Amazon Elastic Compute Cloud - Computer Science7/12/17 3 Amazon Elastic Compute Cloud l Virtual Fire...

7/12/17

1

Amazon Elastic Compute Cloud

l  Compute -  The amount of computational power required to fulfill

your workload

l  Instance -  Virtual machines -  Charged per hour while running -  Virtual Hardware -  AMI - Software (applications, OS, etc.)


l  Instance Types -  Parameters of an instance

l  VCPUs (how many cores) l  Memory l  Storage l  Network Performance

-  Type, a related set of instance configurations l  General Purpose (m) l  Compute Optimized (c) l  Memory Optimized (r) l  Storage Optimized (i) l  GPU Compute (g)

-  Members, instances in a type vary linearly in ability, as do costs


l  Enhanced Networking -  Single Root I/O Virtualization (SR-IOV) -  Greater Packets Per Second (PPS) -  Lower latency -  Less Jitter -  Requires Amazon VPC

l  Amazon Machine Image (AMI) -  OS, with configuration -  Initial State of patches -  Application and System Software

7/12/17

2


l  AMI Sources -  Published by AWS

l  Maintained by AWS l  Standard ISO OS image installs l  Unpatched

-  AWS Marketplace l  Partner driven web store for AMI’s l  Bundled software, charged hourly + hourly licensing

-  Generated from instance l  User created from existing EC2 instance.

-  Uploaded Virtual Server l  Imported from virtualization formats (VHD, VMDK, OVA) l  Customer maintains AWS compliance for licensing


l  Secure Use Of An Instance -  Addressing

l  Public Domain Name -  Automatic, can not be specified

l  Public IP -  Automatic, can not be specified

l  Elastic IP -  Reserved independently -  Associated with Instance -  Persists until released -  Shared externally without coupling to a particular instance -  Charged when NOT in use on an instance


l  Secure Use (cont) -  Initial Access

l  Public key cryptography, key pair -  Generated via AWS Managment Console, CLI, API or uploaded -  AWS stores public key -  Customer stores private key

l  SSH (Linux) -  Use private key to open secure shell, no password required

l  RDP (Windows) -  Decrypt admin password with key pair -  Access via RDP, using user and decrypted password

7/12/17

3


l  Virtual Fire Wall – Security Groups -  EC2-Classic, outgoing only -  VPC, incoming and outgoing -  Security groups default is deny access -  Multiple sec-groups allowed, effect is aggregated -  Applied at instance level, not VPC level -  Stateful firewall, outgoing message is remembered

so response is allowed.


l  Instance Lifecycle -  Launching

l  Bootstrap, code to be run on instance at launch -  Apply patches -  Enroll in directory service -  Install application software -  Copy longer script from storage and run -  Install configuration management software, e.g. Chef or Puppet

l  VM Import/Export -  Import your own VM -  Export only VMs you’ve imported


l  Instance Lifecycle (cont) -  Managing Instances

l  Tagging, key/value pairs associated with instance

-  Monitoring Instances l  CloudWatch

-  Modifying l  Resizing

-  Stop the instance -  Change Instance Type -  Restart the instance

l  Security Group -  VPC, change at any time -  EC2-Classic, immutable after launch

7/12/17

4


l  Options -  Pricing

l  Charged per hour runninng l  On-Demand

-  No commitment -  Customer controls launch and termination -  Least cost effective

l  Reserved -  Reservations for predictable workloads -  Save up to 75% on-demand hourly rate -  Term commitment, 1 -3 years -  Payment options

l  All upfront, best discount, no monthly charge l  Partial upfront, remainder monthly charged l  No upfront, all monthly charge, least discount


l  Options -  Pricing

l  Reserved (cont) -  Changes

l  don’t effect term l  Switch Availability Zone in same region l  Change VPC and EC2-Classic l  Change instance type, within same family (Linux Only)

l  Spot Instances -  Access based on bidding price for lower demand compute time -  Instances acquired and run so long as bid exceeds demand price -  Use only on interruption tolerate jobs


l  Tenancy -  Shared Tenancy (default)

l  Single physical host machine, multiple costumers l  Fully isolated, secure

-  Dedicated Instances l  Single physical host machinie, dedicated to one customer l  Other non-dedicated isolated by hardware

-  Dedicated Host l  Single physical host, fully dedicated to one customer l  Useful for licensing l  Complete customer control over what host launches

instances

7/12/17

5


l  Placement Groups -  Logical grouping of instances with single Availiablity

Zone -  Enable low latency, 10Gbps networking -  Full optimization requires “enhanced networking”

l  Instance Stores, the instance root drive. Lost if... -  Underlying disk fails -  Instance stops (restored on restart) -  Instance terminates (lost, irrevocably) -  Not for valuable, long term data.


l  Amazon Elastic Block Store (EBS) -  Persistent Block Level Storage -  Automatically replicated in Availability Zone -  High Availability, High Durability -  Attached to instances (one instance at a time)

l  Types of EBS Volumes -  Magnetic, 1GB to 1TB, 100 IOPS average

l  Infrequent access l  Sequential Reads l  Low-Cost


l  Types of EBS Volumes (cont) -  General Purpose SSD, 1GB to 16TB

l  Baseline IOPS, 3/GB, capped at 10000 IOPS l 

7/12/17

6


l  EBS-Optimized Instances -  Optimzed configuration stack -  Best performance on non-magnetic EBS volumes

l  Protecting Data -  Snapshots

l  Point in time l  Incremental backup l  Created immediately, no downtime on volume l  Constrained to region, copy to other region if required l  Create Volume from Snapshot, lazy restore


l  Recovering Volumes (EBS) -  Detachable from volume in case of failure -  Delete On Terminate Flag, double check it -  Attach to new instance to access data

l  Encryption -  AWS Key Management Service -  New key, or master created with service -  AES-256 -  Transparent, minimal impact on performance

Amazon Elastic Compute Cloud - Computer Science7/12/17 3 Amazon Elastic Compute Cloud l Virtual Fire...

Documents

Transcript of Amazon Elastic Compute Cloud - Computer Science7/12/17 3 Amazon Elastic Compute Cloud l Virtual Fire...