Upload
matthew-barlocker
View
2.735
Download
1
Embed Size (px)
DESCRIPTION
Originally presented at AWS re:Invent 2013 in Las Vegas, NV with Eric Shultze, product manager of VPC.
Citation preview
© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
EC2 to VPC: A case study
Eric Schultze, AWS
Matthew Barlocker, Lucid Software Inc
November 14, 2013
About Me• Chief Architect at Lucid
Software Inc• Bachelors degree from BYU in
Computer Science• I love to
• play board games• go 4-wheeling• wrestle my sons• fly airplanes
• Follow me on nineofclouds.blogspot.com
Lucid Software
• Online Diagram Software• Online Print & Digital Publishing• Large Documents• Real-time Collaboration• All Changes Tracked• Vector Graphics• High Quality Images
Tech at Lucid• Google Closure• Javascript• PHP• Sharded MongoDB• Sharded MySQL• NodeJS
• SOA• Scala• Play!• Chef• Zabbix, Graphite• AWS
Lucid on AWS• Elastic Compute Cloud• Virtual Private Cloud• Elastic Block Store• Auto Scaling• Elastic Load Balancing• Simple Storage Service• CloudFront• Export/Import
• Relational Database Service
• Route53• Simple Notification
Service• Simple Email Service• Availability Zones• Regions
Why Lucid Chose Amazon VPC
• Pricing• Interoperability• Enhanced Features• Security
Other Benefits
• ELB security groups• Network ACLs• Elastic IP associations• VPN support• Reserved instance transfers
Drawbacks
• NAT cost and maintenance• Setup time• New terminology• Private subnet accessibility• Internal DNS names defaults
Things You Should Know
• EIPs or Public IPs in public subnets• NAT
• Not special• Public subnet
• Subnets• Route tables• Network ACLs• DHCP
Migration Plan
Migration Constraints• EC2 & VPC
communication• NAT traffic• Not Shared:
– Security groups– Load balancers– Auto Scale groups– Elastic IPs– EIP Limits
• Shared:– Instance Limit– EBS volumes– Snapshots– Instance Sizes– Zones– Regions
Migration Plan
• Move top layer first• Move one layer at a time• Meticulously manage security groups• Move monitoring/utility servers last• http://nineofclouds.blogspot.com/search/label/VPC
Starting Layout
Move Webservers First
Move Services Next
Move Databases Last
Top 5 Pain Points
5. Setup & Terminology• Subnets• DHCP• Network ACLs• Routes• Internet Gateway• Unavoidable
4. Security Groups• Groups Not Shared• EC2 open to NAT• Use Scripts• Avoidable using
public subnets
3. Access Private Subnets• OpenVPN• High Availability• SSH Tunnels• Unavoidable
2. MongoDB Migration• Election Algorithm• Intermediate Move to
Public Subnet• 15 min Downtime
1. NAT Bandwidth• NAT was t1.micro• Databases in EC2• Applications in VPC• Not enough
bandwidth through NAT
• Avoidable
Please give us your feedback on this presentation
As a thank you, we will select prize winners daily for completed surveys!
CPN301
Join the Team!• Building the next generation of
collaborative web applications• VC funded• High growth rate• Profitable• Graduates from Harvard, MIT,
Stanford• Former Google, Amazon,
Microsoft employees
https://www.lucidchart.com/jobs