book

Cloud Application Architectures

Name: Cloud Application Architectures
Author: George Reese
ISBN: 9780596156367

by George Reese

April 2009

Intermediate to advanced

204 pages

6h 58m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Audience for This Book
Organization of the Material
Conventions Used in This Book
Using Code Examples
Safari® Books Online
We’d Like Your Feedback!
Acknowledgments
1. Cloud Computing
The Cloud
SoftwareHardwareThe advantages of a cloud infrastructureHardware virtualizationCloud storage

Cloud Application Architectures
Grid ComputingTransactional Computing
The Value of Cloud Computing
Options for an IT InfrastructureThe EconomicsCapital costsCost comparisonThe bottom line
Cloud Infrastructure Models
Platform As a Service VendorInfrastructure As a ServicePrivate CloudsAll of the Above
An Overview of Amazon Web Services
Amazon Elastic Cloud Compute (EC2)Amazon Simple Storage Service (S3)Amazon Simple Queue Service (SQS)Amazon CloudFrontAmazon SimpleDB
2. Amazon Cloud Computing
Amazon S3
Access to S3Web ServicesBitTorrentS3 in Action
Amazon EC2
EC2 ConceptsEC2 AccessInstance SetupAccess to an InstanceSecurity GroupsAvailability ZonesStatic IP AddressesData Storage in EC2EBS volume setupVolume managementSnapshotsAMI Management
3. Before the Move into the Cloud
Know Your Software Licenses
The Shift to a Cloud Cost Model
How to Approach Cost ComparisonsA Sample Cloud ROI AnalysisWhere the Cloud Saves Money
Service Levels for Cloud Applications
AvailabilityHow to estimate the availability of your systemWhat constitutes availability?Cloud service availabilityAmazon Web Services service levelsExpected availability in the cloudReliabilityPerformanceClustering versus independent nodesEC2 performance constraints
Security
Legal, Regulatory, and Standards ImplicationsThere Is No Perimeter in the CloudThe Risk Profile for S3 and Other Cloud Storage Solutions Is Unproven
Disaster Recovery
4. Ready for the Cloud
Web Application Design
System State and Protecting TransactionsThe problem with memory locksTransactional integrity through stored proceduresTwo alternatives to stored proceduresWhen Servers Fail
Machine Image Design
Amazon Machine Image Data SecurityWhat Belongs in a Machine Image?A Sample MySQL Machine ImageAmazon AMI Philosophies
Privacy Design
Privacy in the CloudManaging the credit card encryptionProcessing a credit card transactionIf the e-commerce application is compromisedIf the credit card processor is compromisedWhen the Amazon Cloud Fails to Meet Your Needs
Database Management
Clustering or Replication?Using database clustering in the cloudUsing database replication in the cloudReplication for performancePrimary Key ManagementHow to generate globally unique primary keysSupport for globally unique random keysDatabase BackupsTypes of database backupsApplying a backup strategy for the cloud
5. Security
Data Security
Data ControlWhen the cloud provider goes downWhen a subpoena compels your cloud provider to turn over your dataWhen your cloud provider fails to adequately protect their networkEncrypt EverythingEncrypt your network trafficEncrypt your backupsEncrypt your filesystemsRegulatory and Standards Compliance
Network Security
Firewall RulesNetwork Intrusion DetectionThe purpose of a network intrusion detection systemImplementing network intrusion detection in the cloud
Host Security
System HardeningAntivirus ProtectionHost Intrusion DetectionData SegmentationCredential Management
Compromise Response
6. Disaster Recovery
Disaster Recovery Planning
The Recovery Point ObjectiveThe Recovery Time Objective
Disasters in the Cloud
Backup ManagementFixed data strategyConfiguration data strategyPersistent data strategy (aka database backups)Backup securityGeographic RedundancySpanning availability zonesOperating across regionsOrganizational Redundancy
Disaster Management
MonitoringLoad Balancer RecoveryApplication Server RecoveryDatabase Recovery
7. Scaling a Cloud Infrastructure
Capacity Planning
Expected DemandDetermining your expected demandAnalyzing the unexpectedThe Impact of LoadApplication architecture and database architecture revisitedPoints of scaleThe Value of Your CapacityA simple thought experimentHow might the outcome have been different?
Cloud Scale
Tools and Monitoring SystemsThe procurement process in the cloudManaging proactive scalingManaging reactive scalingA recommended approachScaling Vertically
A. Amazon Web Services Reference
Amazon EC2 Command-Line Reference
Amazon EC2 Tips
Filesystem EncryptionSetting Up RAID for Multiple EBS Volumes
B. GoGrid
Types of Clouds
Cloudcenters in Detail
Data Centers in the CloudsGoGrid Versus Traditional Data CentersHorizontal and vertical scalingGoGrid deployment architecturesFocus on Web Applications
Comparing Approaches
Side-by-Side ComparisonReal-Life Usage
What’s Right for You?
C. Rackspace
Rackspace’s Cloud Services
Cloud ServersCloud FilesCloud Sites
Fully Integrated, Backed by Fanatical Support
Index
About the Author
Colophon
Copyright

Content preview from Cloud Application Architectures

Network Security

Amazon’s cloud has no perimeter. Instead, EC2 provides security groups that define firewall-like traffic rules governing what traffic can reach virtual servers in that group. Although I often speak of security groups as if they were virtual network segments protected by a firewall, they most definitely are not virtual network segments, due to the following:

Two servers in two different Amazon EC2 availability zones can operate in the same security group.
A server may belong to more than one security group.
Servers in the same security group may not be able to talk to each other at all.
Servers in the same network segment may not share any IP characteristics—they may even be in different class address spaces.
No server in EC2 can see the network traffic bound for other servers (this is not necessarily true for other cloud systems). If you try placing your virtual Linux server in promiscuous mode, the only network traffic you will see is traffic originating from or destined for your server.

Firewall Rules

Typically, a firewall protects the perimeter of one or more network segments. Figure 5-2 illustrates how a firewall protects the perimeter.

Figure 5-2. Firewalls are the primary tool in perimeter security

A main firewall protects the outermost perimeter, allowing in only HTTP, HTTPS, and (sometimes) FTP^[13] traffic. Within that network segment are border systems, such as load ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596157647Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Cloud Application Architectures

by George Reese