deep dive on microservices

49
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Danny Fezer – Solutions Architect AWS Liz Duke – Technical Delivery Manager Irdeto May 2016 Deep Dive on Microservices and Amazon ECS

Upload: amazon-web-services

Post on 15-Apr-2017

994 views

Category:

Law


2 download

TRANSCRIPT

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Danny Fezer – Solutions Architect AWS Liz Duke – Technical Delivery Manager Irdeto

May 2016

Deep Dive on Microservices and Amazon ECS

What to Expect from this Session

Microservices: What are they?

Challenges of microservices

Microservices on Amazon ECS

Using ECS for a PCI Environment @ Irdeto, by Liz Duke

What are Microservices?

What are Microservices?

“is a software architecture style in which complex applications are composed of small, independent

processes communicating with each other using language-agnostic APIs. These services are small, highly decoupled and focus on doing a small task, facilitating a

modular approach to system-building.” - Wikipedia

https://en.wikipedia.org/wiki/Microservices

Monolithic vs. SOA vs. Microservices

SOA Coarse-grained

Microservices Fine-grained

Monolithic Single Unit

Order UI User UI Shipping UI

Order Service

User Service

Shipping Service

Data Access

Monolithic Architecture

Monolithic Architecture – Scaling

Order UI User UI Shipping UI

Order Service

User Service

Shipping Service

Microservices Architecture

Order UI User UI UI

Order Service Service Shipping

Service

Order UI Order UI

User UI UI Shipping UI

Order Service Order

Service Service

Service Service

Service User

Service

Shipping Service

Microservices Architecture – Scaling

What Are Microservices Challenges?

Resource and state management

Monitoring

Service discovery

Deployment

What Are Microservices Challenges?

Resource and state management

Monitoring

Service discovery

Deployment

Amazon EC2 Container Service

Containers are natural for services

Simple to model

Any app, any language

Image is the version

Test & deploy same artifact

Stateless servers decrease change risk

Server

Guest OS

Bins/Libs Bins/Libs

App2 App1

Managing one host is straightforward

Managing a fleet is hard

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

AZ 1 AZ 2

AZ 3

Easily Manage Clusters for Any Scale

Nothing to run

Complete state

Control and monitoring

Scale

Scalable

Designed for use with other AWS services

Elastic Load Balancing Amazon Elastic Block Store

Amazon Virtual Private Cloud AWS Identity and Access Management

AWS CloudTrail

Clusters

Regional

Resource pool

Grouping of container instances

Start empty, dynamically scalable

Tasks

Unit of work

Grouping of related containers

Run on container instances

Services

Good for long-running applications

Load balance traffic across containers

Automatically recover unhealthy containers

Discover services

What Are Microservices Challenges?

Resource and state management

Monitoring

Service discovery

Deployment

Monitoring with Amazon CloudWatch

Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeks Available metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilization Available dimensions: ClusterName, ServiceName

Monitoring with Amazon CloudWatch

Monitoring with Amazon CloudWatch

Use the Amazon CloudWatch monitoring scripts to monitor additional metrics: e.g., disk space # Edit crontab

> crontab -e

# Add command to report disk space utilization to CloudWatch every five minutes

*/5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used --disk-space-avail --disk-path=/ --from-cron

Monitoring Amazon ECS with Datadog

What Are Microservices Challenges?

Resource and state management

Data management

Monitoring

Service discovery

Deployment

Service Discovery with ECS Services & Route 53

Route 53 private hosted zone Set search path on hosts with DHCP option sets Define ECS services with ELB Create CNAMEs for each ELB

Service Discovery with ECS Services & Route 53

Task

Task Task Task

ECS Service

Application router, e.g.

nginx

Internal ELB with CNAME, e.g.

api.example.com

Route 53 private zone, e.g.

example.com

Service Discovery with Weaveworks

DNS interface for cross-host container communication Gossip protocol to share grouped updates Overlay network between hosts

Service Discovery and Configuration Management with Consul Three main components: •  Consul agent - Runs on each node, responsible for

checking the health of the services and of the node itself.

•  One or more Consul servers - Store and replicate data, leader elected using the Raft consensus algorithm

•  Registrator agent - Automatically register/deregisters services based on published ports and metadata from the container environment variables defined in the ECS task definition

Service Discovery and Configuration Management with Consul

ECS

Clu

ster

consul-server

ECS Instance

consul-agent

registrator

ECS Instance

Back end 1

Back end 2

consul-agent

registrator

ECS Instance

Front end

ECS

Clu

ster

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

33

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

Using ECS for a PCI Environment

Liz Duke, Technical Delivery Manager

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

34

Part of $56B Market Cap Multimedia Conglomerate

Classifieds Etail Market-places

Onlinecomparisonshopping

Payment Onlineservices

C2C B2C

Ecommerce

Internet

ListedVideoEntertainment

DDT DTH

Print

GlobalplaEormoperator

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

35

Key statistics about Irdeto

70% of employees are in

engineering/research/

development

247 issued patents 483 patents pending +2 billion

devices secured

Innovating

Since 1969

Over 300 million broadcast and multiscreen

consumers

#1 in software security for pay media [and the first company to bring to market a software-based CA solution for one-way broadcast networks]

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

36

Serving the world’s best brands

Americas APAC EMEA

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

37

Irdeto around the world: Offices and Data Centers

IrdetoofficelocaGon

DatacentrelocaGon

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

38

Providing a PCI compliant service

A new solution introduces new challenges….

ü  The requirements involved us being able to provide PCI compliant solutions in multiple locations around the world.

ü  We looked at the number of services AWS provides that are already PCI compliant and designed our solution to run utilizing these services.

ü  We utilize the security built in at every level in AWS to segregate and protect our environments and applications.

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

39

Our Design

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

40

Automation is Key

©2016 Irdeto, All Rights Reserved. – www.irdeto.com

41

AWS Services Used

▪  Compute – Elastic Container Service (ECS) ▪  Storage and Content Delivery - S3 and Cloud Front. ▪  Database – DynamoDB ▪  Networking – Virtual Private Cloud (VPC) and Route53 ▪  Security and Identity – Identity Access Management (IAM) ▪  Application Services – Simple Queue Service (SQS) and Simple Workflow

Service (SWF).

What Are Microservices Challenges?

Resource and state management

Data management

Monitoring

Service discovery

Deployment

Scheduling Containers on ECS

Batch Jobs

ECS task scheduler Run tasks once

Batch jobs RunTask (random) StartTask (placed)

Long-Running Apps

ECS service scheduler Health management Scale-up and scale-down AZ-aware Grouped containers

Scheduling Containers: Long-running app

Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%

Scheduling Containers: Long-running App

Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%

Scheduling Containers: Long-running App

Blue-Green Deployments

•  Define two ECS services •  Each service is associated w/ ELB •  Both ELBs in Route 53 record set

with weighted routing policy, 100% Primary, 0% Secondary

•  Deploy to Blue or Green service and switch weights

Task Task

Route 53 record set

with weighted routing policy

0% 100%

ECS CI/CD Partners

Continuous Delivery to ECS with Jenkins

4. Push image to Docker registry

2. Build image from sources 3. Run test on image

1. Code push triggers build

5. Update service

6. Pull image

Thank you!