CLOUD COMPUTING WITH AWS SERVICE AND SECURITY OVERVIEW

[ 이수형 / Solutions Architect / niclee@amazon.com]

4/29/2013

©2012, Amazon Web Services LLC or its affiliates. All rights reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. Amazon Web Services LLC shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. 1

Consumer

Business

Tens of millions of

active customer

accounts

Eight countries:

US, UK, Germany,

Japan, France,

Canada, China, Italy

Seller

Business

Sell on Amazon

websites

Use Amazon

technology for your

own retail website

Leverage Amazon’s

massive fulfillment

center network

IT Infrastructure

Business

Cloud computing

infrastructure for

hosting web-scale

solutions

Hundreds of

thousands of

registered

customers in over

190 countries

Deep experience in

building and

operating global web

scale systems

About Amazon

Web Services

? …get into cloud computing?

How did Amazon…

Over 10 years in the making

Enablement of sellers on Amazon

Internal need for scalable deployment environment

Early forays proved developers were hungry for more

AWS Mission

Enable businesses and

developers to use web

services* to build scalable,

sophisticated applications.

*What people now call “the cloud”

Every day, Amazon Web Services adds

enough new server capacity to support

all of Amazon's global infrastructure

when it was a $7 billion enterprise

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

6

2012

150+

2011

82

2010

61

2009

48

2008

24

2007

9 Amazon FPS Red Hat EC2

SimpleDB CloudFront EBS Availability Zones Elastic IPs

Relational Database Service Virtual Private Cloud

Elastic Map Reduce Auto Scaling

Reserved Instances Elastic Load Balancer

Simple Notification Service Route 53 RDS Multi-AZ Singapore Region Identity Access Management Cluster Instances

Elastic Beanstalk Simple Email Service CloudFormation RDS for Oracle ElastiCache

Redshift DynamoDB

Simple Workflow CloudSearch

Storage Gateway Route 53 Latency Based Routing

RedShift

number of released features, sample services described

7

2012

150+

2011

82

2010

61

2009

48

2008

24

2007

9 Amazon FPS Red Hat EC2

SimpleDB CloudFront EBS Availability Zones Elastic IPs

Relational Database Service Virtual Private Cloud

Elastic Map Reduce Auto Scaling

Reserved Instances Elastic Load Balancer

Simple Notification Service Route 53 RDS Multi-AZ Singapore Region Identity Access Management Cluster Instances

Elastic Beanstalk Simple Email Service CloudFormation RDS for Oracle ElastiCache

Redshift DynamoDB

Simple Workflow CloudSearch

Storage Gateway Route 53 Latency Based Routing

RedShift

number of released features, sample services described

8

and more for 2013 & 2014

10 AWS Regions

50+ AWS Edge Locations

AWS Global Infrastructure

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

9

10 AWS Regions

50+ AWS Edge Locations

AWS Global Infrastructure

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

10

Seoul CloudFront edge

US REGIONS GLOBAL REGIONS

Availability

Zone A

Availability

Zone B

Availability

Zone C

EU (Ireland)

Availability

Zone A

Availability

Zone B

South America (Sao Paulo)

Availability

Zone A

Availability

Zone B

Asia Pacific (Sydney)

Availability

Zone A

Availability

Zone B

GovCloud (OR)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Availability

Zone D

US East (VA)

Availability

Zone A

Availability

Zone B

US West (CA)

Availability

Zone A

Availability

Zone B

Asia Pacific (Singapore)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Asia Pacific (Tokyo)

Availability

Zone A

Availability

Zone B

Availability

Zone C

US West (OR)

AWS Regions & Availability Zones

Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones may vary.

US REGIONS GLOBAL REGIONS

Availability

Zone A

Availability

Zone B

Availability

Zone C

EU (Ireland)

Availability

Zone A

Availability

Zone B

South America (Sao Paulo)

Availability

Zone A

Availability

Zone B

Asia Pacific (Sydney)

Availability

Zone A

Availability

Zone B

GovCloud (OR)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Availability

Zone D

US East (VA)

Availability

Zone A

Availability

Zone B

US West (CA)

Availability

Zone A

Availability

Zone B

Asia Pacific (Singapore)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Asia Pacific (Tokyo)

Availability

Zone A

Availability

Zone B

Availability

Zone C

US West (OR)

AWS Regions & Availability Zones

Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones may vary.

Operating Systems Languages & Libraries Certified Applications

AWS is Open and Flexible

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

13

Operating Systems Languages & Libraries Certified Applications

AWS is Open and Flexible

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

14

AWS’ global partner ecosystem

includes 5,000 consulting/systems

integrator partners and 3,000

technology/ISV partners.

Utility computing

On demand Pay as you go

Uniform Available

Electricity - Utility

On demand Pay as you go

Uniform Available

Utility computing

Utility computing

Utility computing

On demand Pay as you go

Uniform Available

Compute

Storage

Security Scaling

Database

Networking Monitoring

Messaging

Workflow

DNS

Load Balancing

Backup CDN

Legacy - Resource Management

On and Off Fast Growth

Predictable peaks Variable peaks

WASTE

CUSTOMER DISSATISFACTION

AWS - Resource Management

Fast Growth On and Off

Predictable peaks Variable peaks

Let’s review the main benefits with AWS

Pay Only for

What You Use Reduced

Infrastructure

Deploy

Easily Scale Up

and Spin Down

Durable

Recover

Security Easy

Distribution

Customers

SERVICE OVERVIEW

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

24

AWS Platform

Your Applications

Foundation Services

Compute Amazon EC2

Auto Scale

Storage Amazon S3

Amazon Glacier

Amazon EBS

Amazon StorageGateway

Database Amazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

Amazon RedShift

Networking Amazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content Distribution Amazon CloudFront

Application Svcs Simple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel Processing Elastic MapReduce

Data Pipeline

Libraries & SDKs Java, PHP, Python,

Ruby, .NET

Identity & Access AWS IAM

Identity Federation

Consolidated Billing

Web Interface Management Console

Monitoring Amazon CloudWatch

Deployment & Automation AWS Elastic Beanstalk

AWS CloudFormation

Amazon CloudHSM

AWS Global Infrastructure Regions

Availability Zones Edge Locations

25

Networking

• Customer carves out a private networking enclave in the AWS cloud

• BYO address space, subnetting, routing, etc., and extend existing management

capabilities

• Allows creation of secure and seamless bridge between a company’s existing private network

and the AWS cloud

• Connect existing infrastructure to a set of isolated AWS compute resources via a

Virtual Private Network (VPN) connection

• Integrates with Direct Connect (private physical cross-connect) feature by mapping VLAN

tags to VPCs

Amazon Virtual Private Cloud (VPC)

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

26

Networking

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

27

CloudFront

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

28

London

Paris

NY

Single CNAME

cf-behaviors.coolnick.co.kr

1

Served from EC2

/php/*.php

2

Served from S3

/images/*.jpg

3

CloudFront

Live and VOD Streaming

Support for all device types HTTP protocols - HDS, HLS, Smooth Streaming

RMTP (VOD only)

Simple to configure Live streaming stack managed through

CloudFormation script VOD - upload .flv to S3, stream via RTMP

Flexible Full control over streaming origin enables freedom to

enable and configure supported features

Compute

Auto Scaling

Elastic Compute Cloud

Compute

EC2 Instances = Virtual Servers

• Provision and resize compute capacity in 16+ instance types

• Reduces the time required to obtain and boot new server instances to minutes or seconds

• Scale capacity as your computing requirements change; pay only for capacity that you

actually use; choose Linux or Windows; deploy across Regions and AZ for reliability

• Support for virtual network interfaces that can be attached to EC2 instances in your VPC

• Robust security capabilities

• All intrinsic OS security features (auditing, logging, IDS, etc.) fully operative

(augmented by cloud, e.g., OS firewalls plus EC2 network security groups)

• Public key-based access to root/admin accounts on OS (no

sharing of secret keys required)

• Meta-tags on all EC2 objects for management/billing/auditing

• IAM Roles for secure provisioning of AWS identities

Amazon Elastic Compute Cloud (Amazon EC2)

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

31

Compute

• Client Defined Business Rules

• Scale your Amazon EC2 capacity automatically once you define the conditions (may be

1000’s of servers)

• Can scale up just a little…doesn’t need to be massive number of servers (may be simply 2

servers)

• Well suited for applications that experience variability in usage

• Set minimum and maximum scaling policies

• Alternate Use is for Fault Tolerance

Auto Scaling

Parallel Processing

• Managed Hadoop / MapR infrastructure

• Reduces complexity of Hadoop management

• Handles node provisioning, customization, and shutdown

• Allows cluster and node size/type experimentation

• Provides tight integration with AWS services

• Optimized for Amazon Simple Storage Service (S3)

• EC2 integration with automatic re-provisioning on node failure

• Cluster monitoring/alarming through CloudWatch

• Customers have launched more than 5.5 million Hadoop clusters on Amazon EMR since

launch

Amazon Elastic MapReduce (EMR)

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

33

Database Services

DynamoDB RDS

©2012, Amazon Web Services LLC or its affiliates. All rights reserved.

34

RedShift

Database

• Fully managed NoSQL database.

• Eliminates the administrative burden of data modeling, index maintenance, and

performance tuning.

• Durability and high-availability - stores data on Solid State Drives (SSDs) and replicates it

synchronously across multiple AWS Availability Zones in an AWS Region.

• Scalability - With AWS Console, you can grow your DynamoDB table from 10 to 100,000

writes per sec.

• See video: http://www.youtube.com/watch?v=oz-7wJJ9HZ0

DynamoDB

Database

• Fully-managed, tuned MySQL, Oracle, MS SQL or PostgreSQL databases

• Cost-efficient and resizable capacity

• Manages time-consuming database admin tasks

• Code, applications, and tools you already use today work seamlessly

• Automatically patches the database software and backs up your database

• Flexible Licensing: BYOL or License Include

Amazon Relational Database Service (RDS)

• Fully managed scalable data warehousing service

• Scale from a single 2TB XL node to a hundred 16TB 8XL clustered nodes for a total

1.6PB of compressed user data

• Standard PostgreSQL JDBC or ODBC drivers

• Massively parallel processing (MPP) architecture

• Certified by Jaspersoft and MicroStrategy, with additional business intelligence tools

coming soon

• Priced as low as $1000 per terabyte per year

• Continuously backed up to S3

Amazon Redshift

Database

Elastic Transcoder

AWS Elastic Transcoder Service

Amazon

S3 Input Bucket

Amazon

S3 Output Bucket

Digital Media

Source Asset

Digital Media

Destination Asset

AWS Elastic Transcoder

• Different bit rate

• Different frame rate

• Max width / height

• Different sizing policy

• Different Aspect ratio

Multiple types of transcoding at once

& only pay for the minutes of the content

AWS Elastic Transcoder Service - Details

Reduce cost • No more CapEx (server / storage / network and DC requirement)

• No more OpEx (operations / maintenance and management)

• Unlimited storage with S3 with 99.999999999% of durability @ no extra cost (better durability than

“most” traditional DR solution) + Unlimited archiving with Glacier

• IAM and other AWS services are available

• Only pay for “how many minutes” you transcoded

Enhance security • Data at rest for S3 storage

• IAM to manage the resource access management

• Visual watermarking for transcoded media content

• Security eco systems with AWS partners

Configurable transcoding presets • Container: MP4 / TS / WebM

• Video: H.264 / vp8

• Audio: AAS / vorbis

AWS Storage &

Archive Services

Elastic Block Store, S3 and Glacier

Fundamental Storage Options

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

Elastic Block Store, S3 and Glacier

Fundamental Storage Options

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

IMAGE

Persistent storage Volume lifetime is independent of any particular EC2 instance.

General purpose Raw, unformatted, block device. Use from Linux, Solaris or Windows.

High performance Equal to or better than local EC2 drive. Provisioned IOPS

High reliability Built-in redundancy within availability zone.

AFR (Annual Failure Rate) between 0.1% and 1%.

Scalable Volume sizes ranging from 1 GB to 1 TB.

Easy Easy to create, attach, back up, restore, and delete volumes.

Elastic Block Store, S3 and Glacier

Fundamental Storage Options

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

IMAGE

.

Paradigm File system

Performance Very, very fast (~100 IOPs per volume)

Redundancy Within data center

Security Visible only to your EC2 instances

Pricing $0.10/GB/Mo. allocated

Access from the Net? No

Typical use case It’s a disk drive

Elastic Block Store, S3 and Glacier

Fundamental Storage Options

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

IMAGE

Amazon S3 Simple Storage Service

Highly scalable data storage in-the-cloud

Programmatic access via web services API

Is a Web Store Not a file system

Optimized for WORM Eventually consistent

Fast, highly available Durable

Economical

Paradigm Object store

Performance Very fast

Redundancy Across data centers

Security Public Key / Private Key

Pricing $0.125/GB/month stored

Access from the Net?

Yes

Typical use case

Write once, read many

Elastic Block Store, S3 and Glacier

Fundamental Storage Options

Simple Storage Service Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

Archive Backup DR

Amazon S3

Data accessed ~>10% / month 11 9s durability

Snapshots Shorter term data backup with rapid RTO

Rapid RTO Expiration policies

Amazon S3 RRS

Lower cost when 11 9s not required

Lower cost Lower cost

Amazon Glacier

Long term archiving Infrequent data access (~<10% data/month)

Use policies to move cold backup data for long term retention

Retain write once read never copy in case of worst case scenario

AWS Direct Connect Dedicated bandwidth between you

site and AWS

Amazon Storage Gateway Shrink-wrapped gateway for volume

synchronization

AWS Import/Export Physical transfer of media into and

out of AWS

Direct connect, import/export and storage gateway

Getting data into the cloud

Snapshot of local volumes

Restoration from snapshots

Storage gateway

Getting data into the cloud

Backup management with RDS

Restoration…

…and switchover

Web accessible S3 storage…

You put in it S3 AWS stores with 99.999999999% durability

You put in it S3 AWS stores with 99.999999999% durability

Highly scalable web access to objects

Multiple redundant copies in a region

Need to store ‘something’? S3 is a foundation building block

Glacier Long term cold storage

From $0.01 per GB/Month

99.999999999% durability

Reliable and cheap storage of data for:

Data with long retention periods

Multi-PB, infrequently accessed data sets

Glacier allows you to cost-effectively and securely store enterprise data offsite, making it simple, inexpensive and safe

to retain archived data for as long as desired. Common use cases include enterprise data, media assets, and research and

scientific data

Offsite archive

Glacier allows you to cost-effectively and securely store enterprise data offsite, making it simple, inexpensive and safe

to retain archived data for as long as desired. Common use cases include enterprise data, media assets, and research and

scientific data

Libraries, historical societies, non-profit organizations and

governments are increasing their efforts to preserve

valuable but aging digital content such as websites, software

source code, video games, user-generated content and

other digital artifacts

Offsite archive

Digital preservation

Amazon Glacier is cost competitive, even at scale, and

eliminates pain points like capacity planning, capital

budgeting and investments, media formats, hardware

refreshes, and off-site storage costs, shipping and

retrieving

Glacier allows you to cost-effectively and securely store enterprise data offsite, making it simple, inexpensive and safe

to retain archived data for as long as desired. Common use cases include enterprise data, media assets, and research and

scientific data

Libraries, historical societies, non-profit organizations and

governments are increasing their efforts to preserve

valuable but aging digital content such as websites, software

source code, video games, user-generated content and

other digital artifacts

Offsite archive

Digital preservation

Tape replacement

Customer facing online storage

Files, photos, downloads Streaming Media

App Storage

Smartphone apps Facebook Apps

File Sharing

Big Data

Log files Customer Data

Usage Data

EC2 Instance Storage

File Storage Block Storage Usage Data

Backup and Archive

Data Retention Tape Replacement

Offsite Backup

On Premise Storage

NAS Storage SAN Storage

Offsite Backups

AWS supports archive & storage across many application types…

A wide range of use cases

AWS is a cost effective place to manage digital assets

There are many options for storing data based upon requirements

On-premise data assets can integrated with cloud services

AWS storage and archive revolutionizes the technology behind long term data

aws.amazon.com