Amazon Web Services Architecture - An Overview
Download as PPTX, PDF1 like3,575 views
The document provides an overview of Amazon Web Services (AWS) and its various cloud solutions offered by Eagledream Technologies, emphasizing customer-centric approaches and cutting-edge offerings. It outlines key topics such as cloud architecture, security models, cost management, and different service types including IaaS, PaaS, and DBaaS. Additionally, it highlights the scalability, high availability, and durability of AWS services, along with contact information for further inquiries.
Amazon Web Services Architecture - An Overview
- 1. Amazon Web Services – An Overview Scott Weber – Vice President, Cloud Solutions at EagleDream Technologies
- 2. Customer Driven. Customer Focused. We Are Cutting-Edge We’re first to leverage new systems, software, and ideas to provide smart solutions that fit your needs. We Value People We offer many services, but we serve people first, and through that we produce quality work. We Focus on Process From start to finish, our processes will guide your project to a successful completion. 2Confidential | eagledream.com Our Mission Security Web DesignCloud Development Compliance Communications
- 3. 3Confidential | eagledream.com Cloud Provider Architectures Compared AWS Region Availability Zone 1 Availability Zone 2 Availability Zone 3 The Other Guys Single Data Center In a Region
- 4. 4Confidential | eagledream.com Shared Security Model
- 5. 5Confidential | eagledream.com Agenda • Region Architecture • Security • Cost Management • IaaS • PaaS • X-abilities
- 6. 6Confidential | eagledream.com Virtual Private Cloud Concepts Internet gateway Endpoints VPN gateway VPN Connection AWS Direct Connect VPC NAT Gateway Private Public Route 53 Hosted Zone Route Table Route Table
- 7. 7Confidential | eagledream.com Virtual Private Cloud Concepts Internet gateway Endpoints VPN gateway VPN Connection AWS Direct Connect 172.30.x.x/16
- 8. 8 Virtual Private Cloud Concepts Confidential | eagledream.com Internet gateway Endpoints VPN gateway VPN Connection AWS Direct Connect VPC NAT Gateway Private Public Route 53 Hosted Zone Route Table Route Table Server 1 Security Group 1 Subnet 1 Server 2 Security Group 2 Subnet 2 NACL Virtual Private Cloud Concepts
- 9. 9 Security Groups • Software defined firewalls • Implicit Deny All • Explicitly define access rules • TCP • UDP • ICMP • Inbound • Protocol • Port • Source Confidential | eagledream.com Network Access Control Lists • Layer 3 control • IP or subnet to subnet control • Must define in and out • Network segmentation control • Example use case – Separate Production and Test environment traffic within a VPC • Outbound • Protocol • Port • Destination • Source/Destination can be: • Single IP Address • IP Address Block • Another Security Group • The same Security Group itself Security Groups and NACLs
- 10. 10Confidential | eagledream.com Internet gateway Endpoints VPN gateway Private Public CloudFront (CDN) & Web Application Firewall Elastic Load Balancing Securing Web Applications
- 11. 11 Log files are the key • There is no Span port in the Cloud for a Next Gen Firewall • Rely instead on log files • VPC Flow logs • ELB logs • CloudFront logs • Application logs • CloudTrail logs • Need tooling to mine and compare to known threats • Sumo Logic • Combine your on-premises logs as well into a single pane of glass Confidential | eagledream.com Services from AWS • CloudTrail • Log EVERY API call • Config and Config Rules • State history of objects • Enforce object configuration • Identity and Access Management • Server Roles • Shield and Shield Advanced • Inspector Securing the Cloud
- 12. 12Confidential | eagledream.com Cost Management
- 13. 13Confidential | eagledream.com Cost Management
- 14. 14 IaaS, the beginning of the Cloud • Compute • T2 – Web servers, small Databases • M4 – General purpose • C4 – Compute optimized • X1 – SAP HANA workloads • R4 – Memory optimized • P2 – General purpose GPU • G2 – Graphic intensive GPU • F1 – Field Programmable Gate Arrays • I3 – Storage Optimized • D3 – Dense storage • From 1 vCPU and 0.5 GB of RAM to 128 vCPU and 2 TB of RAM Confidential | eagledream.com • Disk • 1 GB to 16 TB – no RAID necessary • SSD storage for $0.10/GB/month • Block level backups • Purchase Provisioned IOPS • File storage • $0.004 - $0.023/GB/month • Licensing • All OS licensing is included in pricing • Dedicated servers for HIPAA workloads Infrastructure as a Service
- 15. 15 DBaaS • Let someone else do the “unmitigated heavy lifting” • Engines that are supported • MariaDB • MySQL • Postgresql • MS SQL • Oracle • Aurora – 5x the performance of MySQL • High availability with AWS managed Master/Slave Confidential | eagledream.com DWaaS (Data Warehouse as a Service) • As low as $0.25/hr to get started • Scale to 5 PB on disk, and hundreds of vCPUs • Scale to Exabytes with new features • Postgres-like interface • Invoke Python functions from SQL • Managed service with backup and high availability Platform as a Service
- 16. 16 FaaS (Lambda) • No more servers! • Upload code and AWS handles the rest • Java • C# • NodeJS • Python • Will automatically scale as wide as needed • Costs based on requests and memory footprint and duration of execution time • $0.20/million/month requests • $0.00001667/GB-second/month Confidential | eagledream.com CCaaS (Amazon Connect) • Call Center as a Service • No monthly recurring charges – pay for what you use • Inbound and outbound rates • Toll-free support • Port in numbers • Soft phone only • Build integrations to CRM and other APIs Platform as a Service
- 17. 17 Scalability • Vertical or horizontal scaling – horizontal is better • Horizontal scaling via automation • Spin up or down • Customized triggers • Customizable flows • Windows or Linux Confidential | eagledream.com High Availability • Multiple Availability Zone deployments for IaaS and DBaaS • Synchronous database replication within the Region • Stream files to other Regions • Cross Region read replicas of databases • Cross Region backup distribution Durability • 11 9’s of durability for data stored in S3 • 5 9’s for data on Block storage - RAID is not needed or recommended • 99.95% SLA at the Availability Zone level <X>-abilities
- 18. 18Confidential | eagledream.com Contact Us 1.888.4EAGLEDREAM info@eagledream.com Headquarters | Rochester, NY 300 Trolley Blvd Rochester, NY 14606 New England | Boston, MA 300 Baker Avenue, Suite 300 Concord, MA 01742 Primary Contact(s): Scott Weber Vice President, Cloud Solutions Email: Scott.Weber@eagledream.com We look forward to working with you. EagleDream.com
Editor's Notes
- #19: Bigger text? emphasize