Thursday, December 15, 2022

EA Activities

 Step by Step Instruction to Create EA

  1. Create Guidelines
    • Risk management guidelines. Can use the below tools to manage risks - https://www.lucidchart.com/pages/templates/generic-framework-for-risk-management
      • Risk register template - https://www.lucidchart.com/pages/templates/risk-register
      • Risk breakdown - https://www.lucidchart.com/pages/templates/risk-breakdown-structure
      • Risk impact scale - https://www.lucidchart.com/pages/templates/risk-impact-scale
    • Develop Architectural Principles: 4 areas of principles 
    • Create Arch Repo- Organise the artefacts created in each phase to the common repo
    • Define the scope of the enterprise architecture. This should include the boundaries of the organization, the systems and processes that will be covered by the architecture, and any relevant constraints or limitations
    • Do the maturity analysis of the organisation 
  2. Meeting with executives to find out the business goals, vision, roadmap and KPI
  3. Meeting with Business teams and architects to get a detailed view of each business department's business goals & roadmaps to achieve the executive KPI and discuss the current business capabilities.
  4. Meeting with the technology/application team to find the current technology landscape and technology DevOps capabilities in the company.
  5. Create the current state of the organisation
    • Create an organisational view. Refer - https://pubs.opengroup.org/togaf-standard/business-architecture/organization-mapping.html
      • A stateholder map can be created in the form of https://www.lucidchart.com/pages/templates/stakeholder-map-example
      • Challenges in managing stakeholders - https://www.lucidchart.com/blog/how-to-manage-common-stakeholder-issues-and-challenges
    • Create RACI Chart - https://www.lucidchart.com/pages/templates/raci-chart
    • Create a business capability view. Refer - https://www.lucidchart.com/blog/a-quick-guide-to-business-capability-maps . Refer - https://online.visual-paradigm.com/knowledge/business-design/what-is-enterprise-archtiecture-diagram/ or using https://www.lucidchart.com/pages/templates/functional-decomposition-example. 

      • Can contains business process flow diagrams - https://www.lucidchart.com/pages/templates/current-vs-future-state-flowchart
    • Create Application Architecture view
      • Create application architecture view. e.g. - https://www.lucidchart.com/pages/templates/application-architecture-example
      • Create integration architecture view e.g. https://www.lucidchart.com/pages/templates/integration-architecture-example
      • Create deployment diagram - https://www.lucidchart.com/pages/templates/uml-deployment-diagram-example
      • Create DevOps Arch diagram - https://www.lucidchart.com/pages/templates/dev-ops-toolchain-and-process-flow-example
        • https://www.lucidchart.com/pages/templates/ci-cd-toolchain-example
      • Create Data Architecture that contains the following
        • Dataflow diagram - https://www.lucidchart.com/pages/templates/data-flow-diagram-level-1
          • https://www.lucidchart.com/pages/templates/data-flow-diagram-level-2
        • https://www.lucidchart.com/pages/templates/data-flow-diagram-physical-example
        • K12 Data model - https://www.lucidchart.com/pages/templates/education-data-architecture-eda-k-12-data-model
      • Create dependency and risk management view - https://www.lucidchart.com/pages/templates/dependency-graph
    • Create the Technology Architecture diagrams that contain the following
      • Hosting - https://www.lucidchart.com/pages/templates/web-application-hosting-diagram-example
  6. Create the desired state of the organisation. Follow to create the same list of diagrams from current state step 5 above.
    • Do the tech stack evaluation if the desired state require new technology stacks. Refer https://www.lucidchart.com/blog/how-to-choose-the-right-technology-stack-for-software-architecture
    • Refer https://www.tiobe.com/tiobe-index/ for new trends
  7. Do the Gap Analysis using the following 
    • SWOT(Strngth, Weekness,Opportunity, Threat) - https://www.lucidchart.com/pages/templates/swot-analysis-example
    • PESTLE(Political, Economical, Sociological, Technological,Legal, Environmental) - identify threats and opportunities by examining  the factors

    • Identify the cause and effect of problems in the current/future state via using fishbone(Ishikawa) diagram - https://www.lucidchart.com/pages/templates/cause-and-effect-diagram-example
    • Can use mckinsesy's 7S framework to determine whether a company is meeting expectations, and it actualizes the shared values of an organization https://www.lucidchart.com/blog/mckinsey-7s-model
  8. Create Operational & Development Value Stream as part of SAFe
    • Create Operational Value stream. Map down all values to the target customer and create seperate operational value stream for each values. Refer https://www.scaledagileframework.com/identify-value-streams-and-arts/ for the steps to create the value stream
    • Create Development value stream
    • Lean Budgeting(Funding value streams not projects) for the Development value stream. Refer - https://www.scaledagileframework.com/lean-budgets/
    • Create value stream KPI - https://www.scaledagileframework.com/value-stream-kpis-2/
    • Identify areas of inefficiency and waste in your value stream, and use the SAFe framework to implement improvements and streamline the processes
    • Establish agile governance processes to ensure that your organization is able to deliver value efficiently and effectively, using the SAFe framework as a guide
  9. Do the prioritization, create optimal sequence 
  10. Create the EA Roadmap - Refer https://www.scaledagileframework.com/roadmap/
    • Should mostly contains the following documents as well
      • Enterprise architecture plan: This document outlines the overall strategy and direction for the enterprise architecture, including the goals and objectives, scope, timeline, and stakeholders.
      • Architecture roadmap: This document provides a high-level overview of the planned changes and improvements to the enterprise architecture over time
      • Reference architecture: This document defines the common elements and standards that will be used across the enterprise architecture, including the technology stack, data models, and design patterns
      • Capability map: This document provides a visual representation of the organization's capabilities, showing how they relate to each other and to the business goals
      • Solution architecture: This document provides a detailed description of a specific solution or system within the enterprise architecture, including its components, interfaces, and dependencies
    • Refer - https://pragmaticarchitect.wordpress.com/2013/07/01/how-to-build-a-roadmap-prioritize-part-i/
    • https://pragmaticarchitect.wordpress.com/2013/07/29/how-to-build-a-roadmap-sequence/
    • https://conexiam.com/togaf-adm-phase-e-build-the-architecture-roadmap/
  11. Monitor and maintain the enterprise architecture. This involves regularly reviewing and updating the architecture to ensure that it remains relevant and effective over time.  Get feed back from the solution team and if there are any gaps put it back in the SAFe back logs
During the realisation, use SAFe to do the PI(Program Iteration) Planning - https://www.lucidchart.com/pages/templates/sa-fe-pi-planning
Risk management in SAFe is done via the ROAM(Resolve, Own, Accept, and Mitigate) board

Reference: https://gitlab.com/redhatdemocentral/portfolio-architecture-examples

Wednesday, September 29, 2021

Convert an XML to RAML

Convert XML to YAML

If you want to convert XML to RAML there are lots of online tools available to do the task. One among them is https://codebeautify.org/xml-to-yaml. This tool accept XML with namespaces node and convert it in yaml format


Remove namespace from XML

There can be situations where someone requires to remove the namespace from a sample XML. This blog explains the steps 

  1. Go to any of the XML transformation sites online. As an eg. https://www.freeformatter.com/xsl-transformer.html
  2. Paste the XML with namespace in the "XML Input" text area
  3. Paste the following XSLT to  "XSL Input" text area
    1. <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
      <xsl:output method="xml" indent="yes" />
      <xsl:template match="/|comment()|processing-instruction()">
      <xsl:copy>
      <xsl:apply-templates />
      </xsl:copy>
      </xsl:template>
      <xsl:template match="*">
      <xsl:element name="{local-name()}">
      <xsl:apply-templates select="@*|node()" />
      </xsl:element>
      </xsl:template>
      <xsl:template match="@*">
      <xsl:attribute name="{local-name()}">
      <xsl:value-of select="." />
      </xsl:attribute>
      </xsl:template>
      </xsl:stylesheet>
  4. Click on the "Transform XML" button to transform the XML 

Thursday, February 20, 2020

AWS Products

Different AWS products are categorised to different groups. The group name will be putting against each product heading in Italics

AWS Lambda λ  - Computing

  • https://aws.amazon.com/lambda/features/  & https://en.wikipedia.org/wiki/AWS_Lambda
  • Serverless service that runs your code in response to events and automatically manages the underlying compute resources for
  • This is an event capturing service. If a function is created and assigned to DB each event in the DB invokes this λfunction service
  • Server less compute which an be used to address a use case quickly. Later on when it can be moved to EC2 when needed
  • There cab be synch and asynch λfunction
  • No allocation of CPU and only allocate Memory(128M to 3GB) for λ functions
  • λ function should finish within a maximum of 15 minutes
  • charged on how much time a λ function takes to execute
  • Steps
  1. Go to IAM and create a role of type AWS Service and select λ and click next button
  2. Select the AWSLambdaBasicExecutionRole from the policy list which provide write access to CloudWatch Log
  3. Provide the name as "LambdaBasicExecutionRole" in the last step and click on create 
  4. Go to Lambda console and click on create function button to create a lambda function which provide the following options and select the first one
    1. Author from Scratch
    2. Use blue print
    3. Deploy from AWS Serverless Repository 
  5. Provide the following details
    1. Function Name: HelloName
    2. Runtime: Any runtime like nodejs, java etc.
    3. Role:  Role created above
  6. Give the following details to the above  λ function
    1. code entry type: Edit code inline
    2. Runtime: Node.js
    3. handler: index.handler (Need to create a file named index.js and put a function named handler in that file)
  7. In the code pane create a new file named index.js  with the following details
    1. exports.handler = async(event) => {
    2.     console.log("event:" +JSON.stringify(event));
    3.     const response = {
    4.         statusCode : 200,
    5.         body : JSON.stringify("Hello from Lambda λ " + event.name)
    6.     };
    7.     return response;
    8. };
  8. Now click on Test and create the json as {name: MyName} and execute you can see that the λ function got executed
  9. Now need to create an API using API Gateway
  10. Create a new REST API with the following settings
    1. Protocol : REST
    2. New API
    3. API Name: HelloName
    4. EndPoint type: Regional (Regional, Edge Optimised, Private)
  11. Click on Actions dropdown menu and click Create Method
  12. Select GET as the method type on default(/)
  13. Select newly created GET method to define its properties as given below
    1. Integration type: λ function(other values can be HTTP, Mock, AWS Service, VPC Link)
    2. Use λ proxied integration selected. That will make sure to take the input request and patches them and send that to the λ function event
    3. λ Function: The previous one created and click on save button
  14. The API got created. Click on Method Request and add a query parameter as "name"
  15. Now need to change the λ function to make the following change
    1. body : JSON.stringify("Hello from Lambda λ " + event.name) changed to body : JSON.stringify("Hello from Lambda λ " + event.queryStringParameters.name)
  16. Now the API Gateway is ready to test
  17. To Deploy the API click on Actions(Dropdown menu) -> Deploy API . After deployment you will be getting a url that will be available to invoke the API

Amazon CloudFront - Networking & CDN

  • It is the the CDN in amazon
  • Can constraint access 

Amazon Route 53  - Networking & CDN

  • Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service

AWS Identity Access Manager(IAM) - Security & Identity

  • 1000 roles for an account as a soft limit. It can be get increased if required via contacting AWS
  • With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access

  • Identity manager that allows with social login as well

Amazon Inspector - Security & Identity

  • tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances
  • After performing an assessment, Amazon Inspector produces a detailed list of security findings that is organized by level of severity
  • also offers predefined software called an agent that you can optionally install in the operating system of the EC2 instances that you want to asse

Amazon Shield - Security & Identity

  • AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer
  • can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced
  • AWS Shield Standard is automatically included at no extra cost beyond what you already pay for AWS WAF and your other AWS services

AWS Security Hub - Security & Identity

  • provides you with a comprehensive view of your security state in AWS and helps you check your compliance with the security industry standards and best practices

Amazon API Gateway

AWS Elastic Beanstalk - Computing

EKS, AWS Fargate  - Computing 


Amazon Aurora  - Database

  • fully managed relational database engine that's compatible with MySQL and PostgreSQL
  • can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL
  • Aurora is part of RDS

Amazon Kinesis - Analytics

  • https://aws.amazon.com/kinesis/
  • Processing big data in real time. Data Streams is a scalable and durable real-time data streaming service that can continuously capture gigabytes of data per second from hundreds of thousands of sources. Easily collect, process, and analyze video and data streams in real time

Amazon EMRAnalytics

  • Easily Run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks

Amazon Athena Analytics

  • an interactive query service that makes it easy to analyze data directly in Amazon S3 using standard SQL
  • is serverless
  • scales automatically—executing queries in parallel—so results are fast, even with large datasets and complex queries

Amazon Redshift Analytics

AWS CloudFormation Management & Governance

  • is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications
  • You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all of that

AWS CloudTrail Management & Governance

  •  is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account
  • Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail

AWS Database Migration Service Migration & Transfer

  • cloud service that makes it easy to migrate relational databases, data warehouses, NoSQL databases, and other types of data stores
  • can use AWS DMS to migrate your data into the AWS Cloud, between on-premises instances (through an AWS Cloud setup), or between combinations of cloud and on-premises setups
  • can perform one-time migrations, and you can replicate ongoing changes to keep sources and targets in sync

AWS Snow Ball Migration & Transfer

  • uses physical storage devices to transfer large amounts of data between Amazon S3 and your onsite data storage location at faster-than-internet speeds
  • Snowball devices are physically rugged devices that are protected by the AWS Key Management Service (AWS KMS)
  • 80 TB and 50 TB models are available in US Regions; 50 TB model available in all other AWS Regions

AWS DataSync Migration & Transfer

  • online data transfer service designed to simplify, automate, and accelerate copying large amounts of data to and from AWS storage services
  • copies data over the internet or AWS Direct Connect

Tuesday, February 18, 2020

Compare Mule, Dell Boomi WSO2

Compare Mule, Dell Boomi & WSO2


ItemMuleDell BoomiWSO2Talend Data
Coast180K/year550$/month =6.6K/yearMicro 6K/year,standard 24K for each cloud.  API Cloud+Integration cloud 12K/year$1,170/user monthly $12K/user yearly
Different EditionsGold, Platinum & TitaniumBase, Professional, Pro Plus, Enterprise, Enterprise PlusMicro(No pre prod) & Standard(1 pre prod) (All features available for both)Cloud Data Integration & Cloud Fabric
Charging wayVolume Driven.API DrivenAPI Driven for API Cloud. Volume for Integration Cloud. Per User
Extra info on chargingA good fit if more and more usage is thereEach api is having 2 points and hence each new API increase the cost

B2B CapabilitiesYes
API Management in the Same Platform as API BestYesYes
Support to EDI standards like ANSI X12 and UN/EDIFACT Yes
Hybrid Integration Platform YesYes
iPaaSYesYesYesYes
Other API ManagementWith the help of Service MeshYes
TransformationDataweave. Lots of pre-packaged transformers availableData mapping auto suggestions are availableXSLT
ConnectorsLots of connectors available 300+
PersistnceObject StorePersistant property
Batch ProcessingBatchFlow control
Connecting to on-premise systemsCloudhub allow VPN to connect to on-premiseAtom cloud don't support VPN and hence required to install Atom under the firewall to connect to onpremise
API SpecificationRAML 1.0 & OAS 2.0OAS 2.0OAS 2.0RAML 1.0 & OAS 2.0


Reference:
Monitoring/API Manager - status.boomi.com, https://api.cloud.wso2.com/publisher/   & https://cloudmgt.cloud.wso2.com
 https://www.mulesoft.com/ty/report/gartner-magic-quadrant-ipaas
WSO2 Pricing - https://wso2.com/blogs/cloud/changes-to-wso2-cloud-pricing/

Tuesday, February 4, 2020

Mule Sizing

3 types of licenses/support - https://www.mulesoft.com/anypoint-pricing

Basic subscription + Gold level

  • Anypoint Design Center
  • Anypoint Runtime Manager 
  • Anypoint API Portals
  • Anypoint Exchange
  • Anypoint Connectors –Select
  • 2 VPCs
  • Mule runtime
    • Capacity included: 2 prod / 4 pre-prod cores (cloud or on-prem)
    • Capacity for Management included
  • Gold level support - Base level support
    • 8 x 5 Business Hours
    • 1 Business day response SLA
    • 20+ incidents
  • OPTIONAL - Connector/Module
    • API Manager & Analytics
    • Anypoint MQ
    • Anypoint Security: Edge
    • Anypoint Security: Tokenization
    • EU Control Plane
    • Dedicated Load Balancer
    • Additional VPC/VPC Connectivity
    • Cold Standby/Disaster Recovery
    • Private Cloud Edition

Platinum

  • Support
    • 24 x 7 support
    • 2 hour response SLA
    • Unlimited incidents
  • Features
    • ID federation - Identity management using External identity
    • Global Cloud - Can deploy to multiple cloud regions
    • HA aka Anypoint Fabric (on-prem and cloud)
    • Business groups
    • Hybrid deployment flexibility
    • Multi-host on-premmanagement

Titanium

  • Support
    • 45 mins response SLA
  • Features
    • Advanced Diagnostics
    • End 2 End Transaction Tracing
    • Interactive data analysis
    • Distributed Log Search
    • Data Storage
      • 200 GBs/core
      • Regional storage
      • Customer specified data retention

Sizing


Tuesday, December 31, 2019

AWS Cloud Getting Started

Amazon cloud

This blog post is having the introductory information about Amazon Cloud.
There are two types of cloud in amazon

EC2 - Steps to created an EC2 instance

  • Instance types - (https://aws.amazon.com/ec2/instance-types/) that selects the hardware
  • Different instance purchasing option
    • Spot instance - Lower than on-demand price, but can be available only if unused instance available
    • On-demand instance - Pay by hour
    • Dedicated instance
  • a
  1. Login to Amazon console - https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2
  2. Select Services menu and click on EC2
  3. It displays the list of AMIs(Amazon Machine Image - Include OS and other apps and memory and hardware details). Select one image and then select instance type 
  4. Select VPC(Refer VPC  for step to create a VPC)
  5. Select what kind of subnet. May select public sub net
  6. Select a role that used to communicate to other services
  7. Go to Advanced Details and click on User Data. Put the script that required to be executed when EC2 instance get launched. For example to extract the zip file and execute it that contains the application code
  8. Leave the storage as default 
  9. Add the tags. Tags used to categorize the EC2 instance for eg. Name, Department etc.
  10. Select the security group. You can create a new security group or select an existing one. Select an existing security group say "web-security-group"(Enable HTTP Access), "default"(default VPN security group) & "db-security-group"(DB instance security group)
  11. Now launch it via clicking on the "Launch" button on the last review page

VPC

  1. Login to Amazon console & select Services menu and click on VPC
  2. Provide the VPC dashboard. Launch VPC Wizard that displays the following options. Select Option 1 from the below
    1. VPC with single public subnet. Subnet instances use elastic or public ip
    2. VPC with a single public & a private subnet. public subnet use public ip to access internet. Private subnet needs to use the NAT device which is there in public subnet to access the internet. The NAT usage is  having hourly charge
    3. Same as 2 but private subnet connected to on-premise via IPSec VPN tunnel. VPN charges apply
    4. Same as 3 but without the public subnet. So the private sub net can not be accessible from the net
  3. In the next screen provide the following
    1. Network ip : 10.10.0.0/16 (make sure to provide a subnet mask with value >15)
    2. VPC Name: ecomvpc
    3. Public Subnet IP: 10.10.1.0/24
    4. Select the availability zone
    5. Leave the rest of the values as default and click on the button create VPC
  4. Next step is to create the IGW
  5. Now the subnet and VPC are running. Next step is to create an EC2 instance. While creating the EC2 instance provide the VPC name and subnet names are the one from here. Refer EC2
  6. Now the public subnet can be accessed from the internet and can host an http server. The DB has to be there in another subnet. For that need to create a private subnet in the same VPC. For that do the following steps
    1. Click on the subnets left menu from the VPC dashboard and click on create subnet with the following details
      1. Name : Private DB Subnet
      2. VPC: the VPC created previously
      3. Subnet IP: 10.10.2.0/24 
    2. Click on create to create the new subnet
  7. Install the DB in the newly created private subnet. The database will be already available for web app in public subnet because both of them are in the same VPC. But the private subnet is not available from internet. The following steps to create the db in the subnet
  8. Now for getting high availability the public subnet and private subnet has to be created in another availability zone with the following details
    1. Name : Pubic Subnet2
    2. VPC: the VPC created previously
    3. Subnet IP: 10.10.3.0/24 
    4. Avaialability zone : zone 2
    5. Name : Private Subnet2
    6. VPC: the VPC created previously
    7. Subnet IP: 10.10.4.0/24 
    8. Avaialability zone : zone 2
  9. Now to allow public subnet2 to allow internet traffic it has to be associated with IGW via the route table. For that do the following steps
    1. Go to list of route tables and select associate the public sub net 2 as well to the route table . Refer the steps from IGW 5.4
  10. Now configure Load Balancer for that go to ELB
  11. When the VPC required to communicate to own DataCenter use VPG(Virtual Private Gateway)
  12. If you want to communicate with a VPC that is in the same region use VPC Peering. Make sure that each VPC don't have colliding cidr ip ranges
  13. If you want the private subnet to connect to the outbound flow to internet you need to use a NAT.
  14. To create security groups to control the access restrictions refer Security Group

IGW(Internet GateWay)

  1. The subnet is not able to connect to internet. For that required to create IGW. Go to VPC Dashboard and click on Internet Gateways menu on the left
  2. Click on the create internet gateway button and provide the name. IGW got created
  3. Now when we are listing all Gateways the one created above having a status as detached. This means that it is not attached to any VPC. To attach the gateway to the VPC click on actions->Attach to VPC and select the VPC created above
  4. Refer Create Route Table 
  5. The instances in VPCs should be having public or elastic IPs to connect to internet. Elastic IP address to make it as static with a cost if it is not allocated to instance
  6. IGW do the network ip address translation of your VPC network
  7. Only 1 IGW can be attached to a VPC

Route Table

  • Route table is a set of rules to determine how the network traffic  is directed
  • Each subnet must associate with a route table and a subnet can associate with only a single route table
  • Multiple subnets can be associated with a single route table
  1. Now required to create a custom route table(white listing). For that click on the route table left hand menu in VPC dashboard. Click on create route table to create the route table with the following details
    1. Name : ecomRouteTable
    2. VPC: The VPC created above
    3. click on create route table to create the route table
  2. Now the route table is created to handle only local traffic. The next steps to be followed to allow internet traffic
    1. When you select the route table created on above you will see the edit pane.
    2. From the edit pane select the tab routes you will see only local. Click on the edit button to edit the routes and add the following 
    3. Add a new route  row 0.0.0.0/0 - which represents the traffic from the internet. Put the Target as the IGW created(refer IGW) on save
    4. To associate the route to public subnet. Click on the subnet association tab and click edit and select the public subnet created previously and click save

ELB(Elastic Load Balancer)

Elastic Load Balancing offers three types of load balancers.
  • Application Load Balancer - HTTP/HTTPS traffic load balancing
  • Network Load Balancer - handle tens of millions of requests per second
  • Classic Load Balancer - legacy
  1. Configure the Elastic Load Balancer (ELB) to select which ip to route(public subnet 1 or public subnet 2). [ https://aws.amazon.com/elasticloadbalancing/ ]
    1. Go to EC2 Dashboard (https://us-east-2.console.aws.amazon.com/ec2/v2/home) and click on left hand menu load balancers and click create load balancer button. There are 3 types of load balancers: application (HTTP/s), Network(TLS,STP,UDP)- having high performance over application load balancer, Classic(old style that supports https/tcp). Here the application ELB will be created with the following details
      1. Name: ecomelb
      2. Scheme: Internet facing
      3. VPC: The VPC created previously
      4. Availability zones: Zone1 & Zone2 and select the 2 public subnets from each zones
    2. Now go to the tab security groups to set the security group in ELB. Select the web-security group which enable to access 80
    3. Go to Configure Routing tab to configure the routing that contains the 2 web servers. 
      1. Target Group : New Target Group
      2. Name: WebserverGroup
      3. Protocol:HTTP
      4. Port: 80
      5. Leave the rest as default and click on Register Targets button that leads to the page that showing the list of running web servers targets. Select them and click on add to registered button to add them to the list
    4. After Review click on create button to create the ELB. You can see the DNS name for the ELB to access the website using ELB.

VPG(Virtual Private Gateway)

  1. VPG has to be created at VPC side
  2. At customer side required to create a Customer Gateway which can be a device or a software
  3. VPN tunnel used to communicate between VPG and customer gateway

NAT(Network Address Translation)

  • This is used to connect private subnet to internet
  • NAT can be a Gateway or Device
  • NAT has to be added to public subnet so that it get internet connectivity
  • NAT use its ip address while communicating to internet like a proxy server
  • NAT require an elastic ip
  1. Click on the NAT left hand menu in VPC dashboard. Click on create NAT to create the NAT with the following details
    1. Siubnet: public subnet created earlier
    2. Elastic IP: the elastic ip created earlier but not assigned ye
  2. Click on create to create the NAT
  3. Edit the route table and select the Default route table which is currently assigned to the Default route table
  4. Add a new route  row 0.0.0.0/0 - which represents the traffic to the internet. Put the Target as the NAT created(while selecting the target IGW and NAT will be shown never select IGW for private subnet as best practice)

Security Group

  • Security Group acts as a virtual firewall 
  • you can add rules to control the connection
  • Normally add the instance inside a security group so that it can control what traffic in and out
  • By default security group allow all outbound traffic
  • Security groups are always permissive and you can not do deny access
  • A webserver security group will allow 80 & 443 ports and a MySQL DB security group will allow port:1433 and RDP port. While adding RDP put a source IP address so that only that IP can do remote desktop access
  1. Click on the Security Group left hand menu in VPC dashboard. Click on create Security Group  to create the Security Group with the following details
    1. Name: webserverSG
    2. Group:webserverSG
    3. VPC: the vpc created earlier
  2. Click on create to create the security group
  3. Go to Inbound rules and add the following rows
    1. Type: HTTP 80 (this will automatically fill rest. But if you are selecting Custom you need to fill all yourself)
    2. Protocol: TCP
    3. Port: 80
    4. Source: 0.0.0.0/0 or put another security group name if you want to allow inbound only from a security group
  4. Add 443 and save
  5. Creare another security group for DB Server with the name:dbserverSG with following details and save
    1. Type: MS SQL 
    2. Protocol: TCP
    3. Port: 1433
    4. Source: webserverSG (This way the DB access will be restricted from webserver only)

ACL(Access Control Layer)


  • ACL is an optional layer of security to black list
  • * DENY means deny all and you can not modify that
  • Each subnet in your VPC should be associated with an ACL. If not associated with a custom ACL, by default it will be assigned to default ACL
  • Subnet can be associated with one ACL but and ACL can be associated with multiple subnets
  • ACL contains a numbered rules in order starting with lowest rule number#
  • When an allowed traffic found it allows the traffic even if there is a rule to deny it on a higher number 
  • Rule number increment by 100 so that there will be enough room to add extra rules in between
  1. Click on the Network ACL left hand menu in VPC dashboard. Click on create Network ACL  to create it with the following details
  2. Provide the rules

LightSail - Steps to created an LightSail 

  1. Login to Amazone console - https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2
  2. Select Services menu and click on LightSail
  3. It displays the list of blueprint. Select say Magento. Select the plan and provide the name

Other Amazon Terms 

Region

A collection of availability zones. Minimum 2 availability zones required for a region. Run application always in both availability zone. Refer  - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
While selecting a region the following questions to be asked
  • Latency - Where are your customer located?
  • Cost - Some region is having less cost than the other region
  • Compliance - Legal restriction saying that the data should be there in the country
  • Service Availability - New services might be available only in some regions and it takes some time to roll out to other regions#

Container Services

Amazon Elastic Container Service (ECS) - Container Orchestration using Docker(may be docker swarm) to deploy. https://aws.amazon.com/ecs/
Amazon Elastic Container Service for Kubernate (EKS). Container Orchestration using kuberante(Kubernate is developed by Google). https://aws.amazon.com/eks/
AWS Fargate - a compute engine for Amazon ECS and Amazon EKS that allows you to run containers without having to manage servers or clusters. https://aws.amazon.com/fargate/

Elastic Block Storage(EBS) & Elastic File System(EFS)

Storing images videos etc. which is considered as object storage uses EFS eg.S3(simple Storage Service). It stores 3 copies of the files for redundancy. 5T is the size of a single file/object. https://aws.amazon.com/s3. Steps to create S3.
EFS can be attached to different subnets from different VPCs. It does not required to be inside a subnet.  https://aws.amazon.com/efs/. Using Amazon EFS you can mount an on premise storage but it is not possible using S3
  1. Go to Dashboard, Select Services menu and click on S3 and click on create bucket will provide a popup to enter the details. 
    1. Bucket Name: ecomBucket
    2. Region: Us West
    3. Copy Setting from an Existing Bucket: 
  2. Click on create button to create the bucket. But this bucket is private
  3.  Edit the bucket and click on upload button to upload a file/image.
  4. After loading the file when we click on the object we can see the information about the object. One among them is a link which is a public link. But when we access the object using that link it says access denied
  5. So go to object and select permissions tab and click on the public radio button to give the access as public
Storing blocks amazon uses EBS eg. Amazon RDS. https://aws.amazon.com/ebs and pricing can be found here https://aws.amazon.com/ebs/pricing/

Amazon DB

There are 2 types RDS and Dynamo

RDS

  • Any database of your choice like MySQL, Oracle etc. 
  • Patches installations, scaling, performance etc. are automatically handled
  • You can use the AWS Database Migration Service (AWS DMS) (https://aws.amazon.com/dms) to quickly and securely migrate your databases to AWS
  • Pricing - https://aws.amazon.com/rds/pricing/
  • Steps to create an RDS(assume that the subnet already got created)
  1. Go to Dashboard, Select Services menu and click on RDS
  2. Click on the create database button and select the database as say amazon arora, mysql, postgress etc.

Dynamo

  • No transaction support
  • No SQL
  • Big Data
  • No need to mention about the capacity of the machine instead just mention about the throughput
  • Replicate the data in 3 facilities in a region
  • Dynamo DB 
    • Tables contains a simple partition key which is the primary key
    • Table contains a sort key as well
    • Composite primary key is partition key + sort key together
    • Secondary index contains the subset of attributes from a table and can contain many secondary indexes
    • Local secondary index is having the same partition key as base table but having a different sort key
    • Global secondary index is having both partition key  and sort key as different form base table 
    •  
  • https://aws.amazon.com/dynamodb  pricing - https://aws.amazon.com/dynamodb/pricing/ 
  • Steps to create 
  1. Go to Dashboard, Select Services menu and click on DynamoDB
  2. Click on create table button and create the table
    1. Table Name: Music
    2. Partition Key: Artist
    3. Sort Key: Song Title
  3. Once table got created click on items tab and create items via entering the above attributes and you can search using partition key and sort key
  • Steps to create Local Instance
  1. Go and download http://dynamodb-local.s3-website-us-west-2.amazonaws.com/dynamodb_local_latest.zip the zip file and extract it to locale drive
  2. Run command >java -Djava.library.path=./DynamoDBLocal_lib -jar DynamoDBLocal.jar -sharedDb
  3. Got to http://localhost:8000/shell  to access the shell

Monitoring & Cloud watch

  • Cloud watch collect data points like cpu, memory etc.   - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html
  • Required to install cloud watch agent in the cloud/on-premise servers to collect the information
  • visualize log is used to visualize and analyse log - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
  • It can trigger events/alarm depends on the thresholds. Events  - https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html 
  •  Refer https://aws.amazon.com/cloudwatch/
  • Auto scaling can be done at cloud watch so that a new instance can be automatically created. https://aws.amazon.com/ec2/autoscaling
  • Steps to configure cloud watch auto sca
  1. Go to EC2 Dashboard, Select Auto Scaling Group from left hand menu and click on create auto scaling group button.This will provide which AMI to use it for auto scale
  2. Select AMI that should be used for the new instance
  3. Click on the next button and provide the below information for the instance
    1. Name: WebServer
    2. Role:The same role as the original EC2 instance
    3. In advanced details pate the user data section with the script. Refer EC2  creation step
    4. Select the storage, security group etc
    5. Click on lauch configuration
  4. Click on the lauched configuration and edit the following details
    1. Group Size : 2 (2 instances will be get created)
    2. Network: VPC name
    3. Subnet: The public subnet or can create a new one and assign here as well
    4. Load Balancing: Receive data from 1 or more ELB
    5. On the scaling policy tab change the following
    6. Select radio button to select the scaling policy to adjust. This is the one that will decide what policy to select when cloud watch decided to change the scaling
    7. Scale min:2 & Max: 4 
    8. Name: Scale Up
    9. Metric Type: Average CPU Utilization
    10. Target Value: 60%
    11. Instance need: 300 (seconds required to warm up after scaling)
    12. Click on next button to configure notifications if required in the notification tab
    13. Review and create the group

Security

  • physical data center, network & hyper wiser security responsibility belongs to AWS and rest starting from guest OS onward belongs to the client
  • AWS provide a wide range of encryption tools or can use custom encryption as well
  • Automatic encryption are there in EBS & S3
  • Encryption keys like  AWS HSM, Key Management Service(KMS) can be used
  • Shared responsibility model https://aws.amazon.com/compliance/shared-responsibility-model/
  • Security White Paper - https://d1.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf

Amazon Inspector

is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Suppose that you have several Amazon EC2 instances, and you want to ensure that they’re all properly configured with the recommended password complexity settings. Instead of manually checking the settings for each EC2 instance, you can run a vulnerability assessment through Amazon Inspector, which scans all of the EC2 instances to check if the password complexity settings are compliant.

AWS Security Hub

Instead of constantly switching back and forth between separate tools, you can monitor all your security findings and compliance checks in AWS Security Hub. It aggregates, organizes, and prioritizes your security findings

AWS Web Application Firewall (WAF)

 a service that helps to protect your web applications and APIs against common web exploits that may affect application availability, compromise security, or consume excessive resources.

AWS Key Management Service (KMS)

control the encryption keys that are used to encrypt and protect your data

AWS Shield

a managed DDoS protection service that safeguards applications running on AWS. It comes in two tiers: Standard(default with no extra cost) and Advanced

Autoscaling

The following are the EC2 scaling options
  • Maintain the current instance levels at all times
  • Manual scaling
  • Scheduled scaling
  • Dynamic scaling - based  on load or specified parameter
  • Predictive scaling

Cost Management Tools

  • AWS Cost Explorer  - https://aws.amazon.com/aws-cost-management/aws-cost-explorer/
    • provide reports on cost
    • View data for up to the last 13 months
    • Forecast how much you're likely to spend for the next 3 months
    • Get recommendations for Amazon EC2 rightsizing and reservation purchases
  • AWS Budgets
    • Allows to create alerts when the cost exceeds threshold. This can be done with Cloud Watch as well but AWS Budget provides more granularity and visibility
  • AWS Trusted advisor - https://aws.amazon.com/premiumsupport/trustedadvisor/
    • Identify improvement on cost, security etc.
  • AWS Total Cost of Ownership (TCO) Calculator
    • compare the cost of running applications in an on-premises or traditional hosting environment to running the applications with AWS

Code Your Infrastructure with AWS CloudFormation(Governance)

  •  Describe the AWS resources that you want to create and configure in a single text file, JSON/YAML
  • AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications without having to perform manual actions or write custom scripts

Get Actionable Insights from AWS Trusted Advisor

Checks against your environment to see if it meets predefined criteria. It provides feedback and best practices in five categories: cost optimization, security, fault tolerance, performance, and service limits.

The status of the check is shown on the dashboard page using color coding and icons.
  • Red circle exclamation point: action recommended
  • Yellow triangle exclamation point: investigation recommended
  • Green square check mark: no problem detected

AWS Well-Architected Framework

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://aws.amazon.com/architecture/well-architected/?ref=wellarchitected-wp&wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc
https://aws.amazon.com/well-architected-tool/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc 

AWS Cloud Adoption Framework (CAF)

help you assess your needs across a wide range of areas and develop the right workstreams to achieve your goals.
organizes guidance into six areas of focus, called perspectives
  1. Business Perspective - IT is aligned with business needs and that IT investments are linked to key business results
  2. People Perspective - development of an organization-wide change management strategy for successful cloud adoption. Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps
  3. Governance Perspective - focuses on the skills and processes to align IT strategy with business strategy & understand how to update the staff skills
  4. Platform Perspective - principles and patterns for implementing new solutions in the cloud, and migrating on-premises workloads to the cloud
  5. Security Perspective - organization meets security objectives for visibility, auditability, control, and agility
  6. Operations Perspective - enable, run, use, operate, and recover IT workloads to the level that is agreed upon with your business stakeholders
To get started, take the 16-question  AWS Cloud Adoption Readiness Tool (CART) assessment


Amazon pricing - https://aws.amazon.com/pricing/
Pricing calculator - https://calculator.aws/. For more info https://aws.amazon.com/blogs/aws/check-it-out-new-aws-pricing-calculator-for-ec2-and-ebs/




Thursday, January 11, 2018

Facebook Dynamic Ads

Facebook dynamic ads automatically promote products to people who have expressed interest on ecommerce website. Need to upload the product catalog and set the cmapaign and facebook ads started working. The following links help to implement the facebook ads in an ecommerce site
Ads pricing information 
Catalog Feed Samples - CSV example, XML example  
Dynamic ad integration
Facebook SFCC integration blog 
Integration guide
FAQ on facebook SFCC integration