May 28, 2015
- Главная
- Разное
- Дизайн
- Бизнес и предпринимательство
- Аналитика
- Образование
- Развлечения
- Красота и здоровье
- Финансы
- Государство
- Путешествия
- Спорт
- Недвижимость
- Армия
- Графика
- Культурология
- Еда и кулинария
- Лингвистика
- Английский язык
- Астрономия
- Алгебра
- Биология
- География
- Детские презентации
- Информатика
- История
- Литература
- Маркетинг
- Математика
- Медицина
- Менеджмент
- Музыка
- МХК
- Немецкий язык
- ОБЖ
- Обществознание
- Окружающий мир
- Педагогика
- Русский язык
- Технология
- Физика
- Философия
- Химия
- Шаблоны, картинки для презентаций
- Экология
- Экономика
- Юриспруденция
10 Tips for Your Journey to the Public Cloud презентация
Содержание
- 1. 10 Tips for Your Journey to the Public Cloud
- 2. Quick Facts About Mint
- 3. Millions of Active Users
- 4. > 50TB of Financial Data
- 5. > 400 Servers (in 10 PODS, > 90 MySQL Shards)
- 6. 1.5k req/sec, 80k concurrent connections, 120k concurrent sessions
- 7. Tablets iPad, Android, Surface Smart Phones iPhone,
- 8. 10 Tips from Our Journey
- 9. Load Balancing Security policy against terminating SSL
- 10. Securing Sensitive Customer Data Multi-layer encryption (integrated
- 11. Establishing a Framework for Low Latency Prepare
- 12. Infrastructure as Code Configuration change in the
- 13. Migrating Large Volumes of Data Not feasible
- 14. High Availability and Disaster Recovery Recovery Time
- 15. Monitoring and Diagnostics Disassociate with IPs Instances,
- 16. End-to-End Testing In addition to validating the
- 17. Managing Costs Compute: reserved vs. on-demand If
- 18. Release Operations Infrastructure deployed independently of applications
- 19. Summary Load balancing: Evaluate if ELB is
- 20. Thank You
Quick Facts About Mint
Слайд 110 Tips for Your Journey to the Public Cloud
Suchi Upadhyayula Sean McCluskey
Director
of Product Development, Intuit Director of Quality and Operations, Intuit
Слайд 7Tablets
iPad, Android, Surface
Smart Phones
iPhone, Android, Win 8
Web
Desktops
Mac, Win 8
Mint is on
…
Слайд 9Load Balancing
Security policy against terminating SSL on ELB
ELB acts as a
dumb pass-through
Routing logic to support bulk-head pattern (Pods) too complex for current ELBs
Developed a proxy layer to:
Terminate SSL
Implement routing logic
Access audit logging
Routing logic to support bulk-head pattern (Pods) too complex for current ELBs
Developed a proxy layer to:
Terminate SSL
Implement routing logic
Access audit logging
1
Слайд 10Securing Sensitive Customer Data
Multi-layer encryption (integrated with Amazon’s Key Management System)
with periodic key rotation:
Application encryption of sensitive data
Encryption in flight
File level encryption at rest
Reviewed fields to identify sensitive data to be “application level” encrypted
Dropping of clear text columns before data ready to ship
>50TB of data encrypted
Application encryption of sensitive data
Encryption in flight
File level encryption at rest
Reviewed fields to identify sensitive data to be “application level” encrypted
Dropping of clear text columns before data ready to ship
>50TB of data encrypted
2
Слайд 11Establishing a Framework for Low Latency
Prepare for latency impact due to
encryption
Mint planned for 30% degradation
Continuous measurement of TP50, TP90, TP99 for critical features
Weekly review of TPs to drive improvements to reduce latency
Constant tuning of code and single page architecture
Able to maintain TP50 & TP90 SLAs
Create a culture of continuous focus on TPs to drive improvements
Mint planned for 30% degradation
Continuous measurement of TP50, TP90, TP99 for critical features
Weekly review of TPs to drive improvements to reduce latency
Constant tuning of code and single page architecture
Able to maintain TP50 & TP90 SLAs
Create a culture of continuous focus on TPs to drive improvements
3
Слайд 12Infrastructure as Code
Configuration change in the infrastructure resulted in a release
failing to deploy and requiring rollback
What we learned:
In AWS, operations spends a lot of time writing code: CloudFormation templates, deployment automation, monitors
Development rigor was new to the operations team
Needed to adopt development practices within operations: designs, code reviews, testing, validation, formal release processes for infrastructure
What we learned:
In AWS, operations spends a lot of time writing code: CloudFormation templates, deployment automation, monitors
Development rigor was new to the operations team
Needed to adopt development practices within operations: designs, code reviews, testing, validation, formal release processes for infrastructure
4
Слайд 13Migrating Large Volumes of Data
Not feasible to copy >50TB (and growing)
of secure data “over the wire”
Plan for data transport to AWS:
Encrypted drives physically secure shipped to AWS; 3 days to ship backup copy to AWS and upload
Catch up replication
Final drive shipment needs to be timed so that replication can catch up to the shipment window and sustain data growth prior to production cutover
Plan for data transport to AWS:
Encrypted drives physically secure shipped to AWS; 3 days to ship backup copy to AWS and upload
Catch up replication
Final drive shipment needs to be timed so that replication can catch up to the shipment window and sustain data growth prior to production cutover
5
Слайд 14High Availability and Disaster Recovery
Recovery Time Objective (RTO): time to restore
a service to operation
Recovery Point Objective (RPO): amount of data acceptable to lose
Solve for availability first with Multi-AZ
Determine acceptable RTO/RPO and solve for regional failures second
Balance lower RTO/RPO against increased cost and complexity
Recognize the technology you use to handle regional failures will add complexity that could increase outages
Recovery Point Objective (RPO): amount of data acceptable to lose
Solve for availability first with Multi-AZ
Determine acceptable RTO/RPO and solve for regional failures second
Balance lower RTO/RPO against increased cost and complexity
Recognize the technology you use to handle regional failures will add complexity that could increase outages
Region US-EAST
Availability Zone
Availability Zone
Availability Zone
Region US-WEST
Availability Zone
Availability Zone
Availability Zone
6
Слайд 15Monitoring and Diagnostics
Disassociate with IPs
Instances, ELBs, and their IP addresses are
dynamic
Number of instances are constantly changing
When an instance has issues it can be “blown away”
Build resilient and self-healing infrastructure
Monitoring should then be built to compliment this
If you alert on failure, have the courtesy to alert on healing
Number of instances are constantly changing
When an instance has issues it can be “blown away”
Build resilient and self-healing infrastructure
Monitoring should then be built to compliment this
If you alert on failure, have the courtesy to alert on healing
7
Слайд 16End-to-End Testing
In addition to validating the full functionality of the production
environment, you also need to validate:
Build, config, deploy, and validation infrastructure
Logging, Monitoring, etc system that ensure the environment is healthy
Access controls and security
Auto-Scaling
Continuous synthetic testing in the production environment
provide an end-to-end test to ensure the customer experience doesn’t degrade
Build, config, deploy, and validation infrastructure
Logging, Monitoring, etc system that ensure the environment is healthy
Access controls and security
Auto-Scaling
Continuous synthetic testing in the production environment
provide an end-to-end test to ensure the customer experience doesn’t degrade
8
Слайд 17Managing Costs
Compute: reserved vs. on-demand
If compute is “on” for more than
9 hours per day, reserved will save money
On-demand for seasonal workloads and rare peaks
Reaper scripts; shutdown unused instances
Snapshots drove significant cost savings
Storage is cheap
A lot of work that yields a small return
IOPS are not
Optimizing IOPS per shard saved a lot of money
On-demand for seasonal workloads and rare peaks
Reaper scripts; shutdown unused instances
Snapshots drove significant cost savings
Storage is cheap
A lot of work that yields a small return
IOPS are not
Optimizing IOPS per shard saved a lot of money
9
Слайд 18Release Operations
Infrastructure deployed independently of applications
DB schema
AMI
Infrastructure as code
Application
Support rollbacks for
everything (blue-green)
We can always go back to N-1, ALWAYS!!
We can always go back to N-1, ALWAYS!!
10
Слайд 19Summary
Load balancing: Evaluate if ELB is sufficient and plan ahead
Security: Multi-layer
encryption, AWS Key Management
Low latency: TP50, TP90, TP99 measure and improve
Infrastructure as code: Design, review, test templates
Migrating large volumes of data: Encrypted drives
HA/DR: Multi-AZ, multi-region
Monitoring and diagnostics: Disassociate with IP addresses
End-to-end testing: Don’t forget to test auto-scaling
Managing costs: Compute is more expensive than storage
Release operations: Rollback-ready, blue-green
Low latency: TP50, TP90, TP99 measure and improve
Infrastructure as code: Design, review, test templates
Migrating large volumes of data: Encrypted drives
HA/DR: Multi-AZ, multi-region
Monitoring and diagnostics: Disassociate with IP addresses
End-to-end testing: Don’t forget to test auto-scaling
Managing costs: Compute is more expensive than storage
Release operations: Rollback-ready, blue-green
