cloud computing with aws - drupal aws elastic beanstalk aws cloudformation aws global infrastructure

Download CLOUD COMPUTING WITH AWS - Drupal AWS Elastic Beanstalk AWS CloudFormation AWS Global Infrastructure

Post on 21-May-2020

6 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • John Hildebrandt| Solutions Architect ANZ

    CLOUD COMPUTING WITH AWS An INTRODUCTION

  • AGENDA

  • Todays Agenda

    • Background and Value proposition of AWS

    • Global infrastructure and the Sydney Region

    • AWS services

    • Drupal example

    • Q&A

  • AWS BACKGROUND

  • How did amazon.com…

  • No Up-Front Capital Expense

    Pay Only for What You Use

    Self-Service Infrastructure

    Easily Scale Up and Down

    Improve Agility & Time to Market

    Low Cost

    Cloud Computing Benefits

    Deploy

  • GLOBAL INFRASTRUCTURE

  • 9 AWS Regions

    30+ AWS Edge Locations

    AWS Global Infrastructure

  • Each day AWS adds the equivalent server

    capacity to power Amazon when it was a

    global, $5B enterprise

    $5.2B retail business

    7,800 employees

    A whole lot of servers

    2003

  • 1.3 Trillion

    835k peak transactions per second

    Objects in S3

  • EMR Jobs

    0

    500,000

    1,000,000

    1,500,000

    2,000,000

    2,500,000

    3,000,000

    3,500,000

    4,000,000

    3.7 M clusters launched since May 2010

  • US REGIONS GLOBAL REGIONS

    Availability

    Zone A

    Availability

    Zone B

    Availability

    Zone C

    EU (Ireland)

    Availability

    Zone A

    Availability

    Zone B

    South America (Sao Paulo)

    Availability

    Zone A

    Availability

    Zone B

    Asia Pacific (Sydney)

    Availability

    Zone A

    Availability

    Zone B

    GovCloud (OR)

    Availability

    Zone A

    Availability

    Zone B

    Availability

    Zone C

    Availability

    Zone D

    US East (VA)

    Availability

    Zone A

    Availability

    Zone B

    US West (CA)

    Availability

    Zone A

    Availability

    Zone B

    Asia Pacific (Singapore)

    Availability

    Zone A

    Availability

    Zone B

    Availability

    Zone C

    Asia Pacific (Tokyo)

    Availability

    Zone A

    Availability

    Zone B

    Availability

    Zone C

    US West (OR)

    AWS Regions & Availability Zones

    Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones may vary.

  • #1 enterprise question Is the cloud secure for my apps and data?

  • Security is Our #1 Priority

    People &

    Procedures

    Network

    Security

    Physical

    Security

    Platform

    Security

    ITAR

    FIPS 140-2

    ISO 27001

    SOC 2 ISAE 3402 PCI DSS

    HIPAA

    FISMA Moderate

  • Many Customers’ Security Posture Improves In the Cloud

    “The improved computer security includes, but is not limited to,

    greater protection against

    network attacks and real time

    detection of system tampering.”

    Earl E. Devaney, Chairman

    Recovery.gov

    “You basically turn yourself into a polymorphic surface to which the

    attack guy has a much tougher

    time getting at. That, ultimately, is

    the real key advantage to drive

    security and make things much

    better for us across the board.”

    Gus Hunt, CTO

    Central Intelligence Agency

  • SECURITY IS A SHARED

    RESPONSIBLITY

  • Foundation Services

    Compute Storage Database Networking

    AWS Global

    Infrastructure Regions

    Availability Zones

    Edge Locations

    Client-side Data Encryption & Data

    Integrity Authentication

    Server-side Encryption

    (File System and/or Data) Network Traffic Protection

    (Encryption/Integrity/Identity)

    Platform, Applications, Identity & Access Management

    Operating System, Network & Firewall Configuration

    Customer Data A

    m a

    z o

    n C

    u s to

    m e r

    • SAS-70 Type II

    • ISO 27001/ 2 Certification

    • Payment Card Industry (PCI)

    • Data Security Standard (DSS)

    • NIST Compliant Controls

    • DoD Compliant Controls

    • FedRAMP Compliant Controls

    • HIPAA and ITAR Compliant

    • Customers implement their

    own set of controls

    • Multiple customers with

    FISMA Low and Moderate

    ATOs

  • AWS Platform

    Your Applications

    Foundation Services

    Compute Amazon EC2

    Auto Scale

    Storage Amazon S3

    Amazon EBS

    Amazon StorageGateway

    Database Amazon RDS

    Amazon SimpleDB

    Amazon ElastiCache

    Amazon DynamoDB

    Networking Amazon VPC

    Elastic Load Balancing

    Amazon Route 53

    AWS Direct Connect

    Management & Administration

    Application Platform Services

    Content Distribution Amazon CloudFront

    Application Svcs Simple Workflow Service

    CloudSearch

    Amazon SNS, SQS, SES

    Parallel Processing Elastic MapReduce

    Libraries & SDKs Java, PHP, Python,

    Ruby, .NET

    Identity & Access AWS IAM

    Identity Federation

    Consolidated Billing

    Web Interface Management Console

    Monitoring Amazon CloudWatch

    Deployment & Automation AWS Elastic Beanstalk

    AWS CloudFormation

    AWS Global Infrastructure Regions

    Availability Zones Edge Locations

  • Let’s use an Example – aGov Drupal HA site

  • AWS Platform

    Your Applications

    Foundation Services

    Compute Amazon EC2

    Auto Scale

    Storage Amazon S3

    Amazon EBS

    Amazon StorageGateway

    Database Amazon RDS

    Amazon SimpleDB

    Amazon ElastiCache

    Amazon DynamoDB

    Networking Amazon VPC

    Elastic Load Balancing

    Amazon Route 53

    AWS Direct Connect

    Management & Administration

    Application Platform Services

    Content Distribution Amazon CloudFront

    Application Svcs Simple Workflow Service

    CloudSearch

    Amazon SNS, SQS, SES

    Parallel Processing Elastic MapReduce

    Libraries & SDKs Java, PHP, Python,

    Ruby, .NET

    Identity & Access AWS IAM

    Identity Federation

    Consolidated Billing

    Web Interface Management Console

    Monitoring Amazon CloudWatch

    Deployment & Automation AWS Elastic Beanstalk

    AWS CloudFormation

    AWS Global Infrastructure Regions

    Availability Zones Edge Locations

  • Built to Enterprise & Gov Standards

    Security & Compliance Resources

    • Security & Compliance Center:

    http://aws.amazon.com/security

    • Security Overview & Best Practices

    • AWS Risk & Compliance Whitepaper

    • Creating HIPAA Compliant Applications

    Hardware, Software & Network

    • Systematic change management

    • Phased updates deployment

    • Safe storage decommission

    • Automated monitoring and self-audit

    • Advanced network protection systems

    Certifications and Accreditations

    • ISO 27001

    • SSAE 16 / ISAE 3402 / SOC1 (formerly U.S.

    standard SAS-70 Type II)

    • FISMA Moderate & DIACAP Controls; ITAR region

    • HIPAA applications certified on AWS

    • Payment Card Industry (PCI) Data Security

    Standard (DSS) Level 1

    Physical

    • Datacenters in nondescript facilities

    • Physical access strictly controlled

    • Must pass two-factor authentication at least

    twice for floor access

    • Physical access logged and audited

  • Foundation Services

    Your Applications

    Foundation Services

    Compute Amazon EC2

    Auto Scale

    Storage Amazon S3

    Amazon EBS

    Amazon StorageGateway

    Database Amazon RDS

    Amazon SimpleDB

    Amazon ElastiCache

    Amazon DynamoDB

    Networking Amazon VPC

    Elastic Load Balancing

    Amazon Route 53

    AWS Direct Connect

    Management & Administration

    Application Platform Services

    Content Distribution Amazon CloudFront

    Application Svcs Simple Workflow Service

    CloudSearch

    Amazon SNS, SQS, SES

    Parallel Processing Elastic MapReduce

    Libraries & SDKs Java, PHP, Python,

    Ruby, .NET

    Identity & Access AWS IAM

    Identity Federation

    Consolidated Billing

    Web Interface Management Console

    Monitoring Amazon CloudWatch

    Deployment & Automation AWS Elastic Beanstalk

    AWS CloudFormation

    AWS Global Infrastructure Regions

    Availability Zones Edge Locations

  • Compute

    Auto Scaling

    Elastic Compute Cloud

    Amazon Machine Image

  • Compute

    EC2 Instances = Virtual Servers

    • Resizable compute capacity in 16 instance types

    • Reduces the time required to obtain and boot new server instances to minutes or seconds

    • Scale capacity as your computi