Blog

Demystifying Amazon Web Services: An Enterprise Admins view of the public cloud (Part I)

Posted by Jeremy Goodrum Topics: AWS, 3 minute read

A few days ago, I was sitting down with family for Christmas. We were up in Ottawa visiting my wife’s family and the conversation turned to cloud. It was a hearty debate over the validity of public cloud vs private cloud. As you may have guessed, there are several IT Professionals at the table and each of us with varying degrees of experience. The conversation did get me to think… How do you use the public cloud as a private cloud datacenter admin?

Over the next few posts in this series, I would like to take a closer look at three very important parts of Amazon Web Services management.
1. What are some of the core AWS services?
2. How do I secure my infrastructure?
3. What options can I use to manage this new environment?

Amazon Core Services - understanding the building blocks
After more than a year of working in multiple public cloud infrastructures, it feels second nature to me. When I first started on this team, one of my counterparts sat me down to explain Virtual Private Clouds (VPC). I listened and took notes. It seemed strange at first. Why would anyone want to create these isolation zones?

To better understand the benefits of VPC, it might help to think about how we build enterprise datacenters today. If you have ever had the opportunity to work in a large enterprise datacenter, you will remember all of the different network subnets. There were guest networks, testing and development networks, production front-end, database back-end… the list just goes on. If you had a SAN or NAS appliance, you probably had even more of these private networks. When we think about this, it seems like the idea of more networks just makes it even more confusing.

Virtual Private Cloud networks provide a way to create a network isolation space for one or more subnets. It also gives you a great way to split your networks across AWS Availability Zones. This is probably one of the more important things to understand when deploying your servers in AWS. To understand Availability Zones, it is important to understand how Amazon datacenters work. Amazon Regions are general locations that contain one or more AWS datacenters. These datacenters are called Availability Zones and are generally within miles of each other.

Availability Zones (AZ) are used to provide physical redundancy to AWS infrastructure. Think of an AZ as multiple buildings at your physical site with each building having a unique portion of your subnet. This is how AWS handles the networks in a VPC. A base subnet CIDR (Classless Inter-Domain Routing) is assigned to the VPC and the size of the CIDR determines the number of addresses in the VPC. It will also determine how you can divide your subnets across availability zones. Let’s say for example, that your region has three Availability Zones and you want to have a minimum of one /24 subnet per AZ. This would require your base VPC subnet to be a /22. (Need help with subnet calculations? http://www.subnet-calculator.com/)

The question still remains as to why I would need or want multiple Virtual Private Clouds. I asked that same question early on as well. Multiple VPC environments give you a very good way to create isolation zones for your production and development infrastructure. For some of you reading this, a single VPC per region makes sense. In the next part of this series, I will discuss Elastic Compute Cloud (EC2) instances and how you begin to build your cloud infrastructure.

Other articles in this series

Demystifying Amazon Web Services: An Enterprise Admins view of the public cloud

Part I: Virtual Private Clouds
Part II: Elastic Cloud Compute [EC2] - Virtual Servers
Part III: Elastic Block Storage [EBS] - Virtual HardDisks
Part IV: Simple Storage Service [S3] - Object Storage
Part V: Cloud Security Principles - EC2 Security Groups
Part VI: Cloud Security Principles - Identity & Access Management

 

-