Moving into AWS

Some background about AWs Infrastructure

Separation of concerns has been a key principle for clarity and better sustainable growth. The application of this principle is evident in decisions organisations make regarding their operational model. In this regard, the infrastructure and operational model were subject of a transitional transformation in the recent decade. While data is one of the fundamental assets of any organisation, the medium and hosting of data have been changing drastically. Back in 2010, the government projects were reluctant to adopt a Cloud-based deployment day, and the success of native cloud business has built the confidence amongst key stakeholder to revise their view of using cloud infrastructure for the government projects.

As you are reading this article, you must have heard about AWS infrastructure, but what is it?  

AWS is an IaaS platform. IaaS stands for Infrastructure as a Service. In other words, people pay for the usage of infrastructure as opposed to build it and maintain it themselves. This concept is very similar to the way telecom companies like BT owns the infrastructure and lends it to other vendors. 

If you thinking about evaluating AWS, you can create an account by adding your credit card for identification verification and start exploring it.  AWS has four levels of support tiers i.e. basis, developer, business and enterprise. As most of the cases you would start with the basic level and as your requirement grows, you can switch to suitable support level. 

 

Migrating to AWS Cloud is a transition process in which requires having a good understanding of AWS Global infrastructure. 

Amazon Global Data Centres

AWS Zones & Availability Zones

One of the key features offered by AWS is its global reach. AWS has data centres across five continents. Moreover, Amazon is actively building new data centres across the world. This allows Amazon to serve millions of customers with low-latency, high performance and cost-effective services. Amazon AWS offers a global infrastructure enabling to build and develop reliable, high performance and scalable applications. The fundamental part of this infrastructure is Regions and Availability Zones. 

A key point about the Availability Zone is its importance for business continuity and disaster recovery. Each Region in the AWS IaaS platform has at least two AZ this means that applications can failover from one AZ to another AZ in the same Region in case of failure in one AZ. The choice of Region become more predominant when it comes to regulatory decisions such as GDPR or data residency constraints. A Region is a geographical location where Amazon operates its cloud services. At the moment Amazon enjoys from Regions spanning across West and East Regions in the US, Europe and Singapore, and it stands at 20 Regions with 61 AZs. In addition Amazon is expanding to new Regions such as Bahrain, Cape Town, Milan and Hong Kong.

What factors should we use in deciding the Region?

The selected Region should be selected in a way it is closer to the end users and hence the network latency will be reduced. The AWS services are available in all regions in most cases. There are certain global services such as Amazon Identity Management, or Amazon CloudFront. The global services are available in all regions. However, there are some services which are offered in limited regions.  

 

Availability Zones are combination of network, data storage, data bases hosted in data centres in one geographical location. Each Region has at least two AZ in two physically separated locations. The AZ centres are connected with high-speed links for fault tolerant purposes. The idea is two launch two instances of your applications across two AZ in a Region, this will reduce the risk of service outage as the result of power-outage or network-outage in one centre. Depending on your Disaster Recovery strategy you can run a passive-active mode in which an application is only active in one AZ but disabled in another AZ. The Active-Active mode has both nodes running the application. If you like to know more about these topologies and how we can help you please contact us

 

 

 

Amazon Edge Network -CDN
  • Amazon EC2 instances

A core part of Amazon IaaS infrastructure is Amazon EC2. EC2 stands for Elastic Computing Cloud, effectively it can be perceived as Virtual Machines provisioned using Hypervisor by Amazon. There are set type of instances you can purchase and provision in AWS and the specifications are driven by CPU and memory capacity. The main benefit of EC2 is that you can provision a server in matter of minutes and pay for the hourly usage. Yes, the billing is based on hourly usage rather than monthly or yearly. 

EC2 also offers a discounted rate for as Reserved EC2 instances or Spot Instance (90% discounted rate), those instances are ideal for non-production usage when you are testing your application for development or UAT purposes for a short time spam. 

If you have a production system requires planning for the next 1 to 3 years, then Reserved Instances will give you a heavily discounted rate as you pay for the services upfront. On the other hand Spot Instances is suitable for companies with large grid-computing requirement when they need to fulfil a huge need for computing power.  

One of the time saving features of Amazon is its Amazon Machine Images in which you create images of IS and third party bundles as an image. AMI can be used to provision images quickly and efficiently. 
Every time you provision as instance using Amazon instances it has a name, the DNS names are managed by a service called AWS Routing 53. It is a cool name which presumingly driven from port 53 used by DNS services. 

 
  • Point of Presence or Amazon Edge

One of the attractive feature of AWS is the CDN technology in which you can distribute your static assets across globe in multiple locations. This feature is used by Amazon Lambda or Amazon CloudFront to reduce the delivery of static assets to the end users. Amazon has expanded its CDN network to more than 100 point of presence in over 50 cities in 23 countries. The CloudFront service offered by Amazon is suitable for all size businesses from small scale bloggers to large enterprises. 

In addition to Amazon CloudFront, it can be used with Lambda service to enrich and convert digital assets from one Point of Presence to another. On top of the base services, customers who are using the AWS can benefit from 
  – DDos Attack protection

  – Migration Attack

  – Certificate Management


  • Elastic Storage Blocks (EBS)

EBS is another important feature of AWS which provides storage at block level and attach them to your EC2 instances. The EBS are standard storage that can be mounted to your VM EC2 instances. Each ESB block can only be attached to one EC2 instance. The EBS comes in two flavours:
– General Purpose SSD 

– Provisioned IOPS SSD

– Magnetic (Standard)

The suitability of storage is driven from either the workload. In case, your workload is streaming files or videos an MiB/s based storage would be better compared to IOPs. The IOPs based storage are suitable for high intensive IO applications such as relational or NoSQL Databases. The Magnetic storages have the lowest cost compared to the other two but it’s the old generation storage type and it’s recommended to switch to the General Purpose SSD storage.

 

After all, once you have your EC2 instances and EBS setup you might want to group them into logical groups to avoid certain failure scenarios. For this aim, Amazon has the concept of Placement Group in which you can group your network, EC2 instances and ESB storage into logical groups. The Placement Group has three types Clustering, Partitioning and Spread placements. For more information, connect with us to help you.

 

  • Amazon Shared Responsibility Model and Security

Amazon AWS platform is responsible for the security of the infrastructure and their security obligation is driven from a shared responsibility model. It is imperative to understand what security aspects are covered by Amazon and what clients needs to do as part of their security responsibility. Within this model, the Amazon is responsible for the security of infrastructure inclusive of intrusions, fraud, vulnerabilities and supporting customers with necessary capabilities. On the other hand, the client is also responsible to apply best practices to make their applications secure and in general make what lays inside cloud secure. This implies applying encryption techniques, controlling access to the valuable assets. For this purpose, Amazon provides a number of tools:
– CloudTrail for auditing 
– IAM Identify & Access Management
– Security Groups


 

AWS Shared Responsibility Model
  • Shared Responsibility Model & GDP

 The EU IT compliance mandates the businesses to specify their role as data controller or data processor. However, this compliance rule doesn’t effect Amazon’s Shared Responsibility Role and the clients needs to take appropriate measures to protects their customer data. This mean Amazon AWS Network Partners should appropriate measures to secure the applications and protect customer data from theft or fraud. Within this guideline, the APN partners’ role is data processor and AWS clients. as data controllers.  

 

Amazon Cloud Services as Data Processor 

 When clients use Amazon Cloud Services to process their customer data, including the personal data Amazon role under GDPR will become Data Processor. In this scenario Amazon is responsible for securing the underlying cloud services while the client as the data. controller has control over hosted data of customers. 

 Client Role as Data Controller
In most cases the clients role is classified as data controller. This means they should configure their services in a way it is in compliance with GDPR needs. To help clients, Amazon advises to use the following guidelines.
– Protect AWS account with IAM and Security Group 
– Implement Multi-Factor Authentication
– Use Amazon’s wide range security services.