Well Architected Java Backends

Transcript

1. Julio Faerman @julioaws Well Architected Java Backends

2. How do you demonstrate your architecture is ready?

3. “… we are using [popular stack] like [successful company]…”

4. “… we are an enterprise compliant with [standard audit]…”

5. “… and we have automated testing…”

6. “… but is that enough?” ¯\_(
   )_/¯ #FOMO

7. Optimizing Subjective Qualitative Ephemeral Private Satisficing Objective Quantitative Durable Shared

8. Optimizing Satisficing latency P99 < 250ms throughput 42 tps

9. Subjective Objective HTTPS Everywhere AES-GCM with Key Derivation Perfect Forward

   Secrecy Multi-Factor Authentication Temporary Credentials Live Log Analytics WAF Automation DDoS Protection Dependency Inspection CVE Agent …

10. Qualitative Quantitative High Availability month_uptime > 99.900% = 99.915%

11. Ephemeral <dependency> <groupId>org.pegdown</groupId> <artifactId>pegdown</artifactId> <version>1.6.0</version> <scope>test</scope> </dependency>

12. Durable

13. Shared

14. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework Pillars

15. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework SEC 1: How are you protecting access to and use of the AWS account root user credentials?

16. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework REL 8: How are you testing your resiliency?

17. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework PERF 2: How did you select your compute solution?

18. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework COST 4: How do you make sure your capacity matches but does not substantially exceed what you need?

19. Operational Excellence Security Reliability Performance Efficiency Cost Optimization AWS Well

    Architected Framework OPS 3: How do you know that you are ready to support a workload?

20. Security a.k.a. job zero

21. Security is Automation

22. Identity Management + Encryption != Privacy

23. Live Log Analytics

24. •No patching •Improved DoS resiliency •Permission Granularity •Application Security •Dependency

    Security

25. Predictive Security Operations

26. Planned, Automated and Tested Incident Response

27. Reliability

28. “If you can’t feed a team with two pizzas, it’s

    too large” - Jeff Bezos, 2001

29. Strangling the Monolith Legacy Legacy Router Legacy Router New DNS

    CDN LB Zuul

30. ``

31. ”…a necessary capability if you're moving to a serious adoption

    of microservices.”

32. Infrastructure as Code https://aws.amazon.com/whitepapers/

33. None

34. Performance Efficiency PERF 2: How did you select your compute

    solution?

35. “Your database fits in RAM”

36. but also on [NVMe] disks…

37. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. NVIDIA Tesla Volta V100 GPUs “At the limit of photolithography” - Jen-Hsun Huang, Nvidia's CEO 5K FP32 GPU Cores | 15.7 Peak FP32 TFLOPS 640 Tensor Cores, 64 FMA/clock, up to 125 Tensor Core TFLOPS 16 GB GPU memory with 900 GB/sec peak GPU memory bandwidth

38. Field Programmable Gate Arrays Ryft Elasticsearch

39. Serverless

40. Handler Input/Output Types (Java) •Simple Java types (String, Integer, Boolean,

    Map, and List) •Plain Old Java Object •Stream type
41. None
42. None
43. None

44. “Business Logic” Message Streams Monitoring & Logging Relational Database NoSQL

    Build & Test Machine Learning Deployment Object Storage Migration Networking Scaling Analytics Caching

45. Host A Host B Host C Primary Secondary Replica Replica

    Replica Writes Reads

46. Amazon Aurora architecture Master Replica Replica Replica Availability Zone 1

    Shared storage volume Availability Zone 2 Availability Zone 3 Storage nodes with SSDs § Log-structured distributed storage system designed for databases § Storage volume is striped across hundreds of storage nodes distributed over 3 different availability zones § Six copies of data, two copies in each availability zone to protect against AZ+1 failures § More performance (~5x), cost efficiency (~0.6x) § IAM Authentication, Lambda Procedures, KMS encryption and many other features SQL Transactions Caching SQL Transactions Caching SQL Transactions Caching

47. Sign up for the preview today Aurora Severless On-demand, auto-scaling

    database for applications with unpredictable or cyclical workloads Automatically scales capacity up and down Pay per second and only for the database capacity you use Starts up on demand and shuts down when not in use No need to provision instances NEW!

48. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. ELASTIC CONTAINER SERVICE AWS VPC networking mode Advanced task placement Deep integration with AWS services ECS CLI … { } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers

49. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. • Cluster • Container Instances • Task Definition • Task • Service Amazon ECS Core Concepts

50. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. { "family":"hello-world", "containerDefinitions":[ { "name":"hello-world", "image":"aws_account_id.dkr.ecr.us-east- 1.amazonaws.com/hello-world", "cpu":10, "memory":500, "portMappings":[ { "containerPort":80, "hostPort":80 } ], "entryPoint":[ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "essential":true } ], "volumes": [] } Amazon ECS Task Definition Container Definitions Volume Definitions

51. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. { "serviceName": "ecs-hello-world-elb", "taskDefinition": "hello-world", "loadBalancers": [ { "loadBalancerName": "EC2Contai- EcsElast-A0B1C2D3E4”, "containerName": "hello-world", "containerPort": 80 } ], "desiredCount": 10, "role": "ecsServiceRole" } Amazon ECS Service * Good for long-running applications * Load Balance traffic across containers * Automatically recover unhealthy containers * Discover services

52. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. { "serviceName": "ecs-hello-world-elb", "taskDefinition": "hello-world", "deploymentConfiguration": { "maximumPercent": 100, "minimumHealthyPercent": 50 }, "loadBalancers": [ { "loadBalancerName": "EC2Contai-EcsElast-A0B1C2D3E4”, "containerName": "hello-world", "containerPort": 80 } ], "desiredCount": 10, "role": "ecsServiceRole" } Rolling Deployments

53. Rolling Deployments minimumHealthyPercent = 50%, maximumPercent =100%

54. Rolling Deployments minimumHealthyPercent = 100%, maximumPercent = 200%

55. Monitoring with Amazon CloudWatch

56. Auto Scaling Your Amazon ECS Services

57. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Create Amazon CloudWatch alarm on a metric, e.g. MemoryReservation Configure scaling policies to increase and decrease the size of your cluster Auto Scaling Your Amazon ECS Cluster

58. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved.

59. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CHANGING COMPUTE CONSUMPTION MODEL No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model =

60. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. RUNNING FARGATE CONTAINERS WITH ECS

61. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate Containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema

62. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. TASK CPU & MEMORY CONFIGURATIONS Flexible configuration options – 50 CPU/memory configurations CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments

63. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Elastic Container Service for Kubernetes

64. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. It i s K u b e r n e t e s U p s t r e a m P r o d u c ti o n w o r k l o a d s S e r v i c e i n te g r a ti o n s EKS Tenets

65. EKS • Manage masters • Highly available setup • Upgrades

66. © 2017, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Elastic Container Registry Fully Managed * Tight Integration with Amazon ECS * Integration with Docker Toolset * Management Console and AWS CLI Highly Available * Amazon S3 backed * Regional endpoints Secure * IAM Resource-based Policies * AWS CloudTrail Audit Logs * Images encrypted at transit and at rest

67. Does this matter to you and your customer?

68. AWS Elastic Beastalk supports: • Java • Tomcat • Docker

    • Multi-container docker
69. None
70. None

71. Lazy Portability Open Standards Open Source Standard Protocols Custom Driver

    Portability isn’t boolean

72. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. “You don’t have to be an engineer to be a racing driver, but you do have to have Mechanical Sympathy” Jackie Stewart - F1 Race Driver

73. Cost Optimization

74. Saving in content delivery with CDNs

75. Flexibility is money Reserved 3y ($ 15.91) Reserved 1y (9.87)

76. Lynn Langit - Serverless - reality or BS - notes

    from the trenches

77. Operational Excellence Operational Excellence Operational Excellence

78. None
79. None

80. Help everyone be well-architected! Satisficing Objective Quantitative Durable Shared

81. Julio Faerman @julioaws Obrigado!