amazon ec2 to amazon vpc: a case study (cpn301) | aws re:invent 2013

© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

Amazon EC2 to Amazon VPC: A case study

Eric Schultze, AWS

Matthew Barlocker, Lucid Software Inc

November 14, 2013

Where we’ve been

• 2009 – AWS introduces Amazon VPC

• 2010 – AWS Management Console, second region

• 2011 – Internet connectivity, global expansion

• 2012 – Additional Amazon services in VPC, multiple IPs

• 2013 – EC2-VPC becomes the default network platform

Where we’ve been 2009

• Amazon VPC is announced

2010

• AWS Management Console

• Support for Auto Scaling

• User specified IPs per instance

• EU-West-1 region

• Amazon EBS backed instances

• CC instances in VPC

2011

• Internet Gateway

• Security groups

• Network ACLs

• Route tables

• AWS Management Console

• Instance metadata

• Elastic IPs

• Dedicated instances

• Spot Instances in VPC

• Elastic Load Balancing in VPC

• Amazon Elastic MapReduce in VPC

• Expansion to all regions

• Multiple Availability Zones

• Multiple VPCs per account

• Multiple VPN connections per VPC

• Elastic network interfaces

2012

• t1.micro

• Multiple IPs per interface

• AWS CloudFormation for VPC

• AWS Elastic Beanstalk in VPC

• Amazon RDS in VPC

• Amazon ElastiCache in VPC

2013

• VPC becomes the default platform

for all new AWS accounts

• DNS Hostnames in VPC

• AWS OpsWorks for VPC

• Amazon Redshift in VPC

• Ephemeral Public IPs

2014

• VPC Migration

About Me

• Chief Architect at Lucid

Software Inc

• Bachelors degree from BYU in

Computer Science

• I love to

• play board games

• go 4-wheeling

• wrestle my sons

• fly airplanes

• Follow me on

nineofclouds.blogspot.com

Lucid Software

• Online Diagram Software

• Online Print & Digital Publishing

• Large Documents

• Real-time Collaboration

• All Changes Tracked

• Vector Graphics

• High Quality Images

Tech at Lucid

• Google Closure

• Javascript

• PHP

• Sharded MongoDB

• Sharded MySQL

• NodeJS

• SOA

• Scala

• Play!

• Chef

• Zabbix, Graphite

• AWS

Lucid on AWS • Amazon Elastic Compute

Cloud

• Amazon Virtual Private Cloud

• Amazon Elastic Block Store

• Auto Scaling

• Elastic Load Balancing

• Simple Storage Service

• Amazon CloudFront

• AWS Import/Export

• Amazon Relational Database Service

• Amazon Route 53

• Amazon Simple Notification Service

• Amazon Simple Email Service

• Availability Zones

• Regions

Why Lucid Chose Amazon VPC

• Pricing

• Interoperability

• Enhanced features

• Security

Other Benefits

• Elastic Load Balancing security groups

• Network ACLs

• Elastic IP associations

• VPN support

• Reserved Instance transfers

Drawbacks

• NAT cost and maintenance

• Setup time

• New terminology

• Private subnet accessibility

• Internal DNS names defaults

Things You Should Know

• EIPs or Public IPs in public subnets

• NAT • Not special

• Public subnet

• Subnets • Route tables

• Network ACLs

• DHCP

Migration Plan

Migration Constraints • Amazon EC2 & Amazon

VPC communication

• NAT traffic

• Not Shared: – Security groups

– Load balancers

– Auto Scaling groups

– Elastic IPs

– EIP limits

• Shared: – Instance limit

– Amazon EBS volumes

– Snapshots

– Instance sizes

– Availability Zones

– Regions

Migration Plan

• Move top layer first

• Move one layer at a time

• Meticulously manage security groups

• Move monitoring/utility servers last

• http://nineofclouds.blogspot.com/search/label/VPC

Starting layout

Move webservers first

Move services next

Move databases last

Top 5 Pain Points

5. Setup & Terminology

• Subnets

• DHCP

• Network ACLs

• Routes

• Internet Gateway

• Unavoidable

4. Security Groups

• Groups not shared

• Amazon EC2 open to

NAT

• Use scripts

• Avoidable using

public subnets

3. Access Private Subnets

• OpenVPN

• High Availability

• SSH tunnels

• Unavoidable

2. MongoDB Migration

• Election algorithm

• Intermediate move to

public subnet

• 15 min downtime

1. NAT Bandwidth

• NAT was t1.micro

• Databases in Amazon EC2

• Applications in Amazon VPC

• Not enough bandwidth through NAT

• Avoidable

Please give us your feedback on this

presentation

As a thank you, we will select prize

winners daily for completed surveys!

CPN301

Join the Team!

• Building the next generation of

collaborative web applications

• VC funded

• High growth rate

• Profitable

• Graduates from Harvard, MIT,

Stanford

• Former Google, Amazon,

Microsoft employees

https://www.lucidchart.com/jobs