By using the cloud we can go from “my other computer is a data centre” to “my other computer is someone else’s data centre”.

By: Mijndert Stuij

What is cloud computing?

Cloud computing is an IT paradigm which enables ubiquitous access to shared pools of resources such as networking, compute power, storage, applications, and services. For it to be completely ubiquitous all of these resources need to be accessible over the internet and configurable via an API.
The cloud allows companies to drastically cut on capital expenditure because they don’t have to buy their own network equipment, servers, and storage solutions anymore. Using the cloud’s business models you just pay for the resources that you actually use (pay as you go).

In the old world you had to do extensive research into the right equipment that would hopefully meet all of your demands. Then you had to order the hardware, which would take another month, and then someone had to install and configure the equipment. Provisioning a bunch of servers would easily take a few months.

Today, companies can provision a cloud server in just a few minutes and scale the amount of resources up and down as demand fluctuates. This kind of flexibility democratizes access to compute resources and allows anyone with the right idea to build it and scale it millions of users without spending a dime up-front.

This is where AWS comes in

AWS is short for Amazon Web Services. The world’s largest online book store also happens to run the world’s largest public cloud provider.
About 12 years ago, AWS launched with just S3 – a storage solution offering high durability and an API and EC2 – a virtual machine in AWS’ data centre. Rapid growth has resulted in AWS’ global infrastructure.

AWS offers PaaS (platform as a service), IaaS (infrastructure as a service), serverless computing, and much more, with well over 70 different services. And that number is growing rapidly as well, with AWS now offering more than a thousand new services and features every year. Their annual re:Invent convention grew to over 60,000 people attending in 2019.

With all of this momentum, AWS is now a force to be reckoned with, while more and more companies are moving their infrastructure to AWS’ platform: from retailers to banks and from schools to media conglomerates.
On this massive platform, companies are able to let their imagination go wild, think of new business models and offer services to their customers they wouldn’t have dreamed of only a few years ago.

Common services explained

Because of the breadth of services AWS offers and the time it would take to tell you about all of them. Using VPC, EC2, RDS, and IAM we’re going to make a typical web application deployment as an example.

1. VPC

VPC is short for Virtual Private Cloud and allows you to build a virtualized private network inside of AWS complete with subnets, NAT gateways, VPN connections, routing tables, security groups and much more. Everything you expect to have inside of your own data centre is right there in AWS.
When you first enter the VPC dashboard at AWS, you will see some familiar terms like subnets and routing tables, other terms are not that clear to newcomers. Here’s a list of (some) things that might be not that familiar:

  • Security groups allow you to set inbound and outbound firewall rules on your network.
  • Internet Gateway is a service that allows EC2 instances in public subnets to access the internet.
  • NAT Gateways is a service that allows EC2 instances in private subnets to access the internet.
  • Elastic IPs are fixed IP addresses that you can assign to an EC2 instance.
  • Endpoints are used to create a direct connection to different AWS services so traffic to those services doesn’t have to pass your Internet- or NAT gateways.
  • Peering connections are used to create a mesh of different VPC’s.
  • Virtual Private Gateways are managed VPN gateways to create tunnels between your on-premises infrastructure and AWS.

2. EC2

EC2 is short for Elastic Compute Cloud and offers a virtual machine in the cloud, but with a few tricks up its sleeve.
As with any virtual machine you can connect a virtual network interface to it, as well as some storage. What most virtual machines can’t do however, is auto-scaling: growing and shrinking your fleet of servers on-demand or completely automatically. EC2 has the unique ability that this is all built-in to the service.
Again, some things might sound familiar when you first have a look at the EC2 dashboard at AWS, but others might not. Here’s a rundown of some terms that you will come across:

  • Spot requests allow you to bid on spare Amazon EC2 computing capacity. Since Spot instances are often available at a discount compared to On-Demand pricing, you can significantly reduce the cost of running your applications, grow your application’s compute capacity and throughput for the same budget.
  • Reserved instances is a pricing model based on a commitment. You can pay for your EC2 instances up-front and in return you will get a reduced hourly rate. Using Reserved Instances you can save up to 75% on your monthly EC2 expenditure.
  • AMIs (Amazon Machine Images) are a lot like snapshots in VMware. You can launch new EC2 instances from an AMI and you can even share your AMI with multiple AWS accounts.
  • Launch configurations and autoscaling groups are the real magic trick of EC2. Launch configurations and autoscaling groups make sure your EC2 instances can scale up and down based on demand. Your EC2 instances will automatically be added to a load balancer you specify to make sure your applications are available 24/7.
  • Run commands give you a way to remotely execute scripts on a single EC2 instances or an entire fleet, either on-demand or on a schedule. You can, for example, run an Ansible playbook to check for OS updates regularly.

3. RDS

Relational Database Service (RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups.
RDS supports multiple database engines like Amazon Aurora, MySQL, Microsoft SQL Server, PostgreSQL, MariaDB and Oracle. RDS also allows you to create clusters which will automatically failover if needed. A Bring Your Own License (BYOL) model is available for Microsoft SQL Server so you can re-use your existing licenses if you have any.

4. IAM

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization).
Using IAM you can create granular access control policies so you, your coworkers, or resources within your AWS account, can only access the stuff they actually need.

When you combine IAM and EC2 you can assign a role to your instances which in return grans certain pre-defined access rights to the instance. This prevents you from having to store credentials on the EC2 instance itself.

Example stack

Putting together all of the services we mentioned earlier you get this reference architecture:

AWS architecture

This reference architecture is often used within inQdo as a starting point to start designing the exact AWS architecture a client needs.
This reference architecture is well suited for a typical web application. Resilience is ensured by using autoscaling of the EC2 instances and creating a clustered RDS setup. As many AWS managed services as possible are used to reduce maintenance costs. Security is built right into the network design by leveraging security groups and ACL’s (access control lists) to only allow certain types of traffic on the network.

As you can see some other services are used like Amazon S3 for storing log files, CloudTrail for auditing, and our own product aewacs to manage snapshots, and uptime schedules of EC2 instances.

This reference architecture is often used within inQdo as a starting point to start designing the exact AWS architecture a client needs.

The future of the cloud

While we move more and more workloads to AWS and rework applications to have them integrate seamlessly with all of the services AWS offers, we have to wonder what’s next.

Cloud is already the new normal and widely adopted by companies of all sizes. The last few years have been about getting everyone on board, the next years will be about optimizing current workloads and abstracting away as much of the daily operations as possible. You can already see steps being made on that front by way of services like AWS Lambda, which allows you to run code without the need to manage servers.
All advancements will be shaped not by a single use-case but by many developments in fields like AI, IoT and Blockchain. The cloud is in a unique position to offer services to allow companies to innovate faster on these fronts.

Want to know more?
Moving fast using AWS can and will equal happy customers. To tell you all about it we have created several customer cases.
Get in touch if you want to know more about how we at inQdo Cloud can help you innovate using AWS.

iso 27001 & isae 3402 inQdo BV

simplifying cloud and integration together

inQdo Cloud B.V.

Coltbaan 1-19

3439 NG Nieuwegein

+31 85 2011161