5.9 KiB
5.9 KiB
Enterprise design and AWS VPC
Enterprise design
Definition
- Aligning the IT requirements with the enterprise strategic needs
IT requirements
- Scalability
- Performance
- Modularity
- Flexibility
- Maintainability
- Portability
- Security
Business needs
- Cost saving
- Profitability
- Performance of staff
- Competitive advantage over competitions
- Better service delivery
- Innovation and creativity
- Novelties
Enterprise design patterns
MVC
- Definition: clear separation and modularity, that implements Model, View, and controller
- Features:
- Components can be reused
- View change independently
- Improves maintainability
- Increased complexity, because of abstraction
Business Delegate
- Definition: Delegate business processing to remote, by adding a proxy layer to
the business layer.
- Acts as a proxy
- Converts references
- Reduces coupling
Front Coltroller
- A centralized enterprise system, that handles all request
- A problem will affect the whole system
- Good for security applications, like ATM
- Can be implemented with other patterns
Hybrid Pattern Design
- Using more than one system
- Used by most real world applications
AWS VPC Designs
Networking
Basics
- Definition: a network consists of at least two machines, connected to share resources
- Can be partitioned into subnets: a logical division, that has a range of
IP
- Written with
<ip>/<prefix>
- Written with
- Require a networking device, that connect the computers together
- Example: a router or a switch
- Can also connect between different networks, and then forward packets between the networks
Subnets and CIDR
- Subnet's addresses in CIDR (Classless Inter-Domain Routing):
100.0.0.1/20
- Can be public or private
- Public: for hosting public websites or servers, can be accessed from internet
- Private: for hosting data, can't be accessed from internet
- Number of available IP addresses:
2^{32 - prefix}
- For example, for
100.0.0.1/20
, there is2^{32 - 20} = 2^12 = 4096
IPs available
- For example, for
- Possible EC Instances: Number of possible IP addresses minus 5
- AWS reserved the first 4 and last IP addresses (4+1=5)
- First and last: network address and broadcast address
- From the last example, there can be atmost
4096 - 5 = 4091
instances in the network
- AWS reserved the first 4 and last IP addresses (4+1=5)
Designing considerations
Regions
- Consider data soverignty and compliance: Where you can legally host the data
- Laws
- Consumers from other countries
- Governance requirements
- Proximity to user base
- Delay in website matters in sales
- Consider cost for same distance regions
- Service available
- Some services are limited to regions
- Cross regions increase latency
- Can be expanded
- Cost
- Cost is different per region
- Some have cost for transferring data
- Consider replicating environment
AZ(Avaiability Zones)
- Recommendation: start with two
- This way always has a back up in case one fail
- Easy to support
- Choosing the number of zones: two or more
- heavily rely on EC instances
- Applications with MySQL, Oracle, Mongo data bases: High availability, active / passive configuration(active one process request, passive one as backup)
VPC (Virtual Private Cloud)
- One VPC: rare, limited use cases:
- High-performance computing
- Microsoft Active Directory for service discovery
- Small application developed by small team
- Multi VPC or Multi Account: used to organize most common infrastructure:
- Multi VPC: Single team or organization(like managed service provider), not suitable for governance or compliance
- Multi Account: Large organizations, or ones with different IT teams, or
medium ones that grow rapidly, because managing access is hard for one
account
- Can use account management service (AWS Organizations)
- to consolidate multiple accounts into a organization, and arrange
- to consolidate billing
- Has hierarchical grouping, integration with other services like IAM
- Management structure
- Root
- Organizational unit
- AWS Account
- TODO: watch the diagram at p35
- Can use account management service (AWS Organizations)
- Majority of services are not in VPC by default, but some of them like s3 and dynamo has opt in options
Subnets
- When VPC is created, CIDR is specified
- Amazon VPCs can use CIDR between 16 to 28
- Subnets are segments or partitions of network, divided by CIDR
- public vs. private
- public: traffic routed to a internet gateway
- private: not routed to one, not directly accessible with internet
- Use jump box like a bastion host to support outbound only internet
- Recommendation: use subnet to define internet accessibility
- Start with one public and one private
- Allocate more ip to private subnets than in public subnets
- Use large subnets
- public or private
- Public: web apps
- Private: backend, processing, data store, or management web apps
Defaults: VPCs and Subnets
- Default VPC
- Each region has a default VPC, with CIDR of
172.31.0.0/16
- Creating a VPC based instance (EC, RDS, Load Balancing) Without specifying a VPC, it will be placed into the default one in the region
- Has some default components:
- subnet
- IGW (internet gate way)
- Route table connecting to default default subnet and IGW, default security group and Network ACL (NACL)
- Is configurable
- Each region has a default VPC, with CIDR of
- Default Subnet
- Created for each AZ for each default VPC
- Is a public subnet, with CIDR of
/20
- Can manually convert to private
- Recommendation
- Use default VPC only for experimentation, and quick starting
- Create real world VPC and subnets for real world application