amazon ec2 to amazon vpc: a case study (cpn301) | aws re:invent 2013
DESCRIPTION
In this session, you learn about Amazon Virtual Private Cloud and why you should consider using it for your applications. You also hear from the makers of Lucidchart, an online diagramming tool, which was originally launched in 2008 on the Amazon EC2 Classic platform. As the user base grew, so did their need for a more robust, secure infrastructure. After much debate about other vendors and colocation, Lucidchart chose Amazon VPC. To find out why, check out this session for a comparison of Amazon EC2 Classic against Amazon VPC. Matthew Barlocker, Chief Architect at Lucidchart, discusses their migration plan, pain points, and unexpected issues.TRANSCRIPT
© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
Amazon EC2 to Amazon VPC: A case study
Eric Schultze, AWS
Matthew Barlocker, Lucid Software Inc
November 14, 2013
Where we’ve been
• 2009 – AWS introduces Amazon VPC
• 2010 – AWS Management Console, second region
• 2011 – Internet connectivity, global expansion
• 2012 – Additional Amazon services in VPC, multiple IPs
• 2013 – EC2-VPC becomes the default network platform
Where we’ve been 2009
• Amazon VPC is announced
2010
• AWS Management Console
• Support for Auto Scaling
• User specified IPs per instance
• EU-West-1 region
• Amazon EBS backed instances
• CC instances in VPC
2011
• Internet Gateway
• Security groups
• Network ACLs
• Route tables
• AWS Management Console
• Instance metadata
• Elastic IPs
• Dedicated instances
• Spot Instances in VPC
• Elastic Load Balancing in VPC
• Amazon Elastic MapReduce in VPC
• Expansion to all regions
• Multiple Availability Zones
• Multiple VPCs per account
• Multiple VPN connections per VPC
• Elastic network interfaces
2012
• t1.micro
• Multiple IPs per interface
• AWS CloudFormation for VPC
• AWS Elastic Beanstalk in VPC
• Amazon RDS in VPC
• Amazon ElastiCache in VPC
2013
• VPC becomes the default platform
for all new AWS accounts
• DNS Hostnames in VPC
• AWS OpsWorks for VPC
• Amazon Redshift in VPC
• Ephemeral Public IPs
2014
• VPC Migration
About Me
• Chief Architect at Lucid
Software Inc
• Bachelors degree from BYU in
Computer Science
• I love to
• play board games
• go 4-wheeling
• wrestle my sons
• fly airplanes
• Follow me on
nineofclouds.blogspot.com
Lucid Software
• Online Diagram Software
• Online Print & Digital Publishing
• Large Documents
• Real-time Collaboration
• All Changes Tracked
• Vector Graphics
• High Quality Images
Tech at Lucid
• Google Closure
• Javascript
• PHP
• Sharded MongoDB
• Sharded MySQL
• NodeJS
• SOA
• Scala
• Play!
• Chef
• Zabbix, Graphite
• AWS
Lucid on AWS • Amazon Elastic Compute
Cloud
• Amazon Virtual Private Cloud
• Amazon Elastic Block Store
• Auto Scaling
• Elastic Load Balancing
• Simple Storage Service
• Amazon CloudFront
• AWS Import/Export
• Amazon Relational Database Service
• Amazon Route 53
• Amazon Simple Notification Service
• Amazon Simple Email Service
• Availability Zones
• Regions
Why Lucid Chose Amazon VPC
• Pricing
• Interoperability
• Enhanced features
• Security
Other Benefits
• Elastic Load Balancing security groups
• Network ACLs
• Elastic IP associations
• VPN support
• Reserved Instance transfers
Drawbacks
• NAT cost and maintenance
• Setup time
• New terminology
• Private subnet accessibility
• Internal DNS names defaults
Things You Should Know
• EIPs or Public IPs in public subnets
• NAT • Not special
• Public subnet
• Subnets • Route tables
• Network ACLs
• DHCP
Migration Plan
Migration Constraints • Amazon EC2 & Amazon
VPC communication
• NAT traffic
• Not Shared: – Security groups
– Load balancers
– Auto Scaling groups
– Elastic IPs
– EIP limits
• Shared: – Instance limit
– Amazon EBS volumes
– Snapshots
– Instance sizes
– Availability Zones
– Regions
Migration Plan
• Move top layer first
• Move one layer at a time
• Meticulously manage security groups
• Move monitoring/utility servers last
• http://nineofclouds.blogspot.com/search/label/VPC
Starting layout
Move webservers first
Move services next
Move databases last
Top 5 Pain Points
5. Setup & Terminology
• Subnets
• DHCP
• Network ACLs
• Routes
• Internet Gateway
• Unavoidable
4. Security Groups
• Groups not shared
• Amazon EC2 open to
NAT
• Use scripts
• Avoidable using
public subnets
3. Access Private Subnets
• OpenVPN
• High Availability
• SSH tunnels
• Unavoidable
2. MongoDB Migration
• Election algorithm
• Intermediate move to
public subnet
• 15 min downtime
1. NAT Bandwidth
• NAT was t1.micro
• Databases in Amazon EC2
• Applications in Amazon VPC
• Not enough bandwidth through NAT
• Avoidable
Please give us your feedback on this
presentation
As a thank you, we will select prize
winners daily for completed surveys!
CPN301
Join the Team!
• Building the next generation of
collaborative web applications
• VC funded
• High growth rate
• Profitable
• Graduates from Harvard, MIT,
Stanford
• Former Google, Amazon,
Microsoft employees
https://www.lucidchart.com/jobs