= OREILLY Q Cnapter 4. Cloud Arcnitecture Design Principles This chapter covers the following subjects: © The Well-Architected Framework: AWS does not just hope you can architect a brilliant design on their cloud; they provide you detailed guidance on how to do so. “The AWS Well-Architected Framework” is a thorough document that is detailed in this section of the chapter. + Fault Tolerance and High Availability: This section discusses the rel- ative ease of achieving a fault tolerant and highly available architec- ture in AWS. * Web Hosting: ‘his section of the chapter describes how AWS can as- sist dramatically in the hosting of various web application content. There are many techniques and approaches to services of AWS that have been tried successfully by many companies all over the world. In this chapter, you benefit from all this experimentation and learn some of the key design principles that can guide you throughout your AWS experiences. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess if you should read the entire chapter. Table 4-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz. questions covering the material in those headings so you can assess your knowledge of these specific ar- eas. The answers to the “Do I Know This Already?” quiz appear in Appendix A, “Answers to the “Do I Know This Already?” Quizzes and Q&A Sections.” x Preparing for certification? ‘Take Practice Exam => View Study Guide > Table 4-1 “Do I Know This Already?” Foundation Topi Question MappingFoundation Topics Section Questions ‘The Well-Architected Framework 12 Fault Tolerance and High Availability 34 Web Hosting 56 Caution The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assess- ment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security. 1. Which of the following is not one of the pillars of “The Well-Architected Framework” from Amazon? a. Cost optimization b. Security ¢. Operational excellence d. Speed 2. Ensuring that you have “traceability” is critical in A\ under what AWS design pillar? a. Cost optimization b. Operational excellence ‘Take Practice Exam => View Study Guide > Preparing for certification? xc. Performance efficiency 4. Security 3. Which of the following is true regarding HA in your on-premises data center? a. Itis typically only reserved for the most mission-critical systems or data. b. It is typically implemented at a lower cost than cloud. ¢. It is typically implemented throughout the entire data center. d. It is never truly achievable. 4, Which is not a typical service or tool associated with HA in AWS? a. Auto Scaling b. ELB ¢. CloudWatch d. CloudTrail 5. What is the DNS service offered by AWS? a. SQS b, Route 53 x ¢. CloudFront Preparing for certification? ‘Take Practice Exam => d. CloudFormation View Study Guide > 6. Where should firewalling be accomplished in your web hosting design in AWS?a. At the perimeter b. At the core c. Everywhere d. For all access layer functions Foundation Topics The Well-Architected Framework You might think that at Amazon, really smart engineers sat down to pen “The Well-Architected Framework” based on their experience with cloud design. This is only partially true. In order to provide you with a docu- ment as critical as “The Well-Architected Framework,” these engineers and architects also did something very smart. They analyzed the actual implementations of successful designs by some of their largest and most successful customers (with their permission of course). All of this re- search gave rise to the framework that we cover here. What are some of the goals of they are pretty lofty. They include designing for security, performance, re- siliency, and efficiency. The framework also provides you with the valu- he Well-Architected Framework”? Well, able opportunity to evaluate a proposed design against the tried and true principles contained in the document. This makes it an even more valu- able tool. Amazon had many goals when they created this framework. Here are the most important: Build and deploy solutions faster than ever before. x « Lower and mitigate the risks associated with a mo} Preparing for certification? ‘Take Practice Exam => * Make informed decisions about how to implement 4 view study Guide > cloud. * Learn the most powerful best-practice approaches to using AWS ser- vices and tools.LS ue) To help organize the framework and make it more valuable, Amazon fo- cused the framework around the following five pillars: © Operational excellence © Security © Reliability * Performance efficiency © Cost optimization We should examine each of these pillars and the important design con- cepts in each. Operational Excellence The overall objective of this pillar is to make sure you run and monitor systems to ensure that they are providing value for the business goals of the organization. Note It is very important that you keep this point in mind. While so many of us in technology find the cloud incredibly “cool,” we should never be targeting technology just because it is very clever and exciting; instead, we should be targeting technology because it assists our organization in achieving the most important business objectives. x Preparing for certification? ‘Take Practice Exam => View Study Guide > This pillar consists of the following important design principles:* Perform operations in code. © Annotate documentation as much as possible. © Make frequent small and reversible changes to the architecture in or- der to improve it. * Refine your operational procedures frequently in order to improve them. * Anticipate failures and have your recovery plans in place. * Learn from any failures that you might have in your architecture in AWS. Security Clearly, the job of this pillar is to help protect your assets, your systems, and your information associated with AWS. This pillar should also assist you with risk assessments and your mitigation practices. LS We) =) (e4 This pillar consists of the following important design principles: * You should use strong identity practices in your architecture, * There should be full traceability in all operations. © Security should be implemented in absolutely all layers of your architecture. + There should be a concerted effort to automate as many of the security best practices as possible. « Information should be secured at rest as well as in transit. * You should prepare as much as possible for the inevitable security events in your architecture and cloud. x Preparing for certification? Take Practice Exam > View Study Guide > Reliability This pillar consists of many important design principl around ensuring your design can easily recover from service failures. It also ensures your architecture can grow resources as needed on-demand.Reliability in the cloud also means that disruptions can be mitigated with relative ease. Key. Here are the design goals around this pillar: © Test recovery. * Automate failure recovery as much as possible. * Automatically scale horizontally when needed, © Stop guessing at capacity for IT resources. © Manage changes through automation. Performance Efficiency This pillar concerns itself with the use of AWS resources as efficiently as, possible. The efficiency should be maintained as demand changes and technology evolves. LS Uy ei Here are the design goals around this pillar: * Democratize advanced technologies—meaning make them available to the masses. Take resources globally in minutes. * Target serverless computing as much as possible, « Experiment freely and often. x Preparing for certification? ‘Take Practice Exam => View Study Guide > * Maintain mechanical sympathy—meaning match b appropriate technologies.Cost Optimization The goal of this pillar is quite simple—to save money and stop the wast- ing of investments in technology. LS Uy ei The design goals are also straightforward: * Adopt a consumption model; this emphasizes the OpEx approach to IT. * Measure the efficiency of your architecture closely. * Stop spending money needlessly in an attempt to solve IT problems. © Closely analyze the expenditures in your AWS implementation. * Use managed services as much as possible. Fault Tolerance and High Availability Let’s begin by ensuring you understand these two critical concepts. Fault tolerance (FT) refers to the ability of a system to sustain the loss of a com- ponent without incurring any downtime at all. High availability (HA) refers to the ability of your entire architecture to maintain an increased level of availability. You should note that fault tolerance is a subcompo- nent of high availability. There are two important considerations for high availability with AWS. First, the HA should be able to be achieved at a small fraction of the cost of achieving HA in a traditional data center approach on your premises. Second, the HA should be achievable with a minimum of human inter- vention. In fact, most consider HA to mean there is no human. x intervention. Preparing for certification? ‘Take Practice Exam => View Study Guide > Understand that when you try and implement HA on ditional IT technology, it tends to be very expensive. It protect the most mission-critical resources. In AWS, HA tends to be muchmore cost effective and much more comprehensive for the entire architecture. LS What are some of the key services and tools of AWS that make incredible levels of HA possible? * Elastic Load Balancers * Elastic IP Addresses * Route $3 * Auto Scaling * Cloudwatch What about the tools that exist in AWS specifically for the fault tolerance aspect of HA? + Simple Queue Service (SQS) * Simple Storage Service ($3) « Simple DB Web Hosting Web hosting is a trend that began decades ago and shows no sign of slow- ing down. More and more applications are brought to users by being hosted by web servers. Web servers might play a key part in your organi- zation for the following reasons: «Hosting your company website * Web-based Content Management Systems * Social media applications x Preparing for certification? ‘Take Practice Exam => Internal SharePoint sites View Study Guide > + Web services such as API endpointsKey. No matter your specific need for web hosting with AWS, you should be able to achieve the following compelling benefits: © Cost effectiveness: Simple on-demand provisioning is needed as more web server scalability is needed. + On-demand resources: This capability promotes the use of test fleets, staging servers, and simulated user traffic. Architecturally, there are many positive effects, such as the following: An elimination of reliance on strict physical appliances. Firewalling can be done everywhere in the architecture. Multiple data centers can be located across the globe with ease. Hosts can be considered completely ephemeral and dynamic. You can also take advantage of many services and tools of AWS that can aid you in your transition to the cloud. These include the following: « VPC * Route 53 * CloudFront * Elastic Load Balancing AWS Web Application Firewall (WAF) + AWS Shield * Auto Scaling © EC2 * ElastiCache . x © RDS Preparing for certification? * DynamoDB Take Practice Exam > View Study Guide > Exam Preparation Tasks As mentioned in the section “How to Use This Book” in the Introduction, you have a few choices for exam preparation: the exercises here, Chapter16, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online. Review All Key Topics Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 4-2 lists these key top- ics and the page numbers on which each is found, Key. Table 4-2 Key Topics for Chapter 4 Key Topic Element List List List List List List List a Page Description Number The five pillars 55 Design goals for operational se excellence Design goals for security 56 Design goals for reliability 57 Design goals for performance 5 efficiency Design goals for cost x optimization Preparing for certification? ‘Take Practice Exam => View Study Guide > Services for FT and HAKey Topic a. Page Description Element Number Positive effects of web hosting List 59 on AWS Define Key Terms Define the following key terms from this chapter and check your answers in the Glossary: HA ET Q&A The answers to these questions appear in Appendix A. For more practice with exam format questions, use the Pearson Test Prep Software Online. 1, Name the five pillars in “The Well-Architected Framework” of AWS. 2, What is often considered a subcomponent of HA? 3. What service is often used to build the web server itself in AWS, espe- cially if this web server is to host complex, dynamic content? ‘Take Practice Exam > View Study Guide > Preparing for certification? x