Upload
cohesive-networks
View
102
Download
1
Tags:
Embed Size (px)
Citation preview
copyright 2013
Getting Started with Public Cloud and AWS
1
CohesiveFT | Chicago Ideas Week Lab
Thursday, October 17, 13
copyright 2013
Agenda• Level Set: Cloud, Virtualization & Networking Basics
• Working together: AWS and CohesiveFT• AWS Core: Starting in EC2 and S3• Hands on: Setting up your own AWS • Life in the Cloud: What others are doing in public cloud
2Thursday, October 17, 13
copyright 2013
Welcome back
3
Patrick KerpanCEO, Co-founder
Ryan KoopDirector of Marketing, Co-founder
Your Presenter
Coming Up
@cohesiveft#CIW
Ryan is responsible for product development and manages teams for public relations, international events, and content marketing. His role spans the technical product development, customer support, business development and thought leadership needs of a growing company.
Before CohesiveFT, Ryan worked at a trading platform software company in the US Derivative Markets.
Thursday, October 17, 13
copyright 2013
Jump into AWS: Amazon POV
4
Graphic from http://docs.amazonwebservices.com/gettingstarted/latest/awsgsg-intro/intro.htmlLayer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6SaaS
PaaS
IaaS
Thursday, October 17, 13
copyright 2013
Jump into AWS: Amazon POV
4
Graphic from http://docs.amazonwebservices.com/gettingstarted/latest/awsgsg-intro/intro.htmlLayer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6SaaS
PaaS
IaaS
Thursday, October 17, 13
copyright 2013
Jump into AWS: Amazon POV
4
Graphic from http://docs.amazonwebservices.com/gettingstarted/latest/awsgsg-intro/intro.htmlLayer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6SaaS
PaaS
IaaS
Thursday, October 17, 13
copyright 2013
AWS Regions = Availability Zones
6
Choose specific regions to:• Optimize latency • Address regulatory requirements• Create a point-of-presence (POP)
Internet Availability Zone
Servers
Region: US East
Servers
Availability Zone
Thursday, October 17, 13
copyright 2013
AWS Terminology: Image & Instance
8
Image - template to launch an Amazon EC2 instance with your software
Instance - the AWS name for a server / virtual machine.
Image
Detailed information can be found at: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/instance-types.html
Instance
In AWS, you can launch an instance from community or marketplace AMIs
Thursday, October 17, 13
copyright 2013
Amazon Web Services Offerings (Console)
9
More information at aws.amazon.com/console
Thursday, October 17, 13
copyright 2013
Set up your AWS account
10
• Go to www.aws.amazon.com
• Follow the steps to set up and verify
• Recommended: Sign up for Free,No support options
Thursday, October 17, 13
copyright 2013
Amazon Web Services Offerings (Console)
12
More information at aws.amazon.com/console
Thursday, October 17, 13
copyright 2013
Amazon S3
13
• Backup and Storage – Provide data backup and storage services for others.
• Application Hosting – Provide services that deploy, install, and manage web applications.
• Media Hosting – Build a redundant, scalable, and highly available infrastructure that hosts video, photo, or music uploads and downloads.
• Software Delivery – Host your software applications that customers can download.
More on using S3 here: http://aws.amazon.com/s3/#resources
Thursday, October 17, 13
copyright 2013
Upload files to your bucket• In the Upload - Select Files wizard
- to upload an entire folder, click Enable Enhanced Uploader • Click Add Files.
• Select the file > click Open• Click Start Upload.
15
To hide the Transfer dialog box, click the Close button at top right in the Transfers panel. To open it again, click Transfers.
Thursday, October 17, 13
copyright 2013
Move Objects• In the Amazon S3 console, right-click
the object that you want to move, and then click Cut.
• Navigate to the bucket or folder you want to move the object. Right-click the folder or bucket and then click Paste Into.
16Thursday, October 17, 13
copyright 2013
Amazon S3
17
Highlights• Unlimited object storage•Upload files (from 1 byte to 5 terabytes each) from your computer
•Browse the contents of your buckets with either HTTP or SOAP interface
• Can create an authenticated URL to give time limited 3rd party access to a bucket
More on using S3 here: http://aws.amazon.com/s3/#resources
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Life in the cloud: using S3 at CohesiveFT
18
Images: Wikipedia
Customers
Analysts
Investors
Thursday, October 17, 13
copyright 2013
Amazon Web Services Offerings (Console)
20
More information at aws.amazon.com/console
Thursday, October 17, 13
copyright 2013
AWS Terminology: EC2
21
• Security Group: a set of rules you create to act as a firewall to control traffic for one or more instances
• Spot Instance: instance you allow to run on any unused Amazon EC2 compute capacity - prices fluctuate periodically depending on the supply, demand and capacity
• Reserved Instance: pricing model that enables you to reserve capacity for EC2 instances, lowers average cost
Thursday, October 17, 13
copyright 2013
Amazon Web Services - EC2
22
• Launch and manage Instances
• Launch virtual servers in the cloud
•Find, manage and create Amazon Machine Images (AMIs)
• Create and manage Security Groups
Thursday, October 17, 13
copyright 2013
Two Kinds of AWS Images
23
EBS-backed•Boot in <1min•Limited to 1TB•Data persists after instance termination
•Stop function allows you to change the instance settings (grow or shrink)
•Charged for runtime and and storage
•All AWS Marketplace AMIs are EBS-backed
Instance Store-backed•Boot in <5mins•Limited to 10GB*•Data on instance only persists during the life of the instance
•Instance attributes are fixed for the life of the instance
•Cheaper only charged runtime
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Select AMI
24
• Choose from Quick Start popular AMIs Marketplace, or Community AMIs
• Search “wordpress”• Select WordPress BitNami (free tier)
OR• (optional) VNS3 Free Edition
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Select AMI
24
• Choose from Quick Start popular AMIs Marketplace, or Community AMIs
• Search “wordpress”• Select WordPress BitNami (free tier)
OR• (optional) VNS3 Free Edition
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Select AMI
24
• Choose from Quick Start popular AMIs Marketplace, or Community AMIs
• Search “wordpress”• Select WordPress BitNami (free tier)
OR• (optional) VNS3 Free Edition
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Select AMI
24
• Choose from Quick Start popular AMIs Marketplace, or Community AMIs
• Search “wordpress”• Select WordPress BitNami (free tier)
OR• (optional) VNS3 Free Edition
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Select AMI
24
• Choose from Quick Start popular AMIs Marketplace, or Community AMIs
• Search “wordpress”• Select WordPress BitNami (free tier)
OR• (optional) VNS3 Free Edition
Thursday, October 17, 13
copyright 2013
AWS Terminology: Security Groups
25
Security Groups• Acts as a firewall that controls the traffic allowed into a group of instances
• Add rules that govern inbound traffic; can add or modify rules at any time
• Cannot map security groups across regions
Rules• Specify a certain protocol (TCP, UDP or ICMP)• Specify destination port or ports (if the protocol is TCP or UDP)• Specify source (IP address or addresses using CIDR notation*)
*combination of IP addresses represented by xxx.xxx.xxx.xxx/n where n is the number of 1 bits in the mask. Example 192.168.12.0/23 represents address range 192.168.12.0- 192.168.13.255
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Launching EC2 Instances
26
• Select Region
• Continue
• Choose instance type(t.micro recommended)
• Accept T&C
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Launching with EC2 Console
27
• Select Region
• Accept Terms
• Select a Version
• Launch with EC2 in your region(US West)
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Launching EC2 Instances
28
• Choose Instance Type
• Next
• Configure Instance Details• Network - public and private IP• Additional Storage• Tagging• Security Group• Access - SSH Key
Thursday, October 17, 13
copyright 2013
AWS Basic Terminology: Elastic IP Addresses
30
Elastic IP Address (Static IP address):• Associated with account, rather than a particular instance• If your instance fails, can map its replacement to the same IP address• Each account is limited to 5 elastic IP addresses• You are charged $.01/hr when these IP addresses are not mapped to an instance
Amazon Instance
Amazon Instance
204.236.202.134 63.250.226.146
Amazon Instance
Amazon Instance
204.236.202.134 204.236.202.134
Amazon randomly assigns public IP addresses Assign instances with your Elastic IP Address
Thursday, October 17, 13
copyright 2013
Public IP Address: 69.241.45.4Internet Service Provider
(Comcast)
Public and Private IP Addresses
31
Home ComputerPrivate IP Address: 192.168.02
Router
Web Server (Amazon)www.cohesiveft.com
Public IP Address: 72.21.194.1
LAN WAN
ModemPrivate IP Address: 192.168.0.1
Public IP Address: 124.150.112.92
Thursday, October 17, 13
copyright 2013
Connections Between Regions
32
Region: US West
LAN
Region: US East
WAN
LAN
• Connectivity between availability zones is a LAN connection• Connectivity between regions is a WAN connection
Servers
Availability Zone
Servers
Availability Zone Servers
Availability Zone
Servers
Availability Zone
Thursday, October 17, 13
copyright 2013
Amazon VPC Security Groups
33
VPC Security Groups• The Security Groups you created for EC2 cannot be used in VPC
• Can control both inbound and outbound traffic
• At the instance level - instances in the same subnet can be in different security groups
Rules• Specify protocol• Specify port or port range• For inbound traffic: source IP address or CIDR range• For outbound traffic: destination IP address or CIDR range
Thursday, October 17, 13
copyright 2013
Amazon Web Services - Security Groups
34
Security Groups• Acts as a firewall that controls the traffic allowed into a group of instances
• Add rules that govern inbound traffic; can add or modify rules at any time
• Can create up to 500 EC2 security groups with up to 100 rules each
Rules• Specify a certain protocol (TCP, UDP or ICMP)• Specify destination port or ports (if the protocol is TCP or UDP)• Specify source (IP address or addresses using CIDR notation)
Thursday, October 17, 13
copyright 2013
Signing Up, Launching and Configuring a Wordpress Server
37
1. Sign up for Free Tier AWS Account2. Enable EC23. Create a Test Security Group4. Browse the Marketplace5. Launch a Bitnami Wordpress Server6. Configure the Wordpress Server
....10. Profits
Thursday, October 17, 13
copyright 2013
Bitnami Wordpress Server Information•https://aws.amazon.com/marketplace/pp/
B007IP8BKQ/ref=sp_mpg_product_title?ie=UTF8&sr=0-2- username: user- password: bitnami
38Thursday, October 17, 13
copyright 2013
Market Landscape
41
http://prezi.com/-kbf6rxf6pmd/the-cloud-market-landscape-from-cohesiveft/
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
43
Feature AWSVNS3
EnhancesVNS3
Extends
Features available in all zones of EC2 USA today ✓ ✓ ✓
Features available in all zones of EC2 EU today ✓ ✓ ✓
Features integrated to EC2 existing security lattice (EC2 Security groups) ✓ ✓ ✓
Can use EC2 Elastic IP Addresses ✓ ✓ ✓
Ability to use Amazon load balancing service today ✓ ✓ ✓
Access to Amazon S3 ✓ ✓ ✓
Support all EC2 Instance Types in All Regions and Zones ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs within a region ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs across regions for failover ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs within a region ✓ ✓ ✓
Ability to use Elastic Load Balncers across VPCs across regions for failover ✓ ✓ ✓
{AWS Interoperability
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
44
Feature AWSVNS3
EnhancesVNS3
Extends
Multiple VPCs per AWS Account ✷ ✓ ✓
Multiple VPN Gateways per AWS Account ✷ ✓ ✓
Multiple Customer Gateways per AWS Account ✷ ✓ ✓
Multiple VPN Connections per VPN Gateway ✓ ✓
Can ASSIGN SPECIFIC addresses to specific servers in my "VPC" ✓ ✓ ✓
Create a Virtual Private Cloud on AWS’s scalable infrastructure, and specify its private IP address range from any block you choose. ✓ ✓ ✓
Divide your VPC’s private IP address range into one or more subnets in a manner convenient for managing applications and services you run in your VPC.
✓ ✓ ✓
Private IP Address Range Shared across Mutiple Clouds and/or Virtual Infrastructures ✓ ✓ ✓
{
{AWS
Availability
Address Control
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
45
Feature AWSVNS3
EnhancesVNS3
Extends
Allow customers to use BGP ✓ ✓ ✓
Can use UDP multicast in my EC2 subnets ✓ ✓ ✓
Can use UDP multicast between EC2 regions ✓ ✓ ✓
SSL VPN Support ✓ ✓ ✓
Multicast between data center and EC2 ✓ ✓ ✓
Support GRE Termination ✓ ✓ ✓
Custom Layer 3 protocol modules (services based) ✓ ✓ ✓
Traffic can be routed directly to the Internet and NOT back across the internet, into my datacenter and back out again ✓ ✓ ✓
Securely route traffic to EC2 EU from EC2 US without having to route through the datacenter ✓ ✓ ✓
Custom topologies & design services (declarative topology description) ✓ ✓ ✓
Provides outbound NATing from Private VPC subnets ✓ ✓ ✓
End user VPN Clients can connect to VPC using SSL Client ✓ ✓ ✓
End user VPN Clients can connect to VPC using IPsec Client ✓ ✓ ✓
Dynamic route updates available to SSL and IPsec Clients ✓ ✓ ✓
Ability to move IP addresses between virtual infrastructures or clouds ✓ ✓ ✓
{{Topology
Control
Protocol Control
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
46
Feature AWSVNS3
EnhancesVNS3
Extends
Ability to create Cloud-based WANs that integrate corporate sites, cloud infras, partner sites, and colo or MSP infra. ✓ ✓ ✓
Provides outbound NATing from Public VPC subnets ✓ ✓ ✓
Allows port forwarding from Internet to select inside VPC servers ✓ ✓ ✓
Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet.
✓ ✓ ✓
Control inbound and outbound access to and from individual subnets using network access control lists.
✓ ✓ ✓
Bridge together your VPC and your IT infrastructure via an encrypted IPSEC connection.
✓ ✓ ✓
Network firewall controlling the VLAN ✓ ✓ ✓
Intrusion/Extrusion detection in the cloud - monitoring x-cloud subnets ✓ ✓ ✓
Access controlled on the host level by a unique cryptographic credential per virtual network address.
✓ ✓ ✓
Cryptographic identity linking (and segregating) multiple gateway routers ✓ ✓ ✓
Remote Support controlled by multi-organziation (customer and vendor) 2-factor authentication
✓ ✓ ✓
{
{Topology
Control (cont’d)
Security Control
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
47
Feature AWS VNS3 Enhances
VNS3 Extends
Windows and Linux device support ✓ ✓ ✓
Supports industry standard security appliances NAT'ed behind customer edge (Cisco ASA for example) ✓ ✓ ✓
Eucalyptus to EC2 support ✓ ✓ ✓
vCloud to EC2 support ✓ ✓ ✓
GoGrid/Rackspace/ElasticHosts/CloudSigma/Flexiant/etc - to EC2 ✓ ✓ ✓
OpenStack to EC2 ✓ ✓ ✓
IBM Smart Cloud and Smart Cloud Plus to EC2 ✓ ✓ ✓
Easily integrate mobile phones and tables to VPC infrastructure ✓ ✓ ✓
Citrix Virtual Infra to EC2 ✓ ✓ ✓
Parallels Virtual Infra to EC2 ✓ ✓ ✓
KVM Virtual Infra to EC2 ✓ ✓ ✓
VMware Virtual Infra to EC2 ✓ ✓ ✓
Let other AWS accounts (Partners, ISVs) launch instances to talk to VPC owner's instances directly ✓ ✓ ✓
{Market Interoperability
Thursday, October 17, 13
copyright 2013
AWS VPC vs. CohesiveFT VNS3
48
Feature AWSVNS3
EnhancesVNS3
Extends
2-way failover in VPC ✓ ✓ ✓
Instance can be both be part of a VPC and accessible to the general Internet ✓ ✓ ✓
Ability to create N-number of IDENTICAL defined subnets without routable connectivity allows significant gains in dev/test/staging. ✓ ✓ ✓
Web-based management interface ✓ ✓ ✓
Support for customer's IPsec endpoints behind NAT ? ✓ ✓ ✓
N-way failover in VPC ✓ ✓ ✓
Support for 3DES and AES 256 encrption ✓ ✓ ✓
Common abstraction model/interface across all clouds and virtual infrastructures ✓ ✓ ✓
Geographic or datacenter redundancy from customer side to VPC ✓ ✓ ✓
Emergency access possible if IPsec connection is down. ✓ ✓ ✓
Ability to connect a single VPC to multiple datacenters directly, as opposed to daisy-chaining datacenters via customer WAN. ✓ ✓ ✓
Ability to directly "dump" the interfaces to see traffic traversal and connection attempts.
✓ ✓ ✓
SNMP support for popular Enterprise monitoring systems. ✓ ✓ ✓
{Enterprise View
Thursday, October 17, 13
copyright 2013
Demo of the VNS3 Application SDN solution: Look for this functionality• Ability to span data centers and vendors
• Heterogeneous control; cloud vendor runs his network, customer runs their own network
• Overlay devices peer via cryptographic identity and checksums
• Ability to separate network location from identity
• Application (and its owners) are in control of addressing, protocol, topology and security
50
VNS3 Product FamilyApplication SDN
• VNS3 Manager (virtual appliance)
• VNS3 Routing Agent (runs on cloud hosts)
• VNS3 Command and Control (Mgmt tool under development)
Thursday, October 17, 13
copyright 2013
The first “process” customizable cloud transport network device
VNS3
Customer controlled, and co-created, for
the best hybrid cloud experienceQ4 2013
VNS3 3.5 allows customers to embed features and functions provided by other vendors - or developed in house, safely and securely into their Cloud Network.
• Not just a scripting interpreter that allows control over known, existing features• Completely new functions, processes, computation delivered to the core of the
customer cloud network (patent pending)
53
Router
ReverseProxy
ContentCaching
LoadBalancing
IntrusionDetection
More....
Switch FirewallIPsec/SSL
VPNConcentrator
ProtocolRedistributor
Dynamic & Scriptable
SDN
Proxy
Thursday, October 17, 13
copyright 2013
CohesiveFT
Chicago, IL [email protected] +1 888.444.3962
Stay in touch!
@cohesiveFTCohesiveFT.com/blogSlideshare: www.slideshare.net/CohesiveFTCloudCamp.org/Chicago
Questions?
54Thursday, October 17, 13