2. Agenda
Requirement Analysis
Reference Architecture
Proposed Technology Architecture
Maximum Availability Architecture
Security Architecture
Data Architecture
Requirements Mapping to Solution
Components
Summary – Key Architecture Benefits
Assumptions
3. Requirement Analysis
KeyRequirements
Business Requirements:
•IT system that is scalable to accommodate un-quantifiedfuture growth
•Zero CAPEX and OPEX incurred based on business growth
Technical Requirements:
•Scalable Infrastructure to handle rapid, yet un-quantified growth in the
next few months
•DisasterRecoveryfor uninterrupted business operations
•High Performance and throughputat database and data access layer
•BetterUser experience via low latency access response
•Effective Load distributionforoptimum resource utilization and better
ROI
•Highly available, fault tolerant, recoverable and self-healing infra for
immediate recoveryfrom failed services
•Data security at rest and in transit
•Secure accessto the environment for delivery team
•Efficientarchivalstrategy for inactive objects greaterthan 6 months
•Ability to easily manage and replicate multiple environments based on
blueprintarchitecture.
CompanyProfile
XYZPvt. Ltd
Foundedin: 2014
Industry: Online
ecommerce
Employees: 50
6. Maximum Availability Architecture
Region “ap-southeast”
ELB
Route 53
CloudFront
Internal/
External
Users
CDN
Maximum Availability Zone-1 Maximum Availability Zone-2
Web Servers
1 2 n Auto Scaling
Auto Scaling
Amazon EC2
Amazon EC2
Web Servers
1 2 n
App Servers
1 2 n
App Servers
1 2 n
RDS MySQL-Master RDS MySQL-Standby
Sync Replication
ELB
Amazon S3
High Availability + Disaster Recovery
+ Load Balancing + Auto Scaling
ACHIEVED
Resources and
Static Content
Amazon EBS
Snapshots
Amazon
ElastiCache
Amazon
ElastiCache
7. Amazon Datacenter
Security Architecture
Maximum Availability Zone
Web Servers
1 2 n
App Servers
1 2 n
RDS MySQL Master
Amazon VPC
External
Users
Public facingsubnet for Internet access
Private facing subnet – No Internet access
Internal
Users
XYZ
Datacenter /
Office
Amazon Direct
Connect
Dedicated
Network
Connection
Amazon
IAM
Secure
Access
Amazon
CloudHSM
Cryptographic Key
store to support
security of data in
transit and at rest
Amazon S3
8. Data Architecture
Amazon EC2
Amazon EBS
Amazon S3
CloudFront
Local Data Store
•Mounted on EC2 instance
•N/W attached persistent
storage
•Max 20 vols, 1 TB/vol
•Can be used by only 1
instance
•No write delays
Global Data Store
•Open File Storage not
restricted to EC2 instance
•Accessed from external svc.
(bittorrent), browser access
via HTTP
•100 buckets, unlimited
capacity per bucket
•Can be used by many
clients at once
•Requires software to read &
write data
•Experiences write delays
Amazon
Glacier Archive
Archival of data
beyond 6
months
Archive Data Store
•Low cost storage service for
data archive and backup
App Servers
1 2 n
Amazon RDS Dynamo DB
RDMS - MySQL
•Relational Data Store
NoSQL
•Unstructured Data
Store
Amazon EC2
9. Requirements Mapping to Solution Components
Key Requirements Solution Components
Business Requirements:
•IT system that is scalable to accommodate un-quantified future growth
•Zero CAPEX and OPEX incurred based on business growth
Amazon Web Services (AWS) Cloud Computing
Model
Technical Requirements:
Scalable Infrastructure to handle rapid, yet un-quantified growth in the
next few months
Amazon Web Services (AWS) Cloud Computing
Model, Amazon EC2 Autoscaling
Disaster Recovery for uninterrupted business operations Multiple Availability Zones in a Region with similar
configuration
High Performance and throughput at database and data access layer Amazon ElastiCache, Amazon RDS
Better User experience via low latency access response Amazon CloudFront, Amazon AppStream, Amazon
CloudSearch, Amazon Route53
Effective Load distribution for optimum resource utilization and better
ROI
Amazon ELB, Amazon EC2 Autoscaling
Highly available, fault tolerant, recoverable and self-healing infra for
immediate recovery from failed services
Amazon ELB, Availability Zones, Elastic IP, EBS
Volume Replication, EBS Volume Snapshot on S3
Data security at rest and in transit Amazon CloudHSM, SSL, Amazon VPC,
Encrypted File System
Secure access to the environment for delivery team Amazon DirectConnect, Amazon IAM, Amazon
VPC
Efficient archival strategy for inactive objects greater than 6 months Amazon Glacier Archive
Ability to easily manage and replicate multiple environments based on
blueprint architecture.
AWS Management Console, Amazon CloudWatch,
Amazon CloudFormation
10. Summary – Key Architecture Benefits
Variable Expense
Reduce Capital
Expenditure with
Variable Expense
Economies of Scale
Lower variable
expense than
companies can
achieve themselves
Elastic Capacity
No need to guess
capacityrequirements
upfront and over-
provision
Speed and Agility
Infrastructure in minutes
not weeks
Focus on Business
Not undifferentiated
heavy IT lifting
Global Reach
Go Global in minutes
and reach a global
audience
1 2 3
4 5 6
11. Assumptions
Startup company name is “XYZ Pvt Ltd”
Apart from custom package Apps, “XYZ” will
also require Email service hosted on AWS
MySQL will be the database opted for from
Amazon RDS as the current DB is MySQL
The custom Apps of “XYZ Pvt Ltd” will be
able to encrypt data stored in EBS / S3 /
RDS and the keys will be stored in Amazon
CloudHSM