Joomla! Scalable Enterprise Deployments

with AWSJim Dolinski9/23/2017

$whoami• Team Lead and Application Architect

• AWS Enthusiast and Security Addict

• Open Source Aficionado

• Official Joomla Contributor!

github.com/jdolinski

@jimdolinski

linkedin.com/jimdolinski

Company background…IT support for City of Omaha and Douglas County, NE

Hosting & Supporting 100+ Joomla Websites

2016 & 2017 AWS City on Cloud Finalist

Agenda• “X”aaS

• Intro to Amazon Web Services

• Infrastructure & Configuration Management

• Monitoring & Performance

• Governance & Compliance

• Resource Optimization

“X”aaS

“as a Service”We are in a marketing acronym hell

• IaaS

• PaaS

• SaaS

• DBaaS

• DaaS

• SECaaS

• FaaS

• Plus many moreCost & Complexity

Mai

ntai

nabi

lity

IaaS

On Premise Data Center

PaaS

SaaS

Our Family Tradition

Pizza Chicago Style

Made at Home

Take and Bake

Pizza Delivered

Dining Out

Cloud Architecture “as a Service” 12 Factors

I. Codebase

One codebase tracked in revision control, many deploys

II. Dependencies

Explicitly declare and isolate dependencies

III. Config

Store config in the environment

IV. Backing services

Treat backing services as attached resources

V. Build, release, run

Strictly separate build and run stages

VI. Processes

Execute the app as one or more stateless processes

VII. Port binding

Export services via port binding

VIII. Concurrency

Scale out via the process model

IX. Disposability

Maximize robustness with fast startup and graceful shutdown

X. Dev/prod parity

Keep development, staging, and production as similar as possible

XI. Logs

Treat logs as event streams

XII. Admin processes

Run admin/management tasks as one-off processes

https://12factor.net/

Amazon Web Services

Let’s Get Started?

AWSim City• Amazon = Planet

• AWS Account = State

• Availability Zone = County

• VPC = City

• Routes = Roads

• VPC Peering = Freeways between Cities

• VPG = Your Corporate Data Center on Earth

• Route 53 DNS = Phone Numbers

• Regions = Countries

• Internet = Interstate

• Internet Gateway = Interstate off ramp

• NAT Gateway = Highway on Ramp

• Subnets = Postal Codes

• Private Subnet = No Highway Access

• Public Subnet = Highway Access

• Network ACLs = Gated Communities

• ELB = Overpass signs to route traffic

• Address = IPs

• Servers/Services = Buildings

• Security Groups = Police

• Traffic = Cars

• AMI = Photographer’s Image

• Cloud Formation = Civil Engineer/Constructor

AWSim City

Represents a single Availability Zone

Architectural Design Patterns

1. Lift & Shift (AMI)2. AMI Builder (Clustered AMI)3. NAS (Network Attached Storage)4. Multi Region and AZ Deployments

It depends on your requirements…

Lift & Shift PatternPros

• Quick & Easy

Cons

• Single Point of Failure

• Tight Coupling

• Not Cohesive

AMI/EBS Builder PatternPros

• Good Performance

• Can be clustered in multiple AZs and Regions

Cons

• Create AMI for every Joomla or extension upgrade

• AMI Maintenance increases with more websites sharing same server

• Storage is not elastic

EFS PatternPros

• Joomla & Extension upgrades simple

• Storage is elastic

• AZ’s share same storage

Cons

• Slower than attached block storage

• EFS can not be mounted across regions

Multi AZ PatternPros

• Redundancy within same region

• Joomla updates simple on EFS

Cons

• Joomla updates on EBS

Multi AZ is recommended at a minimum

Multi AZ & Region PatternPros

• Scalable and highly available architecture

• active/passive or active/active failover

• Latency based routing

• Privacy laws governing data

Cons

• Technically Complex

• More Costs

• Requires mid/advanced knowledge of more services

Design for failure and automate everything

It’s not “if” but “when”, and it will occur while you are on vacation!

}Maximize Flexibility Minimize Maintenance & Costs

Prefer “Managed Services”

over “Service Installs”

Global Infrastructure

https://aws.amazon.com/products/management/

+

Resource Provisioning• Infrastructure as Code

• AWS CloudFormation

https://aws.amazon.com/marketplace/pp/B06XSVFFK9

https://cloud.intuz.com/applications/joomlacf/aws/joomla

• Terraform

DevOps Configuration Management

• Infrastructure as Code

• OS Hardening

• Software installs

• Practice Immutability

• AWS OpsWorks

• Chef

https://martinfowler.com/bliki/ImmutableServer.html

“By frequently destroying and rebuilding servers from the base image, 100% of the server's elements are reset to a known state, without spending a ridiculous amount of time specifying and maintaining detailed configuration specifications.” - Martin Fowler

Enterprise Joomla! Architecture

Service Installs

Enterprise Joomla! Architecture

Managed Services

DevOps Configuration Management

Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.

https://www.thoughtworks.com/continuous-integration

Monitoring & Performance• AWS CloudWatch

• PagerDuty

• StatusCast

• Failover

• Active/Active

• Active/Passive

Monitoring & Performance• Benchmark First

• Google PageSpeed, YSlow, Pingdom, JMeter, etc

• Don’t forget geo testing

• Apply 1 Change

• AWS CloudFront, AWS Elasticache

• Minification, Browser Caching, Image Optimization, etc

• Repeat

Key Plugins

Regular Labs Cache Cleaner

+

https://www.regularlabs.com/extensions/cachecleaner

JCH Optimize Pro

+https://www.jch-optimize.net/

Major Features • Combine and gzip CSS and javascript files respectively • Minify combined files and HTML • Combine select background images into a sprite • CDN Support Pro version only • Lazy-load images Pro version only • Optimize CSS Delivery Pro version only • Optimize Images Pro version only

Are we down?Know before your customers!

“Communication will build trust and confidence”

+https://www.pagerduty.com/docs/guides/aws-cloudwatch-integration-guide/

Governance & Compliance• Security

• AWS ElasticSearch

• AWS CloudTrail

• Defense in Depth

Practice Defense in Depth

• Firewalls are core

• https everything

• Google Webmaster Tools

• Implement Intrusion Detection

• Routinely Audit & Patch your Joomla Sites

• Logs and retention are crucial

Defense in Depth

Key Tools

RSFirewall

https://www.rsjoomla.com/video-tutorials/rsfirewall.html

MyJoomla Audit

Gain Control of your Logs!

Who updated this site?

+

Can we reduce patch time?

AWS Systems Manager

+

Resource Optimization• Performance Optimizations

• CDN, Cache, Geo Load Balancing, and more

• Cost Optimizations

• Autoscaling

• AWS Tagging

• AWS Trusted Advisor

• AWS Organizations + Multiple Accounts

What percentage of your servers today are idle?

Can we reduce costs?

+

https://aws.amazon.com/products/management/

+

Remember “ability” Factors• Repeatability, Availability, Scalability, Auditability, Flexibility, Usability

• Monitor, Monitor, & Monitor

• ADA and user’s with disabilities

• Use a Version Control System

• Dashboards work great, but you have to look at them!

• Try to Automate Everything

• Scale traffic to demands

• Automate Patching

• Blue/Green Deployments Can Reduce your Risk

What are we working on?• Joomla GIT Plugin to push to a remote repo

• Docker & Joomla

How Can I Get Started?• AWS CloudFormation

• AWS Beanstalk

• Sign Up and Get a Free Account

• Tons of resources on AWS

• Cost Calculator

• https://calculator.s3.amazonaws.com/index.html

Thanks