All slides from the May 2014 Meetup. Talks included: • "Mining crypto currency on AWS spot instance" - Scott VanDenPlas, Engineer at el el see @scottvdp • "HA for healthcare" - Ryan Koop, Director of Products & Marketing, Cohesive @ryankoop • "Using AWS for HA at BrightTag" - Matt Kemp, Engineer of Things™ at BrightTag @mattkemp • So nice, he's talking twice. - Scott VanDenPlas, Engineer at el el see @scottvdp Join us again June 24 at Mediafly and in July back at Cohesive!

1. Sponsored by
Hosted by
Chicago AWS user
group - May 2014
!
!
“Using AWS for High Availability”
#AWSChicago

2. Organizer
!
Margaret Walker
CohesiveFT
!
!
Tweet: @MargieWalker
#AWSChicago
Sponsored by
Hosted by
#AWSChicago

3. Mark your calendars -
next AWS user group June 24
Security in AWS

4. 6:00 pm Introductions
6:10 pm Lightning Talks
"Mining crypto currency on AWS spot instance" - Scott
VanDenPlas, Engineer at el el see @scottvdp
"HA for healthcare" - Ryan Koop, Director of Products &
Marketing, CohesiveFT @ryankoop
"Using AWS for HA at BrightTag" - Matt Kemp, Engineer of
Things™ at BrightTag @mattkemp
So nice, he's talking twice. - ScottVanDenPlas, Engineer at el el
see @scottvdp
6:30 pm Q & A
7:00 pm Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#AWSChicago

5. “Mining crypto currency on AWS
spot instance”
!
ScottVanDenPlas, Engineer at el el see
!
Tweet: @scottvdp
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

7. AWS Spot Market
Arbitrage
Or How I Stopped Worrying and Learned to Love the Bid

8. Scott
VanDenPlas
!
scott@
elelsee.com

9. awsofa.info

10. A (crappy) Primer to
Magic Internet Money

11. You cannot make
money doing this.
(currently.)

12. There was a time you
could.
Five months ago.

13. g2.2xlarge
New generation. Single GPU.!
!
CPU 34.09 khash/s!
GPU 196.08 khash/s!
!
230.17 khash/s!
$0.650 per Hour

14. cg1.4xlarge
Old generation. Dual GPU.!
!
CPU 52.51 khash/s!
GPU 311.4 khash/s!
!
363.91 khash/s!
$2.100 per Hour

15. Earning Potential.
g2.2xl $0.076 hourly.
cg1.4xl $0.120 hourly.

16. Uh… not so much.
g2.2xl $0.076 hourly.
cg1.4xl $0.120 hourly.
!
!
On Demand!
g2.2xl $0.650 hourly.
cg1.4xl $2.100 hourly.

17. Spot Instance Pricing
Region!
!
Availability Zone!
!
Account!
!
Instance Type!
!
Operating System!
!
VPC

18. No amount of money
makes it worth it to run
Windows.

19. AMI Defenestration.
!
Yep, it is possible.

20. Proof.

22. Now I need 3000 of these.

24. Advice from my
lawyer.
!
We are not legally laundering money from!
our AWS Partner Account.!
!
!
I am not implying that ever occurred.

25. @scottvdp
/in/scottvdp

26. “HA for healthcare”
!
Ryan Koop, Director of Products &
Marketing, CohesiveFT
!
Tweet: @ryankoop
#AWSChicago
Sponsored by
Hosted by
#AWSChicago

27. @ryankoop
Healthcare HA in AWS
AWS User Group May 29, 2014
1

28. @ryankoop
Oh, hello
2
During Business Hours++
Ryan Koop
Director of Products & Marketing, Co-founder
@ryankoop
www.linkedin.com/in/rkoop/
After Hours
NAME Ryan Koop
CLUB Royal Fox CC - Men
LOCAL# 2024 Assoc# 20005661
EFFECTIVE DATE 10/15/2013
SCORES POSTED 12 USGA HDC INDEX
18.9
SCORE HISTORY - MOST RECENT FIRST
1 96*I 98 I 95*I 89*AI 96*AI
6 95*AI 99 H 99 I 99 AI 94*I
11 97 H 96*I 106 A 97 H 95 H
16 97 I 94*H 91*H 96 I 94*H
Chicago District Golf Association - www.cdga.org
Ryan Koop
2013 GOLD MEMBER

29. @ryankoop
5/26/14 US-West-1 Single Availability Zone looses power
5/17/14 US-West-2 Increased Launch Error Rates
4/30/14 US-West-2 Connectivity Issues for Single Availability Zone
4/22/14 EU-West-1 Connectivity Issues for Single Availability Zone
4/16/14 EU-West-1 Increases API Error Rates
4/1/14 US-West-1 Connectivity Issues for Single Availability Zone
3/21/14 US-East-1 Increased API Error Rates
3/20/14 US-East-1 Increased API Error Rates
3/20/14 US-West-2 Increased API Error Rates
3/9/14 US-East-1 Connectivity Issues for Single Availability Zone
3
Cloud ≠ Reliability
Source:AWS Appstream RSS

30. @ryankoop
AWS SLA - Five 9s?
4
99.95% = ~22min/month Downtime
“Region Unavailable” | Burden of Proof | “Demarcation Point”
Yo Dawg, we heard you like SLAs
So we gave your SLA an SLA!

31. @ryankoop 5
AWS Data Center | Source: AWS James Hamilton
Amazon Perdix | Source: AWS James HamiltonSource:Your Nightmares
Source: Your Nightmares
You vsThem

32. @ryankoop
Enough of the FUDD
6
Source:Warner Bros.

33. @ryankoop
AWS and HA
7
Region
Availability Zone

34. @ryankoop 8
The H in HA Stands for Hybrid
Public A
Public B
Public
Private
Public
Data Center
Source: Chris Swan, CTO CohesiveFT

35. @ryankoop
Hybrid Strategies
9
VPC 2VPC 1
peer
PeeredVPCs
Common Software Stack
public privatepublic private
Single Pane of Glass
public
public
Common APIs
private
Source: Chris Swan, CTO CohesiveFT

36. @ryankoop
Slide Sponsored by: cccccccccccc
10
US Central 1a
Customer Data CenterCustomer Remote Office
VNS3 1
VNS3 2
VNS3 3
VNS3 Overlay Network
Server 1 Server 2 DB 1 DB 2 Server 3 DB 3
Active IPsecTunnel
Failover IPsecTunnel
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center ServerData Center ServerUser WorkstationUser Workstation
Peered Peered
US East 1a US West 2b

37. @ryankoop
The future (or now) is loosely coupled
11
Load Balancers
Web Servers
Load Balancers
App Servers
Database Cluster

38. @ryankoop
AWS and HIPAA
!
• Health InformationTechnology for Economic and Clinical Health
(HITECH) Act in 2009 and the 2010 Omnibus rule
• Business Associate Agreement - June 18, 2013
• EBS Encryption - May 21, 2014
12
1996 - Privacy, Security, and Breach Notification rules for the
storage & transmission of EHI

39. @ryankoop
Shared Responsibility
13
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Application
Layer
Virtual
Layer
Limit of user access, control and visibility
ApplicationOwner
CloudOwner
Hardware
Layer
Your HIPAA
Compliant App
AWS Xen Hypervisor
It’s Intel-based
but Secret

40. @ryankoop
HIPAATopology
14
IPsec
Firewall / IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
Peered
VNS3
Manager
us-west-2a
Multi-tenant Overlay Backup
User Workstation
NewYork, NY
Data Center Server
Healthcare
Provider 2
Healthcare
Provider 1
San Francisco, CASeattle,WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data
Center
Data Center Server Data Center Server
Healthcare
Provider 3
Healthcare
Provider N
DR Tablet

41. @ryankoop
Zone Failure
15
IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
Peered
VNS3
Manager
us-west-2a
Multi-tenant Overlay Backup
X
User Workstation
NewYork, NY
Data Center Server
Healthcare
Provider 2
Healthcare
Provider 1
San Francisco, CASeattle,WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data
Center
Data Center Server Data Center Server
Healthcare
Provider 3
Healthcare
Provider N
DR Tablet
Firewall / IPsec

42. @ryankoop
Regional Failure
IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
Peered
VNS3
Manager
us-west-2a
Multi-tenant Overlay Backup
X X
User Workstation
NewYork, NY
Data Center Server
Healthcare
Provider 2
Healthcare
Provider 1
San Francisco, CASeattle,WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data
Center
Data Center Server Data Center Server
Healthcare
Provider 3
Healthcare
Provider N
DR Tablet
Firewall / IPsec

43. @ryankoop
Global Failure
17
IPsec
US Central
Multi-tenant Overlay Cold
User Workstation
NewYork, NY
Data Center Server
Healthcare
Provider 2
Healthcare
Provider 1
San Francisco, CASeattle,WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data
Center
Data Center Server Data Center Server
Healthcare
Provider 3
Healthcare
Provider N
DR Tablet
Firewall / IPsec

44. @ryankoop
ThreeThings for HA
1. Rigorous automation of virtual servers
2. Rigorous automation of boot time context
3. Overlay network that quickly, simply
differentiates network location from identity
18

45. @ryankoop
ThankYou
19
Questions?

46. “Using AWS for HA at BrightTag”
!
Matt Kemp, Engineer of Things at BrightTag
!
Tweet: @mattkemp
#AWSChicago
Sponsored by
Hosted by
#AWSChicago

47. Using AWS for
HA @ BrightTag
Matthew Kemp

48. Everything Fails Eventually
Network splits
Instances go down
AWS Availability Zones
go offline
AWS Regions go offline

49. Cascading Failures
Keep failures self
contained

50. Design for Failure
Run multiple instances
Run in multiple
Availability Zones
Run in multiple
Regions

51. Redundancy
Database
Cluster
Data Access
Service
Web
Availability Zone A
Availability Zone B
Region

52. Local, Local, Local
Web
haproxy
stats
Data Access
Service
Graphite
Carbon
Region

53. Zero Downtime Deploys
+
++

54. Instances in 2011
We ran in two regions with ~40 instances
One had the minimum of two instances per app
The other was only slightly larger

55. Instances in 2014
We run in four regions with ~600 instances
Largest region is ~240 instances
Smallest region is ~70 instances

56. Questions?

57. Contact Info
matt@brighttag.com
@mattkemp
/in/matthewkemp

58. “I’ve got 99 problems and capacity
is all of them”
!
ScottVanDenPlas, Engineer at el el see
!
Tweet: @scottvdp
#AWSChicago
!
Sponsored by
Hosted by
#AWSChicago

60. Scott !
VanDenPlas!
!
scott@
elelsee.com

61. http://awsofa.info

63. I’ve got 99 problems and
capacity is all of them.

66. I’ve got 98 problems and
capacity is all of them.

68. http://alive.training

69. Q & A
!
!
Pizza’s almost here!
!
!
Sponsored by
Hosted by
#AWSChicago

70. Sponsored by
Hosted by
#AWSChicago