Reference Architecture

Contents

The course is part of these learning paths

Becoming an AWS Cloud Architect — Proficient
13
1
10
1
Becoming a Cloud Architect — Learn the Fundamentals
12
6
1
Scenario: Migrating From an End-of-Life Data Center to AWS
6
3
8
1
Start course
Overview
Difficulty
Intermediate
Duration
1h 7m
Students
2725
Ratings
4.5/5
starstarstarstarstar-half
Description

This course is a "live" scenario discussion where the Cloud Academy team tackle a migration project. Our customer needs to migrate out of their current data center by a certain date. They also would like to modernize their business applications. 

Our brief in the exercise is to deliver:

  • A target architecture that addresses the challenges described by the customer
  • A migration plan detailing how to move the service to AWS with minimal interruption
  • A recommendation on how to approach DR to achieve RPO of 24 hours and RTO of 4 hours
  • An application optimization plan with a proposed enhancement roadmap

As a scenario, this series of lectures is recorded "live" and so is less structured than other Cloud Academy courses. As a cloud professional you often have to think and design quickly, so we have recorded some of the content this way to best emulate the type of conditions you might experience in the working environment. Watching the team approach this brief can help you define your own approaches and style to problem-solving.

Intended audience

This course discusses AWS services so it is best suited to students with some prior knowledge of AWS services. 

Prerequisites

We recommend completing the Fundamentals of AWS learning path before beginning this course. 

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

 

Updates
22-01-2020: Duplicate lecture removed 

Transcript

- [Presenter] Okay, let's start thinking about our reference architecture, and the services that we might look to use. Document manager and payment modules, should be Lamda functions with data being stored in Dynamo DB. The document module keeps additional metadata relating to objects that are stored in Amazon S3. We could also leverage S3 metadata, but Dynamo DB provides a richer set of features to store and retrieve data from. Also, separating these modules moves the majority of the public-facing APIs to server-less services. Now, we've also got the payment module to consider, and that consists of subscription information, which, at the moment is fulfilled by a third-party, digital wallet, so that can be exposed as number of APIs via the API Gateway. The batch processing and digitizer modules could be merged into a document processing service processed by an Elastic Beanstalk worker environment, and we could use Beanstalk instead of Lambda, because jobs might take longer than five minutes to complete. We can use the Database Migration Service to migrate our schema and our data. We'll use Oracle RDS in the first instance, and then look to port our databases to either Amazon Aurora or Postgres. We can use Route 53 to manage our domains and our routing to domains, especially during any cut-over. And we can use CloudFormer for a migration template and for helping with our cloud formation scripting. We can look to use the Elastic Load Balancer to reduce load on our web tier, and to handle some of our SSL offloading for us. And we can implement ElastiCache to reduce load on the web tier. CloudFront, of course, can increase our durability and our performance. And integrated with AWS WAF, or AWS Shield, we can increase our security and durability. Now for our keys, we can use the CloudHSM appliance initially, and then look to move our keys to KMS to manage encryption keys going forward. And short term, we can use the VPN to connect back to our data center, and then look to use a direct connect, dedicated connection for connectivity back to our data center, going forward. Okay, so that architecture could provide the expertise-please service with a more agile, cost-efficient solution. Now we can start to break this into swim lanes, and work out when we can do things. From that, we can prioritize and tie-box it into stages.

- We've got, 7 to 14 days of migration, we probably need to think, sort of, two, well, maybe two to six months for this type of optimization. We probably want to a phase 6 to 12 months for this type of re-engineering, so if this is a 12 to 24 month plan depending on the customer's appetite for this, do it. I think that is something that must happen, that's something that should happen, because if we're going to make this better, we need to do all of this. That's definitely a must. And then, that's probably gonna be a could. If you want to make your business better, this is how we go about it.

- [Man With Brown Hair] If you map those stages back to the.

- Yep.

- What we're seeing is we're going from left to right across those stages. We're increasing security. We're improving business.

- Yeah.

- Business slide, bottom line. Operations is more efficient, there's less problems.

- Let's write those up in the blue marker.

- So increase security.

- Yep.

- Throughout the system.

- And reporting

- [Man With Brown Hair] Operations is more efficient, less down time.

- Yep, better disaster recovery. We still need to reduce the cost with shifting off the current database, providing the spot or reserved instances that can really add a lot of value.

- [Man With Brown Hair] The bottom line for the business is improved.

- Yeah we can give them some assurance that the service will continue in seven months

- [Man With Brown Hair] The player forms become more realistic.

- Yeah.

- [Man With Brown Hair] The cost optimized and it's more agile.

- So I guess there's a bit of thinking to do around how we do this, we have to think through the resourcing because if we are talking about smallteams working in parallel there gonna need some development resource to do that because they don't have any internal resource for it. The other thing we haven't thought about is keys. So everything is encrypted, they're running their own encryption service. They've got a safe net lunar encryption.

- [Man With Brown Hair] So stage one we were gonna go with Cloud HSM.

- Yeah.

- In terms of increasing time. But when we get into stage two and stage three we can start potentially use KMS.

- Yeah, yeah.

- [Man With Brown Hair] The cheapest solution.

- Good for a short term fix but we need to get into KMS to save money long term. So that could definitely part of our cost optimization.

About the Author
Avatar
Andrew Larkin
Head of Content
Students
168562
Courses
72
Learning Paths
172

Andrew is fanatical about helping business teams gain the maximum ROI possible from adopting, using, and optimizing Public Cloud Services. Having built  70+ Cloud Academy courses, Andrew has helped over 50,000 students master cloud computing by sharing the skills and experiences he gained during 20+  years leading digital teams in code and consulting. Before joining Cloud Academy, Andrew worked for AWS and for AWS technology partners Ooyala and Adobe.

Covered Topics

Amazon Web ServicesContent Delivery Networking for AWSNetworking for AWSMigration for AWSCompute for AWSSecurity for AWSStorage for AWSDatabases for AWSManagement for AWSAWS LambdaAmazon ElastiCacheAmazon EC2AWS Key Management Service (KMS)AWS CloudHSMAmazon RDSAmazon Route 53Amazon DynamoDBAmazon Elastic File System (EFS)AWS Elastic BeanstalkAWS Import/ExportEncryptionNoSQLServerlessIdentity and Access ManagementSQLMigrationNetworkingSecurityStorageDatabasesManagementComputeContent Delivery NetworkingHigh Availability