Cloud Solutions Design Principles
Leveraging the power of Amazon Web Services (AWS) to benefit an organization involves careful upfront design planning. It is important to assess what can be migrated from the on-premises environment into the cloud and plan for the deployment, configuration, management, and monitoring of network, compute, and storage solutions in the cloud. This requires a comprehensive understanding of the features and capabilities of the various AWS services available. Additionally, it is important to consider the costs, security and compliance requirements, scalability, and availability needs of the organization. By taking the time to plan upfront, an organization can select the most suitable AWS services and optimize its cloud deployment to improve reliability, scalability, and cost savings. AWS also provides professional support services, which can be advantageous in ensuring that the cloud infrastructure is properly developed and maintained.
MIGRATION: Migration to the cloud involves moving various items, including files, databases, and custom applications, from an on-premises environment to the cloud. This can also involve converting physical servers into virtual machines or reusing existing on-premises virtual machines in the cloud. It's essential to consider security during the migration phase, such as replicating files through an encrypted VPN site-to-site tunnel. Additionally, it's crucial to determine whether existing solutions can be reused in the cloud, such as custom line of business apps. Testing is often necessary to determine whether an application will function properly in the cloud, and any required modifications should be made accordingly.
There are different types of cloud migration strategies. A lift and shift migration involves moving an application or workload from an on-premises environment to the cloud without any significant changes. Essentially, it involves copying and pasting the application to the cloud environment. This strategy is suitable for applications that are designed to be run on a standard server instance and may not require significant modifications.
Alternatively, an organization may choose to recreate the entire solution from scratch within the cloud environment. This approach can be time-consuming and complex but can provide greater flexibility and cost savings in the long run. Another option is to leverage cloud-specific services, such as serverless computing, to replace specific functionality. This strategy is known as a function equivalent and involves splitting an application into small, individual functions that can be executed independently.
Migrating to the cloud can be a complex process, but a well-planned strategy can help an organization reap the benefits of greater flexibility, scalability, and cost-efficiency.
NETWORKING:In networking, it's essential to consider the need for an NPN to connect our on-premises network to the cloud, not only during migration but also for long-term network extension. Additionally, remote client connectivity is crucial to providing traveling or home-based users with secure access to AWS resources.
In designing the cloud network, we must determine the number of VPCs (Virtual Private Clouds) required and their addressing, such as IPV4 or IPV6 address ranges. We may also need to consider custom route requests for outbound internet traffic, ensuring that all virtual machines in the cloud go through firewall appliances for inspection, or for inbound traffic, controlling that with custom routes.
Configuration of network traffic firewall ACLs (Access Control Lists) is also vital to controlling inbound and outbound traffic. Additional considerations include thinking about whether you need to establish peering connections between VPCs, allowing traffic to flow securely between them, and integrating with on-premises network configurations, such as DNS resolution and Active Directory integration.
Networking in the cloud can be complex, but by taking these critical factors into account, you can ensure that your network is secure, performant, and meets your organization's needs.
COMPUTE: When discussing computing in AWS, we are referring to EC2 instances, also known as virtual machines. These instances are designed to support a variety of workloads, such as custom applications or file shares. It's necessary to consider the required horsepower to run them correctly, as well as whether we need multiple instances, such as for testing versus production purposes.
Load balancing is another important consideration, as it can help distribute incoming requests for an app among a collection of backend EC2 instances supporting that app. When determining the compute infrastructure, it's essential to ask whether each EC2 instance should be reachable publicly from the internet. Generally, the answer is no for security reasons, and we would want to use an intermediary, such as a jumpbox, which is publicly visible and also has an internal connection.
Backups are another crucial part of the design. Although virtual machines are already in the cloud, it's still possible to back them up and make them available in alternate regions. Therefore, we must consider how we are going to use the backups, which may include factors such as restoration time, data retention, and recovery strategy.
Overall, designing a computing architecture in AWS requires careful consideration of the required horsepower, number of instances, load balancing needs, security measures, and backup strategy. By taking these factors into account, we can create a reliable, scalable, and secure compute infrastructure to meet our organization's needs.
STORAGE: Storage is an essential aspect of AWS, and there are many factors to consider. A critical consideration is data sovereignty, particularly when replicating data to other geographical locations worldwide. We need to think carefully about where that data will reside and which laws or regulations will apply based on its location.
Encryption is another crucial consideration. We should decide whether to protect data at rest through encryption and consider whether to use our own custom keys or AWS-managed keys.
AWS provides lifecycle management for data stored in the cloud, which can be done either manually or by designating lifecycle policies. These policies align with relevant regulations for the stored data, ensuring that the data is managed in compliance with legislation. It is essential to consider these regulations to prevent non-compliance penalties, avoid data breaches, and keep data safe and secure.
In conclusion, when designing an AWS storage solution, it is vital to think about data sovereignty, encryption, and lifecycle management. By taking into account these factors, we can ensure data is stored in compliance with relevant regulations, secured, and protected from undesirable events.