CIW Lab with CoheisveFT: Get started in public cloud - Part 2 Hands On

Getting Started with Public
Cloud and AWS
copyright 2013
1
CohesiveFT | Chicago Ideas Week Lab
Thursday, October 17, 13

Agenda
• Level Set: Cloud, Virtualization &
Networking Basics
•Working together: AWS and CohesiveFT
• AWS Core: Starting in EC2 and S3
• Hands on: Setting up your own AWS
• Life in the Cloud: What others are doing
in public cloud
copyright 2013
2

Welcome back
Ryan is responsible for product development and manages teams for
public relations, international events, and content marketing. His role
spans the technical product development, customer support, business
development and thought leadership needs of a growing company.
Before CohesiveFT, Ryan worked at a trading platform software
company in the US Derivative Markets.
copyright 2013
3
Patrick Kerpan
CEO, Co-founder
Ryan Koop
Director of Marketing, Co-founder
Your Presenter
Coming Up
@cohesiveft
#CIW

Jump into AWS: Amazon POV
copyright 2013
4
Layer 7
Layer 6 SaaS
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
PaaS
IaaS
Graphic from http://docs.amazonwebservices.com/gettingstarted/latest/awsgsg-intro/intro.html Layer 0

Jump into AWS: My POV
copyright 2013
5

AWS Regions = Availability Zones
copyright 2013
6
Choose specific regions to:
• Optimize latency
• Address regulatory requirements
• Create a point-of-presence (POP)
Servers
Internet Availability
Zone
Region: US East
Servers
Availability
Zone

AWS & Cloud Provides Global Reach
copyright 2013
7

AWS Terminology: Image & Instance
In AWS, you can launch an instance
from community or marketplace AMIs
copyright 2013
8
Image - template to launch an Amazon EC2 instance with your software
Instance - the AWS name for a server / virtual machine.
Image
Instance
Detailed information can be found at: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/instance-types.html

Amazon Web Services Offerings (Console)
copyright 2013
9
More information at aws.amazon.com/console

Set up your AWS account
copyright 2013
10
• Go to www.aws.amazon.com
• Follow the steps to set up
and verify
• Recommended:
Sign up for Free,
No support options

Amazon Simple Storage Service (Amazon S3)
copyright 2013
11

copyright 2013
12

Amazon S3
copyright 2013
13
• Backup and Storage – Provide data backup and
storage services for others.
• Application Hosting – Provide services that deploy,
install, and manage web applications.
• Media Hosting – Build a redundant, scalable, and
highly available infrastructure that hosts video,
photo, or music uploads and downloads.
• Software Delivery – Host your software
applications that customers can download.
More on using S3 here: http://aws.amazon.com/s3/#resources

Create a Bucket in S3
copyright 2013
14

Upload files to your bucket
• In the Upload - Select Files wizard
- to upload an entire folder, click Enable Enhanced Uploader
• Click Add Files.
copyright 2013
• Select the file > click Open
• Click Start Upload.
15
To hide the Transfer dialog box, click the Close button at top right in the Transfers panel.
To open it again, click Transfers.

Move Objects
• In the Amazon S3 console, right-click
the object that you want to move,
and then click Cut.
copyright 2013
• Navigate to the bucket or folder
you want to move the object.
Right-click the folder or bucket
and then click Paste Into.
16

Amazon S3
copyright 2013
17
Highlights
• Unlimited object storage
•Upload files (from 1 byte to 5
terabytes each) from your
computer
•Browse the contents of your
buckets with either HTTP or
SOAP interface
• Can create an authenticated
URL to give time limited 3rd
party access to a bucket
More on using S3 here: http://aws.amazon.com/s3/#resources

Life in the cloud: using S3 at CohesiveFT
copyright 2013
18
Images: Wikipedia
Analysts
Investors
Customers

Amazon Elastic Compute Cloud (Amazon EC2)
copyright 2013
19

copyright 2013
20

AWS Terminology: EC2
copyright 2013
21
• Security Group: a set of rules you create to act as a
firewall to control traffic for one or more instances
• Spot Instance: instance you allow to run on any
unused Amazon EC2 compute capacity - prices
fluctuate periodically depending on the supply, demand
and capacity
• Reserved Instance: pricing model that enables you to
reserve capacity for EC2 instances, lowers average cost

Amazon Web Services - EC2
• Launch virtual servers in the cloud
•Find, manage and create Amazon
Machine Images (AMIs)
• Create and manage Security Groups
copyright 2013
22
• Launch and manage Instances

Two Kinds of AWS Images
copyright 2013
23
EBS-backed
•Boot in <1min
•Limited to 1TB
•Data persists after instance
termination
•Stop function allows you to change
the instance settings (grow or shrink)
•Charged for runtime and and storage
•All AWS Marketplace AMIs are EBS-backed
Instance Store-backed
•Boot in <5mins
•Limited to 10GB*
•Data on instance only persists during
the life of the instance
•Instance attributes are fixed for the
life of the instance
•Cheaper only charged runtime

Amazon Web Services - Select AMI
copyright 2013
24
• Choose from Quick Start popular AMIs
Marketplace, or Community AMIs
• Search “wordpress”
• Select WordPress BitNami
(free tier)
OR
• (optional) VNS3 Free Edition

AWS Terminology: Security Groups
copyright 2013
25
Security Groups
• Acts as a firewall that controls the
traffic allowed into a group of
instances
• Add rules that govern inbound
traffic; can add or modify rules at any
time
• Cannot map security groups across
regions
Rules
• Specify a certain protocol (TCP, UDP or ICMP)
• Specify destination port or ports (if the protocol is TCP or UDP)
• Specify source (IP address or addresses using CIDR notation*)
*combination of IP addresses represented by xxx.xxx.xxx.xxx/n where n is the number of 1 bits in the mask.
Example 192.168.12.0/23 represents address range 192.168.12.0- 192.168.13.255

Amazon Web Services - Launching EC2 Instances
copyright 2013
26
• Select Region
• Continue
• Choose instance type
(t.micro recommended)
• Accept T&C

Amazon Web Services - Launching with EC2 Console
copyright 2013
27
• Select Region
• Accept Terms
• Select a Version
• Launch with EC2 in your region
(US West)

Amazon Web Services - Launching EC2 Instances
copyright 2013
28
• Choose Instance Type
• Next
• Configure Instance Details
• Network - public and private IP
• Additional Storage
• Tagging
• Security Group
• Access - SSH Key

Connecting & Securing EC2 Instances
copyright 2013
29

AWS Basic Terminology: Elastic IP Addresses
Amazon randomly assigns public IP addresses Assign instances with your Elastic IP Address
copyright 2013
30
Elastic IP Address (Static IP address):
• Associated with account, rather than a particular instance
• If your instance fails, can map its replacement to the same IP address
• Each account is limited to 5 elastic IP addresses
• You are charged $.01/hr when these IP addresses are not mapped to an instance
204.236.202.134 63.250.226.146
Amazon
Instance
Amazon
Instance
204.236.202.134 204.236.202.134
Amazon
Instance
Amazon
Instance

Public and Private IP Addresses
LAN WAN
copyright 2013
Public IP Address: 69.241.45.4
Internet Service Provider
(Comcast)
31
Home Computer
Private IP Address: 192.168.02
Router
Web Server (Amazon)
www.cohesiveft.com
Modem
Private IP Address: 192.168.0.1

Connections Between Regions
• Connectivity between availability zones is a LAN connection
• Connectivity between regions is a WAN connection
copyright 2013
32
Region: US West
LAN
Region: US East
WAN
LAN
Servers
Availability
Zone
Servers
Availability
Zone Servers
Availability
Zone
Servers
Availability
Zone

Amazon VPC Security Groups
copyright 2013
33
VPC Security Groups
• The Security Groups you created for
EC2 cannot be used in VPC
• Can control both inbound and
outbound traffic
• At the instance level - instances in the
same subnet can be in different security
groups
Rules
• Specify protocol
• Specify port or port range
• For inbound traffic: source IP address or CIDR range
• For outbound traffic: destination IP address or CIDR range

Amazon Web Services - Security Groups
copyright 2013
34
Security Groups
• Acts as a firewall that controls the
traffic allowed into a group of
instances
• Add rules that govern inbound
traffic; can add or modify rules at any
time
• Can create up to 500 EC2 security
groups with up to 100 rules each
Rules
• Specify a certain protocol (TCP, UDP or ICMP)
• Specify destination port or ports (if the protocol is TCP or UDP)
• Specify source (IP address or addresses using CIDR notation)

Lab: Let’s launch something
copyright 2013
35

Wifi
copyright 2013
36
SSID: 20NorthConference
PW: 3126295000

Signing Up, Launching and Configuring a Wordpress Server
copyright 2013
37
1. Sign up for Free Tier AWS Account
2. Enable EC2
3. Create a Test Security Group
4. Browse the Marketplace
5. Launch a Bitnami Wordpress Server
6. Configure the Wordpress Server
....
10. Profits

Bitnami Wordpress Server Information
•https://aws.amazon.com/marketplace/pp/
B007IP8BKQ/ref=sp_mpg_product_title?
ie=UTF8&sr=0-2
- username: user
- password: bitnami
copyright 2013
38

Market Landscape
copyright 2013
41
http://prezi.com/-kbf6rxf6pmd/the-cloud-market-landscape-from-cohesiveft/

AWS VPC vs. CohesiveFT VNS3
Features available in all zones of EC2 USA today ✓ ✓ ✓
Features available in all zones of EC2 EU today ✓ ✓ ✓
Features integrated to EC2 existing security lattice (EC2 Security groups) ✓ ✓ ✓
Can use EC2 Elastic IP Addresses ✓ ✓ ✓
Ability to use Amazon load balancing service today ✓ ✓ ✓
Access to Amazon S3 ✓ ✓ ✓
Support all EC2 Instance Types in All Regions and Zones ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs within a region ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs across regions for failover ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs within a region ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs across regions for failover ✓ ✓ ✓ { AWS
copyright 2013
43
Feature AWS
VNS3
Enhances
VNS3
Extends
Interoperability

copyright 2013
44
Feature AWS
VNS3
Enhances
VNS3
Extends
{{
Multiple VPCs per AWS Account ✷ ✓ ✓
Multiple VPN Gateways per AWS Account ✷ ✓ ✓
Multiple Customer Gateways per AWS Account ✷ ✓ ✓
Multiple VPN Connections per VPN Gateway ✓ ✓
Can ASSIGN SPECIFIC addresses to specific servers in my "VPC" ✓ ✓ ✓
Create a Virtual Private Cloud on AWS’s scalable infrastructure, and specify
its private IP address range from any block you choose. ✓ ✓ ✓
Divide your VPC’s private IP address range into one or more subnets in a
manner convenient for managing applications and services you run in your
✓ ✓ ✓
VPC.
Private IP Address Range Shared across Mutiple Clouds and/or Virtual
Infrastructures ✓ ✓ ✓
AWS
Availability
Address
Control

copyright 2013
45
Feature AWS
VNS3
Enhances
VNS3
Extends
{{Topology
Allow customers to use BGP ✓ ✓ ✓
Can use UDP multicast in my EC2 subnets ✓ ✓ ✓
Can use UDP multicast between EC2 regions ✓ ✓ ✓
SSL VPN Support ✓ ✓ ✓
Multicast between data center and EC2 ✓ ✓ ✓
Support GRE Termination ✓ ✓ ✓
Custom Layer 3 protocol modules (services based) ✓ ✓ ✓
Traffic can be routed directly to the Internet and NOT back across the
internet, into my datacenter and back out again ✓ ✓ ✓
Securely route traffic to EC2 EU from EC2 US without having to route
through the datacenter ✓ ✓ ✓
Custom topologies & design services (declarative topology description) ✓ ✓ ✓
Provides outbound NATing from Private VPC subnets ✓ ✓ ✓
End user VPN Clients can connect to VPC using SSL Client ✓ ✓ ✓
End user VPN Clients can connect to VPC using IPsec Client ✓ ✓ ✓
Dynamic route updates available to SSL and IPsec Clients ✓ ✓ ✓
Ability to move IP addresses between virtual infrastructures or clouds ✓ ✓ ✓
Protocol
Control
Control

copyright 2013
46
Feature AWS
VNS3
Enhances
VNS3
Extends
{{
Ability to create Cloud-based WANs that integrate corporate sites, cloud
infras, partner sites, and colo or MSP infra. ✓ ✓ ✓
Provides outbound NATing from Public VPC subnets ✓ ✓ ✓
Allows port forwarding from Internet to select inside VPC servers ✓ ✓ ✓
Route traffic between your VPC and the Internet over the VPN connection
so that it can be examined by your existing security and networking assets
✓ ✓ ✓
before heading to the public Internet.
Control inbound and outbound access to and from individual subnets using
network access control lists. ✓ ✓ ✓
Bridge together your VPC and your IT infrastructure via an encrypted IPSEC
connection. ✓ ✓ ✓
Network firewall controlling the VLAN ✓ ✓ ✓
Intrusion/Extrusion detection in the cloud - monitoring x-cloud subnets ✓ ✓ ✓
Access controlled on the host level by a unique cryptographic credential per
virtual network address. ✓ ✓ ✓
Cryptographic identity linking (and segregating) multiple gateway routers ✓ ✓ ✓
Remote Support controlled by multi-organziation (customer and vendor)
2-factor authentication ✓ ✓ ✓
Topology
Control (cont’d)
Security
Control

copyright 2013
47
Feature AWS VNS3
Enhances
VNS3
Extends
{ Market
Windows and Linux device support ✓ ✓ ✓
Supports industry standard security appliances NAT'ed behind customer
edge (Cisco ASA for example) ✓ ✓ ✓
Eucalyptus to EC2 support ✓ ✓ ✓
vCloud to EC2 support ✓ ✓ ✓
GoGrid/Rackspace/ElasticHosts/CloudSigma/Flexiant/etc - to EC2 ✓ ✓ ✓
OpenStack to EC2 ✓ ✓ ✓
IBM Smart Cloud and Smart Cloud Plus to EC2 ✓ ✓ ✓
Easily integrate mobile phones and tables to VPC infrastructure ✓ ✓ ✓
Citrix Virtual Infra to EC2 ✓ ✓ ✓
Parallels Virtual Infra to EC2 ✓ ✓ ✓
KVM Virtual Infra to EC2 ✓ ✓ ✓
VMware Virtual Infra to EC2 ✓ ✓ ✓
Let other AWS accounts (Partners, ISVs) launch instances to talk to VPC
owner's instances directly ✓ ✓ ✓
Interoperability

copyright 2013
48
Feature AWS
VNS3
Enhances
VNS3
Extends
{ Enterprise
2-way failover in VPC ✓ ✓ ✓
Instance can be both be part of a VPC and accessible to the general Internet ✓ ✓ ✓
Ability to create N-number of IDENTICAL defined subnets without routable
connectivity allows significant gains in dev/test/staging. ✓ ✓ ✓
Web-based management interface ✓ ✓ ✓
Support for customer's IPsec endpoints behind NAT ? ✓ ✓ ✓
N-way failover in VPC ✓ ✓ ✓
Support for 3DES and AES 256 encrption ✓ ✓ ✓
Common abstraction model/interface across all clouds and virtual
infrastructures ✓ ✓ ✓
Geographic or datacenter redundancy from customer side to VPC ✓ ✓ ✓
Emergency access possible if IPsec connection is down. ✓ ✓ ✓
Ability to connect a single VPC to multiple datacenters directly, as opposed to
daisy-chaining datacenters via customer WAN. ✓ ✓ ✓
Ability to directly "dump" the interfaces to see traffic traversal and connection
attempts. ✓ ✓ ✓
SNMP support for popular Enterprise monitoring systems. ✓ ✓ ✓
View

Demo of the VNS3 Application SDN solution:
Look for this functionality
• Ability to span data centers and vendors
• Heterogeneous control; cloud vendor runs
his network, customer runs their own
network
• Overlay devices peer via cryptographic
identity and checksums
• Ability to separate network location from
identity
• Application (and its owners) are in control
of addressing, protocol, topology and
security
copyright 2013
50
VNS3 Product Family
Application SDN
• VNS3 Manager (virtual appliance)
• VNS3 Routing Agent (runs on cloud
hosts)
• VNS3 Command and Control (Mgmt
tool under development)

The first “process” customizable cloud transport network device
VNS3 3.5 allows customers to embed features and functions provided by other
vendors - or developed in house, safely and securely into their Cloud Network.
• Not just a scripting interpreter that allows control over known, existing features
•Completely new functions, processes, computation delivered to the core of the
copyright 2013
VNS3
Customer
controlled, and
co-created, for
the best
hybrid cloud
experience
Q4 2013
customer cloud network (patent pending)
53
Router
Reverse
Proxy
Content
Caching
Load
Balancing
Intrusion
Detection More....
Switch Firewall
IPsec/SSL
VPN
Concentrator
Protocol
Redistributor
Dynamic &
Scriptable
SDN
Proxy

Questions?
copyright 2013
CohesiveFT
Chicago, IL USA
www.CohesiveFT.com
ContactMe@cohesiveft.com
+1 888.444.3962
Stay in touch!
@cohesiveFT
CohesiveFT.com/blog
Slideshare: www.slideshare.net/CohesiveFT
CloudCamp.org/Chicago
54

CIW Lab with CoheisveFT: Get started in public cloud - Part 2 Hands On

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CIW Lab with CoheisveFT: Get started in public cloud - Part 2 Hands On

Similar to CIW Lab with CoheisveFT: Get started in public cloud - Part 2 Hands On (20)

Recently uploaded

Recently uploaded (20)

CIW Lab with CoheisveFT: Get started in public cloud - Part 2 Hands On