Introduction to Amazon Cloud 2016 Amazon Web Services
Introduction to Amazon Cloud © 2016 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services, Inc.
What is AWS? • AWS provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. • Benefits – – – Low Cost Elasticity & Agility Open & Flexible Secure Global Reach
What sets AWS apart? Experience Building and managing cloud since 2006 Service Breadth & Depth 50+ services to support any cloud workload Pace of Innovation History of rapid, customer-driven releases Global Footprint 13 regions, 36 availability zones, 50+ edge locations Pricing Philosophy 52 proactive price reductions to date Ecosystem Thousands of partners; 2, 100+ Marketplace products *as of July 31, 2014
Experience with Operational Reliability We are driven to remove any all causes of failure. Our goal is to make our operational performance indistinguishable from perfect. • We have spent over a decade building the world’s most reliable, secure, scalable, and cost-effective infrastructure. • Service SLAs between 99. 9% and 100% availability. Amazon S 3 is designed for 99. 99999% durability. • Availability Zones exist on isolated fault lines, flood plains, and electrical grids to substantially reduce the chance of simultaneous failure. • The AWS Service Health Dashboard provides 24/7 visibility in the real-time operational status of all services around the globe.
Pricing Philosophy High volume / low margin businesses are in our core DNA Trade Cap. EX for variable expense Our economies of scale provide us with lower costs Pricing model choice to support variable and stable workloads Save more money as you grow bigger 52 price reductions since 2006 On-demand Tiered pricing Reserved Instances Volume discounts Spot Custom pricing
Gartner 2016 Magic Quadrant for Cloud Infrastructure as a Service Gartner “Magic Quadrant for Cloud Infrastructure as a Service, ” Lydia Leong, Douglas Toombs, Bob Gill, May 19, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http: //aws. amazon. com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Introduction to AWS
AWS global infrastructure Coming soon: Montreal, Ohio, and UK 13 Regions 36 Availability Zones 50+ Edge Locations Region Edge Location
AWS Regions and Availability Zones AWS Regions US East (VA) AZ A EU (Ireland) US West (CA) AZ B AZ A EU (Frankfurt) AZ B AZ A AZ E AZ C AZ D AZ C US West (OR) AZ A AZ B AZ C Gov. Cloud (US) S. America (Sao Paulo) AZ A China (Beijing)* AZ B AZ A AZ C Asia Pacific (Tokyo) AZ A Asia Pacific (Singapore) Asia Pacific China (Bejing) (Sydney) AZ B AZ A AZ B AZ C *A limited preview of the China (Beijing) Region is available to a select group of China-based and multinational companies with customers in China. These customers are required to create a AWS Account, with a set of credentials that are distinct and separate from other global AWS Accounts. AZ A AZ B
Service Breadth & Depth TECHNICAL & BUSINESS SUPPORT Support AWS MARKETPLACE Big Data & HPC MANAGEMENT TOOLS PLATFORM SERVICES Analytics Business Apps Security Orchestration Training & Certification Mobile & Web Front-end Sync Containers Hadoop Identity Source Code Functions Streaming Push Notifications Build Tools Identity Data Pipelines Mobile Analytics Deployment Data Store Machine Learning Mobile Backend Dev. Ops Real-time HYBRID CLOUD MANAGEMENT Virtual Desktops Direct Connect Sharing & Collaboration Identity Federation Email & Calendaring Deployment Directories Backups Storage Gateway Integrated Management Development Email Account Management Backup Solutions Architects Databases Security & Pricing Reports App Notifications Search Partner Ecosystem Development Queuing Data Warehousing Professional Services Mobile ENTERPRISE APPS SECURITY & MANAGEMENT Virtual Private Networks Identity & Access Encryption Keys Configuration Monitoring Dedicated INFRASTRUCTURE SERVICES Industry Solutions Regions Availability Zones Storage Compute O b j e c t s , B l o c k s , F i l e s Databases SQL, No. SQL, Caching Networking CDN
AWS Security
"The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers. " Rob Alexander Capital One's chief information officer (presented at AWS re: Invent 2015 user conference keynote)
Broad Accreditations & Certifications Glacier Vault Lock & SEC Rule 17 a-4(f) 27018
AWS Principals Account Owner ID (Root Account) • • Access to all subscribed services. Access to billing. Access to console and APIs. Access to Customer Support. IAM Users, Groups and Roles • • • Access to specific services. Access to console and/or APIs. Access to Customer Support (Business and Enterprise). Temporary Security Credentials • • Access to specific services. Access to console and/or APIs.
Encryption. Protecting data in-transit and at-rest. Encryption In-Transit Encryption At-Rest HTTPS Object SSL/TLS Database VPN / IPSEC Filesystem SSH Disk Details about encryption can be found in the AWS Whitepaper, “Securing Data at Rest with Encryption”.
Encryption at Rest Volume Encryption EBS Encryption Filesystem Tools AWS Marketplace/Partner Object Encryption S 3 Server Side Encryption (SSE) S 3 SSE w/ Customer Provided Keys Client-Side Encryption Database Encryption RDS MSSQL TDE RDS ORACLE TDE/HSM RDS MYSQL KMS RDS Postgre. SQL KMS Redshift Encryption
AWS Key Management Service Managed service to securely create, control, rotate, and use encryption keys. Customer Master Key(s) Data Key 1 Data Key 2 Data Key 3 Amazon S 3 Object Amazon EBS Volume Amazon Redshift Cluster Data Key 4
AWS Trusted Advisor Leverage Trusted Advisor to analyze your AWS resources for best practices for availability, cost, performance and security.
AWS Simple Storage Service (S 3)
Economics of Traditional Disk Utilization – 1 PB - 20% RAID - 20% Buffer for Capacity Management - 10% Disk OS/Metadata 50% Usable Storage
Storage - Characteristics Some of the ways we look at storage Durability Availability Measure of expected data loss Measure of expected downtime Security measures in place Cost Amount per storage unit, e. g. $ / GB Scalability Upward flexibility Performance Integration Performance metrics Ability to interact with
AWS has a variety of storage options Amazon EBS (Elastic Block Storage) Amazon Elastic File System (EFS) Amazon EC 2 Instance Store (Ephemeral Volumes) Amazon S 3 (Simple Storage Service) Amazon Glacier AWS Storage Gateway Amazon Import/Export Snowball
Amazon S 3 (Simple Storage Service) • • • Web accessible object store Pay for exactly what you use Highly durable (99. 99999% design) Limitlessly scalable Natively online • Two flavors: – Standard Storage - $0. 0300* per GB / mo – Standard – Infrequent Access Storage (min size 128 KB) – $0. 0125* per GB / mo + Data retrieval cost * (US East (N Virginia) pricing)
Amazon S 3 (Simple Storage Service) • Parallel I/O for max speed (Multipart Upload, Ranged GETs) • • • Resource-level IAM permissions Bucket Policies & ACLs Direct access through APIs Server Side Encryption Static Website Hosting Data Lifecycle Rules
Amazon Glacier • Low-Cost Archival Storage • Secure • SSL & AES-256 • Durable • Designed for 99. 99999% durability • Optimized for data archiving and backup • • Suitable for RTO measured in hours Includes storage costs and retrieval costs • $0. 007 per GB/Month (US East pricing) • Integrated with S 3
S 3 lifecycle policies Key prefix “logs/” Transition objects to Amazon Glacier 30 days after creation Delete 365 days after creation date <Lifecycle. Configuration> <Rule> <ID>archive-in-30 -days</ID> <Prefix>logs/</Prefix> <Status>Enabled</Status> <Transition> <Days>30</Days> <Storage. Class>GLACIER</Storage. Class> </Transition> <Expiration> <Days>365</Days> </Expiration> </Rule> </Lifecycle. Configuration
Storage Integration
Backup and recovery before the cloud Tape storage Application servers Data bunker Media server Local disk
Cloud gateway: AWS Storage Gateway Customer premises S 3 Internet Amazon Glacier Application server Storage Gateway appliance Direct Connect Storage Gateway back end EBS snapshots
Cloud gateway: Storage Gateway GATEWAY-STORED VOLUME ARCHITECTURE Client Application servers Users Storage Gateway VM i. SCSI TARGET INITIATOR Customer data center i. SCSI Storage Gateway service Upload buffer volume Volume storage EBS snapshots
Cloud gateway: Storage Gateway GATEWAY-CACHED VOLUME ARCHITECTURE Client Application servers Users Storage Gateway VM i. SCSI TARGET INITIATOR Customer data center HTTPS i. SCSI Storage Gateway service Upload buffer Cache storage Volume storage backed by S 3 EBS snapshots
Cloud gateway: Storage Gateway GATEWAY-VIRTUAL TAPE LIBRARY ARCHITECTURE Backup server MEDIA CHANGER Storage Gateway VM VT S HTTPS TAPE DRIVE INITIATOR Customer data center Storage Gateway service Upload buffer Cache storage Gateway-VTL storage backed by S 3 Virtual tape shelf backed by Amazon Glacier
Cloud gateway: Net. App Alta. Vault also available on Marketplace to protect cloud-native workloads Solve backup and archive headaches with cloud-integrated storage § 90% reduction in time, cost, and data volumes § Shrink recovery times from days to minutes § 85% of backup & software providers supported Seamlessly integrates into existing storage and backup software environment Common backup applications integrated with Alta. Vault § § § Deduplicates, compresses, and encrypts On Premises Net. App Alta. Vault Arcserve Commvault Simpana EMC Net. Worker HP Data Protector IBM Tivoli Storage Manager § § § Caches recent backups locally, vaults older copies to the cloud Symantec Backup Exec Symantec (Veritas) Net. Backup Veeam Microsoft SQL Server Oracle RMAN Store data in the public or private cloud of choice S 3 Amazon S 3 -IA FAS E-Series Net. App Snap. Protect Non-Net. App Storage Cloud-integrated storage appliance Amazon Glacier
What is AWS Snowball? Petabyte-scale data transport Ruggedized case “ 8. 5 G Impact” 80 TB 10 GE network Rain and dust resistant Tamper-resistant case and electronics All data encrypted end-to-end E Ink shipping label
When to use Snowball Cloud migration Disaster recovery Data center decommission Content distribution
S 3 Transfer Acceleration: up to 300% faster, one click Automatically changes the DNS name for the bucket (Amazon Route 53) Bucket traffic moves to Amazon’s CDN network (Amazon Cloud. Front) 1 2
AWS Storage Gateway • • • VM Appliance run on-premise Creates i. SCSI volume mount points Directly interfaces with S 3 or Glacier • • • Gateway-Stored Volumes Gateway-Cached Volumes Virtual Tape Library
Disaster Recovery in AWS • • Recovery Time Objectives (RTO) – How quickly do you need to restore the data? Recovery Point Objectives (RPO) – How up to date does the data need to be?
? Questions
- Slides: 39