SlideShare a Scribd company logo

Best Practices for Application Management in AWS

B
Brad Adair

This document discusses best practices for application management in AWS. It covers four key domains: performance, security, reliability, and scalability. For performance, it recommends using Trusted Advisor to find issues and monitoring applications. For security, it emphasizes using AWS security features like VPCs, security groups, and multifactor authentication. For reliability, it stresses understanding availability zones and regions. For scalability, it advises provisioning for small spikes but scaling horizontally to growth using auto-scaling. Case studies demonstrate how companies improved their performance, reliability, and costs by migrating applications to AWS.

Technology
Related topics:
Cloud Computing Insights
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
APPLICATION MANAGEMENT IN AWS BEST PRACTICES
INTRODUCTION BRAD ADAIR ▸ Director of Infrastructure Services at IQ Innovations, LLC. ▸ Have been working in IT for 12+ years in various areas ranging from desktop support to system administration to management. ▸ AWS Certified Solutions Architect ▸ Have been working heavily in AWS for about 2.5 years. ▸ Email: brad@adair.tech ▸ Twitter: @bpadair
INTRODUCTION APPLICATION MANAGEMENT IN AWS ▸ Public cloud in general, and AWS in particular are changing the way that we think about infrastructure and the way we manage the applications that run on that infrastructure. ▸ Less permanence, more ephemeral and temporary. ▸ More purpose built and dedicated resources. ▸ Less “make it fit”
INTRODUCTION FOUR DOMAINS ▸ Performance ▸ Security ▸ Reliability ▸ Scalability
PERFORMANCE WHAT DO WE MEAN? ▸ What do we mean when we talk about performance? ▸ Getting as much power as possible? ▸ Getting just enough? ▸ What about growth?
PERFORMANCE GENERAL GUIDANCE ▸ Use Trusted Advisor to find (somewhat) obvious performance issues. ▸ Things like over-utilized instances, excessive security group rules, and cache-hit ratio can be found here. ▸ Plan for performance to scale, not grow. ▸ Monitor, monitor, monitor.
PERFORMANCE DATABASES ▸ Need special consideration. ▸ RDS, Dynamo, EC2 instance. ▸ If using EC2, use provisioned IOPS, and RAID-0 volumes. ▸ Do not put databases on EFS instances. ▸ Replication - yes/no - where?
PERFORMANCE CASE-STUDY: IQ INNOVATIONS ▸ Two data centers and a public cloud provider. ▸ All Centos running on ESXi. ▸ MySQL database. ▸ Apache, Tomcat, Grails stack on app servers. ▸ 1 clients configuration: 8 servers dedicated to MySQL, 14 app servers, 1 NFS server, 2 utility servers. ▸ Performance was terrible. ▸ Average app response time: ~600ms ▸ Average end-user response time: ~4s ▸ Constantly running out of memory and restarting ▸ Nowhere to grow
PERFORMANCE CASE STUDY: IQ INNOVATIONS ▸ Moved to AWS. Eliminated the collocation space and other cloud provider. ▸ Still running MySQL and Centos. ▸ Databases moved to RDS. Application servers moved to EC2. ▸ Same client configuration: 6 RDS instances for databases, 4 app servers, 1 utility server, EFS to replace SAN. ▸ Performance improved dramatically: ▸ App response time: ~80-100ms ▸ End-user response time: ~1-2s ▸ No more memory issues. ▸ Cost savings of about 50%.
SECURITY HAVEN’T WE BEEN DOING THIS FOREVER? ▸ Yes, and a lot of existing knowledge still applies. ▸ You still need smart policies. ▸ Your application still needs to protect against common attack vectors. ▸ Some things to change with a move to AWS, however. ▸ You are no longer responsible for physical security. ▸ You are no longer responsible for hypervisor security or patching. ▸ Depending on the service you may not even be responsible for OS security and patching.
SECURITY BEST PRACTICES ▸ Trusted advisor. This is a recurring theme. ▸ Bastion hosts ▸ VPC ▸ Peering ▸ Security groups ▸ NACL ▸ COMMON SENSE!
SECURITY COMMON MISTAKES ▸ Console access for everyone. ▸ Overly permissive policies. ▸ Lack of two factor authentication. ▸ Overly/Publicly exposed access keys. ▸ Access key rotation.
RELIABILITY EASIER AND HARDER SIMULTANEOUSLY ▸ A lot of the work for reliability is done for you. ▸ It is a mistake to put too much trust in this. ▸ The tools are there, but you have to choose to use them. ▸ Architecture matters.
RELIABILITY CRITICAL THINGS TO UNDERSTAND ▸ Availability zones ▸ Regions ▸ Difference between AZs and Regions and how they should be used together. ▸ Replication of different services. ▸ Availability SLAs. ▸ S3 storage classes/levels
RELIABILITY CASE STUDY: CONFIDENTIAL COMPANY ▸ Pre-AWS: ▸ Only in one data center due to cost. ▸ Had clients nationwide, but all resources were centralized. ▸ Had to have 4 or more hours of downtime for deployments ▸ Many SPoF including storage and network. Redundancy was attempted but not done well.
RELIABILITY CASE STUDY: CONFIDENTIAL COMPANY ▸ AWS Setup: ▸ Multiple VPCs spread across multiple regions to provide redundancy and be close to customers. ▸ VPC peering to reduce single points of failure. ▸ MAZ RDS instances for databases. ▸ EFS for network based storage. ▸ Replication of databases across regions. ▸ IaC templates for VPCs to allow for rapid reproduction in other regions.
SCALABILITY WHAT IS SCALABILITY ▸ Scalability is about more than simply adding more resources in response to increased demand. ▸ Scalability needs to include both scaling up and scaling down. ▸ Goal is to maximize user experience while minimizing cost.
SCALABILITY DIFFERENT APPROACH ▸ Provision with small spikes in mind, but not growth. ▸ Scale to growth. ▸ Schedule scale downs and scale ups. ▸ Auto-scaling is your friend. ▸ Monitor, monitor, monitor. Don’t alert, alert, alert.
SCALABILITY COMMON MISTAKES ▸ Over-provisioning. ▸ Reserving too quickly. ▸ Planning for vertical scaling as opposed to horizontal. ▸ Provisioning for growth instead of planning for it. ▸ Manual intervention. ▸ Under analysis of utilization.
QUESTIONS?

More Related Content

PPTX
Datacomm VMWare Hybrid Cloud
PT Datacomm Diangraha
 
PPTX
AWS Cloud Disaster Recovery Plan Checklist - Are you ready?
CloudEndure
 
PPTX
5 Takeaways from AWS re:Invent 2019
OK2OK
 
PDF
Paving The Way To The Hybrid Cloud
PT Datacomm Diangraha
 
PDF
AWS Cost Optimisation Made Easy
Madan Ganesh Velayudham
 
PDF
Deploying in the Cloud: Why and How
Matt Small
 
PPTX
Make a Move to the Azure Cloud with SoftNAS
Buurst
 
PPTX
On-Prem to All-In: How Versent Leads Successful AWS Migrations
OK2OK
 
Datacomm VMWare Hybrid Cloud
PT Datacomm Diangraha
 
AWS Cloud Disaster Recovery Plan Checklist - Are you ready?
CloudEndure
 
5 Takeaways from AWS re:Invent 2019
OK2OK
 
Paving The Way To The Hybrid Cloud
PT Datacomm Diangraha
 
AWS Cost Optimisation Made Easy
Madan Ganesh Velayudham
 
Deploying in the Cloud: Why and How
Matt Small
 
Make a Move to the Azure Cloud with SoftNAS
Buurst
 
On-Prem to All-In: How Versent Leads Successful AWS Migrations
OK2OK
 

Similar to Best Practices for Application Management in AWS (17)

PDF
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Veritas Technologies LLC
 
PPTX
AWS Elastic Disaster Recovery (AWS DRS) First Call Deck.pptx
BinoyPolpakkara
 
PPT
Cloud computing
gd1410
 
PDF
A real-life account of moving 100% to a public cloud
Julien SIMON
 
PDF
Best of re:Invent 2016 meetup presentation
Lahav Savir
 
PDF
Construindo Aplicacoes Web e Mobile Escalaveis na AWS
Amazon Web Services LATAM
 
PDF
Migrating to AWS
Michael Brosnahan
 
PPTX
Cloud1 Computing 01
Heartin Jacob
 
PPTX
Amx202 l Building Your CA Service Management Solution on AWS
Brian Poissant
 
PPTX
vBrownBag AWS Certified SysOps : Associate Domain 4
Eric Santelices
 
PPT
Cloud computing What Why How
Asian Institute of Technology (AIT)
 
PPTX
Introduction to cloud computing
Ahmad Sakhleh
 
PDF
Getting Started with AWS | AWS Tutorial for Beginners | AWS Training | Edureka
Edureka!
 
PDF
AWS SysOps Administrator Training | AWS SysOps Tutorial | Edureka
Edureka!
 
PDF
Migratory Workloads Across Clouds with Nomad
Philip Watts
 
PPTX
Migrate Existing Applications to AWS without Re-engineering
Buurst
 
PPTX
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Buurst
 
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Veritas Technologies LLC
 
AWS Elastic Disaster Recovery (AWS DRS) First Call Deck.pptx
BinoyPolpakkara
 
Cloud computing
gd1410
 
A real-life account of moving 100% to a public cloud
Julien SIMON
 
Best of re:Invent 2016 meetup presentation
Lahav Savir
 
Construindo Aplicacoes Web e Mobile Escalaveis na AWS
Amazon Web Services LATAM
 
Migrating to AWS
Michael Brosnahan
 
Cloud1 Computing 01
Heartin Jacob
 
Amx202 l Building Your CA Service Management Solution on AWS
Brian Poissant
 
vBrownBag AWS Certified SysOps : Associate Domain 4
Eric Santelices
 
Cloud computing What Why How
Asian Institute of Technology (AIT)
 
Introduction to cloud computing
Ahmad Sakhleh
 
Getting Started with AWS | AWS Tutorial for Beginners | AWS Training | Edureka
Edureka!
 
AWS SysOps Administrator Training | AWS SysOps Tutorial | Edureka
Edureka!
 
Migratory Workloads Across Clouds with Nomad
Philip Watts
 
Migrate Existing Applications to AWS without Re-engineering
Buurst
 
Should you keep your On-Premises NAS: Upgrade, Pay Maintenance or Public Cloud?
Buurst
 
Ad

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
A Presentation on Artificial Intelligence
memembruh336
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Ad

Best Practices for Application Management in AWS

  • 2. INTRODUCTION BRAD ADAIR ▸ Director of Infrastructure Services at IQ Innovations, LLC. ▸ Have been working in IT for 12+ years in various areas ranging from desktop support to system administration to management. ▸ AWS Certified Solutions Architect ▸ Have been working heavily in AWS for about 2.5 years. ▸ Email: brad@adair.tech ▸ Twitter: @bpadair
  • 3. INTRODUCTION APPLICATION MANAGEMENT IN AWS ▸ Public cloud in general, and AWS in particular are changing the way that we think about infrastructure and the way we manage the applications that run on that infrastructure. ▸ Less permanence, more ephemeral and temporary. ▸ More purpose built and dedicated resources. ▸ Less “make it fit”
  • 4. INTRODUCTION FOUR DOMAINS ▸ Performance ▸ Security ▸ Reliability ▸ Scalability
  • 5. PERFORMANCE WHAT DO WE MEAN? ▸ What do we mean when we talk about performance? ▸ Getting as much power as possible? ▸ Getting just enough? ▸ What about growth?
  • 6. PERFORMANCE GENERAL GUIDANCE ▸ Use Trusted Advisor to find (somewhat) obvious performance issues. ▸ Things like over-utilized instances, excessive security group rules, and cache-hit ratio can be found here. ▸ Plan for performance to scale, not grow. ▸ Monitor, monitor, monitor.
  • 7. PERFORMANCE DATABASES ▸ Need special consideration. ▸ RDS, Dynamo, EC2 instance. ▸ If using EC2, use provisioned IOPS, and RAID-0 volumes. ▸ Do not put databases on EFS instances. ▸ Replication - yes/no - where?
  • 8. PERFORMANCE CASE-STUDY: IQ INNOVATIONS ▸ Two data centers and a public cloud provider. ▸ All Centos running on ESXi. ▸ MySQL database. ▸ Apache, Tomcat, Grails stack on app servers. ▸ 1 clients configuration: 8 servers dedicated to MySQL, 14 app servers, 1 NFS server, 2 utility servers. ▸ Performance was terrible. ▸ Average app response time: ~600ms ▸ Average end-user response time: ~4s ▸ Constantly running out of memory and restarting ▸ Nowhere to grow
  • 9. PERFORMANCE CASE STUDY: IQ INNOVATIONS ▸ Moved to AWS. Eliminated the collocation space and other cloud provider. ▸ Still running MySQL and Centos. ▸ Databases moved to RDS. Application servers moved to EC2. ▸ Same client configuration: 6 RDS instances for databases, 4 app servers, 1 utility server, EFS to replace SAN. ▸ Performance improved dramatically: ▸ App response time: ~80-100ms ▸ End-user response time: ~1-2s ▸ No more memory issues. ▸ Cost savings of about 50%.
  • 10. SECURITY HAVEN’T WE BEEN DOING THIS FOREVER? ▸ Yes, and a lot of existing knowledge still applies. ▸ You still need smart policies. ▸ Your application still needs to protect against common attack vectors. ▸ Some things to change with a move to AWS, however. ▸ You are no longer responsible for physical security. ▸ You are no longer responsible for hypervisor security or patching. ▸ Depending on the service you may not even be responsible for OS security and patching.
  • 11. SECURITY BEST PRACTICES ▸ Trusted advisor. This is a recurring theme. ▸ Bastion hosts ▸ VPC ▸ Peering ▸ Security groups ▸ NACL ▸ COMMON SENSE!
  • 12. SECURITY COMMON MISTAKES ▸ Console access for everyone. ▸ Overly permissive policies. ▸ Lack of two factor authentication. ▸ Overly/Publicly exposed access keys. ▸ Access key rotation.
  • 13. RELIABILITY EASIER AND HARDER SIMULTANEOUSLY ▸ A lot of the work for reliability is done for you. ▸ It is a mistake to put too much trust in this. ▸ The tools are there, but you have to choose to use them. ▸ Architecture matters.
  • 14. RELIABILITY CRITICAL THINGS TO UNDERSTAND ▸ Availability zones ▸ Regions ▸ Difference between AZs and Regions and how they should be used together. ▸ Replication of different services. ▸ Availability SLAs. ▸ S3 storage classes/levels
  • 15. RELIABILITY CASE STUDY: CONFIDENTIAL COMPANY ▸ Pre-AWS: ▸ Only in one data center due to cost. ▸ Had clients nationwide, but all resources were centralized. ▸ Had to have 4 or more hours of downtime for deployments ▸ Many SPoF including storage and network. Redundancy was attempted but not done well.
  • 16. RELIABILITY CASE STUDY: CONFIDENTIAL COMPANY ▸ AWS Setup: ▸ Multiple VPCs spread across multiple regions to provide redundancy and be close to customers. ▸ VPC peering to reduce single points of failure. ▸ MAZ RDS instances for databases. ▸ EFS for network based storage. ▸ Replication of databases across regions. ▸ IaC templates for VPCs to allow for rapid reproduction in other regions.
  • 17. SCALABILITY WHAT IS SCALABILITY ▸ Scalability is about more than simply adding more resources in response to increased demand. ▸ Scalability needs to include both scaling up and scaling down. ▸ Goal is to maximize user experience while minimizing cost.
  • 18. SCALABILITY DIFFERENT APPROACH ▸ Provision with small spikes in mind, but not growth. ▸ Scale to growth. ▸ Schedule scale downs and scale ups. ▸ Auto-scaling is your friend. ▸ Monitor, monitor, monitor. Don’t alert, alert, alert.
  • 19. SCALABILITY COMMON MISTAKES ▸ Over-provisioning. ▸ Reserving too quickly. ▸ Planning for vertical scaling as opposed to horizontal. ▸ Provisioning for growth instead of planning for it. ▸ Manual intervention. ▸ Under analysis of utilization.