Thursday, December 15, 2022

EA Activities

Step by Step Instruction to Create EA

Create Guidelines

Risk management guidelines. Can use the below tools to manage risks - https://www.lucidchart.com/pages/templates/generic-framework-for-risk-management

Risk register template - https://www.lucidchart.com/pages/templates/risk-register
Risk breakdown - https://www.lucidchart.com/pages/templates/risk-breakdown-structure
Risk impact scale - https://www.lucidchart.com/pages/templates/risk-impact-scale

Develop Architectural Principles: 4 areas of principles

Create Arch Repo- Organise the artefacts created in each phase to the common repo
Define the scope of the enterprise architecture. This should include the boundaries of the organization, the systems and processes that will be covered by the architecture, and any relevant constraints or limitations
Do the maturity analysis of the organisation

Meeting with executives to find out the business goals, vision, roadmap and KPI
Meeting with Business teams and architects to get a detailed view of each business department's business goals & roadmaps to achieve the executive KPI and discuss the current business capabilities.
Meeting with the technology/application team to find the current technology landscape and technology DevOps capabilities in the company.
Create the current state of the organisation

Create an organisational view. Refer - https://pubs.opengroup.org/togaf-standard/business-architecture/organization-mapping.html

A stateholder map can be created in the form of https://www.lucidchart.com/pages/templates/stakeholder-map-example
Challenges in managing stakeholders - https://www.lucidchart.com/blog/how-to-manage-common-stakeholder-issues-and-challenges

Create RACI Chart - https://www.lucidchart.com/pages/templates/raci-chart
Create a business capability view. Refer - https://www.lucidchart.com/blog/a-quick-guide-to-business-capability-maps . Refer - https://online.visual-paradigm.com/knowledge/business-design/what-is-enterprise-archtiecture-diagram/ or using https://www.lucidchart.com/pages/templates/functional-decomposition-example.

Can contains business process flow diagrams - https://www.lucidchart.com/pages/templates/current-vs-future-state-flowchart

Create Application Architecture view

Create application architecture view. e.g. - https://www.lucidchart.com/pages/templates/application-architecture-example
Create integration architecture view e.g. https://www.lucidchart.com/pages/templates/integration-architecture-example
Create deployment diagram - https://www.lucidchart.com/pages/templates/uml-deployment-diagram-example
Create DevOps Arch diagram - https://www.lucidchart.com/pages/templates/dev-ops-toolchain-and-process-flow-example

https://www.lucidchart.com/pages/templates/ci-cd-toolchain-example

Create Data Architecture that contains the following

Dataflow diagram - https://www.lucidchart.com/pages/templates/data-flow-diagram-level-1

https://www.lucidchart.com/pages/templates/data-flow-diagram-level-2

https://www.lucidchart.com/pages/templates/data-flow-diagram-physical-example
K12 Data model - https://www.lucidchart.com/pages/templates/education-data-architecture-eda-k-12-data-model

Create dependency and risk management view - https://www.lucidchart.com/pages/templates/dependency-graph

Create the Technology Architecture diagrams that contain the following

Hosting - https://www.lucidchart.com/pages/templates/web-application-hosting-diagram-example

Create the desired state of the organisation. Follow to create the same list of diagrams from current state step 5 above.

Do the tech stack evaluation if the desired state require new technology stacks. Refer https://www.lucidchart.com/blog/how-to-choose-the-right-technology-stack-for-software-architecture
Refer https://www.tiobe.com/tiobe-index/ for new trends

Do the Gap Analysis using the following

SWOT(Strngth, Weekness,Opportunity, Threat) - https://www.lucidchart.com/pages/templates/swot-analysis-example
PESTLE(Political, Economical, Sociological, Technological,Legal, Environmental) - identify threats and opportunities by examining the factors

Identify the cause and effect of problems in the current/future state via using fishbone(Ishikawa) diagram - https://www.lucidchart.com/pages/templates/cause-and-effect-diagram-example
Can use mckinsesy's 7S framework to determine whether a company is meeting expectations, and it actualizes the shared values of an organization https://www.lucidchart.com/blog/mckinsey-7s-model

Create Operational & Development Value Stream as part of SAFe

Create Operational Value stream. Map down all values to the target customer and create seperate operational value stream for each values. Refer https://www.scaledagileframework.com/identify-value-streams-and-arts/ for the steps to create the value stream
Create Development value stream
Lean Budgeting(Funding value streams not projects) for the Development value stream. Refer - https://www.scaledagileframework.com/lean-budgets/

Create value stream KPI - https://www.scaledagileframework.com/value-stream-kpis-2/
Identify areas of inefficiency and waste in your value stream, and use the SAFe framework to implement improvements and streamline the processes
Establish agile governance processes to ensure that your organization is able to deliver value efficiently and effectively, using the SAFe framework as a guide

Do the prioritization, create optimal sequence
Create the EA Roadmap - Refer https://www.scaledagileframework.com/roadmap/

Should mostly contains the following documents as well

Enterprise architecture plan: This document outlines the overall strategy and direction for the enterprise architecture, including the goals and objectives, scope, timeline, and stakeholders.
Architecture roadmap: This document provides a high-level overview of the planned changes and improvements to the enterprise architecture over time
Reference architecture: This document defines the common elements and standards that will be used across the enterprise architecture, including the technology stack, data models, and design patterns
Capability map: This document provides a visual representation of the organization's capabilities, showing how they relate to each other and to the business goals
Solution architecture: This document provides a detailed description of a specific solution or system within the enterprise architecture, including its components, interfaces, and dependencies

Refer - https://pragmaticarchitect.wordpress.com/2013/07/01/how-to-build-a-roadmap-prioritize-part-i/
https://pragmaticarchitect.wordpress.com/2013/07/29/how-to-build-a-roadmap-sequence/
https://conexiam.com/togaf-adm-phase-e-build-the-architecture-roadmap/

Monitor and maintain the enterprise architecture. This involves regularly reviewing and updating the architecture to ensure that it remains relevant and effective over time. Get feed back from the solution team and if there are any gaps put it back in the SAFe back logs

During the realisation, use SAFe to do the PI(Program Iteration) Planning - https://www.lucidchart.com/pages/templates/sa-fe-pi-planning
Risk management in SAFe is done via the ROAM(Resolve, Own, Accept, and Mitigate) board

Reference: https://gitlab.com/redhatdemocentral/portfolio-architecture-examples

Wednesday, September 29, 2021

Convert an XML to RAML

Convert XML to YAML

If you want to convert XML to RAML there are lots of online tools available to do the task. One among them is https://codebeautify.org/xml-to-yaml. This tool accept XML with namespaces node and convert it in yaml format

Remove namespace from XML

There can be situations where someone requires to remove the namespace from a sample XML. This blog explains the steps

Go to any of the XML transformation sites online. As an eg. https://www.freeformatter.com/xsl-transformer.html
Paste the XML with namespace in the "XML Input" text area
Paste the following XSLT to "XSL Input" text area

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" />
<xsl:template match="/|comment()|processing-instruction()">
<xsl:copy>
<xsl:apply-templates />
</xsl:copy>
</xsl:template>
<xsl:template match="*">
<xsl:element name="{local-name()}">
<xsl:apply-templates select="@*|node()" />
</xsl:element>
</xsl:template>
<xsl:template match="@*">
<xsl:attribute name="{local-name()}">
<xsl:value-of select="." />
</xsl:attribute>
</xsl:template>
</xsl:stylesheet>

Click on the "Transform XML" button to transform the XML

Thursday, February 20, 2020

AWS Products

Different AWS products are categorised to different groups. The group name will be putting against each product heading in Italics

AWS Lambda λ - Computing

https://aws.amazon.com/lambda/features/ & https://en.wikipedia.org/wiki/AWS_Lambda
Serverless service that runs your code in response to events and automatically manages the underlying compute resources for
This is an event capturing service. If a function is created and assigned to DB each event in the DB invokes this λfunction service
Server less compute which an be used to address a use case quickly. Later on when it can be moved to EC2 when needed
There cab be synch and asynch λfunction
No allocation of CPU and only allocate Memory(128M to 3GB) for λ functions
λ function should finish within a maximum of 15 minutes
charged on how much time a λ function takes to execute
Steps

Go to IAM and create a role of type AWS Service and select λ and click next button
Select the AWSLambdaBasicExecutionRole from the policy list which provide write access to CloudWatch Log
Provide the name as "LambdaBasicExecutionRole" in the last step and click on create
Go to Lambda console and click on create function button to create a lambda function which provide the following options and select the first one

Author from Scratch
Use blue print
Deploy from AWS Serverless Repository

Provide the following details

Function Name: HelloName
Runtime: Any runtime like nodejs, java etc.
Role: Role created above

Give the following details to the above λ function

code entry type: Edit code inline
Runtime: Node.js
handler: index.handler (Need to create a file named index.js and put a function named handler in that file)

In the code pane create a new file named index.js with the following details

exports.handler = async(event) => {
console.log("event:" +JSON.stringify(event));
const response = {
statusCode : 200,
body : JSON.stringify("Hello from Lambda λ " + event.name)
};
return response;
};

Now click on Test and create the json as {name: MyName} and execute you can see that the λ function got executed
Now need to create an API using API Gateway
Create a new REST API with the following settings

Protocol : REST
New API
API Name: HelloName
EndPoint type: Regional (Regional, Edge Optimised, Private)

Click on Actions dropdown menu and click Create Method
Select GET as the method type on default(/)
Select newly created GET method to define its properties as given below

Integration type: λ function(other values can be HTTP, Mock, AWS Service, VPC Link)
Use λ proxied integration selected. That will make sure to take the input request and patches them and send that to the λ function event
λ Function: The previous one created and click on save button

The API got created. Click on Method Request and add a query parameter as "name"
Now need to change the λ function to make the following change

body : JSON.stringify("Hello from Lambda λ " + event.name) changed to body : JSON.stringify("Hello from Lambda λ " + event.queryStringParameters.name)

Now the API Gateway is ready to test
To Deploy the API click on Actions(Dropdown menu) -> Deploy API . After deployment you will be getting a url that will be available to invoke the API

Amazon CloudFront - Networking & CDN

It is the the CDN in amazon
Can constraint access

Amazon Route 53 - Networking & CDN

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service

AWS Identity Access Manager(IAM) - Security & Identity

1000 roles for an account as a soft limit. It can be get increased if required via contacting AWS
With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access

Amazon Cognito

Identity manager that allows with social login as well

Amazon Inspector - Security & Identity

tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances
After performing an assessment, Amazon Inspector produces a detailed list of security findings that is organized by level of severity
also offers predefined software called an agent that you can optionally install in the operating system of the EC2 instances that you want to asse

Amazon Shield - Security & Identity

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer
can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced
AWS Shield Standard is automatically included at no extra cost beyond what you already pay for AWS WAF and your other AWS services

AWS Security Hub - Security & Identity

provides you with a comprehensive view of your security state in AWS and helps you check your compliance with the security industry standards and best practices

Amazon API Gateway

https://aws.amazon.com/api-gateway/features/
Manage and secure APIs

AWS Elastic Beanstalk - Computing

Deployment and application management tool
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html
There is no additional charge for Elastic Beanstalk. You pay only for the underlying AWS resources that your application consumes

EKS, AWS Fargate - Computing

Refer https://sukesh-kumar.blogspot.com/2019/12/aws-cloud-getting-started.html

Amazon Aurora - Database

fully managed relational database engine that's compatible with MySQL and PostgreSQL
can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL
Aurora is part of RDS

Amazon Kinesis - Analytics

https://aws.amazon.com/kinesis/
Processing big data in real time. Data Streams is a scalable and durable real-time data streaming service that can continuously capture gigabytes of data per second from hundreds of thousands of sources. Easily collect, process, and analyze video and data streams in real time

Amazon EMR- Analytics

Easily Run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks

Amazon Athena - Analytics

an interactive query service that makes it easy to analyze data directly in Amazon S3 using standard SQL
is serverless
scales automatically—executing queries in parallel—so results are fast, even with large datasets and complex queries

Amazon Redshift - Analytics

Cloud data warehousing
https://en.wikipedia.org/wiki/Amazon_Redshift

AWS CloudFormation - Management & Governance

is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications
You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all of that

AWS CloudTrail - Management & Governance

is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account
Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail

AWS Database Migration Service - Migration & Transfer

cloud service that makes it easy to migrate relational databases, data warehouses, NoSQL databases, and other types of data stores
can use AWS DMS to migrate your data into the AWS Cloud, between on-premises instances (through an AWS Cloud setup), or between combinations of cloud and on-premises setups
can perform one-time migrations, and you can replicate ongoing changes to keep sources and targets in sync

AWS Snow Ball - Migration & Transfer

uses physical storage devices to transfer large amounts of data between Amazon S3 and your onsite data storage location at faster-than-internet speeds
Snowball devices are physically rugged devices that are protected by the AWS Key Management Service (AWS KMS)
80 TB and 50 TB models are available in US Regions; 50 TB model available in all other AWS Regions

AWS DataSync - Migration & Transfer

online data transfer service designed to simplify, automate, and accelerate copying large amounts of data to and from AWS storage services
copies data over the internet or AWS Direct Connect

Tuesday, February 18, 2020

Compare Mule, Dell Boomi WSO2

Compare Mule, Dell Boomi & WSO2

Item	Mule	Dell Boomi	WSO2	Talend Data
Coast	180K/year	550$/month =6.6K/year	Micro 6K/year,standard 24K for each cloud. API Cloud+Integration cloud 12K/year	$1,170/user monthly $12K/user yearly
Different Editions	Gold, Platinum & Titanium	Base, Professional, Pro Plus, Enterprise, Enterprise Plus	Micro(No pre prod) & Standard(1 pre prod) (All features available for both)	Cloud Data Integration & Cloud Fabric
Charging way	Volume Driven.	API Driven	API Driven for API Cloud. Volume for Integration Cloud.	Per User
Extra info on charging	A good fit if more and more usage is there	Each api is having 2 points and hence each new API increase the cost
B2B Capabilities		Yes
API Management in the Same Platform as API	Best	Yes	Yes
Support to EDI standards like ANSI X12 and UN/EDIFACT		Yes
Hybrid Integration Platform	Yes		Yes
iPaaS	Yes	Yes	Yes	Yes
Other API Management	With the help of Service Mesh		Yes
Transformation	Dataweave. Lots of pre-packaged transformers available	Data mapping auto suggestions are available	XSLT
Connectors	Lots of connectors available 300+
Persistnce	Object Store	Persistant property
Batch Processing	Batch	Flow control
Connecting to on-premise systems	Cloudhub allow VPN to connect to on-premise	Atom cloud don't support VPN and hence required to install Atom under the firewall to connect to onpremise
API Specification	RAML 1.0 & OAS 2.0	OAS 2.0	OAS 2.0	RAML 1.0 & OAS 2.0

Reference:
Monitoring/API Manager - status.boomi.com, https://api.cloud.wso2.com/publisher/ & https://cloudmgt.cloud.wso2.com
https://www.mulesoft.com/ty/report/gartner-magic-quadrant-ipaas
WSO2 Pricing - https://wso2.com/blogs/cloud/changes-to-wso2-cloud-pricing/

Tuesday, February 4, 2020

Mule Sizing

3 types of licenses/support - https://www.mulesoft.com/anypoint-pricing

Basic subscription + Gold level

Anypoint Design Center
Anypoint Runtime Manager
Anypoint API Portals
Anypoint Exchange
Anypoint Connectors –Select
2 VPCs
Mule runtime

Capacity included: 2 prod / 4 pre-prod cores (cloud or on-prem)
Capacity for Management included

Gold level support - Base level support

8 x 5 Business Hours
1 Business day response SLA
20+ incidents

OPTIONAL - Connector/Module

API Manager & Analytics
Anypoint MQ
Anypoint Security: Edge
Anypoint Security: Tokenization
EU Control Plane
Dedicated Load Balancer
Additional VPC/VPC Connectivity
Cold Standby/Disaster Recovery
Private Cloud Edition

Platinum

Support

24 x 7 support
2 hour response SLA
Unlimited incidents

Features

ID federation - Identity management using External identity
Global Cloud - Can deploy to multiple cloud regions
HA aka Anypoint Fabric (on-prem and cloud)
Business groups
Hybrid deployment flexibility
Multi-host on-premmanagement

Titanium

Support

45 mins response SLA

Features

Advanced Diagnostics
End 2 End Transaction Tracing
Interactive data analysis
Distributed Log Search
Data Storage

200 GBs/core
Regional storage
Customer specified data retention

Sizing

Fill the excel in the link https://mulesoftpartners.bloomfire.com/posts/2733200-anypoint-platform-sizing-questionnaire and send to MuleSoft to calculate the sizing. Mule provide the sizing information

Tuesday, December 31, 2019

AWS Cloud Getting Started

Amazon cloud

This blog post is having the introductory information about Amazon Cloud.

There are two types of cloud in amazon

Amazon Elastic Compute Cloud(EC2). https://aws.amazon.com/ec2/ instance types: https://aws.amazon.com/ec2/instance-types/
Amazon Lightsail. Lightsail includes everything you need to launch your project quickly--a virtual machine, solid state drive (SSD)-based storage, data transfer, Domain Name System (DNS) management, and a static IP--for a low, predictable monthly price. https://aws.amazon.com/lightsail/. The price details are here https://aws.amazon.com/lightsail/pricing

EC2 - Steps to created an EC2 instance

Instance types - (https://aws.amazon.com/ec2/instance-types/) that selects the hardware
Different instance purchasing option

Spot instance - Lower than on-demand price, but can be available only if unused instance available
On-demand instance - Pay by hour
Dedicated instance

Login to Amazon console - https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2
Select Services menu and click on EC2
It displays the list of AMIs(Amazon Machine Image - Include OS and other apps and memory and hardware details). Select one image and then select instance type
Select VPC(Refer VPC for step to create a VPC)
Select what kind of subnet. May select public sub net
Select a role that used to communicate to other services
Go to Advanced Details and click on User Data. Put the script that required to be executed when EC2 instance get launched. For example to extract the zip file and execute it that contains the application code
Leave the storage as default
Add the tags. Tags used to categorize the EC2 instance for eg. Name, Department etc.
Select the security group. You can create a new security group or select an existing one. Select an existing security group say "web-security-group"(Enable HTTP Access), "default"(default VPN security group) & "db-security-group"(DB instance security group)
Now launch it via clicking on the "Launch" button on the last review page

VPC

Information about VPC can be found here https://aws.amazon.com/vpc
AWS always provide a default VPC for a region with a single public subnet- https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html
Create VPC & Create public and private subnets. Subnets - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
Allow 5 VPCs per region
200 subnet per VPC
200 route table
500 security group
50 inbound/outbound rule

Login to Amazon console & select Services menu and click on VPC
Provide the VPC dashboard. Launch VPC Wizard that displays the following options. Select Option 1 from the below

VPC with single public subnet. Subnet instances use elastic or public ip
VPC with a single public & a private subnet. public subnet use public ip to access internet. Private subnet needs to use the NAT device which is there in public subnet to access the internet. The NAT usage is having hourly charge
Same as 2 but private subnet connected to on-premise via IPSec VPN tunnel. VPN charges apply
Same as 3 but without the public subnet. So the private sub net can not be accessible from the net

In the next screen provide the following

Network ip : 10.10.0.0/16 (make sure to provide a subnet mask with value >15)
VPC Name: ecomvpc
Public Subnet IP: 10.10.1.0/24
Select the availability zone
Leave the rest of the values as default and click on the button create VPC

Next step is to create the IGW
Now the subnet and VPC are running. Next step is to create an EC2 instance. While creating the EC2 instance provide the VPC name and subnet names are the one from here. Refer EC2
Now the public subnet can be accessed from the internet and can host an http server. The DB has to be there in another subnet. For that need to create a private subnet in the same VPC. For that do the following steps

Click on the subnets left menu from the VPC dashboard and click on create subnet with the following details

Name : Private DB Subnet
VPC: the VPC created previously
Subnet IP: 10.10.2.0/24

Click on create to create the new subnet

Install the DB in the newly created private subnet. The database will be already available for web app in public subnet because both of them are in the same VPC. But the private subnet is not available from internet. The following steps to create the db in the subnet
Now for getting high availability the public subnet and private subnet has to be created in another availability zone with the following details

Name : Pubic Subnet2
VPC: the VPC created previously
Subnet IP: 10.10.3.0/24
Avaialability zone : zone 2
Name : Private Subnet2
VPC: the VPC created previously
Subnet IP: 10.10.4.0/24
Avaialability zone : zone 2

Now to allow public subnet2 to allow internet traffic it has to be associated with IGW via the route table. For that do the following steps

Go to list of route tables and select associate the public sub net 2 as well to the route table . Refer the steps from IGW 5.4

Now configure Load Balancer for that go to ELB
When the VPC required to communicate to own DataCenter use VPG(Virtual Private Gateway)
If you want to communicate with a VPC that is in the same region use VPC Peering. Make sure that each VPC don't have colliding cidr ip ranges
If you want the private subnet to connect to the outbound flow to internet you need to use a NAT.
To create security groups to control the access restrictions refer Security Group

IGW(Internet GateWay)

The subnet is not able to connect to internet. For that required to create IGW. Go to VPC Dashboard and click on Internet Gateways menu on the left
Click on the create internet gateway button and provide the name. IGW got created
Now when we are listing all Gateways the one created above having a status as detached. This means that it is not attached to any VPC. To attach the gateway to the VPC click on actions->Attach to VPC and select the VPC created above
Refer Create Route Table

The instances in VPCs should be having public or elastic IPs to connect to internet. Elastic IP address to make it as static with a cost if it is not allocated to instance
IGW do the network ip address translation of your VPC network
Only 1 IGW can be attached to a VPC

Route Table

Route table is a set of rules to determine how the network traffic is directed
Each subnet must associate with a route table and a subnet can associate with only a single route table
Multiple subnets can be associated with a single route table

Now required to create a custom route table(white listing). For that click on the route table left hand menu in VPC dashboard. Click on create route table to create the route table with the following details

Name : ecomRouteTable
VPC: The VPC created above
click on create route table to create the route table

Now the route table is created to handle only local traffic. The next steps to be followed to allow internet traffic

When you select the route table created on above you will see the edit pane.
From the edit pane select the tab routes you will see only local. Click on the edit button to edit the routes and add the following
Add a new route row 0.0.0.0/0 - which represents the traffic from the internet. Put the Target as the IGW created(refer IGW) on save
To associate the route to public subnet. Click on the subnet association tab and click edit and select the public subnet created previously and click save

ELB(Elastic Load Balancer)

Elastic Load Balancing offers three types of load balancers.

Application Load Balancer - HTTP/HTTPS traffic load balancing
Network Load Balancer - handle tens of millions of requests per second
Classic Load Balancer - legacy

https://creately.com/blog/diagrams/aws-templates-for-architecture-diagrams/

Configure the Elastic Load Balancer (ELB) to select which ip to route(public subnet 1 or public subnet 2). [ https://aws.amazon.com/elasticloadbalancing/ ]

Go to EC2 Dashboard (https://us-east-2.console.aws.amazon.com/ec2/v2/home) and click on left hand menu load balancers and click create load balancer button. There are 3 types of load balancers: application (HTTP/s), Network(TLS,STP,UDP)- having high performance over application load balancer, Classic(old style that supports https/tcp). Here the application ELB will be created with the following details

Name: ecomelb
Scheme: Internet facing
VPC: The VPC created previously
Availability zones: Zone1 & Zone2 and select the 2 public subnets from each zones

Now go to the tab security groups to set the security group in ELB. Select the web-security group which enable to access 80
Go to Configure Routing tab to configure the routing that contains the 2 web servers.

Target Group : New Target Group
Name: WebserverGroup
Protocol:HTTP
Port: 80
Leave the rest as default and click on Register Targets button that leads to the page that showing the list of running web servers targets. Select them and click on add to registered button to add them to the list

After Review click on create button to create the ELB. You can see the DNS name for the ELB to access the website using ELB.

VPG(Virtual Private Gateway)

VPG has to be created at VPC side
At customer side required to create a Customer Gateway which can be a device or a software
VPN tunnel used to communicate between VPG and customer gateway

NAT(Network Address Translation)

This is used to connect private subnet to internet
NAT can be a Gateway or Device
NAT has to be added to public subnet so that it get internet connectivity
NAT use its ip address while communicating to internet like a proxy server
NAT require an elastic ip

Click on the NAT left hand menu in VPC dashboard. Click on create NAT to create the NAT with the following details

Siubnet: public subnet created earlier
Elastic IP: the elastic ip created earlier but not assigned ye

Click on create to create the NAT
Edit the route table and select the Default route table which is currently assigned to the Default route table
Add a new route row 0.0.0.0/0 - which represents the traffic to the internet. Put the Target as the NAT created(while selecting the target IGW and NAT will be shown never select IGW for private subnet as best practice)

Security Group

Security Group acts as a virtual firewall
you can add rules to control the connection
Normally add the instance inside a security group so that it can control what traffic in and out
By default security group allow all outbound traffic
Security groups are always permissive and you can not do deny access
A webserver security group will allow 80 & 443 ports and a MySQL DB security group will allow port:1433 and RDP port. While adding RDP put a source IP address so that only that IP can do remote desktop access

Click on the Security Group left hand menu in VPC dashboard. Click on create Security Group to create the Security Group with the following details

Name: webserverSG
Group:webserverSG
VPC: the vpc created earlier

Click on create to create the security group
Go to Inbound rules and add the following rows

Type: HTTP 80 (this will automatically fill rest. But if you are selecting Custom you need to fill all yourself)
Protocol: TCP
Port: 80
Source: 0.0.0.0/0 or put another security group name if you want to allow inbound only from a security group

Add 443 and save
Creare another security group for DB Server with the name:dbserverSG with following details and save

Type: MS SQL
Protocol: TCP
Port: 1433
Source: webserverSG (This way the DB access will be restricted from webserver only)

ACL(Access Control Layer)

ACL is an optional layer of security to black list
* DENY means deny all and you can not modify that
Each subnet in your VPC should be associated with an ACL. If not associated with a custom ACL, by default it will be assigned to default ACL
Subnet can be associated with one ACL but and ACL can be associated with multiple subnets
ACL contains a numbered rules in order starting with lowest rule number#
When an allowed traffic found it allows the traffic even if there is a rule to deny it on a higher number
Rule number increment by 100 so that there will be enough room to add extra rules in between

Click on the Network ACL left hand menu in VPC dashboard. Click on create Network ACL to create it with the following details
Provide the rules

LightSail - Steps to created an LightSail

Login to Amazone console - https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2
Select Services menu and click on LightSail
It displays the list of blueprint. Select say Magento. Select the plan and provide the name

Other Amazon Terms

Region

A collection of availability zones. Minimum 2 availability zones required for a region. Run application always in both availability zone. Refer - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

While selecting a region the following questions to be asked

Latency - Where are your customer located?
Cost - Some region is having less cost than the other region
Compliance - Legal restriction saying that the data should be there in the country
Service Availability - New services might be available only in some regions and it takes some time to roll out to other regions#

Container Services

Amazon Elastic Container Service (ECS) - Container Orchestration using Docker(may be docker swarm) to deploy. https://aws.amazon.com/ecs/

Amazon Elastic Container Service for Kubernate (EKS). Container Orchestration using kuberante(Kubernate is developed by Google). https://aws.amazon.com/eks/

AWS Fargate - a compute engine for Amazon ECS and Amazon EKS that allows you to run containers without having to manage servers or clusters. https://aws.amazon.com/fargate/

Elastic Block Storage(EBS) & Elastic File System(EFS)

Storing images videos etc. which is considered as object storage uses EFS eg.S3(simple Storage Service). It stores 3 copies of the files for redundancy. 5T is the size of a single file/object. https://aws.amazon.com/s3. Steps to create S3.

EFS can be attached to different subnets from different VPCs. It does not required to be inside a subnet. https://aws.amazon.com/efs/. Using Amazon EFS you can mount an on premise storage but it is not possible using S3

Go to Dashboard, Select Services menu and click on S3 and click on create bucket will provide a popup to enter the details.

Bucket Name: ecomBucket
Region: Us West
Copy Setting from an Existing Bucket:

Click on create button to create the bucket. But this bucket is private
Edit the bucket and click on upload button to upload a file/image.
After loading the file when we click on the object we can see the information about the object. One among them is a link which is a public link. But when we access the object using that link it says access denied
So go to object and select permissions tab and click on the public radio button to give the access as public

Storing blocks amazon uses EBS eg. Amazon RDS. https://aws.amazon.com/ebs and pricing can be found here https://aws.amazon.com/ebs/pricing/

Amazon DB

There are 2 types RDS and Dynamo

RDS

Any database of your choice like MySQL, Oracle etc.
Patches installations, scaling, performance etc. are automatically handled
You can use the AWS Database Migration Service (AWS DMS) (https://aws.amazon.com/dms) to quickly and securely migrate your databases to AWS
Pricing - https://aws.amazon.com/rds/pricing/
Steps to create an RDS(assume that the subnet already got created)

Go to Dashboard, Select Services menu and click on RDS
Click on the create database button and select the database as say amazon arora, mysql, postgress etc.

Dynamo

No transaction support
No SQL
Big Data
No need to mention about the capacity of the machine instead just mention about the throughput
Replicate the data in 3 facilities in a region
Dynamo DB

Tables contains a simple partition key which is the primary key
Table contains a sort key as well
Composite primary key is partition key + sort key together
Secondary index contains the subset of attributes from a table and can contain many secondary indexes
Local secondary index is having the same partition key as base table but having a different sort key
Global secondary index is having both partition key and sort key as different form base table

https://aws.amazon.com/dynamodb pricing - https://aws.amazon.com/dynamodb/pricing/
Steps to create

Go to Dashboard, Select Services menu and click on DynamoDB
Click on create table button and create the table

Table Name: Music
Partition Key: Artist
Sort Key: Song Title

Once table got created click on items tab and create items via entering the above attributes and you can search using partition key and sort key

Steps to create Local Instance

Go and download http://dynamodb-local.s3-website-us-west-2.amazonaws.com/dynamodb_local_latest.zip the zip file and extract it to locale drive
Run command >java -Djava.library.path=./DynamoDBLocal_lib -jar DynamoDBLocal.jar -sharedDb
Got to http://localhost:8000/shell to access the shell

Monitoring & Cloud watch

Cloud watch collect data points like cpu, memory etc. - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html
Required to install cloud watch agent in the cloud/on-premise servers to collect the information
visualize log is used to visualize and analyse log - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
It can trigger events/alarm depends on the thresholds. Events - https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
Refer https://aws.amazon.com/cloudwatch/
Auto scaling can be done at cloud watch so that a new instance can be automatically created. https://aws.amazon.com/ec2/autoscaling
Steps to configure cloud watch auto sca

Go to EC2 Dashboard, Select Auto Scaling Group from left hand menu and click on create auto scaling group button.This will provide which AMI to use it for auto scale
Select AMI that should be used for the new instance
Click on the next button and provide the below information for the instance

Name: WebServer
Role:The same role as the original EC2 instance
In advanced details pate the user data section with the script. Refer EC2 creation step
Select the storage, security group etc
Click on lauch configuration

Click on the lauched configuration and edit the following details

Group Size : 2 (2 instances will be get created)
Network: VPC name
Subnet: The public subnet or can create a new one and assign here as well
Load Balancing: Receive data from 1 or more ELB
On the scaling policy tab change the following
Select radio button to select the scaling policy to adjust. This is the one that will decide what policy to select when cloud watch decided to change the scaling
Scale min:2 & Max: 4
Name: Scale Up
Metric Type: Average CPU Utilization
Target Value: 60%
Instance need: 300 (seconds required to warm up after scaling)
Click on next button to configure notifications if required in the notification tab
Review and create the group

Security

physical data center, network & hyper wiser security responsibility belongs to AWS and rest starting from guest OS onward belongs to the client
AWS provide a wide range of encryption tools or can use custom encryption as well
Automatic encryption are there in EBS & S3
Encryption keys like AWS HSM, Key Management Service(KMS) can be used
Shared responsibility model https://aws.amazon.com/compliance/shared-responsibility-model/
Security White Paper - https://d1.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf

Amazon Inspector

is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Suppose that you have several Amazon EC2 instances, and you want to ensure that they’re all properly configured with the recommended password complexity settings. Instead of manually checking the settings for each EC2 instance, you can run a vulnerability assessment through Amazon Inspector, which scans all of the EC2 instances to check if the password complexity settings are compliant.

AWS Security Hub

Instead of constantly switching back and forth between separate tools, you can monitor all your security findings and compliance checks in AWS Security Hub. It aggregates, organizes, and prioritizes your security findings

AWS Web Application Firewall (WAF)

a service that helps to protect your web applications and APIs against common web exploits that may affect application availability, compromise security, or consume excessive resources.

AWS Key Management Service (KMS)

control the encryption keys that are used to encrypt and protect your data

AWS Shield

a managed DDoS protection service that safeguards applications running on AWS. It comes in two tiers: Standard(default with no extra cost) and Advanced

Autoscaling

The following are the EC2 scaling options

Maintain the current instance levels at all times
Manual scaling
Scheduled scaling
Dynamic scaling - based on load or specified parameter
Predictive scaling

Cost Management Tools

AWS Cost Explorer - https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

provide reports on cost
View data for up to the last 13 months
Forecast how much you're likely to spend for the next 3 months
Get recommendations for Amazon EC2 rightsizing and reservation purchases

AWS Budgets

Allows to create alerts when the cost exceeds threshold. This can be done with Cloud Watch as well but AWS Budget provides more granularity and visibility

AWS Trusted advisor - https://aws.amazon.com/premiumsupport/trustedadvisor/

Identify improvement on cost, security etc.

AWS Total Cost of Ownership (TCO) Calculator

compare the cost of running applications in an on-premises or traditional hosting environment to running the applications with AWS

Code Your Infrastructure with AWS CloudFormation(Governance)

Describe the AWS resources that you want to create and configure in a single text file, JSON/YAML
AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications without having to perform manual actions or write custom scripts

Get Actionable Insights from AWS Trusted Advisor

Checks against your environment to see if it meets predefined criteria. It provides feedback and best practices in five categories: cost optimization, security, fault tolerance, performance, and service limits.

The status of the check is shown on the dashboard page using color coding and icons.

Red circle exclamation point: action recommended
Yellow triangle exclamation point: investigation recommended
Green square check mark: no problem detected

AWS Well-Architected Framework

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

https://aws.amazon.com/architecture/well-architected/?ref=wellarchitected-wp&wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc

https://aws.amazon.com/well-architected-tool/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

AWS Cloud Adoption Framework (CAF)

help you assess your needs across a wide range of areas and develop the right workstreams to achieve your goals.

organizes guidance into six areas of focus, called perspectives

Business Perspective - IT is aligned with business needs and that IT investments are linked to key business results
People Perspective - development of an organization-wide change management strategy for successful cloud adoption. Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps
Governance Perspective - focuses on the skills and processes to align IT strategy with business strategy & understand how to update the staff skills
Platform Perspective - principles and patterns for implementing new solutions in the cloud, and migrating on-premises workloads to the cloud
Security Perspective - organization meets security objectives for visibility, auditability, control, and agility
Operations Perspective - enable, run, use, operate, and recover IT workloads to the level that is agreed upon with your business stakeholders

To get started, take the 16-question AWS Cloud Adoption Readiness Tool (CART) assessment

Amazon pricing - https://aws.amazon.com/pricing/

Pricing calculator - https://calculator.aws/. For more info https://aws.amazon.com/blogs/aws/check-it-out-new-aws-pricing-calculator-for-ec2-and-ebs/

Thursday, January 11, 2018

Facebook Dynamic Ads

Facebook dynamic ads automatically promote products to people who have expressed interest on ecommerce website. Need to upload the product catalog and set the cmapaign and facebook ads started working. The following links help to implement the facebook ads in an ecommerce site
Ads pricing information
Catalog Feed Samples - CSV example, XML example
Dynamic ad integration
Facebook SFCC integration blog
Integration guide
FAQ on facebook SFCC integration