VPC Security and Control
AWS Transit Gateway
Basic Networking Concepts
Introduction to AWS PrivateLink
Networking and VPC for SAP on AWS
DNS & Content Delivery on AWS
The course is part of this learning path
In this section of the AWS Certified: SAP on AWS Specialty learning path, we introduce you to the various Networking services currently available in AWS that are relevant to the PAS-C01 exam.
- Identify and describe the various Networking services available in AWS
- Describe how to configure an Amazon Virtual Private Cloud (VPC)
- Understand how to control network traffic via Security Groups and Network Access Control Lists (NACLs)
- Describe AWS-managed services for Domain Name System (DNS) and Content Delivery Network (CDN)
- Understand how the AWS global infrastructure is used in conjunction with services like Route 53, CloudFront, and the AWS Global Accelerator to reduce latency and improve application performance for end-users
- Identify networking and VPC configuration options for SAP environments running on AWS
The AWS Certified: SAP on AWS Specialty certification has been designed for anyone who has experience managing and operating SAP workloads. Ideally you’ll also have some exposure to the design and implementation of SAP workloads on AWS, including migrating these workloads from on-premises environments. Many exam questions will require a solutions architect level of knowledge for many AWS services, including AWS Networking services. All of the AWS Cloud concepts introduced in this course will be explained and reinforced from the ground up.
Hello and welcome to this lecture covering the AWS Global Accelerator, which is a Global AWS service and therefore not tied to a specific region.
The ultimate aim of the AWS Global Accelerator is to get UDP and TCP traffic from your end user clients to your applications faster and quicker and more reliably, through the use of the AWS global infrastructure and specified endpoints, instead of having to traverse the public internet, which is not as reliable and carries a higher security risk.
Global Accelerator uses two static IP addresses associated with a DNS name which is used as a fixed source to gain access to your application which could be sitting behind a load balancer, such as a network or application load balancer, or directly connected to your EC2 instance or the Elastic IP address. These IP addresses can be mapped to multiple different endpoints, each operating in a different region if a multi-region application is deployed to enhance performance of routing choices.
Because the routing of your request is based across the AWS Global Infrastructure, Global Accelerator intelligently routes customers requests across the most optimized path using its global reach of edge locations, for the lowest latency and avoids any resources that are unhealthy. This helps to improve regional failover and high availability across your deployment.
To set up and configure AWS Global Accelerator there are effectively four steps to follow.
Firstly, you must create your accelerator and give it a name. You must also select if you want to use two IP addresses from AWS' pool of IP addresses or use your own. For each accelerator created, you must select two IP addresses.
Next, you need to create a listener. The listener is used to receive and process incoming connections based upon both the protocol and ports specified, which can either be UDP or TCP based.
Once your listener is created you must associate it with an endpoint group. Each endpoint group is associated with a different region, and within each group there are multiple endpoints. You can also set a traffic dial for the endpoint group, and this is essentially a percentage of how much traffic you would like to go to that endpoint group. And this helps you with blue and green deployments of your application to control the amount of traffic to specific regions. At the stage of adding your endpoint groups you can also configure health checks to allow the global accelerator to understand what should be deemed as healthy and unhealthy.
Finally, you must associate and register your endpoints for your application. And this can either be an application load balancer, a network load balancer, an EC2 instance or an EIP. For each endpoint, you can also assign a weight to route the percentage of traffic to that endpoint in each of your endpoint groups.
Let me now provide a very quick demonstration to show you how this creation looks within the AWS Console.
Okay so I'm logged in to my AWS Management Console and I need to go to the Global Accelerator which is under the Network and Content Delivery category. So if I select the Global Accelerator, now at the moment I don't have any Global Accelerators configured. So from here I'll simply click Create Accelerator.
Now, to start with, I need to select a name for my accelerator. So let me just call this MyAccelerator. Now here we have the IP address type, which is IPv4, and then we have the IP address pool selection. And the default is to use Amazon's pool of IP addresses but if you want to use your own pool of addresses, then this is where you could change it. And also you can add any tags to this service if you need to.
So onto the next stage, this is where we add our listeners. So we can add in a port, for example, port 80. Either TCP or UDP as the protocol, and then you also have Client affinity here. And we can see that if you have state full applications, Global Accelerator can direct all requests from a user at a specific client IP address to the same endpoint resource to maintain client affinity. The default for this option is None. We don't need that for this demonstration, so I'm just gonna leave that as None. And if you want to add any more listeners, simply click on Add Listener, and fill in the relevant details.
For this demonstration, I'm just gonna leave it as the one listener. Once your listeners are configured as you need to, click on Next. And here we have our endpoint groups. Here you select your regions that you want your application to reside in. So, for example, I'll select the London region. And also we have our traffic dial, which as I explained previously, is essentially the percentage of traffic to this region. We can add additional endpoints, so we can have multiple regions if we want to. And you can keep going, add in more more regions. So let's go and remove those two, just leave it as the one region. If you select on the configure Health checks, then you can set your health check configuration as need be just so the AWS Global Accelerator knows what it deems as healthy.
Once you have set your health checks, then you can select Next. On the final stage we need to add our endpoints. So here we have our endpoint group, and we select add endpoint. Now we can either add an Application Load Balancer, Network Load Balancer, an EC2 instance or an Elastic IP address. For this example, I'm gonna select an EC2 instance. And I won't need to select the specific instance. I have one here called MyApplication. And again we have weight information, which directs the amount of traffic to each of your endpoint in your groups. I only have the single endpoint in this group, so I'm just gonna change that to 255. It can be from zero all the way to 255.
To add additional endpoints, simply click on Add endpoint. Select the endpoint that you'd like and then the related resource. I'm just gonna have the one endpoint in this endpoint group. And then once you've done that, simply click Create accelerator. And this would take a few minutes to configure itself and become active. And as you can see the status is in progress.
Also, as I explained earlier, we can see that this Global Accelerator has been given a DNS name, which results to this two static IP addresses. And these are the two IP addresses from the AWS pool of addresses. So that means you can add or change your endpoint groups and related endpoints in any of the regions without having to change the DNS name or the static IP addresses that it results to. So it's very easy to change and increase region availability and high availability for your Global Accelerator. And it's as simple as that.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.