(DAT304) Amazon RDS for MySQL: Best Practices
-
Upload
amazon-web-services -
Category
Technology
-
view
2.011 -
download
1
Transcript of (DAT304) Amazon RDS for MySQL: Best Practices
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Abdul Sathar Sait, Principal Product Manager, RDS
October 2015 | Las Vegas, NV
DAT 304
Amazon RDS for MySQL
Best Practices
Kevin Rice, Director of Engineering, Airbnb
What’s new in Amazon RDS MySQL
AWS Key Management
Service (AWS KMS)
Selected RDS MySQL customers
Tens of thousands of customers. Hundreds of thousands of DB instances.
What we will cover in this session
Quick introduction to Amazon Relation Database Service (Amazon RDS)
Making the most out of RDS MySQL
Securing your data—encryption at rest
Database migration with minimal downtime
Improving performance by cache warming
Burst mode resources to reduce cost
Learn it from the experts—Airbnb
Why choose Amazon RDS?
Schema design
Query construction
Query optimization
High availability
Backup and recovery
Isolation and security
Industry compliance
Push-button scaling
Automated patching
Advanced monitoring
Routine maintenance
Amazon RDS takes care of your time-consuming database
management tasks, freeing you to focus on your applications and
business
You
RDS
We made it highly available, secure, easier, and cheaper
Push-button provisioning; automated scaling, patching, security, backups,
restores, and general care and feeding
Lower TCO because we manage the muck
► Get more leverage from your teams
► Focus on the things that differentiate you
Built-in high availability and cross-region replication across multiple data
centers
Now even a small startup can leverage multiple data centers to design highly
available apps with over 99.95% availability
High availability with Multi-AZ deploymentsEnterprise-grade fault tolerance solution for production databases
An Availability Zone is a physically distinct, independent infrastructure
Your database is synchronously replicated to another AZ in the same AWS region
Failover occurs automatically in response to the most important failure scenarios
Customers love Multi-AZ
26%
40%
25%
30%
35%
40%
45%
Multi-AZ instances as a share of all RDS instances
Choose cross-region read replicas for faster disaster
recovery and enhanced data locality
Promote a read replica to a
master for faster recovery in the
event of disaster
Bring data close to your
customer’s applications in
different regions
Promote to a master for easy
migration
Choose cross-region snapshot copy for even
greater durability, ease of migration
Copy a database snapshot to a different AWS
region
Warm standby for disaster recovery
Or use it as a base for migration to a different
region
Amazon RDS provides levels of security
difficult to achieve on-premisesAmazon RDS gives each database instance IP firewall protection
RDS offers transparent encryption at rest and SSL protection for data in transit
Amazon VPC lets you isolate and control network configuration and connect securely to your IT infrastructure
AWS Identity and Access Management (IAM) provides resource-level permission controls
AWS has achieved major compliances
Securing your data at rest
Do you encrypt your database?
Protect your data at rest
Premium feature for most commercial databases included at no
additional cost to RDS customers
Data stored at rest in the underlying storage is encrypted, as are
its automated backups, read replicas, and snapshots
May be needed for compliance (HIPAA and FedRamp)
AWS Key Management ServiceIntegrated with IAM console
Services integration with AWS KMS
Two-tiered key hierarchy using envelope encryption
• Unique data key encrypts customer data
• AWS KMS master keys encrypt data keys
Benefits:
• Limits risk of compromised data key
• Better performance for encrypting large data
• Easier to manage small number of master keys
than millions of data keys
• Centralized access and audit of key activity
Data Key 1
Amazon
S3 ObjectAmazon
EBS
Volume
Amazon
Redshift
Cluster
Data Key 2 Data Key 3 Data Key 4
Custom
Application
Customer Master
Key(s)
Your Application or
AWS Service
+
Data Key Encrypted Data Key
Encrypted
Data
Master Key(s) in
Customer’s Account
AWS KMS
1. Application requests encryption key to use to encrypt data, passes reference to master key in account
2. Client request authenticated based on master key permissions
3. New data encryption key created—copy encrypted under master key
4. Plaintext and encrypted data key returned to the client
5. Plaintext data key used to encrypt data and then deleted
6. Encrypted data key stored for later use and sent back to AWS KMS for when decryption occurs
How keys are used to protect your data
Encryption using AWS KMS demo
Database migration to AWS with
minimal downtime
Move data to the same or different database engine
Keep your apps running during the migration
Start your first migration in 10 minutes or less
Replicate within, to, or from Amazon EC2 or RDS
AWS Database
Migration Service
Migrate from Oracle and SQL Server
Move your tables, views, stored procedures,
and data manipulation language (DML) to
MySQL, MariaDB, and Amazon Aurora
Highlight where manual edits are neededAWS Schema
Conversion Tool
Architecting for lower cost
Burst mode—GP2 and T2
GP2—SSD based Amazon EBS storage
• 3 IOPS per GB base performance
• Earn credits when usage below base
• Burst to 3000+ IOPS
T2—Amazon EC2 instance with burst capability
• Base performance + burst
• Earn credits per hour when below base performance
• Can store up to 24 hours’ worth of credits
• Amazon CloudWatch metrics to see credits and usage
Burst mode—GP2 and T2
T2—CPU credits
Burst mode vs. standard vs. Provisioned IOPS
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Tra
ns
ac
tio
ns
pe
r S
ec
on
d (
TP
S)
Hours
100% read—20 GB data
db.m1.medium + 200GB standard
$0.575 per hour
Burst mode vs. standard vs. Provisioned IOPS
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Tra
ns
ac
tio
ns
pe
r S
ec
on
d (
TP
S)
Hours
100% read—20 GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
$0.575 per hour
$0.408 per hour
Burst mode vs. standard vs. Provisioned IOPS
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Tra
ns
ac
tio
ns
pe
r S
ec
on
d (
TP
S)
Hours
100% read—20 GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
$0.575 per hour
$0.408 per hour
$0.508 per hour
Burst mode vs. Standard vs. Provisioned IOPS
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Tra
ns
ac
tio
ns
pe
r S
ec
on
d (
TP
S)
Hours
100% read—20 GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
db.t2.medium + 200GB gp2
$0.105 per hour
$0.575 per hour
$0.408 per hour
$0.508 per hour
Burst mode vs. standard vs. Provisioned IOPS
0
1000
2000
3000
4000
5000
6000
7000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Tra
ns
ac
tio
ns
pe
r S
ec
on
d (
TP
S)
Hours
100% read—20 GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
db.t2.medium + 200GB gp2
db.t2.medium + 1TB gp2
$0.105 per hour
$0.575 per hour
$0.233 per hour
$0.408 per hour
$0.508 per hour
Selected Amazon RDS customers
AirbnbUsing technology to provide unique global
travel experiences.
Exponential growth in: traffic, users, bookings,
data, number of engineers.
Engineers deploy their own code at any time of
day. Rapid experimentation.
Search. Discovery. Global payments. Trust and
safety. Customer experience.
The basics
Master
Replica Replica
Application
Server
Application
Server
Multi-AZ
Binlog settings
Master
Replica Replica
Application
Server
Application
Server
Multi-AZ
Snapshots for data analytics
Master
Replica Replica
Multi-AZ
Batch
ReplicaSnapshot
Temp
Instance
Daily
Application
Server
HDFS
Binlog streaming: “SpinalTap”
Master
Replica Replica
Multi-AZ
Batch
Replica
SpinalTap
Replica
Application
Server
Disaster recovery
Master
Replica Replica
Multi-AZ
Batch
Replica
Application
Server
S3
Application
Server
To separate
account and
region
Summary and future work
http://bit.ly/awsevalsDAT304
Thank you!
Remember to complete
your evaluations!