AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
•
1 recomendación•1,195 vistas
In the digital economy, the fast development and deployment of applications is critical to success. To thrive in this application-oriented business environment, IT organizations are acting now to change their tools and processes to better support agile development methodologies. This session will cover performance benchmarking, benefits of migrating existing workloads, use of key services like Amazon RDS and AWS CloudHSM, and demonstrate how to deploy applications securely and at scale. Session sponsored by Cisco.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
Similar a AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211) (20)
Más de Amazon Web Services
Más de Amazon Web Services (20)
Último
Último (20)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jeremy Oakey, Director CloudCenter Technical Marketing, Cisco Systems December 2016 DEV211 Automated DevOps and Continuous Delivery
- 2. What to Expect from the Session • Challenges that necessitate automation • Benefits to model-based approach for application automation • Automating image management • Other features and services needed in an application- centric future
- 3. Request Infrastructure Verification Hardware Setup Build VMs – New or Clone DNS Entries Install, Setup, Configure Workload Database Refresh Latest Code Deployment Load Balancer Entries Web Server Configuration Firewall Changes External Interface & Integration PPM Tasks Workload Monitoring Setup Security – VM access control Testing 1- 2 days 3- 5 days 2 – 4 weeks 3 – 5 days 1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days 2 – 5 days 1 -2 days 2 – 4 days 1 – 2 days 3 – 7 days 2 – 3 days 1 day 5 – 6 days Task timeWait time Deploying an Enterprise Application Without Automation
- 4. Request Infrastructure Verification Hardware Setup Build VMs – New or Clone DNS Entries Install, Setup, Configure Workload Database Refresh Latest Code Deployment Load Balancer Entries Web Server Configuration Firewall Changes External Interface & Integration PPM Tasks Workload Monitoring Setup Security – VM access control Testing VM Automation Only – A Partial Solution 1 - 2 days 1 - 2 days 4 - 7 days 2 - 3 days 2 - 5 days 2 - 5 days 1 - 2 days 2 - 4 days 1 - 1 days 3 - 7 days 2 - 3 days 1 day 5 - 6 days
- 5. Request Infrastructure Verification Hardware Setup Build VMs – New or Clone DNS Entries Install, Setup, Configure Workload Database Refresh Latest Code Deployment Load Balancer Entries Web Server Configuration External Interface & Integration PPM Tasks Workload Monitoring Setup Testing Network Automation Only – A Partial Solution 1 - 2 days 4 - 7 days 2 - 3 days 2 - 5 days 2 - 5 days 1 - 2 days 1 - 1 days 3 - 7 days 2 - 3 days 5 - 6 days Firewall Changes Security – VM access control
- 6. Infrastructure Verification Hardware Setup Build VMs – New or Clone Application Orchestration and Infrastructure Automation – Still No Guaranteed Outcome Latest Code Deployment External Interface & Integration Testing 2 - 5 days 1 - 1 days 5 - 6 days Request 1 - 2 days DNS Entries Install, Setup, Configure Workload Database Refresh Load Balancer Entries Web Server Configuration Firewall Changes PPM Tasks Workload Monitoring Setup Security – VM access control
- 7. Why Migrate from On-premises Environments? • Capacity limitations such as resources, power or performance • Pay for what you use • Self-managed • App runs best close to the “edge” • It’s ready for you! On-premises Environment
- 8. Migrate Back? Hybrid Deployments? • Multi-use database in an on- premises environment is used • Interact with other applications not externally reachable • Compliance requirements • “Free” resources On-premises Environment
- 9. Application Profile (Represented as Cube) nginx_... apache_... mysql_... 2 CPU 4GB Memory 20GB Storage Containers Recipes Scripts Jar War Binaries
- 10. Application Profile (Represented as Cube) Build Environment Infrastructure Compute, Network, Storage Cloud Services Load Balance, Storage Images, Services, Containers App and Web Servers Cluster and Caching Middleware Database OS and VM Images or Containers Packages and Files Scripts Data
- 11. Build Automation is Generally Mature Source Repository GitHub Artifact Repository Artifactory Build Automation Jenkins
- 12. Deployment Automation is Not… Source Repository GitHub Artifact Repository Artifactory Build Automation Jenkins ?? On-premises On-premises
- 13. Hardwired automation doesn’t scale…AWS US East App V.1 AWS US West App V.1 AWS US East App V.2 AWS US West App V.2
- 14. Hardwired Automation? resource "aws_elb” "web” { name = "terraform-example-elb” subnets = ["${aws_subnet.default.id}"] security_groups = ["${aws_security_group.elb.id}"] instances = ["${aws_instance.web.id}"] listener { instance_port = 80 instance_protocol = "http” lb_port = 80 lb_protocol = "http” } } resource "aws_key_pair" "auth" { key_name = "${var.key_name}” public_key = "${file(var.public_key_path)}"} resource "aws_instance" "web” connection { user = "ubuntu} instance_type = "m1.small” ami = "${lookup(var.aws_amis, var.aws_region)}” key_name = "${aws_key_pair.auth.id}” accessvpc_security_group_ids = ["${aws_security_group.default.id}"] .. }
- 15. Deployment Automation is Not…Hard-Coded Example – Jenkins Plugin for AWS
- 17. What is Cisco CloudCenter? Demos include, so what should you know about it? • Cloud management and brokerage platform • Uses Application Profile - model once, deploy anywhere • Provides guardrails to automation - Governance to any environment - Policy and financial controls - Multi-tenant and multi-account • Benchmarking of applications
- 19. What are Options for Managing Images? Images still need to be maintained and now at scale Options • Transform ”Gold” images to AWS • Rebuild images dynamically • Consume OS vendor-provided images Challenges • Multiple virtualization formats • Storage costs (not thin) • Region-specific requirement • Pace of patches increasing • New deployments with old images = exploitable until patched
- 20. Demo - Automate Image Management
- 21. Networking – Simplify the Complex thru APIs • Consistent implementation between on-premises environments and AWS needs a management strategy • Multi Availability Zones required for uptime guarantee • Different best practices from the firewalling we grew up with Availability Zone region Availability Zone web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr web svr
- 22. Demo – Network Segmentation
- 23. Demo – Automatically Scaling Across Availability Zones
- 24. Demo – Adopting AWS Services Like RDS and Elastic Load Balancing Amazon RDS Elastic Load Balancing
- 25. What About Your Crypto Keys? AWS CloudHSM provides: • Hardware – the H in HSM (dedicated appliance) • Storage of cryptographic keys • Use AWS for sensitive data without direct access to encryption keys • AWS operations personnel do not have access to your cryptographic domain virtual private cloud AWS CloudHSM AWS – manages the appliance You – control keys and crypto operations
- 26. Demo – Using CloudHSM AWS CloudHSM
- 28. Thank you!
- 29. Remember to complete your evaluations!