(ARC401) Cloud First: New Architecture for New Infrastructure

Embed Size (px)

Text of (ARC401) Cloud First: New Architecture for New Infrastructure

  • 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    David Dooling & Ryan Richt

    October 2015

    Cloud FirstNew Architecture for New Infrastructure

    @ddgenome & @ryan_richt

    ARC401

  • What to Expect from the Session

    Theory of Cloud

  • Scientists Turned Developers Turned Architects

  • Ryan

    David

    Scientists Turned Developers Turned Architects

  • Monsanto

  • Theory of Cloud

  • Theory of Cloud

    Automated

    Elastic

    Highly Available

    Security

    Software defined everything

    Unlimited scale + pay-as-you-go

    Horizontally Scalable

    Multi-AZ/region + shards/replicas

    Provision more like things any time

    Do over + Correct by construction

  • Theory of Cloud Cloud Architecture

    Automated Higher-Order Automation

    Elastic Ephemeral Environments

    Highly Available Fault Tolerant

    Security Secure by Construction

    Horizontally Scalable Parallel, Commodity

  • Higher-Order Automation

    Automated Tests

    Continuous Integration

    Continuous Delivery

    Automated Infrastructure

    Automated Fault Detection

    Automated Recovery

    and automated tools to build more automation!

  • Fallacies of Internal Apps

    1. The hardware is reliable

    2. The network is reliable

    3. The database is reliable

    4. Other services are available

    5. Inside the network is secure

    6.

    Fault Tolerant

  • Fault Tolerant

    Fallacies of 1st Generation Cloud

    1. Other peoples fault tolerant

    code is actually fault tolerant

    2. Everything is stateless

    3. Everything can be retried

    4. Applications should handle all

    faults

    5. Data is magically handled by

    someone else

  • Elastic, Ephemeral, Cost-Effective

    time

    cost

    Cloud

    On Prem

    Dynamic Env Replication

    time

    cost

    Cloud

    On Prem

    Experiments

  • A Do-Over for Secure by Construction

    Secure by Assumption

    Secure by Design

    Security Automation

  • Horizontally Scalable

    1. The overhead of scaling

    grows at most linearly with

    additional nodes

    2. Reads and writes both

    scale out

    3. The system can continue to

    provide this scalability

    under loss of any node

    * This (CAP) requires apps to

    understand conflicts

  • Infrastructure Automation

  • Federation 1000 VPCs

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPCAmazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPCAmazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

    Amazon VPC

  • Cloud Architecture

  • Cloud Architecture

  • Cloud Architecture

  • Cloud Architecture

  • Cloud Architecture

  • AWS

    CloudFormation

    "IPAddress" : {"Type" : "AWS::EC2::EIP","DependsOn" : "AttachGateway","Properties" : {

    "Domain" : "vpc","InstanceId" : { "Ref" : "WebServerInstance" }

    }},"InstanceSecurityGroup" : {

    "Type" : "AWS::EC2::SecurityGroup","Properties" : {

    "VpcId" : { "Ref" : "VPC" },"GroupDescription" : "Enable SSH access via port 22","SecurityGroupIngress" : [

    {"IpProtocol":"tcp","FromPort":"22","ToPort":"22","CidrIp" : { "Ref" : "SSHLocation"}},

    {"IpProtocol":"tcp","FromPort":"80","ToPort":"80","CidrIp" : "0.0.0.0/0"}

    ]}

    },"WebServerInstance" : {

    "Type" : "AWS::EC2::Instance","DependsOn" : "AttachGateway","Metadata" : {

    "Comment" : "Install a simple application",

  • Cloud Architecture

  • CloudFormation Template Generator

    https://github.com/MonsantoCo/cloudformation-template-generator

  • CloudFormation

    Template

    Generator

    Referential Integrity

  • Auto Scaling

    Group

  • CFTG: Security Groups

  • Stax$ ./stax --helpUsage: stax [OPTIONS] COMMAND [COMMAND_ARGS]add Add functionality to an existing VPCauto-services Lanch multiple services on fleet using template/NAME.services filecheck Run various tests against an existing staxclean Remove keys and buckets of non-existant stacksconnect [TARGET] Connect to bastion|gateway|service in the VPC stax over SSHcreate Create a new VPC stax in AWSdescribe Describe the stax created from this hostdelete Delete the existing VPC staxdockerip-update Fetch docker IP addresses and update related filesfleet Run various fleetctl commands against the fleet clusterhelp Output this messagehistory View history of recently created/deleted staxlist List all completely built and running staxrds PASSWORD Create an RDS instance in the DB subnetrds-delete RDSIN Delete RDS instance RDSINremove ADD Remove the previously added ADDservices List servers that are available to run across a staxslack Post usage report to Slack, define hook in stax.configsleep Turn on/off bastion host which allows ssh access into the VPCstart SERVICE Start service SERVICE in the fleet clustertest Automated test to exercise functionality of staxupdate Update an existing VPC with changes from Cloudformationvalidate Validate CloudFormation template

    For more help, check the docs: https://github.com/MonsantoCo/stax

    Create and

    manage

    CloudFormation

    stacks in AWS

  • $ ./stax create[ ---- ] creating stax[ NAME ] vpc-stax-36918-outfitting[ ---- ] creating parameter file[ ---- ] checking for valid json file format[ ---- ] creating ssh key pair in aws[ ---- ] creating key pair[ ---- ] create bucket[ ---- ] creating bucket vpc-stax-36918-outfitting[ ---- ] uploading template[ ---- ] validate template[ ---- ] validating template https://s3.amazonaws.com/[ ---- ] uploading vpc assets[ ---- ] creating stax in aws[ ---- ] stax creation complete[ ---- ] querying aws[ ---- ] query complete[ ---- ] see run/vpc-stax-36918-outfitting.json for details

  • $ ./stax connect[ ---- ] checking if stax build is complete[ ---- ] describe stax[ NAME ] vpc-stax-36918-outfitting[ ---- ] querying aws[ ---- ] query complete[ ---- ] see run/vpc-stax-36918-outfitting.json for details[ ---- ] stack vpc-stax-36918-outfitting build complete[ ---- ] connecting to stax: bastion

    __| __|_ )_| ( / Amazon Linux AMI

    ___|\___|___|

    https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/[ec2-user@ip-10-183-1-195 ~]$

  • Stax as a Service - Create

  • Stax as a Service List

  • Stax as a Service Describe

  • Stax as a Service Services

  • Monsanto

  • Microservices Lifecycle

  • Microservices: Cupcakes, Not Wedding Cakes

  • A modern language for software engineering

    Abstract Data Types (ADTs)

    Enforced Immutability

    Pattern Matching & Destructuring

    Assignment

    Type-Level Programming

    Futures, Actors, Async

    Type classes

    Scala, Haskell, Swift, OCaML, SML

    Scala, Haskell, Clojure, Erlang, OCaML,

    SML

    CoffeeScript, Scala, Haskell, Swift, OCaML,

    Erlang, SML

    Haskell, Scala, C++

    Erlang, Scala, Java

    Haskell, Scala, ~OCaML

    Hybrid OO/FP

    Provides transition from and backward compatibility with Java

  • Advanced Abstractions

    Algebraic Data Types (ADTs)

    Enforced Immutability

    Pattern Matching & Destructuring

    Assignment

    Type-Level Programming

    Futures, Actors, Async

    Type classes

    Scala: A Modern Language for Software Engineering

    Advanced Type Constraints

    Advanced Generics & Variance

    Higher Kinds

    F-bounded Polymorphism

    Self-Types

    Type Projections

    Type Members

    Path Dependent Types

    Type Refinements

    Turing-complete!

  • Project-as-a-Service 1 Create Code Repo/Wiki/Issues

  • Project-as-a-Service 2 Simple Service Template

    Runs giter8 to create a fully functional service written in

    Scala based off our current best practices:

    Standard libraries (Slick, Spray, Akka, etc.) for

    microservices

    Automated tests with ScalaTest

    Administrative REST endpoints

    Built in (remote) logging and metric capabilities

    Auto-Docker-ization

    Local Vagrant environment

  • Project-as-a-Service 3 CI & Dockerization

    New check-in Test and Build Dockerize

  • Project-as-a-Service 4 Continuous Deployment

  • fleet

    Router

    Route Updater

    Registrator

    A commit is made to GitHub1

    1

    https://github.com/MonsantoCo/etcd-aws-cluster

    https://github.com/MonsantoCo/docker-aws

    https://github.com/MonsantoCo/fleet-client

  • fleet

    Router

    Route Updater

    Registrator

    GitHub notifies Jenkins that new code is available.

    Jenkins runs au