$30 off During Our Annual Pro Sale. View Details »

從傳統 IDC 到 Hybrid Cloud 的演進及架構設計

scott.liao (Mr. 沙先生)
May 15, 2019
Technology
2
1.3k

從傳統 IDC 到 Hybrid Cloud 的演進及架構設計

2016 年底的 104 是傳統 IDC 架構,2019 年的現在是 AWS + IDC 的 Hybrid Cloud 架構,擁有 120 以上的 AWS 帳號,在這段時間 104 如何邁向 AWS 雲端以及技術選型,從初建 Hybrid Cloud 到現在穩定的架構又踩了多少坑,這場分享將帶給各位這段期間的辛酸歷程 (哭
在此議題中您將可了解:

- 真實的企業技術轉型
- Hybrid Cloud 建置歷程
- Hybrid Cloud 架構
- Hybrid Cloud 的瓶頸與困難

scott.liao (Mr. 沙先生)

May 15, 2019
Tweet

More Decks by scott.liao (Mr. 沙先生)

See All by scott.liao (Mr. 沙先生)
OpenInfraDays2019 Mastering Openstack the DevOps way
shazi7804
0
200
MOPCON 2019 - HybridCloud 一條通吃的 CI / CD Pipeline
shazi7804
0
320
DevOps Taiwan CI/CD/Pipeline 大亂鬥 20190420
shazi7804
2
860
SITCON 2019 - 誰說工程師一定爆肝!一起走入雲端世界吧
shazi7804
1
430
DevOpsDays Taipei 2018 - Puppet 古早味、新感受:改造老牌企業進入自動化時代
shazi7804
0
110

Other Decks in Technology

See All in Technology
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
15
8.2k
Cloud Security Day 2023パネルディスカッション資料
coconala_engineer
0
160
継続的なコツコツ技術広報とブランディング磨き込みの過程と課題/engineering-brand
nishiuma
0
100
231116 あつまれ入力デバイスの沼 Ryu.Cyberさん
comucal
PRO
0
190
APIシナリオテストツールとしてのrunn / 4 API testing tools
k1low
0
360
Azure OpenAI Serviceの採用と挑戦 - Azure AI Hub meetup #1
cimadai
1
260
走馬灯のIaCは考えておいて
nwiizo
6
3.3k
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
100
「極意本」サンプルコードをクラウド上で動かそう
upura
1
690
Making your Kubernetes-based log collection reliable & durable with Vector
palark
0
340
AutoGenで作るLLM Agen
peisuke
1
300
CloudNative_TrailMap_Study#2_20231114
tkhresk
1
110

Featured

See All Featured
Building Your Own Lightsaber
phodgson
97
5.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Building Effective Engineering Teams - LeadDev
addyosmani
22
1.2k
How STYLIGHT went responsive
nonsquared
89
4.5k
Intergalactic Javascript Robots from Outer Space
tanoku
264
26k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
Music & Morning Musume
bryan
38
5.2k
The Pragmatic Product Professional
lauravandoore
23
5.4k
Building an army of robots
kneath
299
41k
Mobile First: as difficult as doing things right
swwweet
214
8.3k
Raft: Consensus for Rubyists
vanstee
130
6k

Transcript

  1. 從傳統 IDC 到 Hybrid Cloud 的
    演進及架構設計
    S c o t t . l i a o @ M r. 沙 先 ⽣生
    < s h a z i . i n f o >

    View Slide

  2. 2
    HELLO!
    104 資訊科技 ⼯工程經理理
    我會 ... AWS、DevOps、打雜
    ⾁肉搜 Mr. 沙先⽣生 或是 Mr. 礦物先⽣生 找到我
    • IT 鐵⼈人賽第九屆:Puppet 從入⾨門就放棄
    • DevOpsDays Taipei 2018 講者
    • SITCON 2019 講者
    • DevOps Taiwan CI/CD/Pipeline Tools

    View Slide

  3. 每個技術轉型的企業
    104 & AWS
    都有⼀一個杯桑的故事

    View Slide

  4. 4
    Infrastructure
    Data Center Cloud
    Data Center
    +
    Cloud

    View Slide

  5. Data Center
    傳統
    5
    Cloud

    衝突

    View Slide

  6. 6
    「我要很復古⼜又很潮的設計」

    View Slide

  7. 「為了了⽣生活,我可以忍」
    洪⾦金金寶說:
    7

    View Slide

  8. 8
    「先攻他中路路」- 打通網路路環境
    Internet
    VPN Intranet
    Direct Connect Intranet
    ✘ policy
    ✔ money
    ✘ latency

    View Slide

  9. 9
    Direct Connect Intranet
    Provider:GCX / Chief
    Network:100M / 300M / 1G / 10G
    SLA:NO
    Type:Public / Private VIF
    Protocol:BGP

    View Slide

  10. 10
    Direct Connect Intranet

    View Slide

  11. 11
    130+ AWS Account

    View Slide

  12. 12
    Multiple Account Network
    REF:Netflix
    Solution:Internet
    VPC Peering
    Transit VPC ✔
    Transit Gateway
    ✘ policy
    ✘ proxy endpoint
    ✘ expensive

    View Slide

  13. 13
    Multiple Account Network

    View Slide

  14. 14
    Multiple Account Network
    《Transit VPC》
    Subnet Not Overlay
    Not Share Cross Account Resource
    Subnet Range Limit
    Manage Cisco Cloud Services Router 1000V
    NLB Not Working for Cross Account

    View Slide

  15. 15
    Private / Public / AWS Only
    Domain

    View Slide

  16. 16
    Mix DNS Network
    DNS Master for Configuration
    DNS Resolver for Query
    - Unbound
    - Route 53 Resolver
    DNS Slave for Zone transfer

    View Slide

  17. 17
    Mix DNS Network《DNS Resolver》

    View Slide

  18. 18
    Mix DNS Network《DNS Resolver》
    AWS Only Domain Name ? ex. VPC PrivateLink
    https://aws.amazon.com/tw/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/
    Unbound (DNS Resolver)
    forward-zone:
    name: “amazonaws.com”
    forward-addr: 169.254.169.253

    View Slide

  19. 19
    Hybrid Cloud latency ?
    Tokyo <> Taiwan

    View Slide

  20. 20
    Hybrid Cloud Latency
    AWS Direct Connect 30ms ~ 35ms
    - ProxySQL
    - Database Replication fo Read
    - API Data Cache
    Where are Database

    View Slide

  21. 21
    How to migrate ?
    AWS <> IDC

    View Slide

  22. 22
    How to Migrate
    AWS CloudFront
    - https://www.104.com.tw/datacenter
    - https://www.104.com.tw/cloud

    View Slide

  23. 23
    Security for ISO 27001 ?

    View Slide

  24. 24
    ISO 27001 on Cloud
    Logs - CloudWatch Log
    - CloudTrail
    - Fluentd
    Control - Console Login with AWS AD、 AWS SSO
    - SSH Login Without SSH (AWS SSM)
    - Internet access With Proxy
    - AWS Service with VPC Privatelink
    Security - WAF、Shield、KMS、SSM
    - Guardduty、AWS Config、 Macie

    View Slide

  25. 25
    Notice
    Cloud Without DNS Cache (TTL 60s)
    Status Not Local, Termination of instance is ALWAYS
    Cloud Computing is expensive
    EOL is ALWAYS
    Automation is everything

    View Slide

  26. THANK
    YOU!

    View Slide