Monday, March 20, 2017

AWS Solutions Architect Exam: Storage Gateway

This post summarizes the most important characteristics of AWS Storage Gateway relevant to the AWS Solutions Architect Associate level Exam.

What is AWS Storage Gateway: It is a service to connect an on-premisses software appliance with cloud-based storage,  to provide seamless and secure integration between an organization's on-premises IT and AWS storage infrastructure. This service is suitable for hybrid deployments, and enables the storage of data securely on the AWS cloud.

Software appliance: In order to use AWS Storage Gateway you have to setup a software appliance in your datacenter. AWS Storage Gateway's storage appliance is available as a Virtual Machine. You download, install, and register it with AWS.  The software appliance is exposed as an iSCSI device that can be mounted by your on-promises applications

Configurations:

File Gateway: This is basically a file interface into S3. The gateway provides access to objects in S3 as files on a NFS mount point.  It also provides low-latency access to data through transparent local caching.

Gateway-Cached Volumes: All data is stored in S3, and recently accessed data is cached locally. I volume han hold up to 32TB, but you can have up to 32 Volumes. It offers the ability to perform incremental point-in-time snapshots

Gateway-Stored Volumes: Data is backed-up asynchronously in S3 in the form of EBS volumes. All data is  kept on-premises as well. 16TB max per volumen, and a max of 32 volumes.

Gateway Virtual Tape Libraries: This is an archival solution that allow the storage of data in virtual tapes on the AWS cloud. If your applications use tape backups, they can seamlessly use the Gateway Virtual Tape Libraries. The final storage for Virtual Tapes is Glacier. Ejected tapes are stored in a Virtual Tape Shelf. Only one per account per region is allowed, but can be shared by multiple Gateways. 

Encryption:  All data is transferred using SSL, and is stored encrypted using server side encryption.

Saturday, March 18, 2017

Austin SXSW 2017

Last week I went to Austin (Texas) to represent AWS Quicksight in SXSW. It was an incredible experience. Austin is such a vibrant city, and the surroundings are gorgeous.

After a hard day's work, there is nothing better that chilling out playing pool :).



Enjoy!

Julio

AWS Solutions Architect Exam: S3

This post summarizes the most important characteristics of S3 relevant to the AWS Solutions Architect Associate level Exam.

What is S3: S3 is is an object key/value store part of Amazon AWS

How is is organized: In S3 objects are placed in buckets, Within a bucket each object has a unique key. the Buckets namespace is global, whereas the keys only have to be unique at the bucket level.

S3 is not file storage, and it does not offer a filesystem like interface, although with the use prefixes is its possible to get S3 to display buckets and objects in a hierarchy similar to a filesystem.

Storage classes: Amazon S3 provides different storage classes which offer different characteristics that meet the needs of most users. More on storage classes can be found in https://aws.amazon.com/s3/storage-classes/

S3 Standard: 11 9s of durability, 4 9s of availability. Supports encryption of data in transit and at rest.

S3 Infrequent Access: Same durability, 3 9s of availability. All the other characteristics are the same as S3 Standard.  It has a minimal object size of 128Kb, and minimum storage duration of 30 days.

S3 Archive: This involves the use of AWS Glaciers as an extension of S3, using object lifecycle management, as explained below.

S3 Reduced Redundancy: S3 allows the storage of objects with reduced redundancy. This option is cheaper, and recommended for non critical assets. It offers 4 9s of durability, and 4 9s of availability.

S3 as a static web server: An S3 bucket can be configured as a web server for static content. To enable this functionality an index and error pages have to be defined, and the corresponding objects must be made public.

S3 object lifecycle management: A set of rules determine actions to take on a group of objects. Actions can be transition actions, or expiration actions. Transition actions change the storage class of objects, while expiration actions cause the deletion of objects. Lifecycle is part of a bucket's configuration

S3 object versioning: A bucket can be configured to support object versioning. This allows keeping several versions of the same object. Using lifecycle management it is possible configure different behavior for the current and noncurrent versions.

S3 access control: By default S3 resources are private (only the owner can see and manage them). There are a number of mechanism that can be used to manage access to S3 resources.

S3 policies can be assigned to buckets, objects and users to limit actions are allowed. For example, with a bucket policy it is possible to grant access to another AWS account.

S3 ACLs: This is a legacy mechanism, that can be applied to buckets and objects.

IAM: IAM users, policies and roles can be used to control access to S3 resources.

S3 encryption: Both user-side and server-side encryption options are available. SSL can be used for data in transit as well.

Server-side encryption: Protects data at rest. There are 3 options: S3 managed keys, AWS KMS, and customer provided keys

Client-side encryption: Protects data in transit and at rest. Customers can choose to provide and mange their own keys, or use AWS KMS.

S3 notifications: Notifications for bucket events (object creation, removal, loss of reduced redundancy object). Notifications can be send to SQS, SNS or Lambda

S3 consistency model: Puts of new objects are consistent. Put/delete of existing object is eventually consistent. The READ api takes an extra parameter which can force the call to be consistent. This will make the call potentially slower

For more information refer to AWS S3 online documentation (which is excellent and very detailed):

http://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html