Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Mobile Scale AWS

Ben Whaley
August 11, 2014

Mobile Scale AWS

Presented at Intuit as a tech talk on running services at scale on AWS. Video recording (somewhat poor audio quality) available here: http://youtu.be/hTJZmud0uVM

Ben Whaley

August 11, 2014
Tweet

More Decks by Ben Whaley

Other Decks in Technology

Transcript

  1. “Smartphones liberate the internet from the browser in the same

    way that the browser liberated it from the command line”! ! !! ! !!- Benedict Evans!
  2. Mature mobile platforms! •  Use the cloud to enable rich

    native apps! •  Blur the line between apps and the web! •  Hyperlocal via iBeacons & NFC! •  “Mobile” is no longer “smartphone”! – Car tech! – Watches! – TV! – Google glass!
  3. Key Business Drivers! •  API-driven interfaces! •  Data pipelines for

    business analytics! •  Improved availability! •  Elasticity for ! – Cost savings! – Capacity on demand! •  Focus on core competencies!
  4. The Foundation! •  The first ubiquitous SDN! •  Create and

    configure via! –  Console! –  API! –  CloudFormation! •  Key features include:! –  Custom route tables! –  Public and private subnets! –  Security groups! –  Network ACLs! –  Native support for many AWS services! –  VPN Gateways! –  Intra-region peering! !
  5. Infrastructure VPC Subnet Design Public web Private Services Persistence 10.0.2.0/24

    10.0.1.0/24 10.0.0.0/24 10.0.12.0/24 10.0.11.0/24 10.0.10.0/24 10.0.22.0/24 10.0.21.0/24 10.0.20.0/24 10.0.32.0/24 10.0.31.0/24 10.0.30.0/24 Availability Zone A Availability Zone B Availability Zone C us-east-1 10.0.0.0/16 Infrastructure VPC Subnet Design Public web Private Services Persistence 10.0.2.0/24 10.0.1.0/24 10.0.0.0/24 10.0.12.0/24 10.0.11.0/24 10.0.10.0/24 10.0.22.0/24 10.0.21.0/24 10.0.20.0/24 10.0.32.0/24 10.0.31.0/24 10.0.30.0/24 Availability Zone A Availability Zone B Availability Zone C us-east-1 10.0.0.0/16
  6. us-east-1 10.0.0.0/16 Application A eu-west-1 10.10.0.0/16 Application A us-west-2 10.20.0.0/16

    Application A ap-southeast-1 10.30.0.0/16 Application A Cross-region VPCs! VPN Gateway! or! Direct Connect!
  7. •  Principle of Least Privilege realized! •  Use a private

    subnets when inbound connections are not required! •  Reduces overall Internet-facing footprint! •  Per application security groups! •  Allow access by group, not CIDR! •  Separate cross-subnet access using ACLs! VPC Security Benefits!
  8. •  Intra-zone: < 1ms! •  Intra-region: < 5ms! •  Between

    VPCs: < 5ms, with SSL +20-40ms! •  us-west-2 – us-east-1: ~100ms! •  us-east-1 – eu-west-1: ~100ms! •  us-east-1 – ap-southeast-1: ~250ms! Latency Considerations!
  9. “Construct a highly agile and highly available service from ephemeral

    and often broken components”! ! ! !! !- Adrian Cockcroft! ! ! “The simpler, the better. Complications lead to multiplicative chains of unanticipated effects.”! ! - Nassim Nicholas Taleb, Antifragile!
  10. AWS System Design! •  n+2 redundancy! •  Compute resources are

    ephemeral! •  Infrastructure captured as code! "Resources" : {! "Ec2Instance" : {! "Type" : "AWS::EC2::Instance", ! "Properties" : {! "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "PV64" ]},! "KeyName" : { "Ref" : "KeyName" },! "InstanceType" : "m1.small",! "SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }],! "BlockDeviceMappings" : [! {! "DeviceName" : "/dev/sdc",! "VirtualName" : "ephemeral0"! }! ]! }! },!
  11. AWS System Design! •  n+2 redundancy! •  Compute resources are

    ephemeral! •  Infrastructure captured as code! •  Minimalist operating system!
  12. AWS System Design! •  n+2 redundancy! •  Compute resources are

    ephemeral! •  Infrastructure captured as code! •  Minimalist operating system! •  Databases are multi-AZ w/ provisioned IOPS! •  Use read replicas when possible!
  13. AWS System Design! •  n+2 redundancy! •  Compute resources are

    ephemeral! •  Infrastructure captured as code! •  Minimalist operating system! •  Databases are multi-AZ w/ provisioned IOPS! •  Use read replicas when possible! •  Who needs internal DNS?!
  14. AWS System Design! •  n+2 redundancy! •  Compute resources are

    ephemeral! •  Infrastructure captured as code! •  Minimalist operating system! •  Databases are multi-AZ w/ provisioned IOPS! •  Use read replicas when possible! •  Who needs internal DNS?! •  Tag all the things!
  15. How baked should you be?! Config  managed  instances   Fully

     baked  AMI   Most  users  needs  
  16. •  Reserved instances! •  Choosing correct instance types:! •  Default

    to T2 for development, small web services! •  General purpose M3! •  C3 for heavy compute needs! •  R3 for memory intensive apps! •  Use autoscale groups with appropriate triggers and minimums! Cost Optimizations!
  17. •  Stateless processes! •  Loose coupling among services! Cloud Native

    Application Design! Service  1   Service  2   Service  3   Queue   Queue  
  18. •  Stateless processes! •  Loose coupling among services! •  Deep

    instrumentation! Cloud Native Application Design!
  19. •  Stateless processes! •  Loose coupling among services! •  Deep

    instrumentation! •  Keep configuration in the environment! Cloud Native Application Design!
  20. •  Stateless processes! •  Loose coupling among services! •  Deep

    instrumentation! •  Keep configuration in the environment! •  Implementation is not complete until there are unit tests! •  Open source by default! Cloud Native Application Design!
  21. Embracing AWS Services! •  SQS vs AMQP! •  RDS vs

    on-instance Postgres or MySQL! •  Redshift vs custom data warehouse! •  Elasticache vs on-instance Redis or memcached! •  EMR vs custom Hadoop! •  DynamoDB vs on-instance NoSQL!
  22. •  Automatically run feature branches in the cloud! Personal Builds!

    personal.example.com Build server Commit to remote-run branch
  23. •  On-demand integration environment using Docker containers! Integration Testing! Build

    server 1. Get  dependencies   2. Run  unit  tests   3. Build     4. Start  containers   5. Run  integraKon  tests  using   containers  as    resources