AWS Services overview and global infrastructure
•Als PPTX, PDF herunterladen•
3 gefällt mir•5,767 views
In this presentation I discuss variety of services provided by AWS. I choose services which are in my opinion most commonly used and which may benefit our Payment Platform project which is fully deployed on AWS. In the second part of presentation I show how AWS infrastructure is localized globally and what are differences between region, availability zone and edge location.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie AWS Services overview and global infrastructure
Ähnlich wie AWS Services overview and global infrastructure (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
AWS Services overview and global infrastructure
- 1. THE FUTURE IS NOW
- 2. Amazon Web Services Services overview and global infrastructure by Jan Gurda (SPID)
- 3. Agenda 1. Very quick introduction to AWS ■ Demo of AWS console ■ Most important services – subjective list ■ On-Premises infrastructure mapped to AWS ■ Shared responsibility model 2. AWS global infrastructure ■ Regions ■ Availability Zones ■ Single-AZ vs. Multi-AZ deployment ■ Edge Locations 3
- 4. ■ Who is this presentation for? ■ Prerequisites ■ You know what AWS is in general 4 Quick introduction to AWS
- 5. ■ My subjective list ■ Chosen by potential gain it may provide in our project 5 Most commonly used services
- 6. ■ EC2 ■ EC2 Container Service ■ Lambda 6 Compute
- 7. ■ S3 ■ Glacier ■ Cloud Front ■ EBS 7 Storage and Content Delivery
- 8. ■ RDS ■ DynamoDB ■ ElastiCache ■ Redshift 8 Databases
- 9. ■ VPC ■ Route53 ■ Elastic Load Balancer 9 Networking
- 10. ■ IAM 10 Security and Identity
- 11. ■ Simple Queue Service (SQS) ■ Simple Notification Service (SNS) ■ Simple Email Service (SES) ■ Cloud Search 11 Application Services
- 12. ■ CloudWatch ■ CloudFormation ■ CoudTrail 12 Management Tools
- 13. ■ Hardware (servers, switches, routers, load balancers …) ■ Power supply (redundant) ■ Internet connection (redundant) ■ Disaster recovery and backups ■ Security ■ Many others … 13 On-Premises infrastructure
- 14. 14 How OPI maps to AWS Technology Stack On-Premises Solution AWS Solution Computation Physical servers, virtualization EC2 instances, Lambda, EC2 Container Service Storage • Physical disks (SSD, SCSI, SATA) • Network-attached storage • Storage area network EBS, S3, Instance Store Network Physical routers, VPN, VLAN VPC, Direct Connect, VPN Content delivery CDN Solutions CloudFront Database Various RDMS (Oracle, Postgres, MySQL, MongoDB) RDS, DynamoDB
- 15. 15 How OPI maps to AWS Technology Stack On-Premises Solution AWS Solution Load balancing Hardware LB (F5, Cisco etc.) Software LB ELB, Software LB (running on EC2) DNS DNS Providers Route53 Scaling Hardware and software clustering, Apache ZooKeeper Auto Scaling Group, custom software clustering Analytics Hadoop, Cassandra Elastic MapReduce Messaging Tibco, RabbitMQ, etc. SQS, SNS Caching Memcached, Redis ElastiCache Archiving Tape storage Glacier
- 16. 16 AWS Shared Responsibility Model
- 17. ■ Security “in” the cloud ■ OS Patching ■ Audit Logging ■ Anti-malware ■ Backups ■ Network Access ■ Adjust security rules ■ Secure network access ■ Secure deployed applications 17 ■Security “of” the cloud ■ 24x7 guards ■ Two-factor authentication ■ Disk destruction ■ Network monitoring ■ Intrusion detection ■ Limited access ■ Secure API endpoints AWS Shared Responsibility Model
- 18. ■ What is Region? ■ How to decide which region to choose? ■ Latency ■ Legal compliance ■ Cost ■ Features ■ https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ ■ Currently 11 regions ■ AWS GovCloud (US) Region 18 AWS Global Infrastructure - Regions
- 19. ■ Consists of multiple Availability Zones (AZs) ■ Each AZ is physically isolated from each other ■ AZs are connected through low-latency private links ■ Around 25Tbps bandwidth and a latency of 2ms to 1ms ■ AZ is designed as an independent failure zone 19 AWS Global Infrastructure - Regions
- 20. 20 AWS Global Infrastructure - Regions
- 21. 21 AWS Global Infrastructure ■ AZ Services, Regional Services and Global Services ■Regional Services – examples ■ Auto Scaling Group ■ Elastic Load Balancer ■ S3 ■ DynamoDB ■ CloudSearch ■ SQS ■Global services – examples ■ IAM ■ Route 53 ■ Cloud Front ■AZ Services – examples ■ EC2 ■ RDS ■ ElastiCache
- 22. ■ EC2 (or RDS) instances deployed in: 22 Multi AZ vs. Single AZ Single AZ Multi AZ Not highly available HA and DR Lower price (RDS) Higher price Limited scalability Better scalability
- 23. 23 Multi AZ vs. Single AZ architecture
- 24. ■ Suitable for large enterprises ■ Allows maintain extremely high SLAs ■ Costs much more ■ Technically complex to setup correctly 24 Multi-region architecture
- 25. ■ Get closer to your customers ■ Few dozens of edge locations worldwide ■ Services that use edge locations ■ CloudFront ■ Route 53 25 Edge locations
Hinweis der Redaktion
- Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. AWS Lambda is a compute service where you can upload your code to AWS Lambda and the service can run the code on your behalf using AWS infrastructure. After you upload your code and create what we call a Lambda function, AWS Lambda takes care of provisioning and managing the servers that you use to run the code. https://aws.amazon.com/lambda/pricing/
- Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud
- Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools
- Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
- Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel Amazon Simple Email Service (Amazon SES) is a cost-effective email service built on the reliable and scalable infrastructure that Amazon.com developed to serve its own customer base. Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
- Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS.
- When evaluating the security of a cloud solution, it is important for customers to understand and distinguish between: Security measures that the cloud service provider (AWS) implements and operates – "security of the cloud" Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – "security in the cloud" AWS Responsibilities AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure consists of the hardware, software, networking, and facilities that run Amazon Web Services. Customer Responsibilities The security configuration options you choose to use depend on the sensitivity of your workload and which services you are using. For AWS infrastructure services, like Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3) you have more choice around what security controls you deploy. For EC2, you have full control of when patchs are applied as well as any software you install so you can ensure that your systems are validated and managed in the same way you manage your existing machines today.
- Region is designed to be completely isolated from the other Amazon EC2 regions. This achieves the greatest possible fault tolerance and stability. Amazon EC2 is hosted in multiple locations all over the world. It’s quite straightforward that resources geographically close to the client are served faster, so you can immediately get the rationale of creating so many regions all over the world: getting resources closer to who asks them. Right now, AWS has about 10 regions available, three of them in US and the others spread over Europe, Asia, Pacific and South America, but stay assured that more of them will be opened in the future. For many of the AWS services, you will be asked in which region you want to deploy your resources. For example, if you launch an EC2 instance, you will be asked in which region to host it. Each region is totally isolated from the others, and they can talk only via the Internet. Actually, Regions are so isolated that when you view your resources, you’ll only see the resources tied to the region you’ve specified: AWS doesn’t replicate resources across regions automatically.
- Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links To ensure that resources are distributed across the Availability Zones for a region, we independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. Note that there's no way for you to coordinate Availability Zones between accounts.
- As Availability Zones grow over time, our ability to expand them can become constrained. If this happens, we might restrict you from launching an instance in a constrained Availability Zone unless you already have an instance in that Availability Zone. Eventually, we might also remove the constrained Availability Zone from the list of Availability Zones for new customers. Therefore, your account might have a different number of available Availability Zones in a region than another account.
- An edge location is where end users access services located at AWS. They are located in most of the major cities around the world and are specifically used by CloudFront (CDN) to distribute content to end user to reduce latency. It is like frontend for the service we access which are located in AWS cloud.