Post on 11-Apr-2017
Sponsored by
Hosted by
Chicago AWS user group - May 2014 !!
“Using AWS for High Availability”
#AWSChicago
Organizer !Margaret WalkerCohesiveFT !!Tweet: @MargieWalker #AWSChicago
Sponsored by
Hosted by
#AWSChicago
Mark your calendars - next AWS user group June 24
Security in AWS
6:00 pm Introductions 6:10 pm Lightning Talks
"Mining crypto currency on AWS spot instance" - Scott VanDenPlas, Engineer at el el see @scottvdp "HA for healthcare" - Ryan Koop, Director of Products & Marketing, CohesiveFT @ryankoop "Using AWS for HA at BrightTag" - Matt Kemp, Engineer of Things™ at BrightTag @mattkemp So nice, he's talking twice. - Scott VanDenPlas, Engineer at el el see @scottvdp
6:30 pm Q & A 7:00 pm Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#AWSChicago
“Mining crypto currency on AWS spot instance” !Scott VanDenPlas, Engineer at el el see !Tweet: @scottvdp#AWSChicago !
Sponsored by
Hosted by
#AWSChicago
AWS Spot Market Arbitrage
Or How I Stopped Worrying and Learned to Love the Bid
Scott VanDenPlas !
scott@ elelsee.com
awsofa.info
A (crappy) Primer to Magic Internet Money
You cannot make money doing this.
(currently.)
There was a time you could.Five months ago.
g2.2xlargeNew generation. Single GPU.!
!CPU 34.09 khash/s!
GPU 196.08 khash/s!!
230.17 khash/s!$0.650 per Hour
cg1.4xlargeOld generation. Dual GPU.!
!CPU 52.51 khash/s!GPU 311.4 khash/s!
!363.91 khash/s!$2.100 per Hour
Earning Potential.g2.2xl $0.076 hourly. cg1.4xl $0.120 hourly.
Uh… not so much.g2.2xl $0.076 hourly. cg1.4xl $0.120 hourly.
!!
On Demand!g2.2xl $0.650 hourly. cg1.4xl $2.100 hourly.
Spot Instance PricingRegion!
!Availability Zone!
!Account!
!Instance Type!
!Operating System!
!VPC
No amount of money makes it worth it to run
Windows.
AMI Defenestration.!
Yep, it is possible.
Proof.
Now I need 3000 of these.
Advice from my lawyer.
!We are not legally laundering money from!
our AWS Partner Account.!!!
I am not implying that ever occurred.
@scottvdp
/in/scottvdp
“HA for healthcare” !Ryan Koop, Director of Products & Marketing, CohesiveFT !Tweet: @ryankoop#AWSChicago
Sponsored by
Hosted by
#AWSChicago
@ryankoop
Healthcare HA in AWSAWS User Group May 29, 2014
1
@ryankoop
Oh, hello
2
During Business Hours++
Ryan Koop Director of Products & Marketing, Co-founder
@ryankoop
www.linkedin.com/in/rkoop/
After Hours NAME Ryan Koop CLUB Royal Fox CC - Men LOCAL# 2024 Assoc# 20005661 EFFECTIVE DATE 10/15/2013 SCORES POSTED 12 USGA HDC INDEX
18.9SCORE HISTORY - MOST RECENT FIRST
1 96*I 98 I 95*I 89*AI 96*AI6 95*AI 99 H 99 I 99 AI 94*I11 97 H 96*I 106 A 97 H 95 H16 97 I 94*H 91*H 96 I 94*H
Chicago District Golf Association - www.cdga.org
Ryan Koop
2013 GOLD MEMBER
@ryankoop
5/26/14 US-West-1 Single Availability Zone looses power5/17/14 US-West-2 Increased Launch Error Rates4/30/14 US-West-2 Connectivity Issues for Single Availability Zone4/22/14 EU-West-1 Connectivity Issues for Single Availability Zone4/16/14 EU-West-1 Increases API Error Rates4/1/14 US-West-1 Connectivity Issues for Single Availability Zone3/21/14 US-East-1 Increased API Error Rates3/20/14 US-East-1 Increased API Error Rates3/20/14 US-West-2 Increased API Error Rates3/9/14 US-East-1 Connectivity Issues for Single Availability Zone
3
Cloud ≠ Reliability
Source: AWS Appstream RSS
@ryankoop
AWS SLA - Five 9s?
4
99.95% = ~22min/month Downtime “Region Unavailable” | Burden of Proof | “Demarcation Point”
Yo Dawg, we heard you like SLAs
So we gave your SLA an SLA!
@ryankoop 5
AWS Data Center | Source: AWS James Hamilton
Amazon Perdix | Source: AWS James Hamilton Source: Your Nightmares
Source: Your Nightmares
You vs Them
@ryankoop
Enough of the FUDD
6
Source: Warner Bros.
@ryankoop
AWS and HA
7
RegionAvailability Zone
@ryankoop 8
The H in HA Stands for Hybrid
Public A
Public B
Public
Private
Public
Data Center
Source: Chris Swan, CTO CohesiveFT
@ryankoop
Hybrid Strategies
9
VPC 2VPC 1peer
Peered VPCs
Common Software Stack
public privatepublic private
Single Pane of Glass
public
public
Common APIs
private
Source: Chris Swan, CTO CohesiveFT
@ryankoop
Slide Sponsored by: cccccccccccc
10
US Central 1a
Customer Data CenterCustomer Remote Office
VNS3 1
VNS3 2
VNS3 3
VNS3 Overlay NetworkServer 1 Server 2 DB 1 DB 2 Server 3 DB 3
Active IPsec Tunnel
Failover IPsec TunnelFirewall / IPsec
Cisco 5505Firewall / IPsec
Cisco 5585
Data Center ServerData Center ServerUser WorkstationUser Workstation
Peered Peered
US East 1a US West 2b
@ryankoop
The future (or now) is loosely coupled
11
Load Balancers
Web Servers
Load Balancers
App Servers
Database Cluster
@ryankoop
AWS and HIPAA
!
• Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 and the 2010 Omnibus rule
• Business Associate Agreement - June 18, 2013 • EBS Encryption - May 21, 2014
12
1996 - Privacy, Security, and Breach Notification rules for the storage & transmission of EHI
@ryankoop
Shared Responsibility
13
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Application Layer
Virtual Layer
Limit of user access, control and visibility
Application O
wner
Clo
ud O
wne
r
Hardware Layer
Your HIPAA Compliant App
AWS Xen Hypervisor
It’s Intel-based but Secret
@ryankoop
HIPAA Topology
14
IPsec
Firewall / IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
PeeredVNS3
Manager
us-west-2a
Multi-tenant Overlay Backup
User Workstation
New York, NY
Data Center Server
Healthcare Provider 2
Healthcare Provider 1
San Francisco, CASeattle, WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data Center
Data Center Server Data Center Server
Healthcare Provider 3
Healthcare Provider N
DR Tablet
@ryankoop
Zone Failure
15
IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
PeeredVNS3
Manager
us-west-2a
Multi-tenant Overlay Backup X
User Workstation
New York, NY
Data Center Server
Healthcare Provider 2
Healthcare Provider 1
San Francisco, CASeattle, WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data Center
Data Center Server Data Center Server
Healthcare Provider 3
Healthcare Provider N
DR Tablet
Firewall / IPsec
@ryankoop
Regional Failure
IPsec
us-east-1c us-east-1d
Multi-tenant Overlay Primary
PeeredVNS3
Manager
us-west-2a
Multi-tenant Overlay Backup X X
User Workstation
New York, NY
Data Center Server
Healthcare Provider 2
Healthcare Provider 1
San Francisco, CASeattle, WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data Center
Data Center Server Data Center Server
Healthcare Provider 3
Healthcare Provider N
DR Tablet
Firewall / IPsec
@ryankoop
Global Failure
17
IPsec
US Central
Multi-tenant Overlay Cold
User Workstation
New York, NY
Data Center Server
Healthcare Provider 2
Healthcare Provider 1
San Francisco, CASeattle, WA Denver, CO
Data Center Server
Boston, MA
HIPAA App Provier Data Center
Data Center Server Data Center Server
Healthcare Provider 3
Healthcare Provider N
DR Tablet
Firewall / IPsec
@ryankoop
Three Things for HA1. Rigorous automation of virtual servers
2. Rigorous automation of boot time context
3. Overlay network that quickly, simply differentiates network location from identity
18
@ryankoop
Thank You
19
Questions?
“Using AWS for HA at BrightTag” !Matt Kemp, Engineer of Things at BrightTag !Tweet: @mattkemp#AWSChicago
Sponsored by
Hosted by
#AWSChicago
Using AWS for HA @ BrightTagMatthew Kemp
Everything Fails EventuallyNetwork splits
Instances go down
AWS Availability Zones go offline
AWS Regions go offline
Cascading FailuresKeep failures self contained
Design for FailureRun multiple instances
Run in multiple Availability Zones
Run in multiple Regions
Redundancy
Database Cluster
Data Access ServiceWeb
Availability Zone AAvailability Zone B
Region
Local, Local, Local
Web
haproxy
stats
Data Access Service
Graphite
Carbon
Region
Zero Downtime Deploys
+
++
Instances in 2011We ran in two regions with ~40 instances
One had the minimum of two instances per app
The other was only slightly larger
Instances in 2014We run in four regions with ~600 instances
Largest region is ~240 instances
Smallest region is ~70 instances
Questions?
Contact Info matt@brighttag.com
@mattkemp
/in/matthewkemp
“I’ve got 99 problems and capacity is all of them” !Scott VanDenPlas, Engineer at el el see !Tweet: @scottvdp#AWSChicago !
Sponsored by
Hosted by
#AWSChicago
Scott !VanDenPlas!!
scott@ elelsee.com
http://awsofa.info
I’ve got 99 problems and capacity is all of them.
I’ve got 98 problems and capacity is all of them.
http://alive.training
Q & A !!Pizza’s almost here! !
!
Sponsored by
Hosted by
#AWSChicago
Sponsored by
Hosted by
#AWSChicago