# Enterprise design and AWS VPC ## Enterprise design ### Definition - Aligning the IT requirements with the enterprise strategic needs ### IT requirements - Scalability - Performance - Modularity - Flexibility - Maintainability - Portability - Security ### Business needs - Cost saving - Profitability - Performance of staff - Competitive advantage over competitions - Better service delivery - Innovation and creativity - Novelties ### Enterprise design patterns #### MVC - Definition: clear separation and modularity, that implements Model, View, and controller - Features: - Components can be reused - View change independently - Improves maintainability - Increased complexity, because of abstraction #### Business Delegate - Definition: Delegate business processing to remote, by adding a proxy layer to the business layer. - Acts as a proxy - Converts references - Reduces coupling #### Front Coltroller - A centralized enterprise system, that handles all request - A problem will affect the whole system - Good for security applications, like ATM - Can be implemented with other patterns #### Hybrid Pattern Design - Using more than one system - Used by most real world applications ## AWS VPC Designs ### Networking #### Basics - Definition: a network consists of at least two machines, connected to share resources - Can be partitioned into **subnets**: a logical division, that has a range of IP - Written with `/` - Require a networking device, that connect the computers together - Example: a router or a switch - Can also connect between different networks, and then forward packets between the networks #### Subnets and CIDR - Subnet's addresses in CIDR (Classless Inter-Domain Routing): - `100.0.0.1/20` - Can be public or private - Public: for hosting public websites or servers, can be accessed from internet - Private: for hosting data, can't be accessed from internet - Number of available IP addresses: $2^{32 - prefix}$ - For example, for `100.0.0.1/20`, there is $2^{32 - 20} = 2^12 = 4096$ IPs available - Possible EC **Instances**: Number of possible IP addresses minus **5** - AWS reserved the first 4 and last IP addresses (4+1=5) - First and last: network address and broadcast address - From the last example, there can be atmost $4096 - 5 = 4091$ instances in the network ### Designing considerations #### Regions - Consider data soverignty and compliance: Where you can legally host the data - Laws - Consumers from other countries - Governance requirements - Proximity to user base - Delay in website matters in sales - Consider cost for same distance regions - Service available - Some services are limited to regions - Cross regions increase latency - Can be expanded - Cost - Cost is different per region - Some have cost for transferring data - Consider replicating environment #### AZ(Avaiability Zones) - Recommendation: start with two - This way always has a back up in case one fail - Easy to support - Choosing the number of zones: two or more - heavily rely on EC instances - Applications with MySQL, Oracle, Mongo data bases: High availability, active / passive configuration(active one process request, passive one as backup) #### VPC (Virtual Private Cloud) - One VPC: rare, limited use cases: - High-performance computing - Microsoft Active Directory for service discovery - Small application developed by small team - Multi VPC or Multi Account: used to organize most common infrastructure: - Multi VPC: Single team or organization(like managed service provider), not suitable for governance or compliance - Multi Account: Large organizations, or ones with different IT teams, or medium ones that grow rapidly, because managing access is hard for one account - Can use account management service (AWS Organizations) - to consolidate multiple accounts into a organization, and arrange - to consolidate billing - Has hierarchical grouping, integration with other services like [IAM](/1-5-security.md#iam-identity-and-access-management) - Management structure - Root - Organizational unit - AWS Account - TODO: watch the diagram at p35 - Majority of services are not in VPC by default, but some of them like s3 and dynamo has opt in options #### Subnets - When VPC is created, CIDR is specified - Amazon VPCs can use CIDR between 16 to 28 - Subnets are segments or partitions of network, divided by CIDR - public vs. private - public: traffic routed to a internet gateway - private: not routed to one, not directly accessible with internet - Use jump box like a bastion host to support outbound only internet - Recommendation: use subnet to define internet accessibility - Start with one public and one private - Allocate more ip to private subnets than in public subnets - Use large subnets - public or private - Public: web apps - Private: backend, processing, data store, or management web apps #### Defaults: VPCs and Subnets - Default VPC - Each region has a default VPC, with CIDR of `172.31.0.0/16` - Creating a VPC based instance (EC, RDS, Load Balancing) Without specifying a VPC, it will be placed into the default one in the **region** - Has some default components: - subnet - IGW (internet gate way) - Route table connecting to default default subnet and IGW, default security group and Network ACL (NACL) - Is configurable - Default Subnet - Created for each **AZ** for each default VPC - Is a public subnet, with CIDR of `/20` - Can manually convert to private - Recommendation - Use default VPC only for experimentation, and quick starting - Create real world VPC and subnets for real world application