active Directory plus integration with AWS applications. With the additional Active Directory functionality, you can, for example, easily set up trust relationships with your existing Active Directory domains to extend those directories to AWS services.
When to useMicrosoft AD is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories.
*May not be compatible with all applications due to AD Forest Trust
Amazon S3
Managed Object Storage
Our customer promise
Durable11 9s
AvailableDesigned for 99.99%
ScalableGigabytes → Exabytes
Cross-region replication
- Amazon CloudWatch metrics for Amazon S3- AWS CloudTrail support
VPC endpoint for Amazon S3
Amazon S3 bucket limit increase
Event notifications
Read-after-write consistency in all regions
Innovation for Amazon S3
Amazon S3 Standard-IA
Expired object delete marker
Incomplete multipart upload expiration
Lifecycle policy
Transferacceleration
Innovation for Amazon S3
Choice of storage classes on Amazon S3
Standard
Active data Archive dataInfrequently accessed data
Standard—Infrequent Access Amazon Glacier
11 9s of durability
Standard—Infrequent Access storage
Designed for 99.9% availability
Durable AvailableSame throughput as
Amazon S3 Standard storage
High performance
• Server-side encryption• Use your encryption keys• AWS KMS-managed encryption keys
Secure• Lifecycle management• Versioning • Event notifications• Metrics
Integrated• No impact on user
experience• Simple REST API• Single bucket
Easy to use
Storage tiered to your requirements
Lifecycle
AvailableS3: 99.99%
S3-IA: 99.9%
PerformantLow latency
high throughput
SecureSSE, client
encryption, AWS Identity & Access
Management integration
Event NotificationsAmazon SQS,
Amazon SNS, and AWS Lambda
VersioningKeep multiple
copies automatically
Cross region replication
Commonnamespace
Define storage class per object
Durable99.999999999%
ScalableElastic capacity No preset limits
“Hot” dataActive and/or
temporary data
“Warm” dataInfrequently
accessed data
“Cold” dataArchive and
compliance data
S3-IA
Amazon Glacier
S3
Lifecycle
AvailableS3: 99.99%
S3-IA: 99.9%
PerformantLow latency
High throughput≥ 30 Days≥ 128K
≥ 90 Days
Durable99.999999999%
ScalableElastic capacity No preset limits
> 0K$0.007/GB per month
$0.0125/GB per month
“Hot” dataActive and/or
temporary data
“Warm” dataInfrequently
accessed data
“Cold” dataArchive and
compliance data
≥ 0 Days> 0K$0.03/GB per month
3 – 5 Hrs
$0.01/GB retrieval
$0.01/GB retrieval > 5%
Storage tiered to your requirements
S3-IA
Amazon Glacier
S3
Amazon Route 53
Managed DNS
What is Route 53?
Route 53 is AWS’s authoritative domain name (DNS) service
DNS translates domain names (like www.amazon.com) into IP addresses—think of it as a “phone book” for the Internet
DNS is a Tier-0 service—availability is most important
We chose the name “Route 53″ as a play on the fact that DNS servers respond to queries on port 53
How it works
Users DNS resolver Route 53
Where is www.example.com?
I don’t know – I’ll ask the authority
1.2.3.4 1.2.3.4
53
Design principles
Reliable
Fast
Integrated with AWS
Easy to use
Cost effective
Flexible
• Redundant locations• Backed with SLA
• Worldwide anycast network• Fast propagation of changes
• Elastic Load Balancing alias queries
• Latency based routing• More to come
• Console• Programmatic API• Domain name management
• Inexpensive rates• Pay as you go model
• Geo DNS• Weighted round robin• Self-aliasing
Route 53’s key features
High availability
DNS
• Highly available and scalable DNS service
• DNS failover to route around region- and AZ-level issues
• Map the root or apex of your hosted zone to your load balancer
• Run applications in multiple AWS Regions and route users based on location to optimize latency, load balancing, and other considerations
• Manage domain name purchases and renewals by using the Route 53 console and API
Alias records
Domain name registration
Advanced routing: Geo
DNS, LBR, and WRR
Private DNS within VPCUse Route 53 to manage custom DNS names for resources internal to a VPC, such as Amazon EC2 instances, Amazon RDS databases, and Amazon ElastiCache nodes
Private DNS prevents these names and your network topology from being exposed to the public Internet
FeaturesDomain name registrationCustomers can now buy and manage domain names by using Route 53
Geolocation RoutingRoute end users to different endpoints based on the end user’s geographic locationAllows traffic to balance load across regions as well as to localize/restrict content
Health checksCustom application status requests
CloudWatch alarm notifications can be created for specific thresholds
DNS failoverSingle resource record can have multiple targets (EC2 and S3)
Health-check failure event can cut traffic over to second origin automatically
Features
AWS Elastic Beanstalk
Application Management Platform
AWS Elastic Beanstalk vs. do it yourself
Your code
HTTP server
Application server
Language interpreter
Operating system
Host
Elastic Beanstalk configures each EC2 instance in your
environment with the components necessary to run applications for the selected platform. No more worrying
about logging into instances to install and configure you
application stack.
Focus on building your application
Provided by you
Provided and managed by AWS Elastic Beanstalk
On-instance configuration
AWS Elastic Beanstalk vs. do it yourself
• Preconfigured infrastructure• Single instance (dev, low cost)• Load balanced, auto scaling (production)
•Web & worker tiers• Elastic Beanstalk provisions necessary
infrastructure resources such as the load balancer, auto scaling group, security groups, database (optional), etc.
• Provides a unique domain name for your application(for example: youapp.elasticbeanstalk.com)
Infrastructure stack
Information required to deploy application
01
02
03
04
AWS Region
Stack (container) type
Single Instance Load balanced with auto-scaling
OR
Database (RDS) Optional
Your code Supported Platforms
How to deploy applications
1. By using AWS Management Console
2. By using AWS Toolkit for Eclipse and Visual Studio IDE
3. By using Elastic Beanstalk command line interface
$ eb deploy
Keep your application platform up-to-date, automatically
Stay in control of platform updates
Safely perform updates while maintaining availability
NEW
Managed platform updates for elastic beanstalk
v2
Request
Auto Scaling group
Loadbalancer
Auto Scaling group“Green”
v2
Auto Scaling group
Loadbalancer
“Blue”
Request
v2
Auto Scaling group
Loadbalancer
Auto Scaling group
“Blue”
“Green”
Request
v2
Auto Scaling group
Loadbalancer
Auto Scaling group
“Blue”
“Green”
Request
v2
Auto Scaling group
Loadbalancer
Auto Scaling group
“Blue”
“Green”
Request
Loadbalancer Auto Scaling groupRequest
Amazon RDS
Managed Relational Databases
Relational databases
Fully managed
Fast, predictable performance
Simple and fast to scale
Low cost, pay for what you useAmazon
RDS
Amazon Aurora
Authentication and access control
Encryption
SSL
Security groupsAmazonRDS security
RDS feature matrixFeature Aurora MySQL PostgreSQL MariaDB Oracle SQL Server
VPC High availability Instance scaling Encryption
Read replicas Oracle GoldenGateCross-region
Maximum storage 64 TB 6 TB 6 TB 6 TB 6 TB 4 TB
Scale storage Auto Scaling
Provisioned IOPS NA 30,000 30,000 30,000 30,000 20,000
Largest instance R3.8XL R3.8XLM4.10XL
R3.8XLM4.10XL
R3.8XLM4.10XL
R3.8XLM4.10XL
R3.8XLM4.10XL
Amazon Aurora: Fast, available, and MySQL-compatible
SQLTrans-actions
AZ 1 AZ 2 AZ 3
Caching
Amazon S3
5x faster than MySQL on same hardware
SysBench: 100 K writes/sec and 500 K reads/sec
Designed for 99.99% availability
6-way replicated storage across 3 AZs
Scale to 64 TB and 15 Read Replicas
Amazon RDS is simple and fast to scale
Database instance types offer a range of CPU and memory selections
Scale up or down among instance types on demand
Database storage is scalable on demand
Amazon RDS offers fast, predictable storage
General Purpose (SSD) for most workloads
Provisioned IOPS (SSD) for OLTP workloads up to 30,000 IOPS
Magnetic for small workloads with infrequent access
High availability Multi-AZ deployments
Enterprise-grade fault tolerance solution for production databases
Automatic failoverSynchronous replication
Inexpensive and enabled with a few clicks
Choose Read Replicas for scalability and enhanced data locality
Relieve pressure on your master node for supporting reads and writes
Even faster recovery in the event of disaster
Bring data close to your customers
Promote to a master for easy migration
Choose cross-region snapshot copy for even greater durability, ease of migration
Copy a database snapshot to a different AWS Region
Warm standby for disaster recovery
Base for migration to a different region
Amazon Redshift
Managed Data Warehouse
Amazon Redshift
a lot fastera lot cheapera whole lot simpler
Relational data warehouse
Massively parallel; petabyte scale
Fully managed
HDD and SSD platforms
$1,000/TB/year; starts at $0.25/hour
Amazon Redshift architectureLeader node
• Simple SQL endpoint• Stores metadata• Optimizes query plan• Coordinates query execution
Compute nodes• Local columnar storage• Parallel/distributed execution of all
queries, loads, backups, restores, resizes
Start at just $0.25/hour, grow to 2 PB (compressed)
• DC1: SSD; scale 160 GB–326 TB• DS2: HDD; scale 2 TB–2 PB
10 GigE(HPC)
IngestionBackupRestore
SQL Clients/BI Tools
128GB RAM
16TB disk
16 cores
Amazon S3/Amazon DynamoDB/Amazon EMR
JDBC/ODBC
128GB RAM
16TB disk
16 coresCompute Node
128GB RAM
16TB disk
16 coresCompute Node
128GB RAM
16TB disk
16 coresCompute Node
LeaderNode
Amazon Redshift is fast
Dramatically less I/OColumn storage
Data compression
Zone maps
Direct-attached storage
Large data block sizes
10 | 13 | 14 | 26 |…
… | 100 | 245 | 324
375 | 393 | 417…
… 512 | 549 | 623
637 | 712 | 809 …
… | 834 | 921 | 959
10
324
375
623
637
959
ID Age State Amount
123 20 CA 500
345 25 WA 250
678 40 FL 125
957 37 WA 375
Fully managed, continuous/incremental backups
Multiple copies within cluster
Continuous and incremental backups to Amazon S3
Continuous and incremental backups across regions
Streaming restore Amazon S3
Amazon S3
Region 1
Region 2
Compute Node
Compute Node
Compute Node
Amazon Redshift offers rock-solid fault tolerance
Amazon S3
Amazon S3
Region 1
Region 2
Compute Node
Compute Node
Compute Node
Disk failures
Node failures
Network failure
Availability Zone—or region-level disasters
Security is built-in• Load encrypted from S3
• SSL to secure data in transit
• Amazon VPC for network isolation
• Encryption to secure data at rest
• On-premises HSM and AWS CloudHSM support
• SOC 1, 2, and 3; PCI-DSS; FedRAMP; BAA
10 GigE(HPC)
IngestionBackupRestore
SQL Clients/BI Tools
128GB RAM
16TB disk
16 cores
128GB RAM
16TB disk
16 cores
128GB RAM
16TB disk
16 cores
128GB RAM
16TB disk
16 cores
Amazon S3/Amazon EMR/Amazon DynamoDB/SSH
Customer VPC
InternalVPC
JDBC/ODBC
LeaderNode
Compute Node
Compute Node
Compute Node
Managed SSL Certificate Service
AWS Certificate Manager
AWS Certificate Manager
• Provision trusted SSL/TLS certificates from AWS for use with AWS resources:• Elastic Load Balancing • Amazon CloudFront distributions
• AWS handles the muck • Key pair and CSR generation• Managed renewal and deployment
• Domain validation (DV) through email• Available through AWS Management Console, CLI, or API
AWS Certificate Manager (ACM) Benefits
• Protect and secure websites and applications • Provision certificates quickly and easily • Free• Managed certificate renewal• Secure key management• Centrally manage certificates on the AWS Cloud• Integrated with other AWS Cloud services
ACM-Provided CertificatesDomain names
• Single domain name: www.example.com• Wildcard domain names: *.example.com• Combination of wildcard and non-wildcard names• Multiple domain names in the same certificate (up to 10)
ACM-provided certificates are managed• Private keys are generated, protected, and managed• ACM-provided certificates cannot be used on EC2 instances or on-
premises servers• Can be used with AWS services, such as ELB and CloudFront
Algorithms• RSA 2048 and SHA-256
Thank you!