Posts Tagged 'Amazon EC2'

Implementing a Private Cloud Solution

Last week I attended Learning Tree’s “Implementing a Private Cloud Solution” course at our Reston Education Center. It is a great course for anyone seeking in-depth technical details on how to build their own on-premises private cloud. The course also covers using a hosted private cloud solution and building secure connections to your own data center.

This course is not for the faint of heart! It is also not for the technically challenged! When you show up Tuesday morning you need to be prepared to work very hard for the next four days. The course author, Boleslav Sykora, has put together a fast paced session that gives you as much technical detail as you would ever want on the subject. It is the type of course where you will want to come early and stay late each and every day so you can work through all the extensive bonus exercises that are offered. I loved it and I think you will too!

We feature building two private clouds, one using Eucalyptus and another using Microsoft System Center, completely from scratch. There is a lot of Linux command line stuff and quite a bit of detailed networking configuration. This is exactly the reality of what is involved if you want to build your own private cloud. Over the four days you come to understand that private cloud computing is not some mystical, magical hype but is an evolution of solid fundamental concepts that have been around for some time. This course will appeal to technical professionals who want to gain real experience implementing solutions that will define the future of the on-premises data center.

For those who would prefer not to bother with the complexity of an internal private cloud implementation there are many hosted solutions to choose from. Probably the best known is Amazon’s Virtual Private Cloud (VPC). Once you use VPC on Amazon you will likely never go back to using EC2 without it.

In fact as I write this blog I am on a train heading to New York. There I will teach Learning Tree’s “Cloud Computing with Amazon Web Services” course. That, also, is a great course!

Because there are many private cloud implementations based on the Amazon EC2 model and API (particularly Eucalyptus) Amazon has kind of become the de facto standard for how Infrastructure as a Service (IaaS) is done. Even if you believe you would never use a public cloud for a production system there is much to be learned about cloud computing from Amazon. Beyond that the public cloud is a great place to do testing, development and proof-of-concept before investing the time and capital required to build your own private cloud. Public clouds such as Amazon can also become part of a hybrid solution that features the best of what private clouds and public clouds have to offer. Learning Tree’s Amazon Web Services course gives you hands-on experience with many aspects of Amazon’s cloud and shows you how to build solutions using the various services offered there.

So if you are a hardcore techie who wants to have end-to-end control over all aspects of a cloud solution come to Learning Tree’s private cloud course. If you would like to understand how to leverage the Amazon public cloud or to understand the service models of arguably the most dominant cloud provider in the world then come to Learning Tree’s Amazon Web Services course. Either way I hope to see you soon!

Kevin Kell

Configuring Exchange Servers in the Cloud

This week I digress once again from my intended progression of posts to deal with some real world issues …

Learning Tree’s “choice in the classroom” now offers attendees the option of working either with a partner or on their own when doing the hands-on exercises. As part of this initiative authors are reviewing classroom hardware requirements for each of their courses.

In our Office 365 course we feature a hands-on exercise where the students perform an actual cutover migration from Exchange 2010 Server on premises to Exchange Online in Office 365. This exercise requires one fully configured Exchange server per student team. Allowing students the option to work solo could potentially double the number of Exchange servers needed for an event. Note that this is essentially a load variation problem and is something for which the Infrastructure as a Service cloud delivery model is particularly well suited!

I had previously provisioned 12 EC2 servers and configured them in a VPC where each had an assigned Elastic IP address. This allows for all of the instances to remain stopped until the actual day in which they are needed in the class. The instructor can simply start as many machines as necessary based on the size of the class that week and how many students choose to work solo or in pairs. In this way we only incur instance run charges for when the machines are actually in use. When the instances are stopped there is a modest charge of $0.11 per GB per month. This works out to less than $50 per month for 12 Windows instances with 35 GB of provisioned storage each. It is relatively simple to extend this solution for 24 servers at very little additional cost.

There are some complications I encountered with an Exchange installation that made it impossible to simply clone existing instances. In fact I could not even start from a custom AMI where I had already installed Exchange. Making Exchange work for the exercise required that each server be on a separate Active Directory domain. Further, it required that a “real” UCC certificate (i.e. from a proper Certification Authority, not just self-signed) for a validated domain be installed on each machine.

Briefly, here are the steps I needed to go through:

  1. Start from a custom AMI that has all downloads and latest service packs required for installing Exchange. This AMI has also been setup with the desired user accounts and has had some of the necessary Windows Server roles and features turned on. It has also had some unwanted and unneeded features turned off.
  2. Install the Active Directory Domain Services role and assign the custom domain.
  3. Install and configure Exchange.
  4. Assign license to Exchange.
  5. Create Exchange mailboxes for use in class.
  6. Enable Outlook Anywhere.
  7. Request UCC certificate.
  8. Complete certificate request using certificate file issued by CA.

I was able to script some of this using PowerShell. In actuality building each machine did require some manual effort. In this case, though, it was done as a one-time thing. I will no doubt continue to explore options for rapidly building these and other types of servers for use in the classroom. One area I would like to look at further is orchestrating the provisioning of Exchange server perhaps using something like RightScale’s Configuration Framework. That, however, will have to be a topic for another time.

Kevin Kell

Amazon Simple Workflow Service

Amazon continue its relentless release of new Cloud Computing services with the release of the Simple Workflow Service (SWF). This sophisticated service enables distributed asynchronous applications to be implemented as workflow. A workflow is built from three core components:

  • Workflow starters
  • Activity workers
  • Deciders

Workflow starters initiate the workflow. This can be any application. The classic example is a customer placing an order on an e-commerce site starting a workflow that completes with a shipped order and includes all the intermediate stages including payment processing, stock allocation and shipping.
Activity workers are the threads that perform the tasks required by the workflow. These are written by the software developers, in potentially any programming language, and can run anywhere (on-premise or cloud hosted) as long as they can access SWF through the provided API.
Deciders implement the workflows decision logic. The deciders look at the workflow history to determine what has been completed and make a decision as to what to do next.

With the release of SWF, Amazon have provided an elegant solution to a difficult problem: how to build applications that make use of a number of distributed components that can be a mixture of on-premise and cloud hosted and monitor and co-ordinate them in a reliable and scalable manner.

What I like about Amazon AWS in general is that they make it straightforward to use. With SWF, then the service addresses an area that is complex and yet Amazon have provided a clean elegant solution. I look forward to using it soon.

Chris Czarnecki

Amazon Announces Trusted Advisor

When considering using cloud computing services, one of the major factors is the level of support that can be provided by the cloud vendor. In particular, when using Infrastructure as a Service, it is vital to ensure that cloud resources are not only appropriately secured but are also running at their most cost effective. Who better to provide this information than the cloud provider.

In the case of Amazon Web Services, where the range of services is so wide (consider storage: SimpleDB, Simple Storage Service, Relational Data Service, Elastic Block Storage, DynamoDb) with many alternatives, it is not always easy to make the correct choice. When buying infrastructure, the purchase model is no longer straightforward either, with options for on-demand, reserved and spot instances. When deploying high availability systems, instances are typically spread across availability zones. Are these balanced and evenly distributed ?

To help better support deployed systems making use of Amazon infrastructure, Amazon have today announced AWS Trusted Advisor. This service, which uses the experience of supporting hundreds of thousands of Amazon customers, will inspect a customer’s AWS environment and, if appropriate, will make recommendations on improving security, performance and cost reduction. All of this is automated and makes use of a large knowledge base built up by Amazon over the last few years.

The Trusted Advisor is an example of the way in which Amazon continues to innovate in providing services that not only provide great new functionality, but also in the monitoring and control of these services. If you would like to know more about Amazon Web Services and how they can benefit your organisation, consider attending Learning Tree’s comprehensive course, Cloud Computing with Amazon Web Services™, in which you’ll learn from an expert instructor about the major services and how they can be integrated to form a coherent scalable reliable infrastructure.

Chris Czarnecki

Compare Cloud Security to Your Security

There’s an assumption people make that if they put their data in the cloud it is less secure. There are three aspects to security: confidentiality, integrity, and availability. They are known as the CIA security model.

Confidentiality

Private data is kept confidential using encryption. This might require encrypting the data in the database. When transporting data across the internet, it requires using the HTTPS protocol. Whether using the cloud or local servers this does not change. It is our responsibility to secure our data no matter where it is physically stored.

Integrity

Integrity is maintained in distributed systems by verifying messages sent between computers have not tampered with. This is also achieved by using the HTTPS protocol. Again, this does not change when using the cloud.

Availability

Data should only be made available to those who are allowed to see it. This is done through some sort of authentication process, along with rules that govern access to the data. Authentication can be done using passwords, digital certificates, biometrics, passcodes, keys etc.

Securing the Infrastructure

Without a secure infrastructure, you can’t achieve the CIA’s of security. Servers must be patched, firewalls need to be configured, access to physical hardware needs to be limited, intrusion-detection systems need to be put in place, etc. Securing the infrastructure is very expensive and requires a great deal of administration.

This is where we can take advantage of a cloud provider’s economies of scale and expertise, to make our systems more secure! The fact is, very few people can afford to do what Microsoft and Amazon do to secure their data centers. And even if you can afford it, do you have the people who know how to do it?

To better understand why this is so, read the links below which describe what Microsoft and Amazon do to secure their data centers. Then, compare what they do, to what your organization does. You will likely realize that your data would be considerably MORE secure in the cloud than it is in your computer room.

Links

Windows Azure Security Overview – Microsoft

AWS Security and Compliance Center – Amazon Web Services

If you want to learn more about cloud computing and how it can benefit your organization, come to one of the courses in Learning Tree’s Cloud Computing curriculum

Doug Rehnstrom

 

Using Amazon EC2 in Learning Tree’s Office 365 Course

Our upcoming Office 365 course will feature an exercise where attendees will gain real hands-on experience migrating on-premises Exchange mailboxes to the cloud. In order to do this we will require one on-premises Exchange server per student team. Further, each Exchange server has to exist on a unique domain which has been registered with a DNS provider, is available over the Internet and has been added to each student’s Office 365 subscription.

In order to accomodate a large class this could result in a potentially big investment in hardware and classroom setup time. Or, we could look to the cloud as a potential solution. As it turns out this is a perfect problem to solve using EC2.

Why? Well, we can create instances of Exchange Servers on uniquely named Active Directory domains and have them available for use when we need them in class. These, effectively, become our “on-premises” mail servers for our exercise, even though they are actually themselves in the cloud!

In this way we will only incur charges for running instances for the few hours of each class where we actually need them. When they are not needed we can leave them in a stopped state. Sure there will be some charges for storing the volume but those will be relatively small. Also, while the course is under development, we can work with these Exchange servers from anywhere and testing can be done by our geographically dispersed development team.

Are we storing any sensitive data in the cloud? No. Is the application mission critical? Well, I guess if we can’t connect to the Internet for some reason that could cause a problem in the classroom but if that were to occur we would have a problem anyway because the whole class is about the cloud!

So, in summary, the cloud is not a solution to every problem. There are some problems, however, like this case in point where the cloud is a good fit and solves real world technical problems in a cost effective manner.

Kevin Kell

Amazon EC2 Security Groups for Elastic Beanstalk

Amazon’s Elastic Beanstalk is an elegant Platform as a Service (PaaS) for Java application deployment. Anybody who has provisioned servers with the Elastic Compute Cloud (EC2) will be familiar with configuring security groups. A security group is like a firewall, and defines a set of permissions for accessing Amazon Web Services (AWS) resources. More details can be found here.

When deploying an application using Elastic Beanstalk, a security group is automatically created for you and it allows access from all IP addresses on port 80. In many cases applications will use a database that is hosted on Amazon’s Relational Database Service (RDS). When a database instance is configured, this also requires a security group to be configured. To enable access from the beanstalk hosted application an extra rule allowing access from the beanstalk application must be added. For administrating the database, a rule for your local machine based on your IP address is also added. This process is straightforward, it just requires an awareness of what needs to be done.

Amazon provide an incredible set of Infrastructure services with AWS. To use these services effectively and integrate them into a coherent whole requires a good knowledge of how they work individually and the role they should play in your systems. Acquiring this knowledge is not a trivial task, so to fast track this process Learning Tree have developed a four day course that provides hands-on experience of what is available, how it works and how you can best use it for your systems. If you are interested in, or considering using Amazon AWS, I think you will find the course invaluable. You can even attend from your office using the Anyware system. Details and a schedule can be found here.

Chris Czarnecki


Learning Tree Logo

Cloud Computing Training

Learning Tree offers over 210 IT training and Management courses, including Cloud Computing training.

Enter your e-mail address to follow this blog and receive notifications of new posts by e-mail.

Join 51 other followers

Follow Learning Tree on Twitter

Archives

Do you need a customized Cloud training solution delivered at your facility?

Last year Learning Tree held nearly 2,500 on-site training events worldwide. To find out more about hosting one at your location, click here for a free consultation.
Live, online training
.NET Blog

Follow

Get every new post delivered to your Inbox.

Join 51 other followers

%d bloggers like this: