In the second installment of our Moving to the Cloud series, we look at the AWS products and services you'll want to review before making the decision to move into their cloud.
In the intro of our Moving to the Cloud series we introduced the value proposition that Amazon Web Services (AWS) provides via its Infrastructure-as-a-Service (IaaS) platform. If you find that the value proposition works for your company then you should review the products and services to see which workloads make sense to move to the AWS cloud. AWS provides a broad spectrum of products and services which fulfill many use cases. In this installment we introduce the major offerings that may allow you to see if AWS capabilities will meet your needs.
In the second installment of our Moving to the Cloud series, we look at the AWS products and services you'll want to review before making the decision to move to the cloud.
This post will introduce the four major services that will be critical in your decision to move to the AWS cloud:
These are the fundamentals required to move any workload to the cloud. Additional services such as Analytics, Management Tools, Application and Mobile services will be introduced in other posts. Before diving into each of the major services let's look at AWS IaaS from the big picture perspective.
AWS has been and continues to invest globally to increase their footprint of facilities so customers can use them as needed to improve performance and availability. AWS defines this footprint by using Regions and Availability Zones (AZ) as shown in the diagram below.
Each AWS Region is a collection of data centers and Availability Zones mapped to those data centers. Each region is physically isolated from another one in terms of networking, power, water usage and location. In addition to providing companies decreased latency based on their user locations the regions can also provide for compliance and data sovereignty rules.
Each Region currently contains from two to five availability zones. Availability zones are isolated with separate locations, power and networking but are connected with low latency private network links. Availability zones have multiple data centers but never share one with another AZ. Most on premises data center may be similar to running within a single AZ, but with AWS you have the ability to fail over into another AZ as shown below.
Several services such as EC2, VPC and Load Balancer make up the Compute & Networking set of services that are part of the foundation of moving to the AWS Cloud. The diagram below is an example of some of the services that can be used to build out needed infrastructure within AWS. The major services are briefly described below.
Amazon Elastic Compute Cloud (EC2) are re-sizable computing capacity that can easily be launched to create virtual servers within regions and availability zones in AWS to build and run your applications and software. Templates called Amazon Machine Images (AMI) which contain software configurations (operating systems, application server, applications) can be launched as instances into an AWS availability zone or multiple zones and regions.
For each instance you can select a type that defines the CPU, memory and storage. Existing VM snapshots can be be migrated into AWS as AMIs and then launched as instances. Instances can be launched, terminated or changed when needed. The process to launch can drop the time to add hundreds of servers from months in a typical on premise environment to minutes within AWS.
Amazon Virtual Private Cloud (VPC) is a way for you to create an isolated and secure private network within AWS. You can launch resources into this private network and customize configuration by selecting your own range of IP addresses and creating your own subnets, route tables and network gateways. VPCs can be connected to in many ways including the internet, corporate network via VPN and to other VPCs. Subnets can be configured to meet both public facing and secure private facing resources.
Security groups are virtual firewalls that can be setup to control the inbound and outbound traffic for each instance. You can add rules for both inbound and outbound and any traffic outside of those will not be permitted.
Amazon Route 53 is a highly available and scalable web service to manage Domain Name Systems (DNS). DNS servers are used to map URL names into numeric IP address that connect users to applications. Many large companies that manage this on premise or through their own cloud servers do not have the high availability that this service provides at a very cost effective rate. When DNS goes down web applications also go down. The recent DDOS attack was an extreme event that showed how important DNS being up to running a business. Amazon Route 53 with a global footprint along with other tools that AWS provides is much better at managing against such attacks.
Auto Scaling is an automated way of ensuring resources scale to demand thereby creating a performance and cost optimized IaaS solution. You can group EC2 instances into Auto Scaling Groups. Then, by setting up Launch Configurations and Scaling Plans, you are providing the when, how and what configurations to use for scaling up and down. Minimum and maximum instances can be defined as shown below.
The AWS Elastic Load Balancing is used to distribute incoming traffic to multiple EC2s allowing you to gain fault tolerance as well as balance capacity. The load balancer comes in two types. The Classic Load Balancer can be used for simple load balancing across multiple EC2 instances, and the Application Load Balancer can be used for more advanced routing capabilities.
AWS offers various storage options. The three considerations in determining which option is the best are durability, availability and security. Durability has to do with redundancy of the data in terms of storage across multiple facilities and multiple devices within a facility. The higher the redundancy, the higher the durability. Availability is how quickly the data can be accessed. Production data needs much quicker access times relative to archived data. All data needs encryption along with the ability to control access and permissions. The three major options from AWS are briefed below.
AWS offers many different database products for a variety of use cases. These include:
This post will focus more on RDS as it may be the most common use case for most enterprise companies considering moving to the cloud.
Amazon RDS is available for six different database engines:
You can also run your database using EC2 Instances, but then the responsibility to administer the database, patching, upgrades and provisioning more infrastructure would be your responsibilities. By using RDS, these type of database administration will be done by AWS. Creating RDS instances are quick and easy, highly scalable, durable, fast and secure. You only pay for what you consume, which is typically more cost effective than on premise systems that require sizing beyond maximum usage rather than demand usage.
Due to the scale and growth of AWS, they have been able to invest in developing the security features of their offerings in ways that are very difficult for even very large organizations can do for their on premise data centers. Security is a primary value proposition in all of the services they provide, but a few are highlighted below followed by more detailed information on Identity Access Management and Directory Services.
AWS IAM is a centrally managed service providing you to control access to all AWS resources for users. By creating users, groups and permissions you can allow and deny access to resources. AWS does not charge for this service. The use cases include fine-grained access control to AWS resources, Multi-factor authentication for highly privileged users, managing access control for mobile and browser based applications and IAM can be integrated with a corporate directory such as Microsoft Access Directory. All access can be tracked via CloudTrail.
AWS Directory Service, also know as AWS Microsoft AD, can be used to connect to existing on premise Microsoft AD, or you can create your MS AD in AWS. For Hybrid environments using AWS and On Premise Data Center this eliminates managing in both places. The AD can reside in either AWS or On Premise and manage both. By using the AWS version you can eliminate installation, patching and updates as AWS will be responsible for the software administration.
In the last ten years AWS has continuously increased the breadth of their products and services so most organizations considering a move to the cloud can migrate a majority of their workloads to the cloud. The basic products and services of AWS - compute, networking, storage, databases and security, were outlined in this post, though there are many other services offered such as Analytics, Management Tools, Developer Tools, etc., as well as a host of related 3rd party products and services available through the AWS Marketplace. Each of these may provide further use cases beyond the basics.
Part 3 of the Moving to the Cloud Series will review the next decision point related to the challenge of migrating to AWS.