Best Practices for Architecting in the Cloud - Jeff Barr
1. Jeff Barr Technology Evangelist jbarr@amazon.com
Best Practices in
Architecting for the
Cloud
2. My Background
Education:
BS in Computer Science,
The American University, 1985
Grad student in Digital Media
University of Washington, 2010-Present
Background:
Microsoft Visual Studio team
Consulting to startups and VC’s
Amazon employee since 2002:
Evangelist
Blogger (AWS Blog)
Author (Host Your Website in the Cloud)
Talk show host (AWS Report)
3. Cloud Best Practices Whitepaper
Prescriptive guidance to Cloud Architects
http://bit.ly/aws-best-practices
4. Cloud Computing Attributes
Why Architects love the cloud?
Abstract No Servers or Hard drives but Instances and Volumes.
Resources Cloud resources are fungible.
On-Demand Ask for what you need, exactly when you need it. Get rid
Provisioning of it when you don’t need.
Scalability in
Minutes
Scale out or in depending on usage needs.
Pay On
Consumption
You stop paying for resources when you turn them off
Cloud gives you access to scriptable infrastructure.
Automation
Allows you to automate using APIs.
5. The “Living and Evolving”
The “Living and Evolving” Cloud Cloud
AWS services and basic terminology
Tools to access
services
Cross Service
features
Platform building
blocks
Infrastructure
building blocks
6. AWS Building
The “Living and Evolving” Cloud Blocks
Inherently Fault-Tolerant Fault-Tolerant
Services with the right
Amazon S3 Amazon architecture
Route53
Amazon Amazon EC2
SimpleDB Elastic Load
Balancing Amazon EBS
Amazon
DynamoDB AWS IAM Amazon RDS
Amazon AWS Elastic Amazon VPC
CloudFront Beanstalk
Amazon SWF Amazon
ElastiCache
Amazon SQS
Amazon EMR
Amazon SNS
Amazon
Amazon SES CloudSearch
7. Scalability
Build a Scalable Architecture on AWS
A scalable architecture is critical to take advantage of a scalable
infrastructure
Characteristics of Truly Scalable Service
Increasing resources results in a proportional increase in
performance
A scalable service is operationally efficient
A scalable service is resilient
A scalable service becomes more cost effective when it
grows
8. Cloud Architecture Lessons
using Amazon Web Services
1. Design for failure and nothing fails
2. Loose coupling sets you free
3. Implement “Elasticity”
4. Build Security in every layer
5. Think Parallel
6. Leverage different storage options
9. 1. Design for Failure
and nothing will really fail
"Everything fails, all the time"
Werner Vogels, CTO Amazon.com
Avoid single points of failure
Assume everything fails, and design backwards
Goal: Applications should continue to function even if the underlying physical
hardware fails or is removed or replaced.
10. Design for Failure with AWS
Tools to make your life easier
Use Fault-tolerant Services as Ingredients of your App
Use Amazon Elastic Block Store (EBS) Snapshots
Auto-scaling for Auto-Recovery
Multi-AZ Data Replication and Recovery
On-demand application provisioning in a different AZ
Multi-AZ Application Deployment and Data replication
11. 2. Build Loosely Coupled Systems
The looser they're coupled, the bigger they scale
Independent components
Design everything as a Black Box
De-couple for Hybrid models
Load-balance clusters
Use Amazon SQS as Buffers
Tight Coupling Controller A Controller B Controller C
Q Q Q
Loose Coupling
using Queues Controller A Controller B Controller C
12. 3. Implement Elasticity
Elasticity is fundamental property of the Cloud
Don’t assume health or fixed location of components
Use designs that are resilient to reboot and re -launch
Bootstrap your instances: Instances on boot will ask a
question “Who am I & what is my role?”
Enable dynamic configuration
Use Auto Scaling
Use Elastic Load Balancing on multiple layers
Use configurations in SimpleDB to bootstrap instance
Use Configuration Management tools like Chef & Puppet…
13. 3. Implement Elasticity
Towards elastic architectures
Resilient to reboot and re-launch:
Design the system such that in the event of a failure, it is resilient enough to
automatically re-launch and restart. Forcefully fail and test (Chaos Monkey).
Stateless:
Extract stateful components and strive to make them stateless.
Packable into an AMI:
Package and deploy your application into an AMI so it can run on an Amazon
EC2 instance. Run multiple instances on multiple Amazon EC2 instances.
Decouple:
Isolate the components using Amazon SQS. Decouple code with deployment
and configuration.
14. Use a Chaos Monkey
Standardized Technology Stacks
Standardized Application Stacks
15. 3. Implement Elasticity
Standardized Technology Stacks
Standardized Application Stacks
WebIIS
Apache
Server
ASP.NET
Mongrel
Tomcat
App Server
ASP.NET MVC
Struts
Rails
MVC
Your Code
Log4Net
logger
Log4J
Libraries
Spring.NET
RubyGems
Spring
Packages
memcached
nHibernate
Hibernate
DB Caching
Ruby JEE
Runtime
.NET
Framework
Windows
Centos
Linux
OS
Java Stack .NET Stack RoR stack
16. 3. Implement Elasticity
3 Approachesdesigning your AMIs
3 approaches to to design MDE
Easier to Setup
Inventory of fully baked AMIs
(Frozen Pizza Model)
“Golden AMIs” with fetch on boot
(Take N’ Bake Papa Murphy Model)
AMIs with JeOS and “Chef” Agent
(Made to Order Pizza Model)
More Control
Easier to maintain
17. 4. Build Security in every layer
Design with Security in mind
In the Cloud, Security is a Shared
Responsibility and it has to be
implemented in every layer
18. In the cloud, Security is a Shared Responsibility
Encrypt data in transit
SOC 1/SSAE 16/ISAE 3402
Encrypt data at rest
ISO 27001/2 Certification
Protect your AWS Credentials
PCI DSS 2.0 Level 1-5
Rotate your keys
HIPAA/SOX Compliance
Infrastructure Application Secure your application, OS,
FISMA A&A Low
Security Security Stack and AMIs
How we secure our How can you secure your
infrastructure application and what is
your responsibility?
Services Security
Enforce IAM policies
What security options
Use MFA, VPC, Leverage S3
and features are available
bucket policies, EC2 Security
to you?
groups, EFS in EC2 Etc..
19. www.myphpwebsite.com
(dynamic data)
Amazon Route 53
media.myphpwebsite.com
(DNS)
(static data)
Elastic Load LB
# Permit HTTP(S) access to Web Balancer
Layer from the Entire Internet
ec2auth Web -p 80,443 -s 0.0.0.0/0
Distribution Amazon
Web Server CloudFront
Web Server
App Server App Server
Auto Scaling group : Web Tier
# Permit Web Layer access to App
Amazon EC2
Layer
ec2auth App -p 8000 –o Web
Memcache Memcache
Tomcat
# Permit App Layer access to DB
ec2auth DB -p 3209 –o App Cache Tier
# Permit admin access SSH to all Amazon S3
RDS Buckets
three layers
Master
# First allow connection from
office to Web tier, and from there
to the other layers Availability Zone #1
ec2auth Web -p 22 -s <for example,
network block of your office> RDS
ec2auth App -p 22 -o Web Slave
Availability Zone #2
ec2auth DB -p 22 -o Web
20. 5. Think Parallel
Serial and Sequential is now history
Experiment with different architectures in parallel
Multi-threading and Concurrent requests to cloud services
Run parallel MapReduce Jobs on Amazon Elastic MapReduce
Use Elastic Load Balancing to distribute load across multiple servers
Decompose a Job into its simplest form
21. 5. Think Parallel
This is where AWS really shines..
Amazon Cluster Elastic
Spot Expand/
Hadoop Elastic Compute
Instances Shrink
Super
MapReduce HPC computer
Distributed On-demand Each VM = Cost savings Expand or Big Data
Processing Infrastructure 2 Xeon due to lower Shrink a power
Framework (Cloud) + “Nehalem” “Spot price” running house
Automation Quad-core (Time-insensitive cluster
tasks)
10G Ethernet
2 GPGPUs
22. 6. Leverage many storage options
Use Scalable Ingredients
Amazon S3: large static objects
Amazon Cloudfront: content distribution
Amazon SimpleDB: simple data indexing/querying
Amazon EC2 local disc drive : transient data
Amazon EBS: persistent storage for any RDBMS + Snapshots on S3
Amazon RDS: RDBMS service - Automated and Managed MySQL
23. 6. Leverage many storage options
Which storage option to use when?
Amazon S3 + Amazon EC2 Amazon EBS Amazon Amazon RDS
CloudFront Ephemeral DynamoDB &
Store SimpleDB
Ideal for Storing Large Storing non- Off-instance Querying light- Storing and
write-once, persistent persistent weight attribute querying
read-many transient storage for any data (SimpleDB) structured
types of updates kind of data Relational and
objects, Static Highly scalable referential
Content applications Data
Distribution (DynamoDB)
Ideal examples Media files, Config Data, Clusters, boot Querying, Complex
audio, video, scratch files, data, Log or Mapping, transactional
images, TempDB data of tagging, click- systems,
Backups, commercial stream logs, inventory
archives, RDBMS like metadata, management
versioning Oracle, DB2 shared-state and order
management, fulfillment
indexing systems
Not Querying, Storing Relational (joins)
recommended Searching Database logs query
for or backups,
customer data
Not Database, File Sensitive data Content OLTP, DW cube Simple
recommended Systems Distribution rollups lookups
examples
24. Cloud Architecture Lessons
Best Practices
1. Design for failure and nothing fails
2. Loose coupling sets you free
3. Implement Elasticity
4. Build Security in every layer
5. Think Parallel
6. Leverage many storage options
25. Additional Info..
AWS Architecture Center - http://aws.amazon.com/architecture
AWS Premium Support - http://aws.amazon.com/premiumsupport
AWS Blog – http://aws.amazon.com/blog
Photo: Grand Canyon Hopi Point SunSet
3-Tier Auto-scalable Web and Application Tier architecture with HA database (Multi-AZ Setup)
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
1. Design for failure and nothing fails2. Loose coupling sets you free3. Implement Elasticity4. Build Security in every layer5. Don't fear constraints6. Think Parallel7. Leverage many storage options
The day is not too far when applications will cease to be aware of physical hardware. Much like plugging in a microwave in order to power it doesn’t require any knowledge of electricity, one should be able to plug in an application to the cloud in order to receive the power it needs to run, just like a utility. As an architect, you will manage abstract compute, storage and network resources instead of physical servers. Applications will continue to function even if the underlying physical hardware fails or is removed or replaced. Applications will adapt themselves to fluctuating demand patterns by deploying resources instantaneously and automatically, thereby achieving highest utilization levels at all times. Scalability, Security, High availability, Fault-tolerance, Testability and Elasticity will be configurable properties of the application architecture and will be an automated and intrinsic part of the platform on which they are built.However, we are not there yet. Today, you can build applications in the cloud with some of these qualities by implementing the best practices highlighted in the paper. Best practices in cloud computing architectures will continue to evolve and as researchers, we should focus not only on enhancing the cloud but also on building tools, technologies and processes that will make it easier for developers and architects to plug in applications to the cloud easily.