EBU6502_cloud_computing_notes/2-4-aws-vpc.md

# Enterprise design and AWS VPC

## Enterprise design

### Definition

- Aligning the IT requirements with the enterprise strategic needs

### IT requirements

- Scalability
- Performance
- Modularity
- Flexibility
- Maintainability
- Portability
- Security

### Business needs

- Cost saving
- Profitability
- Performance of staff
- Competitive advantage over competitions
- Better service delivery
- Innovation and creativity
- Novelties

### Enterprise design patterns

#### MVC

- Definition: clear separation and modularity, that implements Model, View, and
  controller
- Features:
    - Components can be reused
    - View change independently
    - Improves maintainability
    - Increased complexity, because of abstraction

#### Business Delegate

- Definition: Delegate business processing to remote, by adding a proxy layer to
  the business layer.
    - Acts as a proxy
    - Converts references
- Reduces coupling

#### Front Coltroller

- A centralized enterprise system, that handles all request
    - A problem will affect the whole system
- Good for security applications, like ATM
- Can be implemented with other patterns

#### Hybrid Pattern Design

- Using more than one system
- Used by most real world applications

## AWS VPC Designs

### Networking

#### Basics

- Definition: a network consists of at least two machines, connected to share
  resources
- Can be partitioned into **subnets**: a logical division, that has a range of
  IP
    - Written with `<ip>/<prefix>`
- Require a networking device, that connect the computers together
    - Example: a router or a switch
    - Can also connect between different networks, and then forward packets
      between the networks

#### Subnets and CIDR

- Subnet's addresses in CIDR (Classless Inter-Domain Routing):
    - `100.0.0.1/20`
- Can be public or private
    - Public: for hosting public websites or servers, can be accessed from
      internet
    - Private: for hosting data, can't be accessed from internet
- Number of available IP addresses: $2^{32 - prefix}$
    - For example, for `100.0.0.1/20`, there is $2^{32 - 20} = 2^12 = 4096$ IPs
      available
- Possible EC **Instances**: Number of possible IP addresses minus **5**
    - AWS reserved the first 4 and last IP addresses (4+1=5)
        - First and last: network address and broadcast address
    - From the last example, there can be atmost $4096 - 5 = 4091$ instances in
      the network

### Designing considerations

#### Regions

- Consider data soverignty and compliance: Where you can legally host the data
    - Laws
    - Consumers from other countries
    - Governance requirements
- Proximity to user base
    - Delay in website matters in sales
    - Consider cost for same distance regions
- Service available
    - Some services are limited to regions
    - Cross regions increase latency
    - Can be expanded
- Cost
    - Cost is different per region
    - Some have cost for transferring data
    - Consider replicating environment

#### AZ(Avaiability Zones)

- Recommendation: start with two
    - This way always has a back up in case one fail
    - Easy to support
- Choosing the number of zones: two or more
    - heavily rely on EC instances
    - Applications with MySQL, Oracle, Mongo data bases: High availability,
      active / passive configuration(active one process request, passive one as
      backup)

#### VPC (Virtual Private Cloud)

- One VPC: rare, limited use cases:
    - High-performance computing
    - Microsoft Active Directory for service discovery
    - Small application developed by small team
- Multi VPC or Multi Account: used to organize most common infrastructure:
    - Multi VPC: Single team or organization(like managed service provider), not
      suitable for governance or compliance
    - Multi Account: Large organizations, or ones with different IT teams, or
      medium ones that grow rapidly, because managing access is hard for one
      account
        - Can use account management service (AWS Organizations)
            - to consolidate multiple accounts into a organization, and arrange
            - to consolidate billing
        - Has hierarchical grouping, integration with other services like
          [IAM](/1-5-security.md#iam-identity-and-access-management)
        - Management structure
            - Root
            - Organizational unit
            - AWS Account
        - TODO: watch the diagram at p35
- Majority of services are not in VPC by default, but some of them like s3 and
  dynamo has opt in options

#### Subnets

- When VPC is created, CIDR is specified
- Amazon VPCs can use CIDR between 16 to 28
- Subnets are segments or partitions of network, divided by CIDR
- public vs. private
    - public: traffic routed to a internet gateway
    - private: not routed to one, not directly accessible with internet
        - Use jump box like a bastion host to support outbound only internet
- Recommendation: use subnet to define internet accessibility
    - Start with one public and one private
    - Allocate more ip to private subnets than in public subnets
    - Use large subnets
    - public or private
        - Public: web apps
        - Private: backend, processing, data store, or management web apps

#### Defaults: VPCs and Subnets

- Default VPC
    - Each region has a default VPC, with CIDR of `172.31.0.0/16`
    - Creating a VPC based instance (EC, RDS, Load Balancing) Without specifying
      a VPC, it will be placed into the default one in the **region**
    - Has some default components:
        - subnet
        - IGW (internet gate way)
        - Route table connecting to default default subnet and IGW, default
          security group and Network ACL (NACL)
    - Is configurable
- Default Subnet
    - Created for each **AZ** for each default VPC
    - Is a public subnet, with CIDR of `/20`
    - Can manually convert to private
- Recommendation
    - Use default VPC only for experimentation, and quick starting
    - Create real world VPC and subnets for real world application