Deep Dive on Microservices
-
Upload
amazon-web-services -
Category
Law
-
view
994 -
download
2
Transcript of Deep Dive on Microservices
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Danny Fezer – Solutions Architect AWS Liz Duke – Technical Delivery Manager Irdeto
May 2016
Deep Dive on Microservices and Amazon ECS
What to Expect from this Session
Microservices: What are they?
Challenges of microservices
Microservices on Amazon ECS
Using ECS for a PCI Environment @ Irdeto, by Liz Duke
What are Microservices?
“is a software architecture style in which complex applications are composed of small, independent
processes communicating with each other using language-agnostic APIs. These services are small, highly decoupled and focus on doing a small task, facilitating a
modular approach to system-building.” - Wikipedia
https://en.wikipedia.org/wiki/Microservices
Monolithic vs. SOA vs. Microservices
SOA Coarse-grained
Microservices Fine-grained
Monolithic Single Unit
Order UI User UI Shipping UI
Order Service
User Service
Shipping Service
Data Access
Monolithic Architecture
Order UI User UI UI
Order Service Service Shipping
Service
Order UI Order UI
User UI UI Shipping UI
Order Service Order
Service Service
Service Service
Service User
Service
Shipping Service
Microservices Architecture – Scaling
What Are Microservices Challenges?
Resource and state management
Monitoring
Service discovery
Deployment
What Are Microservices Challenges?
Resource and state management
Monitoring
Service discovery
Deployment
Containers are natural for services
Simple to model
Any app, any language
Image is the version
Test & deploy same artifact
Stateless servers decrease change risk
Managing a fleet is hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
AZ 1 AZ 2
AZ 3
Designed for use with other AWS services
Elastic Load Balancing Amazon Elastic Block Store
Amazon Virtual Private Cloud AWS Identity and Access Management
AWS CloudTrail
Services
Good for long-running applications
Load balance traffic across containers
Automatically recover unhealthy containers
Discover services
What Are Microservices Challenges?
Resource and state management
Monitoring
Service discovery
Deployment
Monitoring with Amazon CloudWatch
Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeks Available metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilization Available dimensions: ClusterName, ServiceName
Monitoring with Amazon CloudWatch
Use the Amazon CloudWatch monitoring scripts to monitor additional metrics: e.g., disk space # Edit crontab
> crontab -e
# Add command to report disk space utilization to CloudWatch every five minutes
*/5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used --disk-space-avail --disk-path=/ --from-cron
What Are Microservices Challenges?
Resource and state management
Data management
Monitoring
Service discovery
Deployment
Service Discovery with ECS Services & Route 53
Route 53 private hosted zone Set search path on hosts with DHCP option sets Define ECS services with ELB Create CNAMEs for each ELB
Service Discovery with ECS Services & Route 53
Task
Task Task Task
ECS Service
Application router, e.g.
nginx
Internal ELB with CNAME, e.g.
api.example.com
Route 53 private zone, e.g.
example.com
Service Discovery with Weaveworks
DNS interface for cross-host container communication Gossip protocol to share grouped updates Overlay network between hosts
Service Discovery and Configuration Management with Consul Three main components: • Consul agent - Runs on each node, responsible for
checking the health of the services and of the node itself.
• One or more Consul servers - Store and replicate data, leader elected using the Raft consensus algorithm
• Registrator agent - Automatically register/deregisters services based on published ports and metadata from the container environment variables defined in the ECS task definition
Service Discovery and Configuration Management with Consul
ECS
Clu
ster
consul-server
ECS Instance
consul-agent
registrator
ECS Instance
Back end 1
Back end 2
consul-agent
registrator
ECS Instance
Front end
ECS
Clu
ster
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
33
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
Using ECS for a PCI Environment
Liz Duke, Technical Delivery Manager
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
34
Part of $56B Market Cap Multimedia Conglomerate
Classifieds Etail Market-places
Onlinecomparisonshopping
Payment Onlineservices
C2C B2C
Ecommerce
Internet
ListedVideoEntertainment
DDT DTH
GlobalplaEormoperator
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
35
Key statistics about Irdeto
70% of employees are in
engineering/research/
development
247 issued patents 483 patents pending +2 billion
devices secured
Innovating
Since 1969
Over 300 million broadcast and multiscreen
consumers
#1 in software security for pay media [and the first company to bring to market a software-based CA solution for one-way broadcast networks]
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
36
Serving the world’s best brands
Americas APAC EMEA
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
37
Irdeto around the world: Offices and Data Centers
IrdetoofficelocaGon
DatacentrelocaGon
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
38
Providing a PCI compliant service
A new solution introduces new challenges….
ü The requirements involved us being able to provide PCI compliant solutions in multiple locations around the world.
ü We looked at the number of services AWS provides that are already PCI compliant and designed our solution to run utilizing these services.
ü We utilize the security built in at every level in AWS to segregate and protect our environments and applications.
©2016 Irdeto, All Rights Reserved. – www.irdeto.com
41
AWS Services Used
▪ Compute – Elastic Container Service (ECS) ▪ Storage and Content Delivery - S3 and Cloud Front. ▪ Database – DynamoDB ▪ Networking – Virtual Private Cloud (VPC) and Route53 ▪ Security and Identity – Identity Access Management (IAM) ▪ Application Services – Simple Queue Service (SQS) and Simple Workflow
Service (SWF).
What Are Microservices Challenges?
Resource and state management
Data management
Monitoring
Service discovery
Deployment
Scheduling Containers on ECS
Batch Jobs
ECS task scheduler Run tasks once
Batch jobs RunTask (random) StartTask (placed)
Long-Running Apps
ECS service scheduler Health management Scale-up and scale-down AZ-aware Grouped containers
Scheduling Containers: Long-running app
Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
Scheduling Containers: Long-running App
Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
Scheduling Containers: Long-running App
Blue-Green Deployments
• Define two ECS services • Each service is associated w/ ELB • Both ELBs in Route 53 record set
with weighted routing policy, 100% Primary, 0% Secondary
• Deploy to Blue or Green service and switch weights
Task Task
Route 53 record set
with weighted routing policy
0% 100%
Continuous Delivery to ECS with Jenkins
4. Push image to Docker registry
2. Build image from sources 3. Run test on image
1. Code push triggers build
5. Update service
6. Pull image