3. Infrastructure as a Service.pdf

Full Transcript

Infrastructure as a
Service - AWS
Michael Gerndt
Technische Universität München

1
 AWS - Amazon Web Services
Amazon started with bookstore; AWS on 13.03.2006.
Now, it is one of the top cloud providers
Estimates say Amazon has > 2.000.000 servers
AWS started the IaaS service model
Compute
Network
Storage
A brief history of AWS

2
AWS
AWS Services

3
AWS – Resource Distribution

4
 AWS - Regions
Geographic cluster of availability zones
Currently 33 regions
Account has one or more available regions
AWS GovCloud (US) accounts limited to: AWS GovCloud (US-East and US-
West) regions
AWS (China) accounts only: AWS (China) Bejing and Ningxia
User can control where resources are allocated
Meet legal requirements such as in Europe
Have short latency access for customers
Regions are isolated for fault tolerance and stability.
You see only your VMs in the current region.
Communication among regions is not free.

5
 AWS – Availability Zones
Availability Zone: Think about a data center
33 regions and 105 availability zones
Two availability zones have no common points of failure, thus servers in two
zones gain infrastructural redundancy.
Naming
region code + letter, us-east-1a
Mapping of names to zones might be di erent for di erent accounts for load
balancing.
User can control the zone in which a VM is started for fault tolerance reasons,
otherwise AWS will select a zone.
Number of zones in a region might be di erent for accounts.
Communication in a zone is free, between zones it has to be paid.
Data centers of Amazon are connect via the AWS backbone network

6
ff
ff
ff
 AWS - EC2 SLA
Region-Level SLA guarantees 99,99% region availability.
Region is unavailable, when all of your running instances or running tasks,
deployed in two or more AZs, concurrently have no external connectivity.
Instance-Level SLA guarantees 99,5% reachability of an EC2 instance
Instance is not available, when your Single EC2 Instance has no external
connectivity.
https://aws.amazon.com/compute/sla/

7
 Infrastructure for the Edge
AWS provides infrastructure near to the clients
Reduced latency and bandwidth
AWS Local Zones
Zones o ering a limited set of services with single digit ms latency network access.
Deploy your application with the standards APIs.
AWS Wavelength Zones
Compute, storage, and networking services within 5G networks
Ultra-low-latency (single digit ms latency) mobile edge computing
Key services like Amazon EC2 instances, EBS (Elastic Block Store), VPC (Virtual
Private Cloud), and IAM (Identity and Access Management) are available within
Wavelength Zones.
Deployment into Wavelength Zones using the same AWS Management Console
and APIs they use for other AWS services.
AWS OutPost Zones
On-premise infrastructure integrated into AWS Cloud and managed as Cloud
resources with AWS API and tools

8
ff
 Amazon CloudFront
Cloud-based content distribution network
Allows you to place your online content on a global network of edge
locations
Content will be delivered from a location close to the requestor.
To use Amazon CloudFront, you:
Store the original versions of your les in an Amazon S3 bucket.
Create a distribution to register that bucket with Amazon CloudFront
through a simple API call.
Use your distribution’s domain name in your web pages or
application.
Pay only for the data transfer and requests that you actually use.
Protection from DDoS attacks by AWS Shield

9
fi
 CloudFront Content Delivery Service and the Edge

AWS Edge Location
Only used for AWS managed services (CDN, rewall and DDoS protection, routing
to the AWS backbone network).
AWS data centers keeping cached copies closest to the end user. Point of
Presence (POP) serving content directly to your viewers.
AWS Regional Edge Caches
AWS CloudFront (the low-latency content delivery network (CDN) service)
between your origin server and related POPs
600+ edge locations and 13 regional edge caches

10
fi
 Amazon Elastic
Compute Cloud - EC2

11
 Amazon Elastic Compute Cloud
Provides
Virtual machines running inside the Amazon Cloud.
Instance storage tied to the hosting server
Network accessible block storage that persists across time and can
be mounted in the VM.
Virtual Private Cloud (VPC) to secure your network in the Cloud
Based on Xen hypervisor
AWS announced end of 2017 to switch to an own hypervisor based on
KVM for new highend Intel processors.

12
 Xen Hypervisor
Three levels of virtualization
Bare metal: hypervisor sits in between the hardware and the host OS/VMs
Hosted virtualization: hypervisor runs on top of the host operating system
OS-level virtualization: containers running on top of the OS kernel.
Xen is a bare metal hypervisor
One VM is called Domain 0 (DOM0) and runs the host OS.
It starts rst and runs the Xen management software, manages other VMs, has
drivers for hardware and provides virtual disks and network access to
unprivileged VMs.

13
fi
Xen Hypervisor

14
 Nitro Hypervisor

Special interface cards
Network, interrupt handling and block storage
Management happens in hardware instead of software in DOM0
O er limiters to guarantee resource distribution, e.g., network bandwidth
Hardware-based security support for Nitro Enclaves to protect sensitive data
Hardware is faster
Entire Dom0 can be removed
No cores reserved for Dom0

15
ff
 Amazon Machine Image
Amazon Machine Image (AMI) also called VM template
Copy of a server with OS and preinstalled software
Prede ned AMIs from Amazon and third-parties, user-de ned AMIs
possible
AMIs are stored in S3
Di cult to select an AMI, they could even include Trojans or
backdoors.
Amazon provides reviews and ratings http://aws.amazon.com/amis.

16
ffi
fi
fi
 Amazon Marketplace
Link to Marketplace

17
 AWS Storage
Amazon Elastic Block Storage
Amazon EC2 Instance Storage
Amazon Elastic File System (Amazon EFS)
Amazon Simple Storage Service (Amazon S3)

18
 Amazon Block Storage
Block storage volume
Block-level storage which can be mounted
It can be formatted as appropriate
Multiple can be combined into a virtual RAID
Snapshots of block storage volume are stored in S3 for backup or
replication

19
 Amazon Instance Storage
Disks attached to the physical host
If you stop or terminate an instance, any data on instance store volumes
is lost.
Some instance types use NVMe or SATA-based solid state drives (SSD)
to deliver high random I/O performance.

20
 Amazon Elastic File System
Scalable le storage
Can be created and mounted into instances.
Files can be shared among instances.
File system has to be explicitly created and destroyed.

21
fi
 Amazon Simple Storage Services (S3)
Reliable and inexpensive data storage infrastructure
Supports objects from 1 byte to 5 TB
Two-level namespace
Buckets: at collection of buckets, namespace is shared across all Amazon
customers
Objects: File in the buckets
Slow compared to local discs or EBS
Access
In EC2
From the web
High durability but low availability
Most users use S3 for short-term or long-term backup

22
fl
 Amazon EC2 Instance
Instance
Running VM which is based on an AMI
Instance type
VM with di erent compute and memory capabilities.
Storage
Boot device volume
Elastic Block Storage
Instance Storage
Instance store volumes: local discs of the server
Both are lost, when the instance is terminated.
For persistency use EFS, EBS
List of instance types
https://aws.amazon.com/ec2/instance-types
M7(g/i/a): AWS Graviton, Intel, AMD CPUs

23
ff
 Amazon EC2 Instance
Elastic IP address
Static IP address is required if you want to use an instance that must
always be accessible by the same IP address
You pay for address independent of the usage.
Account limit of number of VMs of a certain type

24
 AWS Instance Lifecycle

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html

25
 AWS EC2 Instance
Characteristic Amazon EBS-Backed Amazon Instance Store-Backed

Boot time for an Usually less than 1 minute Usually less than 5 minutes
instance

Root device Amazon EBS volume Instance store volume
volume

Data persistence By default, the root volume is deleted when the Data on any instance store
instance terminates.* Data on any other Amazon EBS volumes persists only during the
volumes persists after instance termination by default. life of the instance.

Modi cations The instance type, kernel, RAM disk, and user data Instance attributes are xed for
can be changed while the instance is stopped. the life of an instance.

Charges You're charged for instance usage, Amazon EBS You're charged for instance
volume usage, and storing your AMI as an Amazon usage and storing your AMI in
EBS snapshot. Amazon S3.

AMI creation/ Uses a single command/call Requires installation and use of
bundling AMI tools

Stopped state Can be placed in stopped state where instance is not Cannot be in stopped state;
running, but the root volume is persisted in Amazon instances are running or
EBS terminated

26
fi
fi
 Lifecycle
Instance state Description Instance usage billing

pending The instance is preparing to enter the running Not billed
state. An instance enters the pending state
when it launches for the rst time, or when it is
restarted after being in the stopped state.

running The instance is running and ready for use. Billed

stopping The instance is preparing to be stopped or stop- Not billed if preparing to stop
hibernated. Billed if preparing to hibernate
stopped The instance is shut down and cannot be used. Not billed
The instance can be restarted at any time.

shutting- The instance is preparing to be terminated. Not billed
down
terminated The instance has been permanently deleted and Not billed
cannot be restarted.

27
fi
Characteristic Reboot Stop/start (Amazon EBS- Hibernate (Amazon Terminate
backed instances only) EBS-backed instances
only)

Host computer The instance In most cases, we move the Same None
stays on the instance to a new host
same host computer. Your instance may
computer stay on the same host
computer if there are no
problems with the host
Private and These computer.
The instance keeps its Same None
public IPv4 addresses stay private IPv4 address. The
addresses the same instance gets a new public
IPv4 address, unless it has
an Elastic IP address, which
doesn't change during a
stop/start.

Elastic IP The Elastic IP The Elastic IP address Same The Elastic IP
addresses address remains remains associated with the address is
(IPv4) associated with instance disassociated from
the instance the instance

IPv6 address The address The instance keeps its IPv6 Same None
stays the same address

28
Characteristic Reboot Stop/start (Amazon Hibernate (Amazon EBS-backed Terminate
EBS-backed instances instances only)
only)
Instance store The data is The data is erased Same The data is
volumes preserved erased

Root device The volume The volume is preserved Same The volume
volume is preserved is deleted by
default

RAM (contents The RAM is The RAM is erased The RAM is saved to a le on the The RAM is
of memory) erased root volume erased

Billing The instance You stop incurring You incur charges while the You stop
billing hour charges for an instance instance is in the stopping state, incurring
doesn't as soon as its state but stop incurring charges when the charges for
change. changes to stopping. instance is in the stopped state. an instance
Each time an instance Each time... as soon as
transitions from stopped its state
to running, we start a changes to
new instance billing shutting-
period, billing a minimum down.
of one minute every time
you restart your instance.

29
fi
 Instance Placement Groups
Cluster placement group
Logical grouping of instances
Instances are packed closely in an availability zone to increase network
performance.
Partition placement group
Spread instances across partitions such that di erent partitions do not share the
underlying hardware.
Each partition gets its own rack.
Partitions can be placed in di erent availability zones.
Reduce likelihood of correlated hardware failures and improve performance in a
partition.
Spread placement group
Spreads instances across distinct underlying hardware.
Reduce correlated hardware failures.

30
ff
ff
 Security
Accounts have their own Virtual Private Cloud
Your resources are launched into your VPC
VPC resembles your network in your own data center
Con guration
IP address range, create subnets, and con gure route tables, network
gateways, and security settings
Connect instances to the internet
Connect your VPC to your data center
Amazon created a default VPC but additional VPC can be created by
the user.

31
fi
fi
 EC2 access
Primary means is through a web services API
Interactive tools on top of the API
Amazon Web Services Console
Amazon Command Line tools
Access to your server is by private/public key pair

32
Amazon EC2 Console

33
 AWS CloudFormation
Model your infrastructure
Infrastructure as Code
Specify all resources in a textual way as a json template
Allows to standardize components across your institution.
Automatic deployment of all resources, controlled and predictable
Use code editor and versioning tools

34
CloudFormation

35
 Terraform Hashicorp
Multicloud infrastructure management
(Graphical) speci cation of infrastructure
Translation into a textual speci cation (TF con g)
API checking of the deployed infrastructue
Determine and execute a plan to go from state to the desired infrastructure
Terraform Enterprise
Collaboration in a team
Con guration is at a central server

36
fi
fi
fi
fi
 Third Party Cloud Management Platforms
Cloud Management platforms
Management of a whole infrastructure with multiple servers, accounts, reports
etc.
Multi-cloud management, automation and orchestration, cost optimization,
security and compliance, performance monitoring and resource optimization
Examples
exera.com, Scalr, Morpheus Data, IBM Cloud Manager for Kubernetes clusters

37
fl
 Pricing
On-demand pricing
https://aws.amazon.com/ec2/pricing/on-demand/
Reserved instances pricing
https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
Pricing Spot-Market
https://aws.amazon.com/ec2/spot/pricing/

38
 Pricing for Data Transfer
Internet
IN: free
OUT: < $0.09 per GB
Inside Availability Zone (private IP address)
None
Regional Transfer (private IP address)
Between di erent availability zones in same region
$0.01 per GB in/out
Public and Elastic IP address inside EC2
$0.01 per GB in/out

39
ff
 Pricing Block Storage and Elastic IP Addresses
Block Storage
$0.08 per GB-month of provisioned storage on SSD
$0.045 per GB-month of provisioned storage on HDD
$0.0005 per provisioned IOPS-month (some SSD storage)
Object store S3
$0.023 per GB-month of data stored
$0.005 per 1,000 PUT requests
$0.0004 per 1,000 GET requests
Public IP Addresses
$0.005 per complete hour

40
 Amazon EC2
Infrastructure as a service
AWS o ers also platform as a service, Lambda, IoT,...
Flexible instance types
Large variety of Amazon Machine Instances
Pricing: On-Demand, reserved, spot market pricing

41
ff
 Base Technologies
for Accessing the
Cloud
Mobile Processors
Wi
DSL
fi
 Processors for mobile devices
ARM
British company, 2016 acquired by SoftBank (Japan)
Developing processor designs
Integrated into SoCs for mobile devices
ARM Big Little
 Apple M3
Presented October 2023
ARM based System-on-Chip (SoC)
Fabricated by TSMC 3 nm process
Performance cores (4 GHz), e ciency cores (2.7 GHz), GPU, Neural
Engine, image signal processor, PCI express, Secure Enclave, USB4 and
Thunderbolt 4
M3
4 P, 4E, 6 GPU
cores ( 16 EU, 128
ALUs)
TDP 20 W
M3 pro
6 P, 6 E, 18 GPU
cores
TDP 27 W
M3 Max
12P, 4 E, 40 GPU
cores
TDP 78 W
ffi
M3 Max
 WLAN
Wireless Local Area Network
IEEE 802.11 standards and marketed as Wi-Fi
Network consists of clients and access points acting as routers.
Two modes
Infrastructure: clients connect to access point
Ad hoc: clients communicate among each other
Securing the net
Wi-Fi Protected Access (WPA, WPA2)
 WLAN
IEEE 802.11 de nes
Physical layer (PHY) and MAC (Media Access Control) layers based
on CSMA/CA (Carrier Sense Multiple Access with Collision
Avoidance)
802.11 n
2.4 GHz, 800 Mbit/s, 70 m (indoor)
802.11 ac
5 GHz, 1733 Mbit/s, 35 m (indoor)
802.11 ax (MIMO 8x8, multiple antenna for parallel transmission)
5 GHz, 9608 Mbit/s, 35 m (indoor)
fi
 DSL
Digital Subscriber Line (DSL)
Last mile connection
Transmission of digital data
over telephone lines
Can share telephone service
on same line due to di erent
frequencies
Performance
Downstream between 256
Kbit/s and 100 Mbit/s
Asymmetric DSL
Upstream bandwidth much
lower
Pool of usable frequency
channels is split among
down and upstream
ff
 Very-high-bit-rate Digital Subscriber Line (VDSL)

O ers speeds of up to 300 Mbit/s downstream and 100 Mbit/s upstream
ff
 VDSL with vectoring
Vectoring is a technique to reduce
crosstalk between di erent lines.
Special encoding of neighbouring
lines
Similar to noise cancellation
headphones
Provider needs to have access to
all lines in a bundle.
Therefore this might lead to cancellations of contract to give a whole
bundle to a single provider.
ff
 GSM (Global System for Mobile Communications)

Cellular network for phone and data
Current standards issued by the 3rd Generation Partnership Project
(3GPP)
3G Universal Mobile Telecommunications System (UMTS) with up to 42 Mbit/s
with HSPA+
4G Long Term Evolution (LTE) with up to 300 Mbit/s downlink and 75Mbit/s uplink.
5G upto 20 Gbit/s
6G demonstrated with 206.25 Gbits/s
Subscriber Identity Module (SIM card)
 Providers of IaaS
Amazon Web Services
MS Azure
Google Cloud
Alibaba
Telecom providers, private companies
OpenStack (Open Source)
Openshift

52