AWS SAA summary-Exam 02

4 EC2
4.1 EC2 concept

Amazon Elastic Compute Cloud (Amazon EC2) 是一种 Web 服务,在云中提供大小可调的计算容量。该服务旨在让开发人员能更轻松地进行 Web 级的计算。All EC2 instances in the default VPC have both a public and private IP address. They do not have an elastic IP address, and the security group that is created by default does not allow any inbound traffic (until changed manually)

4.2 EC2 instance type

按需实例(On-Demand Instances ) 按秒为启动的实例付费。

· Applications with spiky workloads are reasons to use on-demand, as on-demand can scale up and down quickly

· on-demand instances are best for users with no initial payment ability

· On-demand instances are ideal for any usage that swings wildly in unpredictable patterns, particularly if a job cannot be halted

· Anytime you’re testing a new application, on-demand is a good choice

预留实例 (Reserved Instances)以大幅折扣购买一年期到三年期的始终可用的实例。

· Reserved instances can be paid for in no up-front, partial up-front, and all up-front models, where all up-front is the least expensive and no up-front is the most expensive.

· steady-state usage is ideal for reserved instances

· Steady-state usage is also a use case for reserved instances, to gain cost savings

· If usage is predictable, a long-running job might benefit from a reserved instance

· Reserved instances are locked to the region in which they are created

· AWS suggests using reserved instance pricing in TCO calculations, as it is closest to on-premises servers in an apples-to-apples comparison

· Standard reserved instances often provide up to a 75% discount as compared to on-demand instances.

Spot 实例 (Spot Instances)请求未使用的 EC2 实例,这可能会显著降低您的 Amazon EC2 成本。

· Spot instances offer you significant costs savings as long as you have flexibility and application processes can be stopped and started.

· Spot instances via the spot market are the potentially least expensive option, given that your compute has flexible timing and needs

· Spot instances also make heavy compute affordable when it would not be on other instance types

· Large and immediate additional capacity needs are best facilitated by spot instances

· spot market is where you purchase spot instances, the spot market provides instances that can stop and start at any time;

· Spot instances are recommended for applications with flexible start and end times, that need to run with low compute prices, or that may have urgent compute needs for large amounts of additional capacity

· If the job can be stopped, then spot instances would be better.

Exam tips:

· Dedicated hosts can be purchased as an on-demand instance or as a reservation for significant savings

· On-demand instances are ideal for any usage that swings wildly in unpredictable patterns, particularly if a job cannot be halted. If usage is predictable, a long-running job might benefit from a reserved instance, and if the job can be stopped, then spot instances would be better.

4.3 Launch new EC2 instance

新建EC2实例,需要考虑VPC, 可用区(包含子网),安全组及放置组(placement group)。 如过EC2用于存储,不需要对外部网络提供服务,则应考虑将其放在私有网络中,而如果需要对外提供服务,如web服务,则要考虑放置在公有子网中。如果考虑网络延迟,则需要将一组同质的EC2 实例放置一个Placement group。

这里引出一个新的概念—Placement group,即单个可用区域内实例的逻辑分组。使用放置组时应用程序能够参与低延迟、10 Gbps的网络,放置组不能跨越多个可用区域。Cluster placement groups (the default type of placement group) must be made up of instances that exist within a single availability zone

Spread Placement group-- 分散放置组有助于降低集群或实例组中失败的可能性。Amazon EC2拥有集群放置组,这使应用程序能够获得许多HPC应用程序典型的紧密耦合节点到节点通信所需的低延迟网络性能。现在,使用分散的放置组,成员实例将放置在不同的硬件上,从而减少了硬件故障对应用程序的影响。分散放置组能跨越多个可用区域,一个组内的单个AZ内最多有7个EC2实例。

A placement group is concerned primarily with network throughput and reducing latency among EC2 instances within a single availability zone. AWS does support a placement group spanning multiple AZs via spread placement groups, but unless “spread” is specifically mentioned, you should assume the question references a “normal” (or “cluster”) placement group.

比较Placement group和Spread Placement group

· Placement groups are typically in a single availability zone, but now spread placement groups can be placed across availability zones.

· A spread placement group can have a maximum of seven running instances per AZ.

· Spread placement groups primarily offer reduced network lag between instances

· Spread placement groups cannot be set up across regions

· You must specify the distinct underlying hardware for spread placement groups

对于公网和私网的区分,则是以能否正常访问internet为关键点。公网中的EC2 实例,可以自动获取公网IP,能正常访问internet。而私网的EC2实例,则不能分配到公网IP,如需访问internet,则需要借助于公网中的NAT 服务,如NAT 实例或NAT 网关。

新建EC2 实例,需要指定AMI,获取AMI的渠道,有以下三种:自己创建AMI、通过aws marketplace购买、还有是社区版AMI, 这里将包含免费的AMI.在SAA 备考阶段,使用免费的AMI即可。For all new AWS accounts, 20 instances are allowed per region. However, you can increase this limit by requesting it via AWS support.

clip_image076

Figure 17 AMI channel

EC2 需要指定VPC 和subnet,如果创立在default VPC 中,这两项都可以选默认配置。如果指定在custom VPC中,则需要提前创建subnet。默认情况下,新建的VPC中没有subnet。

clip_image078

clip_image080

Figure 18 Put ec2 into a VPC and subnet

如果是上图中的情况,可以单击 Create new subnet进入创建subnet页面。如下页面,需要指定 VPC和AZ, 同时要定义CIDR 块,此CIDR 必须隶属于VPC的CIDR。如果定义该subnet 为public,则需要对此子网Enable auto-assign public IPv4 address,同时还需要配置路由表,使其关联到IGW (Internet gateway)。而由于custom VPC 中不包含IGW,这儿仍然需要新建一个IGW, 并attach到 custom VPC.

clip_image082

Figure 19 Create subnet

配置路由表,增加一条路由记录, 使IGW 可以访问internet。

clip_image084

Figure 20 Config route table

可以高级配置中预写入脚本,让实例启动时,自动安装服务,

clip_image086

Figure 21 Advanced details

将实例关联到security group,可以选择VPC中默认创建的security group,也可以新建一个security group,并自定义inbound规则。这里需要在security group 的inbound中增加SSH 协议,允许 0.0.0.0/0访问,不然则无法远程连接到实例。接下来需要选择已存在的key pair或生成新的key pair, 用于连接到EC2实例。实例启动成功后,会自动分配一个公网IP,但由于此IP 是通过DHCP 动态分配,如果通过console reboot 实例,则该公网IP 会重新回到地址池而获取到一个新的IP,通过CLI reboot,则公网IP可以被保持。

检查实例是否有Internet连接,可以在登录实例后,通过命令curl or dig任意网络主机。

如果启动的实例在私网中,则只能通过公网中的实例ssh 远程登录,或者使用bastion host,无法从internet上的任意主机直接登录。私网中的实例也没有正常的网络访问权限,如果需要网络访问,需要配置 NAT 实例或NAT gateway。

4.4 EC2 summary

placement group

Amazon Instance Store/EBS-backed instance

security

· EC2 Key Pairs

· Security Groups

· Connection Tracking

· IAM Role

Tags

· billing Allocation report

· Restriction

· Maximum tags 10

· Maximum key length – 128 Unicode characters in UTF-8

· Maximum value length – 256 Unicode characters in UTF-8

Show

· keyName = value1|value2|value3 or keyName = key1|value1;key2|value2

5 EBS and EFS

EBS-- Elastic Block Store和EFS-- Elastic File System 都提供存储服务,而对适当的存储选项如何做出决策。我们将比较弹性块存储(EBS)和弹性文件系统(EFS)这两种非常流行的存储选项,以确定哪种存储方式最适合哪种情况。

5.1 EBS concept

AWS EBS是一个块存储服务,专门用于EC2实例。它为许多用例提供了高性能选项,并且可以用于各种数据库(关系数据库和非关系数据库)、广泛的应用程序和大数据分析。

EBS通过提供卷来工作,这些卷是小型网络附加块的集合,您可以将它们视为“磁盘”。卷有不同的类型,无论您需要最好的性能,需要个位数的毫秒延迟,还是您只是在寻找高吞吐量,都有一个EBS卷可以满足您的需求。

注意,弹性块存储卷独立于EC2实例,可以在任何时候进行附加和分离。当它们被挂载时,可以用作任何其他块存储。我们的块存储系列引入了EBS块级存储,并深入研究了两个主要块存储类别:ssd支持的卷和hdd支持的卷。目前,EBS提供了四种卷类型。

clip_image088

clip_image090

clip_image092

clip_image094

clip_image096

· AWS EBS General Purpose SSD (gp2): A balanced volume type

-Uses: boot volumes, small or medium database, dev or test env

· Provisioned IOPS SSD (io1): A volume designed for latency-sensitive transactional workloads

- Uses: boot volumes, critical business application, large db : Cassandra, MongoDB, SQL Sever, Oracle, PostgreSQL, MySQL

· Throughput Optimized HDD (st1): A low-cost volume for frequently accessed and throughput intensive workloads

- Uses: Big data, Data warehouse, Log processing

· Cold HDD (sc1): A lowest-cost volume for less frequently accessed data

-  Uses: Inexpensive storage, ideal for infrequently accessed sequential workloads

Exam tips:

· HDD types are not available to use as boot volumes.

· An SSD volume is best for transactional workloads with a large number of small I/O sized read/write operations.

· An HDD-backed volume is best for streaming workloads where throughput needs to be maximized over IOPS.

· EBS volumes can be encrypted when they are created.

· There are four types of data encrypted when an EBS volume is encrypted:

  •  data at rest on the volume,
  •  data moving between the volume and the instance,
  •  any snapshots created from the volume,
  •  any volumes created from those snapshots.

· If you have a larger database workload, provisioned IOPS SSD is ideal.

· EBS does not offer lifecycle management

· Default behavior is EBS will stop I/O to the volume if it detects potential data inconsistencies in the volume. This is to prevent data corruption. Volume status check would report this condition as Impaired.

· There are couple of ways in which you change the encryption keys associated with an EBS volume: Change the key during snapshot copy process. Another option is: from an EC2 instance, mount a new EBS volume with the desired key and copy data from old volume to new volume

EBS是网络驱动的,通过网络来和EC2实例通讯,也就意味着这儿可能会有延迟。它可以从ec2实例中分离出来,并快速地附加到另一个实例上。EBS卷被设计为非常持久的,并且在可用区(AZ)内复制它们。然而,这意味着它们被限制在一个AZ中,因此您不能移动一个卷,除非您创建它的快照并在其他地方重新创建它。只有GP2和IO1可以用做boot 卷。

By default, EBS root volumes are terminated when the associated instance is terminated. and by default, additional EBS volumes attached to an instance are not. However, this is only the default value,these settings can be changed! You can use the AWS CLI (or the console) to set the root volume to persist after instance termination.

Officially, instances can have up to 28 attachments. One of those attachments is the network interface attachment, leaving 27 attachments available for EBS volumes. However, the better approach is to remember that an instance can attach to a root volume and several more volumes (more than two); Additionally, instances cannot have unlimited attachments.

5.1.1 EBS RAID

这里首先介绍一个概念,磁盘阵列(Redundant Arrays of Independent Disks,RAID),有“独立磁盘构成的具有冗余能力的阵列”之意。 磁盘阵列是由很多块独立的磁盘,组合成一个容量巨大的磁盘组,利用个别磁盘提供数据所产生加成效果提升整个磁盘系统效能。利用这项技术,将数据切割成许多区段,分别存放在各个硬盘上。

EBS 已经是冗余存储的,但如果你要考虑增加IOPS,则需要考虑使用RAID 技术,前提是你的OS 支持 RAID. RAID 可配置选项为:

· RAID0

· RAID1

· RAID5(Not recommend)

· RAID6(Not recommend)

推荐使用的是RAID0—性能优先,RAID1— 容灾优先。

clip_image098

Figure 22 RAID0

clip_image100

Figure 23 RAID1

general

· attached in same AZ —>EBS volumes are created at AZ level

· create snapshot cross AZ (any AZ in the region)

· copy snapshot to another region (disaster recovery, expansion)

· Root EBS volume is deleted, by default

· persists independently

encrypted

· Public or shared snapshots of encrypted volumes are not supported

· Existing unencrypted volumes cannot be encrypted directly. Can migrate from copy encripted snapshot

· Supported on all Amazon EBS volume types, not instance type

performence

· use raid0 , raid1 improve iops

· EBS optimized with IOPS EBS

price

· charge with storage, I/O requests and snapshot storage

· EBS backed EC2, every stop/start it will be charged as a separate hour

· Snapshot

clip_image102

5.2 EFS concept

AWS EFS是一种存储服务,它提供了一个共享的弹性文件系统,提供了几乎无限的可伸缩性支持。它被设计用于Linux实例(并支持4.0和4.1网络文件系统(NFS)协议),并且它提供了持久的、高可用的存储,可以同时被数千台服务器使用。AWS EFS是一个可自动伸缩的完全托管的服务。这意味着,当您向文件系统添加或删除文件时,文件系统的大小实际上会增加或减少。

从表面上看,AWS EFS听起来像一个简单的服务,但是当您深入挖掘时,会发现它还有更多的功能。当EFS的文件系统的大小扩展时,它的性能也随之扩展。这是一个有点奇怪的选择,因此,对于低利用率,EFS的性能可能会有点令人失望。然而,如果使用得更多,AWS EFS可以提供高达10gb /s的性能,以及500,000个IOPS。

使用EFS的一个好处是您现有的环境不需要任何更改。您的应用程序和服务只需附加文件系统即可运行。EFS的使用不限于AWS云。对于那些运行混合云环境的人,AWS EFS也可以由本地实例使用。该特性极大地扩展了EFS的可能用例。

EFS最近也得到了更新,获得了一个新的存储层。现在,除了提供标准存储之外,EFS还提供了不常用的访问。使用它只需要启用一个生命周期管理,它将根据所需的策略移动数据。您仍然可以正常使用EFS。您不需要对基础设施或应用程序进行任何更改,因为EFS在幕后为您处理所有事情。与大多数AWS服务一样,EFS只对客户使用的内容收费。EFS标准层存储的成本为每月每GB 0.30美元。使用AWS EFS非频繁访问层存储的成本大大降低了—每个月为每GB 0.025美元。但是,请记住,在使用这个层检索数据时,会产生额外的成本(每传输GB 0.01美元)。

clip_image104

5.3 Compare EBS and EFS

虽然EBS和EFS都提供了很好的特性,但这两个存储解决方案实际上是为两种完全不同的用途构建的。EBS卷被限制为一个实例,更重要的是,一次只能被一个实例访问。使用EFS,您可以有成百上千个实例同时访问文件系统。这使得AWS EFS非常适合任何需要良好执行的集中式共享存储(如媒体处理或共享代码存储库)的使用。您还可以使用AWS EFS来提供web内容、保存各种备份并减少存储开销。虽然EFS的成本确实比EBS高(EFS为0.30美元/ GB, EBS为0.10美元/ GB),但您只需为每个EFS文件系统支付一次费用。这意味着,如果您为它附加了12个实例,您仍然需要支付与仅为它附加了一个实例相同的金额。使用EBS卷,您需要为每个卷付费。因此,为了节省存储成本,EFS有时可以替代EBS。

EFS根据容量来衡量性能,虽然在某些情况下这可能非常有益,但它也可能是一个显著的缺点。您可能没有足够高的利用率来达到所需的文件系统吞吐量。因为AWS EBS为您提供了稳定且可预测的性能,所以EBS几乎总是更适合您,除非您需要多个实例同时访问您的存储。

EBS is a much better choice than EFS for a single-instance application

6 AWS Storage Gateway classification网关类型
6.1 Gateway type

AWS storage gateway is a virtual appliance and is not available as a hardware appliance.

The file gateway enables you to store and retrieve objects in Amazon S3 using file protocols, such as NFS. Objects written through file gateway can be directly accessed in S3.

The volume gateway provides block storage to your applications using the iSCSI protocol. Data on the volumes is stored in Amazon S3. To access your iSCSI volumes in AWS, you can take EBS snapshots which can be used to create EBS volumes.

The tape gateway provides your backup application with an iSCSI virtual tape library (VTL) interface, consisting of a virtual media changer, virtual tape drives, and virtual tapes. Virtual tape data is stored in Amazon S3 or can be archived to Amazon Glacier. A tape gateway is ideal for replacing off-site tape directories. The gateway is a virtual tape directory and avoids the costs of transporting actual tapes to an expensive off-site location.

6.2 File gateway

文件网关 – 文件网关 支持连接到 Amazon Simple Storage Service (Amazon S3) 的文件接口并将服务和虚拟软件设备组合在一起。通过使用此组合,可以使用行业标准文件协议(如网络文件系统 (NFS))和服务器消息块 (SMB) 在 Amazon S3 中存储和检索对象。软件设备 (也就是网关) 作为运行在 VMware ESXi 或 Microsoft Hyper-V 管理程序上的虚拟机 (VM) 部署到您的本地环境中。利用网关,可以将 S3 中的对象作为文件或文件共享挂载点进行访问。利用文件网关,您可以:

  • 您可以直接使用 NFS 版本 3 或 4.1 协议存储和检索文件。
  • 您可以直接使用 SMB 文件系统版本 2 和 3 协议存储和检索文件。
  • 您可以从任意 AWS 云应用程序或服务直接访问 Amazon S3 中的数据。
  • 您可以使用生命周期策略、跨区域复制和版本控制管理 Amazon S3 数据。您可以将文件网关视为 S3 上的文件系统挂载。

文件网关简化了 Amazon S3 中的文件存储,通过行业标准文件系统协议集成到现有应用程序中,并提供了对本地存储的经济高效的替代方法。它还通过透明本地缓存提供对数据的低延迟访问。文件网关管理与 AWS 之间的数据传输,缓冲应用程序避免网络拥堵,并行优化和流式处理数据,以及管理带宽消耗。文件网关与 AWS 服务集成,例如与以下服务集成:

  • 使用 AWS Identity and Access Management (IAM) 的常见访问管理
  • 使用 AWS Key Management Service (AWS KMS) 的加密
  • 使用 Amazon CloudWatch (CloudWatch) 的监控
  • 使用 AWS CloudTrail (CloudTrail) 的审核
  • 使用 AWS 管理控制台和 AWS Command Line Interface (AWS CLI) 的操作
  • 账单和成本管理
  • The file gateway enables you to store and retrieve objects in Amazon S3 using file protocols, such as NFS. Objects written through file gateway can be directly accessed in S3.
  • File Gateway configuration can locally cache frequently used data and for data that is not in cache, it can retrieve from AWS. It automatically and securely backsup file to S3. Volume gateway is used as block storage and not suitable for this requirement. Tape and Glacier options are suitable for requirement that do not need immediate access to data
6.3 Volume gateway

卷网关 – 卷网关提供了支持云的存储卷,可以从本地应用程序服务器将该存储卷作为 Internet 小型计算机系统接口 (iSCSI) 设备安装。该网关支持以下卷配置:

  • 缓存卷 – 将数据存储在 Amazon Simple Storage Service (Amazon S3) 中并在本地保留经常访问的数据子集的副本。缓存卷不仅有助于节省大量主存储成本,而且最大程度地减小了本地扩展存储的需求。您还可以保留对经常访问的数据的低延迟访问。
  • 存储卷 – 如果需要对整个数据集进行低延迟访问,请首先将本地网关配置为将所有数据存储在本地。然后以异步方式将此数据的时间点快照备份到 Amazon S3。此配置提供了经久、价格低廉且可以恢复到本地数据中心或 Amazon EC2 的场外备份。例如,如果您出于灾难恢复目的需要替代容量,则可以将备份恢复到 Amazon EC2。

All data is backed up to S3 asynchronously when a stored volume is used. This ensures that no lag is incurred by clients that interact with the stored volumes on-site.

6.4 Tape gateway

磁带网关 – 通过使用磁带网关,您可以采用经济高效且持久的方式在 GLACIER 或 DEEP_ARCHIVE 中存档备份数据。虚拟磁带库提供了虚拟磁带基础设施,该基础设施可根据您的业务需求以无缝方式扩展,并可消除预配置、扩展和维护物理磁带基础设施的运营负担。

您可以在本地将 AWS Storage Gateway 作为 VM 设备运行,或者在 AWS 中将其作为 Amazon Elastic Compute Cloud (Amazon EC2) 实例运行。您可以在 EC2 实例上部署网关,以便在 AWS 中预配置 iSCSI 存储卷。您可以使用 EC2 实例上托管的网关进行灾难恢复、数据镜像以及为 Amazon EC2 上托管的应用程序提供存储。

A storage gateway using stored volumes will store all data locally, providing low latency access to that data. Further, the entire dataset is backed up to S3 for disaster recovery. S3 is durable and available, but not as fast as accessing local data. A VTL provides a tape backup interface, but not necessarily fast data access.

A tape gateway is ideal for replacing off-site tape directories. The gateway is a virtual tape directory and avoids the costs of transporting actual tapes to an expensive off-site location.

posted @ 2022-10-03 10:08  逆流的鱼2016  阅读(62)  评论(0编辑  收藏  举报