ISC Cloud First Program Lunchtime Learning - Architecture, Infrastructure, & Migration Team

OCTOBER13, 2016

Oc

tob

er

2016

ISC's C

lou

d First Pro

gra

m

Cloud  First  Lunch0me  Learning  Topics:  •  What  have  we  done  so  far  •  AWS  Infrastructure  overview  •  AWS  App  Design  Infrastructure  •  Applica0on  Infrastructure  Deploy  live  demo  

•  Applica0on  DB  update  •  LiB  and  ShiB  VCloud  Air  Demo  •  Q&A  

What  have  we  evaluated/tested? IAM  

AWS  AD  connector,  KITE  to  the  cloud,  Shibboleth  for  AWS  UI  IAM  roles:  users,db,ec2,ecs  tasks      

Infrastructure  applica0ons  Backups  monitoring,  aler0ng  –  Cloudwatch/BPPM  

Security  IAM  roles,  policies,  groups  

Cloud  management  soBware/  Automa0on  tools  Rightscale,  Scalr,  Vcloud  Air,  Redhat  Cloudforms,  etc.  Puppet  Jenkins  

Applica0ons                  Mule  web  applica0on/SQS                  ECS/Docker        DB                  Oracle  ,  Mongo,  Aurora,  PostgreSQL  Network    

VPN  to  VPC,  User  VPN  access  Applica0on  load  balancers  

 

AWS  infrastructure

US East

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

Public Subnet 1 – AZ 1a

Public Subnet 2 – AZ 1b

Systems Subnet B – AZ 1b

Systems Subnet C – AZ 1c

Systems Subnet D – AZ 1d

Virtual Private Gateway

Internet Gateway

Route Table

UPENN

VPN Tunnel to 128.91.0.0/16130.91.0.0/16

165.123.0.0/16

InternetRoute Table

EC2 Instanc

eNAT Instance

10.129.0.0/16

ECS  Applica:on  Deployment

What  is  ECS?  ECS  is  the  AWS  container  service  for  Docker.    It  provides  scalable  container  management  for  EC2  Docker  instances.    What  are  we  going  to  demo?  •  Deploy  ECS  cluster  

•  Configure  autoscaling  •  Deploy  an  EC2  docker  instance  

•  Deploy  applica0on  infrastructure.  •  Applica0on  load  balancer  •  ECR  repository  •  Create  service  

•  Create  applica0on  CNAME  in  UPenn  DNS  •  Create  applica0on  specific  database  if  required  •  Create  applica0on  CI  pipeline  

 Applica:on  architecture

US East

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

VPC Subnet

Public Subnet 1 – AZ 1a

Public Subnet 2 – AZ 1b

Systems Subnet B – AZ 1b

Systems Subnet C – AZ 1c

Systems Subnet D – AZ 1d

Virtual Private Gateway

Internet Gateway

Route Table

UPENN

VPN Tunnel to 128.91.0.0/16130.91.0.0/16

165.123.0.0/16

InternetRoute Table

EC2 Instanc

eNAT Instance

10.129.0.0/16

EC2 Instance

EC2 Instance

EC2 Instance

EC2 Instance

Amazon RDS Database Instance

Amazon RDS Database Instance

Elastic Load Balancing

Elastic Load Balancing

Amazon CloudWatch

Build ECS

Cluster

User

input

Generate

variables

Create ECS

cluster

Create user

dataCreate

autoscaling

Create

cloudwatch

metrics

Cluster

Created

AWS API

Launch config

Autoscaling

Scale up policy

Scale down poicy

AWS ECS Cluster build – Jenkins

AWS API

Create-

cluster

Cluster, puppet

Host references clustername

/etc/ecs/ecs.config

AWS API

Create

Cloudwatch

alarms for

memory

Alarm actions

Scale up/down

Build ECSApp

infrastructure

User input

Generate variables

Confirm ECS cluster exists

Create ECRRepository

Create ECR policy, policy

file and attach

Create Application

Load balancer

App Infrastructure

Created

AWS APIEcs register-

task-definition

AWS App build – Jenkins

AWS APIList-

clusters

Validate against $clustername

AWS APIaws elbv2

create-load-balancer

AWS APIEcr create-repository

Create ELB Target

Group

AWS APIaws elbv2

create-target-group

Ass

oci

ate

wit

h E

LNB

Create ECS Service

AWS APIaws ecs create-service

Create CNAMECreate DBCreate CI

Jenkins Create CNAME

Job

Jenkins create DB

job

Jenkins create CI pipeline

job

Databases  Tested  So  Far •  EC2  instance:  

 MongoDB  standalone  instance    MongoDb  with  Replica0on  on  mul0  availability  zones  

•  RDS:  •  Aurora  •  PostgreSQL  •    standalone  instance  •    High  availability  mul0AZ  instance  

•  Oracle  database  on  prem  for  data  at  rest.  

MongoDB:    Classified  as  a  NoSQL  database,  MongoDB  avoids  the  tradi0onal  table-­‐

based  rela0onal  database  structure.  Its  is  an  open-­‐source  document  database  that  provides  high  performance,    high  availability,  and  automa0c  scaling.  

Aurora  on  RDS:    Amazon  Aurora  is  a  MySQL-­‐compa0ble  rela0onal  database  engine  that  

combines  the  speed  and  availability  of  high-­‐end  commercial  databases  with  the  simplicity  and  cost-­‐effec0veness  of  open  source  databases.    

PostgreSQL  on  RDS:  Classified  as  an  object-­‐rela0onal  database  (ORDBMS)  –  i.e.  a  RDBMS,  with  addi0onal  (op0onal  use)  "object"  features  –  with  an  emphasis  on  extensibility  and  standards-­‐compliance.    

System  LiC  and  shiC Current  evalua0ons  •  AWS  migra0on  tools  •  vCloud  Air  

•  Layer2  network  extensions