Cloud Services Designing and Implementing Cloud Solution based on a clients needs DECEMBER 2020 CCT College Dublin NAME: Fangbo Li STUDENT NUMBER: 2018097 Introduction & Background Medi-advice has been in business for two years as a start-up, providing an online medical diagnosis assistance service for their clients in both Ireland and North America. The application builds a bridge between patients and doctors to allow online appointments, remote consultation, remote diagnosis, electronic prescription transfer and payment services. The application allows patients to upload documents and images. Text is extracted from documents, and images are converted into multiple formats. This is currently a manual process but would like recommendations to help automate some of these processes. First of all, to achieve our goal, we need to follow the five pillars of the AWS well-architected framework, because that’s our golden principle of the whole design process. They are : 1. Operational Excellence 2. Security 3. Reliability 4. Performance Efficiency 5. Cost Optimization Potential services needed and the purpose of each service Amazon Textract Amazon Macie Route 53 2 RDB 1 2 ELB 4EC2 CloudFormation S3 Cloudwatch WAF TASK 1: Translate customer requirements into a proposed technical solution. To start with the client's needs, we should use a cross-region disaster recovery plan. So we use AWS Route 53 to help us make it come true. We will configure a health check for the primary region (Ireland). Once the health check fails, all the traffic will be automatically sent to the other region North America. By implementing this, we can minimise our service's downtime to give out a better user experience. Moreover, the company mentioned that its online medical diagnosis assistance service serves users in Ireland and North America. Sometimes, their users in North America were feeling slow when they used the service. Regarding that, a multi-region architecture would apply in this case. I choose CloudFront to reduce the latency for the users. CloudFront is a type of Content delivery network that brings users and services closer. It effectively speeds up the process of delivering content by using a globally distributed network. Especially, CloudFront is a perfect fit to provide static content. So the best practice is using CloudFront with AWS S3 For the data storage purpose, Amazon Simple Storage Service ( Amazon S3 ) has been used. Amazon S3 gives us a place to store all medi-advice data with incomparable durability, availability and scalability. It enhances business insights' power, allowing employees to safely run queries without sending data to the other analytics platform. By using S3, we can collect, store and analyse as we want from anywhere. More importantly, we can add security and compliance features on AWS S3 with other services. 2 To achieve this, a machine learning service, Amazon Macie , has been used with S3. As we know, medical data can be personal and sensitive. Amazon Macie can automatically organise and protect sensitive data. It can support the security standards and compliance certifications that help satisfy compliance requirements for every regulatory agency. Talking about the AWS service we can use to reduce medi-advice workload, Amazon Textract is an effective service. The medi-advice app currently handles text and images as a manual process. Luckily, AmazonTextract is the option to help automate some of these processes. Amazon Textract is the solution for a document-driven business in healthcare. By using machine learning, Textract can read and process any documents fast and accurately. It can automate the process of extracting data from forms or tables without manual handling. If we do like this, machine learning will understand the pattern over time across millions of documents. We also can use it to automate the workflows. It saves a lot of hours for manual effort. 3 In this project, We use two Classic Load Balancers . There is one between the web layer and app layer. The other one connects the web layer and outside balancing the inbound and outbound traffic. For the requirements, classic load balancers do support HTTP and HTTPS and layer-7 features. We can use strict Layer 4 load balancing for apps that purely rely on the TCP protocol. CloudWatch is a monitoring and management service built for developers. It provides data to monitor applications, analyze and respond to system changes. It collects data in the form of logs providing a view of AWS resources. CloudWatch alarm is assigned to the load balancer that keeps track of latency. When it is triggered, the alarm notifies Amazon CloudWatch. It starts CloudWatch to execute an Auto Scaling policy. Auto Scaling scales the assigned Auto Scaling group out and adds another instance. 4 Amazon Elastic Compute Cloud ( EC2 ) is a must in this project. I set up two EC2 Linux instances for the web layer and the other two EC2 Linux instances for the app layer to fulfil the requirements. Nevertheless, we need to set up auto-scaling groups. After that, It will scale up when it needs more capacities and scale down when it is normal. They expect to double the number of users, so I choose t4g.medium instances with 2 CPUs and 4 GB memory for the web layer. Meanwhile, using a1.xlarge instances for the app layer should be a good idea with 4 CPUs and 8 GB. Amazon Relational Database Service( RDS ) has been used for the database layer. The RDS in availability zone 1 is the master database. The other standby database is in the availability zone 2 to keep the redundancy and high availability. We can run the required Microsoft SQL Server Standard Edition on both RDS. I choose the DB.m1.large instances for the database layer. Each one has 4 CPUs, 15 GB memory and 10TB storage. CloudFormation gives us an easy way to build a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their life cycles, by treating infrastructure as code. Amazon WAF (Web Application Firewall) is the service that protects the web application. It controls how traffic reaches our applications by enabling us to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define. 5 TASK 2: Create an architecture diagram(s) to meet Medi-Advices needs. For the Best Practice, a 3-Tier Infrastructure has been created. 3-tier infrastructure is one of the most common infrastructure design patterns. This pattern divides the infrastructure into three separate layers: one public and two private layers. The concept is that the public layer performances as a shield to the personal layers separating users and medi-advice employees. As we can see from the diagram in Task 2, only the web layer's content is publicly accessible. Simultaneously, medi-advice employees have access to the two private layers (app layers and database layer) from inside the network. Apart from dividing the network into three separate layers, we need to achieve high availability as well. AWS allows us to achieve high availability by distributing the application across multiple Availability Zones. For this AWS best practice, I choose to split up the network across two availability zones. It gives us high availability and redundancy. If one of the availability zones is down for some reason, our application would not be affected. The traffic would flow to the other availability zone. 6 7 TASK3: Cross-region disaster recovery scenario and briefly outline why implementing a solution like this would-be beneficial to Medi-Advices needs. To avoid natural disasters and unknown failures, we always intend to make the web application of a region available for an extended length of time. Remaining cross-region availability is a critical component to make sure an application is highly functional. Amazon Route 53 is the service that we can use to keep our web application available with minimal downtime. So Basically we configure a domain in Amazon Route 53 to send traffic to the primary region. And then we configure a health check on the primary region. If the health check fails, traffic will be sent to the secondary region. 8 Web application 1 instance in the primary region (Ireland). Web application 2 instance in the second region (North America). 9 Configure a health check 10 Configure your domain in route 53 11 Check the DNS Resolution We query DNS (Domain Name Service) to verify that Amazon Route 53 is correctly sending traffic to your Primary web server. 12 Test Your Failover 13 14 TASK 4:a) Discuss TWO anti-patterns and provide solution justification. 1. The service was not built in multi-AZ to avoid failures or even natural disasters. As Werner Vogels says, ‘Everything fails, all the time. ’ It’s critical to keep the service running smoothly over time. So that’s why we need to host the medi-advice service in the cloud rather than keeping it in the server hosting company. Also, the server hosting company over-provisioned to try to handle growth and performance issues. However, it may waste medi-advice company’s money if we put the service in the cloud. First, they can pay as they go. And also The most unacceptable anti-pattern is that putting all the servers in the same place. If something is wrong with one server, the service would be completely unavailable. So the best practice is to separate servers into at least two AZs. 2. No database redundancy. One of the anti-patterns is about the original database tier. In the given diagram, there is only one database server in the architecture. It can cause a massive problem once it’s down. The best practice is that using RDS automatically provisions and maintains a synchronous standby replica in the Availability Zone 2. The primary database instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, and it reduces latency during system backups. Running a database with high availability can enhance availability during planned system maintenance, and help protect your databases against failure and Availability Zone disruption. (Amazon Web Services, Inc., 2019) 15 TASK 4: b) Discuss ways how Medi-Advice can optimize the cost of their AWS infrastructure. 16 We can use the AWS pricing calculator to add up all the services we need to estimate the cost. The estimation of cost is based on a heavily used scenario. The medi-advice company, as a start-up, may cost far less. However, we can optimize the cost of the AWS infrastructure by using free-tiers. Amazon S3 has a 12-month free tier, it has 5 GB standard storage, 20000 get requests, and 2000 put requests. Amazon RDS has a 12-month free tier. It provides 750 hours per month of DB.t2.micro database usage, 20 GB of General Purpose (SSD) database storage and 20 GB of storage for database backups and DB Snapshots. Amazon textract has a free trial. It can process 1000 pages per month for free. Amazon Macie is always free with 1GB processed by the content classification engine. 17 Reference Amazon Web Services, Inc. (2019). Amazon Textract | Extract Text & Data | AWS [online] Available at: https://aws.amazon.com/textract/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). Amazon Route 53 - Amazon Web Services [online] Available at: https://aws.amazon.com/route53/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). Amazon EC2 . [online] Available at: https://aws.amazon.com/ec2/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). Amazon Virtual Private Cloud (VPC) . [online] Available at: https://aws.amazon.com/vpc/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). Amazon Relational Database Service (RDS) – AWS . [online] Available at: https://aws.amazon.com/rds/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2017). AWS CloudFormation - Infrastructure as Code & AWS Resource Provisioning . [online] Available at: https://aws.amazon.com/cloudformation/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). Elastic Load Balancing - Amazon Web Services [online] Available at: https://aws.amazon.com/elasticloadbalancing/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2018). Cloud Object Storage | Store & Retrieve Data Anywhere | Amazon Simple Storage Service . [online] Available at: https://aws.amazon.com/s3/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2018). Amazon CloudWatch - Application and Infrastructure Monitoring . [online] Available at: https://aws.amazon.com/cloudwatch/ .[Accessed 8 Jan. 2021]. 18 Amazon Web Services, Inc. (2019). AWS CloudTrail – Amazon Web Services [online] Available at: https://aws.amazon.com/cloudtrail/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). AWS WAF - Web Application Firewall - Amazon Web Services (AWS) . [online] Available at: https://aws.amazon.com/waf/ .[Accessed 8 Jan. 2021]. Amazon Web Services. (2018). The 5 Pillars of the AWS Well-Architected Framework . [online] Available at: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-f ramework/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (2019). AWS Free Tier . [online] Available at: https://aws.amazon.com/free/ .[Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (n.d.). AWS Well-Architected Tool - Amazon Web Services . [online] Available at: https://aws.amazon.com/well-architected-tool/ [Accessed 8 Jan. 2021]. Amazon Web Services, Inc. (n.d.). Amazon Macie | Discover, classify, and protect sensitive data | Amazon Web Services (AWS) . [online] Available at: https://aws.amazon.com/macie/ .[Accessed 8 Jan. 2021]. Aws academy. (2021). [online] Available at: https://awsacademy.instructure.com/courses/1325/modules/items/135964 [Accessed 8 Jan. 2021]. Amazon.com. (2019). High Availability (Multi-AZ) for Amazon RDS - Amazon Relational Database Service . [online] Available at: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiA Z.html .[Accessed 8 Jan. 2021]. Calculator.aws. (2019). AWS Pricing Calculator . [online] Available at: https://calculator.aws/#/ 19