Sunday, November 18, 2012

Thursday, November 8, 2012

AWS Storage Gateway for application DR

The AWS Storage Gateway along with EC2 instances is a method to start up your application in AWS in the event your data center is not functioning.

1. Data that is written to your  data center iSCSI volumes is recorded in the AWS Storage gateway in your data center and is asynchronously stored in Amazon S3 (Simple Storage Service) in the form of Amazon EBS (Elastic Block Store) snapshots. 
2.Create an Amazon EBS volume from a the EBS snapshot in S3
3. Start up or create an EC2 Instance from an AMI
4. Mount the EBS volume to an Amazon EC2 instance
5. Use Amazon Route 53 services so users are pointed to the instance running in the cloud.
6,. Restart the application completely from the cloud.

Sunday, November 4, 2012

Virtual Desktop Interface (VDI) and AWS

Several of Amazon’s partners, including Citrix, AppZero, InstallFree, and Nasstar have built client virtualization (VDI) and application streaming solutions that can be hosted inside Amazon EC2 machine images.    More can be found here: http://cliffdavies.com/blog/xenapp/xendesktop-hosted-shared-desktops-on-amazon-web-services/

AWS three top services that contribute to pricing

Typically the top three AWS services that contribute to the price of AWS services are:
1.  Compute (typically EC2)
2.  Storage (typically EBS or S3)
3.  Data transfer out

AWS dedicated instances

Dedicated Instances are Amazon EC2 instances launched within your Amazon Virtual Private Cloud (Amazon VPC) that run hardware dedicated to a single customer. Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud while isolating your Amazon EC2 compute instances at the hardware level. 

Microsoft Active Directory with AWS


Microsoft Active Directory (or any compliant LDAP Server) can be used for application level authorization and authentication. 
There are three options you can use for this:
1. Run Microsoft Active Directory on AWS/EC2.  This option means that if you are running Active Directory in your on-premise location you will be running a separate MS Active Directory instance.
2. All authentication and authorization is handled by Microsoft AD on premise.  This means all calls to MS AD will have to go over the internet or a AWS DirectConnect connection. Be aware you will take a performance hit here.
3. Set up MS AD on AWS/EC2 and sync it with you on-premise MS AD installation. The syncing can be done using Microsoft’s Active Directory Federation Services (AD FS) technology.  More information can be found here:   http://media.amazonwebservices.com/EC2_ADFS_howto_2.0.pdf.

When using an on-premise MS AD or using MS Active Directory Federation Services, you will need to set up to secure connection using AWS VPC.

Saturday, November 3, 2012

AWS Four DR scenarios

There are four DR scenarios that highlight usage of AWS in a DR and a 'HA-lite' situation:
  •  Backup and Restore - For systems running on AWS, customers also back up into Amazon S3. Snapshots of Elastic Block Store (EBS) volumes and backups of Amazon RDS are stored in Amazon S3. Alternatively, you can copy files directly into Amazon S3, or you can choose to create backup files and copy them to Amazon S3.
  • Pilot Light for Simple Recovery into AWS - This scenario is similar to a Backup and Restore scenario, however, you must ensure that you have the most critical core elements of your system already configured and running in AWS (the pilot light). When the time comes for recovery, you would then rapidly provision a full scale production environment around the critical core. The database data would be replicated to S3. You would typically have some pre-configured servers bundled as Amazon Machine Images (AMIs), which are ready to be started up at a moment’s notice.  These servers could be EC2 instances that have been stopped.
  • Warm Standby Solution - A warm standby solution extends the pilot light elements and preparation. It further decreases the recovery time because in this case, some services are always running. By identifying your business-critical systems, you would fully duplicate these systems on in another AWS zone or region and have them always on.  This would insure that the EC2 capacity is available in a disaster.
  •  Active-Active Solution - A multi-site solution runs in another AZ or zone in an active-active configuration. The data replication method that you employ will be determined by the recovery point (RPO) you choose.

Thursday, November 1, 2012

VPN without VPC on AWS


AWS VPC has its own hardware appliance built into the service that is not openVPN.  openVPN is a software based VPN client connectivity that can be used with VPC.

If you are not running AWS VPC, you have to install a software VPN on an EC2 instance. You  may want to use a micro instance and not install on same server as all the other software components (for security reasons).   This web page explains how to use openVPN to just this: