root/EBU6502_cloud_computing_notes
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
EBU6502_cloud_computing_notes/2-4-aws-vpc.md
Ryan 2ea1af6ec0 Explained preserved IPs
2025-01-04 15:36:07 +08:00

5.9 KiB
Raw Blame History

Enterprise design and AWS VPC

Enterprise design

Definition

  • Aligning the IT requirements with the enterprise strategic needs

IT requirements

  • Scalability
  • Performance
  • Modularity
  • Flexibility
  • Maintainability
  • Portability
  • Security

Business needs

  • Cost saving
  • Profitability
  • Performance of staff
  • Competitive advantage over competitions
  • Better service delivery
  • Innovation and creativity
  • Novelties

Enterprise design patterns

MVC

  • Definition: clear separation and modularity, that implements Model, View, and controller
  • Features:
    • Components can be reused
    • View change independently
    • Improves maintainability
    • Increased complexity, because of abstraction

Business Delegate

  • Definition: Delegate business processing to remote, by adding a proxy layer to the business layer.
    • Acts as a proxy
    • Converts references
  • Reduces coupling

Front Coltroller

  • A centralized enterprise system, that handles all request
    • A problem will affect the whole system
  • Good for security applications, like ATM
  • Can be implemented with other patterns

Hybrid Pattern Design

  • Using more than one system
  • Used by most real world applications

AWS VPC Designs

Networking

Basics

  • Definition: a network consists of at least two machines, connected to share resources
  • Can be partitioned into subnets: a logical division, that has a range of IP
    • Written with <ip>/<prefix>
  • Require a networking device, that connect the computers together
    • Example: a router or a switch
    • Can also connect between different networks, and then forward packets between the networks

Subnets and CIDR

  • Subnet's addresses in CIDR (Classless Inter-Domain Routing):
    • 100.0.0.1/20
  • Can be public or private
    • Public: for hosting public websites or servers, can be accessed from internet
    • Private: for hosting data, can't be accessed from internet
  • Number of available IP addresses: 2^{32 - prefix}
    • For example, for 100.0.0.1/20, there is 2^{32 - 20} = 2^12 = 4096 IPs available
  • Possible EC Instances: Number of possible IP addresses minus 5
    • AWS reserved the first 4 and last IP addresses (4+1=5)
      • First and last: network address and broadcast address
    • From the last example, there can be atmost 4096 - 5 = 4091 instances in the network

Designing considerations

Regions

  • Consider data soverignty and compliance: Where you can legally host the data
    • Laws
    • Consumers from other countries
    • Governance requirements
  • Proximity to user base
    • Delay in website matters in sales
    • Consider cost for same distance regions
  • Service available
    • Some services are limited to regions
    • Cross regions increase latency
    • Can be expanded
  • Cost
    • Cost is different per region
    • Some have cost for transferring data
    • Consider replicating environment

AZ(Avaiability Zones)

  • Recommendation: start with two
    • This way always has a back up in case one fail
    • Easy to support
  • Choosing the number of zones: two or more
    • heavily rely on EC instances
    • Applications with MySQL, Oracle, Mongo data bases: High availability, active / passive configuration(active one process request, passive one as backup)

VPC (Virtual Private Cloud)

  • One VPC: rare, limited use cases:
    • High-performance computing
    • Microsoft Active Directory for service discovery
    • Small application developed by small team
  • Multi VPC or Multi Account: used to organize most common infrastructure:
    • Multi VPC: Single team or organization(like managed service provider), not suitable for governance or compliance
    • Multi Account: Large organizations, or ones with different IT teams, or medium ones that grow rapidly, because managing access is hard for one account
      • Can use account management service (AWS Organizations)
        • to consolidate multiple accounts into a organization, and arrange
        • to consolidate billing
      • Has hierarchical grouping, integration with other services like IAM
      • Management structure
        • Root
        • Organizational unit
        • AWS Account
      • TODO: watch the diagram at p35
  • Majority of services are not in VPC by default, but some of them like s3 and dynamo has opt in options

Subnets

  • When VPC is created, CIDR is specified
  • Amazon VPCs can use CIDR between 16 to 28
  • Subnets are segments or partitions of network, divided by CIDR
  • public vs. private
    • public: traffic routed to a internet gateway
    • private: not routed to one, not directly accessible with internet
      • Use jump box like a bastion host to support outbound only internet
  • Recommendation: use subnet to define internet accessibility
    • Start with one public and one private
    • Allocate more ip to private subnets than in public subnets
    • Use large subnets
    • public or private
      • Public: web apps
      • Private: backend, processing, data store, or management web apps

Defaults: VPCs and Subnets

  • Default VPC
    • Each region has a default VPC, with CIDR of 172.31.0.0/16
    • Creating a VPC based instance (EC, RDS, Load Balancing) Without specifying a VPC, it will be placed into the default one in the region
    • Has some default components:
      • subnet
      • IGW (internet gate way)
      • Route table connecting to default default subnet and IGW, default security group and Network ACL (NACL)
    • Is configurable
  • Default Subnet
    • Created for each AZ for each default VPC
    • Is a public subnet, with CIDR of /20
    • Can manually convert to private
  • Recommendation
    • Use default VPC only for experimentation, and quick starting
    • Create real world VPC and subnets for real world application