Cloud Architecture

Design
BCSE355L
Dr. K. Palani
Thanaraj
Course Instructor
Course Outcomes

1. Demonstrate an in-depth understanding of AWS Cloud

architecture, services, and design patterns.

2. Apply security and compliance measures effectively in AWS

architectures using encryption, access controls, and monitoring.

3. Optimize cost and performance by selecting appropriate AWS

services and utilizing cost-effective resource management
strategies.
4. Configure and manage advanced AWS networking features,
storage solutions, database technologies, and compute
resources.
Syllabus
Module 1 -AWS Cloud Foundations &
IAM
• Definition of Cloud Computing: Delivery of
computing services over the internet (the cloud) to offer
faster innovation, flexible resources, and economies of
scale.
• Key Characteristics:
• On-demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured service
• Collaboration and productivity enhancement
Key Characteristics:
• On-demand self-service: Users can automatically provision computing resources
without human intervention, enabling faster resource management.
• Broad network access: Cloud services are accessible over the network through
standard mechanisms, supporting various platforms like mobile devices and
laptops.
• Resource pooling: Provider's computing resources are pooled to serve multiple
consumers, dynamically assigning resources according to demand for efficiency.
• Rapid elasticity: Cloud services can quickly scale resources up or down as
needed, allowing users to adapt to changing workloads.
• Measured service: Cloud systems automatically control and optimize resource
use through metering, enabling users to monitor consumption and manage costs.
• Collaboration and productivity enhancement: Cloud services provide tools for
real-time communication and document sharing, facilitating effective teamwork
and increased productivity.
Types of Cloud Services
• Infrastructure as a Service (IaaS): Provides virtualized
computing resources over the internet, allowing users to rent
servers, storage, and networking infrastructure on a pay-as-
you-go basis.
• Platform as a Service (PaaS): Offers a platform allowing
developers to build, deploy, and manage applications without
dealing with the complexities of infrastructure management,
streamlining the development process.
• Software as a Service (SaaS): Delivers software
applications over the internet on a subscription basis, enabling
users to access applications from any device without needing
to install or maintain them locally.
Deployment Models:
• Public Cloud: Cloud resources are owned and operated by
third-party providers and made available to the general
public, offering scalability and cost-effectiveness without the
need for on-site infrastructure.
• Private Cloud: Cloud infrastructure is exclusively used by a
single organization, providing greater control, security, and
customization options, often hosted on-premises or by a third-
party provider.
• Hybrid Cloud: Combines public and private clouds, allowing
data and applications to be shared between them, providing
flexibility and greater deployment options to meet varying
business needs.
Benefits:
• Cost efficiency: Reduces capital expenses by allowing organizations to pay
only for what they use, eliminating the need for significant upfront
investments in hardware and infrastructure.
• Scalability: Enables organizations to easily scale resources up or down
based on demand, ensuring they can adapt to changing workloads without
overcommitting resources.
• Disaster recovery: Provides robust data backup and recovery solutions in
the cloud, ensuring business continuity and minimizing downtime in case of
unexpected events.
• Mobility: Allows users to access applications and data from any location
with internet connectivity, enhancing flexibility and enabling remote work.
• Collaboration and productivity enhancement: Facilitates real-time
collaboration through shared tools and resources, improving teamwork and
overall productivity among users.
Virtualization
• Virtualization is the process Key Aspects
• Abstraction: Virtualization abstracts the physical
of creating a virtual version of hardware, allowing software to interact with virtual
a resource, such as a server, resources rather than directly with physical
components.
storage device, network, or • Isolation: Each virtual instance operates in its own
operating system, allowing environment, ensuring that applications and
workloads are isolated from one another, which
multiple instances to exist and enhances security and stability.
operate independently on a • Resource Optimization: By allowing multiple
virtual instances to run on a single physical
single physical hardware machine, virtualization maximizes resource
system. utilization and reduces hardware costs.
• Scalability and Flexibility: Virtualization makes it
• This technology enables easier to scale resources up or down as needed and
to deploy new services rapidly without the need for
improved resource utilization, additional physical hardware.
isolation, and flexibility, • Management Simplification: Centralized
making it easier to manage management tools can oversee virtual resources,
leading to easier administration and monitoring of
and deploy IT resources. IT environments.
Types
• Server Virtualization • Network Virtualization
• Definition: Creates a virtualized network
• Definition: Abstracts physical environment that separates network
hardware to create multiple resources and services from the hardware.
virtual machines (VMs). • Examples: VMware NSX, Cisco ACI.
• Examples: VMware, Hyper-V, • Storage Virtualization
KVM. • Definition: Pools storage resources from
multiple physical devices into a single
virtual storage unit.
• Examples: VMware vSAN, IBM Spectrum
• Application Virtualization Virtualize.
• Definition: Runs applications in • Desktop Virtualization
a virtual environment, • Definition: Allows desktop environments
separating them from the to be hosted on a central server and
underlying OS. accessed remotely.
• Examples: VMware Horizon, Citrix Virtual
• Examples: Citrix Virtual Apps, Desktops.
Microsoft App-V.
Virtualization - Types

Server Virtualization Storage Virtualization

Virtualization - Types
Application Virtualization Network Virtualization
Software Defined Data Center
(SDDC)
• An SDDC refers to a data • Key features of SDDC include:
• Virtualization: SDDC employs virtualization
center where all elements technologies to abstract the hardware layer, providing
flexibility and scalability. Resources can be allocated
are virtualized and and managed dynamically based on demand.
• Automation: Automation tools are used to manage
delivered as a service. data center operations, which reduces the need for
manual intervention and enhances operational
• This encompasses efficiency.
• Resource Optimization: By using software to
computing, storage, manage resources, SDDC can optimize resource
usage, enabling better performance and reducing
networking, and security costs.

resources, which are • Agility: SDDC allows organizations to deploy

applications and services faster, adapting to changing
managed through software business needs without the constraints of physical
hardware.
rather than hardware. • Flexibility: With SDDC, organizations can easily scale
their resources up or down based on demand, which is
essential for businesses with fluctuating workloads.
AWS - Overview
Aws Global Presence
AWS Infrastructure
Components of AWS Infrastructure
Components of AWS Global
Infrastructure
•Regions: Geographically separated areas that enable the deployment of AWS services across the
globe for redundancy and resilience.

•Availability Zones (AZs): Isolated locations within a region that ensure high availability and fault
tolerance for applications and services.

•Local Zones: Extend AWS services closer to large population centers, reducing latency for
applications that require immediate responsiveness.

•Edge Locations: Caches content for fast delivery to users through Amazon CloudFront, enhancing
performance and reducing load times.

•Regional Edge Caches: Improve content delivery efficiency by minimizing the need to retrieve data
from the origin server.

•Wavelength Zones: Allow the deployment of applications with ultra-low latency on 5G networks,
ideal for real-time applications.
Understanding the Backbone of Cloud Services
AWS Shared Responsibility Model:

• Definition: The AWS • AWS Responsibilities

Shared Responsibility (Security of the Cloud):
Model outlines the • Physical security of data
responsibilities of AWS centers
and its customers in • Network and hardware
securing cloud services. security
• Hypervisor security
• Global infrastructure
security
• Compliance with various
regulatory standards
AWS Shared Responsibility Model:
AWS Shared Responsibility Model:
• Customer Responsibilities • Shared Services: Certain
(Security in the Cloud): services have shared
• Data classification and responsibilities, such as:
management • Amazon RDS (Relational
• Identity and access Database Service) – AWS
management (IAM) manages the infrastructure,
• Application security while customers manage
• Operating system and network database configurations and
configuration security settings.
• Security of data in transit and
at rest
AWS Shared Responsibility Model:
• Customer Control: • Continuous Monitoring:
Customers have the Customers are encouraged
ability to control their to continuously monitor their
security configurations, environment for threats and
vulnerabilities.
including:
• Encryption settings • Compliance and
• Security group and firewall Governance: AWS provides
settings tools and resources to help
customers meet compliance
• User permissions and roles
requirements.
AWS Identity and Access
Management (AWS IAM)
• User Management: Enables you • Temporary Security Credentials:
to create and manage AWS users Provides temporary security
and groups, allowing you to control credentials for users and
access to AWS resources. applications, allowing for secure and
• Permissions: Uses policies to controlled access to AWS services.
define permissions for AWS • Integration with Other AWS
resources, ensuring that users have Services: Works seamlessly with
the minimum necessary access. other AWS services, enabling you to
• Multi-Factor Authentication manage permissions across your
(MFA): Supports MFA for an added entire AWS environment.
layer of security, requiring users to • Audit and Compliance: Offers
provide not just a password but also logging and monitoring capabilities
a second form of identification. through AWS CloudTrail, helping you
to track and audit IAM activities.
IAM: Users & Groups
IAM: Permissions
IAM Policies inheritance
IAM Policies Structure
IAM – Password Policy
Multi Factor Authentication - MFA
How can users access AWS ?
IAM Roles for Services
IAM Guidelines & Best Practices
IAM Section – Summary