Running Java and Grails applications on Amazon · PDF fileRunning Java and Grails applications on Amazon EC2 Chris Richardson Author of POJOs in Action Founder of Cloud Tools and Cloud

Running Java and Grails applications on Amazon EC2applications on Amazon EC2

Chris RichardsonAuthor of POJOs in Action

Founder of Cloud Tools and Cloud FoundryyChris Richardson Consulting, Inc

www.chrisrichardson.netwww.chrisrichardson.net

Overall presentation goalp g

Show how to useAmazon Elastic Compute CloudAmazon Elastic Compute Cloud

for developing and deploying Java applications

Copyright (c) 2009 Chris Richardson. All rights reserved. Slide 2

About ChrisAbout Chris• Grew up in England and live in Oakland, CA• Over 20+ years of software development

experience including 12 years of Javaexperience including 12 years of Java• Author of POJOs in Action• Speaker at JavaOne, SpringOne, NFJS,

JavaPolis, Spring Experience, etc.• Chair of the eBIG Java SIG in Oakland • Chair of the eBIG Java SIG in Oakland

(www.ebig.org)• Run the Groovy/Grails meetup

(http://java.meetup.com/161)• Run a consulting and training company that u a co su t g a d t a g co pa y t at

helps organizations reduce development costs and increase effectiveness

• Founder of Cloud Tools, an open-source project for deploying Java applications on Amazon EC2: http://code google com/p/cloudtoolshttp://code.google.com/p/cloudtools

• Founder of a startup that provides outsourced, automated, and Java-centric datacenter management on the cloud: www.cloudfoundry.comy


About You

BackgroundBackgroundPrior experienceExpectations


Agendag

Amazon-style cloud computingAWS deep-diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS


Computing has come a long wayp g g y

Past PresentPresent

www.computermuseum.org.uk

www.dell.com

Yet we rarely have enough hardware

de co

y g


Typical web applicationyp pp

Can we afford the production hardware? Do we know how much to buy?How long does it take to buy and install?Who is going to set it up?


Who is going to set it up?Can we afford a test lab?

Cloud computingp g

A pool of highly scalable, abstracted A pool of highly scalable, abstracted infrastructure that hosts your application, and is billed by

consumptionpBy James Staten of Forrester Research

AND is managed via a web services API

me


Power generationgPast Present


Amazon-Style Cloud Computingy p g

Si l Q S i Si l DBSimple Queue Service (SQS)

Simple DB(name/attribute pairs)

Pay per Elastic Compute Cloud

(EC2)use

services d

( )

Simple Storage Service(S3) Elastic Block Store managed

by Amazon

(S3)

CloudFront

Elastic Block Store(EBS - SAN)


Amazon(content delivery)

What is Amazon EC2?

Virtualized computing environmentServer instances managed through a web service APIRuns Linux Windows and SolarisRuns Linux, Windows and Solaris

https://ec2.amazonaws.com/?Action=RunInstances&ImageId=ami-398438493

<RunInstancesResponse>…

&MaxCount=3&MinCount=3

k

</RunInstancesResponse>

cer@arrakis ~$ ssh … [email protected] login: Sun Dec 30 18:54:43 2007 from 71.131.29.181[root@domU-12-31-36-00-38-23:~]


EC2 Pricingg

Pay by the hourLinux: $0.10-0.80/hourWindows: $0.125-$3.20/hour

External bandwidth:$0.10-0.18/Gbyte


Elastic Block Storageg

Mountable storage volumes"O d d SAN""On-demand SAN"Size: 1 GB to 1 TBMount on a single instanceMount on a single instance

Create snapshotsStored in S3Stored in S3Create new volumes from the snapshot

Cost:Cost:$0.10/GByte/month$0.10 per 1 million I/O requests$ p q


What is the Amazon Simple Storage Service (S3)?g ( )

Flat storage model consisting of buckets and objectsj

Bucket – has a name and contains objectsObjects – has a key, stores 1 byte - 5GObject key can look like a path ☺

Cost:$0.15/GB-Month$0.10-0.18/GB of data transferred$ $ / b ll$0.00001-$0.000001/Web Service callData transfers between EC2 and S3 are free of bandwidth charges

Accessed via RESTful APIAccessed via RESTful APIPUT – create bucket or objectGET – retrieve objectDELETE – delete an objectDELETE delete an object


Web application on Amazon EC2pp

W b B

HTTP(S)

Tomcat Server(instance 2)

MySQLDB (Slave)(instance 5)

Web Browser Apache Server(instance 1)

MySQLDB (Master)(instance 4)



EBS Volume

6 instances = $0.60/hour = $432/month


S3

6 instances $0.60/hour $432/month3 instances = $0.30/hour = $216/month( + storage and bandwidth costs)

Using AWS in your applicationg y pp

S3 - Store media etc in S3SQS - messaging between loosely coupled componentsSimpleDB – alternative to RDBMSCloudFront – to distribute contentUsing these APIs

Couples your application to AWSCouples your application to AWSBut using them is optional


So what does this mean?

For developersI di Immediate access to many serversSimplified setupGreat for testingGreat for testing

For deploymentFaster time to marketFaster time to marketEliminates capital expensesNo long-term commitmentsgReduces risk of success catastropheSomeone else takes care of the muck


Example – moretasteleague.com p g

Grails applicationGrails applicationShort-term marketing marketing campaign siteFluctuating loadFluctuating load

Sat/Sun 4 serversMon-Fri 1 serverMon Fri 1 server


Agendag



These are web service

Choices:SOAPREST or REST-like API (a.k.a. Query API)

Th t t d d d tThese are not your standard data-provider Web Services They allow software to manage They allow software to manage hardware resources

ServersServersStorage…


Example: Launching instances using AWSg

<RunInstancesResponse><reservationId>r-60907709</reservationId><ownerId>556666664445</ownerId><ownerId>556666664445</ownerId>…<instancesSet>

<item><instanceId>i-4ef21327</instanceId><imageId>ami-3795705e</imageId><instanceState>

<code>0</code><name>pending</name>

</instanceState>

https://ec2.amazonaws.com?Action=RunInstances&ImageId=ami-3795705e </instanceState>

<placement><availabilityZone>us-east-1b</availabilityZone>

</placement><dnsName/>

/

&MaxCount=1&MinCount=1…

<reason/><keyName>gsg-keypair</keyName><amiLaunchIndex>0</amiLaunchIndex>

</item></instancesSet>


/</RunInstancesResponse>

Using the Query APIg Q yhttps://ec2.amazonaws.com/?queryparametershttps://<region> ec2 amazonaws com/?queryphttps://<region>.ec2.amazonaws.com/?queryparameters...Mandatory parameters:

Action what to doAction – what to doAWSAccessKeyId – your access idVersion – API versionTimestamp when request was madeTimestamp – when request was madeExpires – when it expiresSignature – digest of parameters and secret key Si t V i t t 1 (d t d) 2SignatureVersion – set to 1 (deprecated) or 2

Other parameters depend on ActionReturns an XML document


Lots of developer resourcesp


Agendag

Amazon-style cloud computingAWS d diAWS deep-dive

Using EC2Using S3Using S3Using CloudFront

Using Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2Programming with AWS


Instance typesyp

Virtual Compute 32/ Memory Storage $/hrCores

pUnits /core*

/64Bit

y g $/

Small 1 1 32 bit 1.7G 160G 0.10

High-CPUMedium

2 2.5 32 bit 1.7G 350G 0.20

Large 2 2 64 bit 7.5G 850G 0.40

Extra Large

4 2 64 bit 15G 1690G 0.80Large

High-CPU XL

8 2.5 64 bit 7G 1690G 0.80


* EC2 Compute Unit = 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor

Operating systemsp g y

Use Amazon provided Machine Image (AMI)32/64-bit Fedora Core 4/6/832/64 bit Fedora Core 4/6/8Windows Server 2003 ($0.125-$2/hour)Optional SQL Server Standard ($1.10-3.20/hour)3.20/hour)

Many 3rd parties have public AMIsVarious Linux distributionsE g Redhat RightScaleE.g. Redhat, RightScale

Sun provides OpenSolarisBuild your own AMI:

Install applications starting with existing AMI and save new AMICreate an AMI from scratch


Example EC2 API operationsp p

Operation Parameters XML documentp

RunInstances AMI, #instances instanceIds

DescribeInstances InstanceId.n(optional)

statednsNames

GetConsoleOutput instanceId Console output

RebootInstances InstanceId.n

TerminateInstances InstanceId.n


RunInstances

ParametersI Id id f th AMI t l hImageId – id of the AMI to launchMinCount – mininum number of instancesMaxCount – maxium number of instancesMaxCount maxium number of instancesInstanceType – small, large, xlarge…KeyName – keypair nameUserData – unstructured data…

Response:Response:InstanceIds…


About Key PairsyKey pair is a named private key/public key pair associated with your accountyNot to be confused with the private key/certificate used to authenticationLaunching an instance: specify the keyPair nameg p y yUsing ssh: specify "-i privatekeyfile"Management API:

CreateKeyPair(name) -> PrivateKeya y a ( a ) a yDescribeKeyPairsDeleteKeyPair

Don'tLose the private key fileForget to specify key name when launching


DescribeInstances

DescribeInstances parameters:InstanceId n – id of instanceInstanceId.n id of instance

Response:imageIdinstanceIdinstanceIdinstanceState:

pendingrunningrunningshutting-downterminated

When instanceState == running:When instanceState == running:dnsNameprivateDnsName

…


Instance IP AddressesPublic IP address

Implemented using NATUse when outside of EC2You can use internally but you pay!

Internal IP addressAllocated using DHCPAllocated using DHCPNon-routable, only within EC2

Public DNSOutside: resolves to public IP addresspInside: resolves to private IP address

Private DNSInside: resolves to private IP addressO t id d t lOutside: does not resolve


Usage modelg

RunInstancesPeriodically call DescribeInstancesWhen state ==runningg

DescribeInstances returns public/private dnsNames

…TerminateInstances


Elastic IP addresses

Instance IP addresses are dynamically allocated on start-upallocated on start up

Does not work well for publicly accessible services, e.g. a website

Elastic IP addresses:Elastic IP addresses:Statically allocated public IP addressesAssociated with your account (max. 5)Attached to an instance (e g public facing web Attached to an instance (e.g. public facing web server) = it's public IP addressYou configure DNS to resolve to the elastic IP address

Pricing:Non-attached Elastic IP address - $0.01/hour$0 10 per remap (if > 100 in a month)$0.10 per remap (if > 100 in a month)


Elastic IP address operationsp

Operation Parameters XML document

DescribeAddresses PublicIp.n (optional) List of IP addresses and associated instance idinstance id

AllocateAddress - Public IP address

Release Address Public Ip address -

AssociateAddress InstanceId Public IP AssociateAddress InstanceId, Public IP Address

-

DisasssociateAddress Public IP Address -DisasssociateAddress Public IP Address


Security Groupsy pNamed set of firewall rules associated with your accountAn instance

Belongs to one or more security groupsDefaults to “default” security groupg

Permits inbound trafficProtocol: tcp, udpRange of ports

?Action=RunInstances&SecurityGroup.1=g1&SecurityGroup.2=g2

From:Anywhere – specific port rangeAn IP address (range) – specific port rangeAnother group - all ports

Common usagePort 80 (http)/443 (https) – anywhere

When you first signup don’t forget to enable

ffPort 22 (ssh) – just from your location


SSH traffic

Security Group APIy p

Parameters XML document

CreateSecurityGroup GroupNameGroupDescription

DescribeSecurityGroups GroupName.n Lots of information

DeleteSecurityGroup GroupName

AuthorizeSecurityGroupI

GroupNamelIngress …rules…

RevokeSecurityGroupIngress

GroupNamerulesIngress …rules…


Regions and availability zonesg y

By default, your database By default, your database master and slave could run on the same physical host!Regions - geographically dispersed locations

us-east-1

eu-west-1p

Availability zone -engineered to be insulated from failure in other zonesSpecify availability zone

us-east-1a, eu-

west-1ap y ywhen launching instancesSLA with 99.95% availability with multiple availability zones

us-east-1b

west 1a

You pay for inter-zone network traffic us-east-

1c

eu-west-1b


Regions and Availability Zones APIg y

Operation Parameters XML document

DescribeRegions Region.n (optional) List of region names and urls

DescribeAvailabilityZones ZoneName n List of availability zones DescribeAvailabilityZones ZoneName.n List of availability zones and state

https://<region>.ec2.amazonaws.com?Action=RunInstances&Placement.AvailabilityZone=<availabilityZone>

https://ec2.amazonaws.com?Action=RunInstances&Placement AvailabilityZone <availabilityZone>


&Placement.AvailabilityZone=<availabilityZone>

Local instance storageg

/d / 1 ll 1 di 1 l 1 l l/dev/ m1.small c1.medium m1.large m1.xlarge c.xlarge

sda1 / / / / /

sda2 /mnt /mnt

sda3 swap swap swap swap swap

sdb /mnt /mnt /mnt

sdc avail avail avail

sdd avail avail

sde avail availsde avail avail

160G 350G 850G 1690G 1690GRoot partition = 10GFirst write to a location of drive initializes it ⇒ slower


First write to a location of drive initializes it ⇒ slower

But one minor thingg

Your local data is lost

If either, You terminate your instance y

or, the drive fails

Either very good or very bad


Elastic Block Storageg

Mountable storage volumes"O d d SAN""On-demand SAN"Size: 1 GB to 1 TBMount on a single instanceMount on a single instance

Create snapshotsStored in S3Stored in S3Create new volumes from the snapshot

Cost:Cost:$0.10/GByte/month$0.10 per 1 million I/O requests$ p q


Elastic block store operationspOperation Parameters XML document

CreateVolume Size, SnapshotId, volumeId, …, p ,Availability zone

,

DeleteVolume volumeId

DescribeVolumes VolumeId.n size, status, zone, DescribeVolumes VolumeId.n size, status, zone, attachment

AttachVolume VolumeId,InstanceId, Device

DetachVolume VolumeId,InstanceId, Device, Force

CreateSnapshot VolumeId snapshotId, status

DescribeSnapshots SnapshotId.n snapshotId, status, progress, ..

DeleteSnapshot SnapshotId


Using EBS Volumesg

kf f /d / dhmkfs.xfs /dev/sdhecho "/dev/sdh /vol xfs noatime 0 0" >> /etc/fstabmkdir /vol/mount /vol


Agendag





What is the Amazon Simple Storage Service (S3)?g ( )

Flat storage model consisting of buckets and objectsand objectsBucket

has a name e g <AccessKey> <name>has a name, e.g. <AccessKey>.<name>contains objects

Objects jHas a key, e.g. mypicture.jpgStores 1 byte - 5G

Si l ti hi hi l fil tSimulating a hierarchical file-systemObject key can look like a path ☺presentations/february09/aws pptpresentations/february09/aws.ppt


Amazon S3 pricingp g

$0.18-0.12/GB-Month $0.10-0.17/GB of data transferred$0.00001-$0.000001/Web Service $ $ /callData transfers between EC2 and S3 are free of bandwidth charges


S3 REST API

PUT / HTTP/1.1Create a bucket

PUT /<ObjectName> HTTP/1 1

Host: <BucketName>.s3.amazonaws.com …

Create a bucket

PUT /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com ……Bytes…

Create an item in a bucket

GET /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com … Download an item

DELETE /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com

Delete an item


… Delete an item

S3 REST API

PUT /<DestinationObjectName> HTTP/1.1Host: <DestinationBucket>.s3.amazonaws.comx-amz-copy-source: /<SourceBucket>/<SourceObject>

Copy an object

a opy sou / Sou u / Sou Obj…

Retrieve metadataHEAD /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com …

GET ?params HTTP/1.1Host: <BucketName>.s3.amazonaws.com …

list contents of bucket


S3 Securityy

Authentication: access key id + digest with secret keyAuthentication: access key id + digest with secret keyBuckets and objects can be:

Public – accessible by anyonePrivate – accessible to owner, acl memberPrivate accessible to owner, acl member

ACL grants READ/WRITE/FULL_CONTROLManaging ACLs: GET/PUT to /bucket?acl or /bucket/object?acl

GET /<ObjectName> HTTP/1.1Host: <BucketName>.s3.amazonaws.com Authorization: AWS AWSAccessKeyId:Signature…

GET /<ObjectName>?AWSAccessKeyId=XX&Expires=XX&Signature=XX HTTP/1.1Host: <BucketName>.s3.amazonaws.com


…

Using EC2 and S3 togetherg g

AMIs are stored in S3EC2 instances use S3:

Use REST APIStore database snapshots in S3Use 3rd party Linux file system that stores data in S3EBS volume snapshots live in S3


Agendag





Amazon CloudFront

Content delivery networkOriginal content stored in S3 bucketRegister publically accessible bucket

ith Cl dF t i d i with CloudFront ⇒ unique domain name (foo1234.cloudfront.net)Content accessed through that Content accessed through that domain name is delivered by geographically distributed edge geographically distributed edge servers

http:// foo1234.cloudfront.net/i/bar.jpg k / /b⇒ <BucketName>/i/bar.jpg


Cloud Front API

OperationsCreate DistributionList DistributionsGet Distribution InfoGet/Set Distribution ConfigurationDelete Distribution

Distributions can be enabled/disabled


Agendag



Signing up for Amazon Web Services

Login using your Login using your existing Amazon accountSelect the web services you want to services you want to useOnly takes a few minutesB t ti But can sometimes be confusing: various ids, keys, certificates etc


AWS Credentials etc

Account NumberAccess Key IdSecret Access KeyyX.509 Certificate:

Public key + Private KeyPublic key + Private Key

Authenticate using either:Access Key Id and Secret Access Key Access Key Id and Secret Access Key (REST/Query APIs)Certificate (SOAP APIs + AMI Creation)( )


EC2 API and ToolsSOAP and Query APIs

Launch and manage instances etcA id d CLI lAmazon provided CLI tools

CLI equivalents of APIsAMI creation tools

AWS CLI tools from Tim KayyCLI for S3 and EC2Alternatives to Amazon CLI tools

AWS ConsoleVery slickVery slick

ElasticFoxAwesome Firefox pluginLaunch and manage instances

S3 OrganizerS3 OrganizerFirefox pluginManipulate S3 buckets and objects

…


aws - simple access to EC2 and S3p

http://timkay com/aws/http://timkay.com/aws/Easy to use CLI for EC2 and S3Implemented in PerlpAuthenticates using access id and secret key stored in ~/.awssecret


AWS Management Consoleg


Demos

Using the AWS Console


ElasticFox– Firefox pluginp g

Supports multiple accounts which can be very useful


S3 Organizerg


Creating your own imageg y g

Easier: Modify an existing AMIL h AMILaunch AMIConfigure: e.g. yum install …

Harder: Build one from scratchHarder: Build one from scratchLaunch AMICreate a file to contain OS installationCreate a file to contain OS installationMount as a loopback fileInstall OS: yum –-installrooty

Use AMI tools to bundle and upload to S3


Creating an AMIg

# locallyyscp pk-mine.pem root@myInstance:/mntscp cert-mine.pem root@myInstance:/mnt

# on instance# on instancecd /mntec2-bundle-vol -d /mnt -e /root/.ssh

-k pk-mine.pem -c cert-min.pem

Make sure you exclude directories

-u <myAccountId>

ec2-upload-bundle -m /mnt/image.manifest.xml-a <accessKeyId>

containing secrets

-a <accessKeyId>-s <secretKeyId>-b <bucketName>


# Use WS API: RegisterImage ⇒ AMI id

AWS Status Pageg


Agendag

Amazon-style cloud computingAWS deep diveUsing Amazon EC2gOverview of Cloud ToolsDeveloping on Amazon EC2Developing on Amazon EC2Deploying on Amazon EC2Programming with AWSProgramming with AWS


Deploying a web application on EC2p y g pp

HTTP(S)



Web Browser Apache Server(instance 1)

( )

MySQLDB (Master)(i t 4)

(instance 5)

Tomcat Server

(instance 4)

MySQLEBS Volume

Amazon EC2 is a great place to run Java applications You can deploy standard Java stacksN t k t i b t th t fi

(instance 3) DB (Slave)(instance 6)

EBS Volume

S3


Not rocket science but there are many servers to configure and files to upload

S3

What's Cloud Tools?

Open-source project32 and 64 bit AMIs32 and 64 bit AMIs

Cent OS 5.10Apache/Tomcat/MySQL/JMeter/JetS3t installedp y Q

EC2Deploy frameworkLaunches instancesConfigures Tomcat MySQL ApacheConfigures Tomcat, MySQL, ApacheDeploys web applicationsRuns Jmeter tests

•Quicker deployment

Written in Groovy

Maven and Grails pluginsQuick and easy deployment to EC2

•More accurate configuration

Quick and easy deployment to EC2


EC2Deploy frameworkp y

Provides a DSL for describing a cluster:N b f T t M SQL lNumber of Tomcats, MySQL slavesDatabase scriptsLocation of web applicationsLocation of web applications

Launches EC2 instancesConfigures MySQLg y QConfigures Tomcat and deploys web applicationsConfigures Apache to proxy the Tomcat serversRuns JMeter testsRuns JMeter tests


Extensible provisioning and management platformg p

Built using Domain Driven DesignMain extension points:

New IaaS clouds N i f t t t /New infrastructure components/servers

Implement interfaces or define subclassessubclasses

Define methods for deploy, start, stop, …Write the scripts Write the scripts

Recently added support for Spring dm server and eXo Portal Server

2/16/2009 Copyright (c) 2009. Chris Richardson Consulting Inc. Confidential 70

Example EC2Deploy Scriptp p y p

def ec2 = new EC2(…)

ClusterSpec clusterSpec = new ClusterSpec().tomcats(1).instanceType(EC2InstanceType.SMALL).slaves(1)

ebApp('/home/cer/ /ptrack' "ptrack").webApp('/home/cer/…/ptrack', "ptrack").catalinaOptsBuilder({optsBuilder, databaseHost, slaves ->

optsBuilder.arg("-Xmx500m")optsBuilder.prop("jdbc.db.server", databaseHost)})

.schema("ptrack", ["ptrack": "ptrack"], ["src/test/resources/testdml1.sql", [ s c/test/ esou ces/testd .sq ,"src/test/resources/testdml2.sql"])

SimpleCluster cluster = new SimpleCluster(ec2, clusterSpec)

cluster.start()

cluster.loadTest("/home/cer/…/jmeter/SimpleTest.jmx", [5, 10, 15])

cluster.stop()


Maven Pluging

<plugin><groupId>net chrisrichardson</groupId>

Goals:• deploy• redeploy

h<groupId>net.chrisrichardson</groupId><artifactId>cloudtools-maven-plugin</artifactId><configuration><schemaName>ptrack</schemaName><schemaUsers>

• createsnapshot• stop• dbsave• dbrestore• jmeter…<schemaUsers>

<param>ptrack:ptrack</param></schemaUsers><catalinaOptsBuilder>{builder, databasePrivateDnsName ->{ ,

builder.arg("-Xmx1000m")builder.prop("jdbc.db.server", databasePrivateDnsName)}

</catalinaOptsBuilder></configuration>

</plugin>

$ mvn cloudtools:deployCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 72

$ mvn cloudtools:deploy

Grails Pluging

Packages E2Deploy as a Grails g p yframework pluginDeploys a Grails application to EC2Provides a large number of scripts

$ grails cloud-tools-deploy


Cloud Foundryy


Agendag



Collecting performance metricsg p

700070

4000

5000

6000

40

50

60

TPS

1000

2000

3000

10

20

30TPS

ART

R i 00

1 2 4 8 16 32 64Requires hardwareTime consuming

Measure transactions/second (TPS), average response time (ART), utilization, etc.

Multiple test runs with different loads, number of servers, etc.

Time consuming


Load testing with Cloud Toolsg

R JM t ith <performanceReport><cpus>1</cpus>

Runs JMeter with specified number of threads

p p<threads>10</threads><host><name>database</name><cpuUtil>3.2757014224403784</cpuUtil>

</host>threadsCollects machine utilization stats

<host><name>tomcat0</name><cpuUtil>94.32473318917411</cpuUtil>

</host><host><name>apache</name>

Generates reportsExecutes multiple t t

<name>apache</name><cpuUtil>0.12280614752518504</cpuUtil>

</host><host><name>jmeter</name><cpuUtil>7.033683910704496</cpuUtil>

test runs simultaneously

</host>…<duration>557.943</duration><tps>10.753786677133686</tps><art>916.6578333333</art>


</performanceReport>

mvn cloudtools:jmeter -Dcloudtools.thread.count=1,4,8

Browser Mob


Other kinds of testingg

Testing failoverLaunch clusterTake down serversTest recovery scripts, e.g. MySQL slave->master

T ti d t b dTesting database upgradesLaunch clusterI ll h f d i dInstall snapshot of production dataApply database migration scriptV if th t it kVerify that it works


Functional testingg

Tests can be slow, e.g.Web testsDatabase intensive tests

Run tests in parallel on EC2Multiple test drivers, app servers, DBsRelatively cheap: >$75/hour developer vs. $0.10/hour machine


Selenium Grid from Thoughtworksg


Building on a fresh machineg

Debug builds that fail because of a missing dependency

Maven dependencyManually installed 3rd party library

Build on a fresh EC2 instance Great for open-source projects


Agendag

Amazon-style cloud computingAWS deep-diveUsing Amazon EC2Overview of Cloud ToolsDeveloping on Amazon EC2Deploying on Amazon EC2

The basicsHandling securityHigh availability

Programming with AWSProgramming with AWSCopyright (c) 2009 Chris Richardson. All rights reserved. Slide 83

Deploying on Amazon EC2 –startups/small businessesp /

Some VCs require it Get up and running quicklyValidate your business idea without:y

Upfront costs Long-term financial commitmentg

Scale up/down with loadReduces the risk of a success Reduces the risk of a success catastrophe


Deploying on Amazon EC2 –enterprisesp

No need to wait for corporate ITIn some companies it can take 2 In some companies it can take 2 months to acquire hardwareRequires a long-term financial commitment upfront costscommitment, upfront costs

Use for short-term projects, e.g.Websites for marketing campaignsg p gNew York Times style projects

Use for applications that have fluctuating loads e g

Cloud Computing Survey: IT Leaders See Big Promise, Have Big Security Questions

fluctuating loads, e.g.heavily used once a week, once a month


www.cio.com/article/455832/Cloud_Computing_Survey_IT_Leaders_See_Big_Promise_Have_Big_Security_Questions

Issues with AWS

Security:Security:Lack of PCI complianceDiscomfort with sending customer data to a 3rd party

Technology:Not yet suitable for extremely large relational databasesLack of very large machines, Lack of very large machines, e.g. 64G memoryLack of multicast and multiple IP addresses

Financials:Financials:Cost of bandwidthSteady state costs > your own hardware


Lack of virtual IP addresses

One IP address for use in the cloud Using Elastic IP = $Handling active/standby failover is g / ydifficult:

E.g. Cannot migrate IP address of failed database to standby database

Have your own host namesUpdate /etc/hostsRun DNS server


No multicast for resource discoveryy

Prevents the use of standard clustered resource discovery

E.g. JGroups etc

Use a registry: DatabaseSimpleDBSecurity groups…


No hardware load balancingg

Coming in 2009Use software load balancer

ApacheHAProxy…


Cost issuesRunning larger servers 24 x 7 looks expensive (e.g. $560/month)( g $ / )

BUT when owning your own hardware

Lack of elasticityLong procurement timeMust buy for the estimated peak loadMust buy for the estimated peak loadMust buy redundant hardwareRisk of a success catastrophe

CostElectricity, cooling, spaceSystem administration costsManagement overhead


Starter website - $$

w w w .acm e.com

EC 2 Instance

E lastic IP A Low cost - $72/month

Elastic - load increases ⇒d i f i tApache

T om cat

expand in a few minutes

Available –instance crashes ⇒replace in a few minutes

M ySQ L

p

EB S V olum e


Higher capacity website - $$g p y $$

www acme com

Elastic IP

www.acme.com

Low cost - > ~$216/month (1 or more Tomcats, 0 or more Slaves)

Apache

Elastic - load changes ⇒ quickly expand/subtract Tomcats with no downtime

Tomcat Tomcat

Available –instance crashes ⇒replace in a few minutes

MySQL(Master)

EBS Volume

MySql (slave)


Highly available - $$$g y $$$

www.acme.com Higher cost - > ~$

Availability Zone A Availability Zone B

Elastic IP A Elastic IP B

Higher cost > $ 360/month (2 Apaches, 2 MySqls, 1 or more Tomcats, 0 or more Slaves)

El ti l d h

Apache Apache

Elastic - load changes ⇒quickly expand/subtract Tomcats with no downtime

Available – No SPOF, instance

TomcatTomcat Tomcat

Tomcat

,crashes ⇒ replace in a few minutes

MySQL(Master 1)

MySQL(Master 2)

EBS Volume EBS Volume


EBS Volume

Batch processing architecturep g

e g media transcodinge.g. media transcoding


Cloud burstingg

Host application on your own hardware Use AWS for short-term spikes

e.g. use EC2 instances with slave DBs to handle read-only requests

Periodic batch jobsE.g. content rendering/transformation


Easy upgradesy pg

Clone production environmentMake read-only or turn offSnapshot EBS volumes and create new

lvolumes

Apply upgrades to cloneTest cloneMove elastic IP addresses to cloneTerminate old instances once you are sure that everything works


Backing up your databaseg p y

mysqldump --add-drop-database --databases foo | gzip > backup.sql.gznow=`date +%d%m%y_%H%M`aws put $bucket/${object}_${now}.sql.gz backup.sql.gzaws copy $bucket/${object}_latest $bucket/${object}_${now}.sql.gz

FLUSH TABLES WITH READ LOCKSHOW MASTER STATUS

xfs_freeze -f /vol

# AWS WS: CreateSnapshot

xfs freeze -u /volxfs_freeze u /vol

UNLOCK TABLES


Agendag




AWS Security Whitepapery p p

Good physical securityS3, SimpleDB and EBS is stored redundantlyA b d i i t i tl Access by sys. admins is strictly controlledNetwork security: DDoS prevention Network security: DDoS prevention etc.EC2:EC2:

Automatically wipes disksCannot sniff traffic for other instancesCannot sniff traffic for other instances


Security benefits of cloud computingp g

Leverages the world class security techniques as amazon.comUnlimited loggingAbility to test changes on a cloneClone servers and volumes for forensic analysis


Security concernsy

The standard concerns of any publically accessible serverDo you trust the vendor?What if someone subpoenas Amazon?Where is your data physically y p y ylocated?


The usual security best practicesy p

Turn off unused servicesFile ownership and permissionsDisabling password based ssh loging p gStandard Linux, Apache, Tomcat and MySQL best practicesy Q p


Network securityy

Use security groupsLimit SSH access to only your locationConsider encrypt network trafficypUse a software firewall (e.g. iptables) in addition to security groupsy g p

Security Group: Tomcat Servers are only accessible from Apache Serveriptables: Tomcat servers only allow port 22 and port 8009 (AJP)


Using security groupsg y g p

Grant permissions to either:IP address range and port rangeOther security group

Security group based permissions Benefit: add new servers without changing rulesDrawback: allows all ports


Using security groupsg y g p


Storage securityg y

Amazon wipes disks so one customer cannot see another’s dataBut

You don’t know where it isAmazon could be subpoena’d

Consider encrypting dataEncrypted file systemsEncrypting sensitive data in DBEncrypting backups in S3


Agendag




Deploying highly available applicationspp

AWS has had very well publicized outages

BUT…Is internal IT really any better?In reality: AWS is reliableyDon’t forget:

You are not responsible for the hardwareYou are not responsible for the hardwareInstance fails ⇒ Launch a new one in a few minutes


But once in a blue moonFrom: Amazon EC2 Notification [email protected]: Notice: Degraded Amazon EC2 InstanceTo: XXXXX@yahoo comTo: [email protected]: Friday, January 23, 2009, 5:54 AMHello,

We have noticed that one or more of your instances are running on a hostdegraded due to hardware failuredegraded due to hardware failure.

i-5e0b8b34

The risk of your instances failing is increased at this point. We cannotdetermine the health of any applications running on the instances. We recommendthat you launch replacement instances and start migrating to them.

Feel free to terminate the instances with the ec2-terminate-instance API whenyou are done with them.

Let us know if you have any questionsLet us know if you have any questions.

Sincerely,

The Amazon EC2 Team


Amazon EC2 SLA*

99.95% availability if you are using >1 availability zoneAvailability

Instances have external connectivityYou can launch new instances

Service credit for not meeting SLA

* Read the small print


Highly available - $$$g y $$$

www.acme.com

Availability Zone A Availability Zone B

Elastic IP A Elastic IP B

Apache Apache

TomcatTomcat Tomcat

Tomcat

MySQL(Master 1)

MySQL(Master 2)

EBS V l


EBS Volume EBS Volume

Agendag



Using AWS in your applicationg y ppAccess instance meta dataSimple Storage Service (S3)Simple Storage Service (S3)

Stores blobs of dataEg. Photo sharing websiteStore mediaHand out URLs to S3 objects

Simple Queue Service (SQS)Hosted queue-based messaging systemq g g yAlternative to JMSLoosely coupling between systems

SimpleDBSchema-less non-relational databaseStore data setsExecute queries


Eventual consistencyy

AWS is distributedData is replicated among many nodesData is replicated among many nodesReplication takes timeUpdates eventually appear

Why?CAP theorem by BrewerPick two: consistency, availability, Pick two: consistency, availability, partitioning

Example:S3 a GET might not see a PUTS3 – a GET might not see a PUTSQS – reading from a queue might not retrieve recently added messages…


Instance meta data

Instance can find out:f b lfInformation about itself

User data supplied by user at launch timeEnables a generic AMI to customize itself gdynamicallyAvailable data includes:

user-datauser datasecurity-groupspublic-hostnameplacement/availability-zoneplacement/availability zone…

curl http://169.254.169.254/2008-12-01/meta-data/<<data type>>


SimpleDB modelp

DomainHas a nameContains items

Item:Has a nameHas one or more attributes

Attribute:Has a nameHas one or more values


Simple DB modelpIt’s not a relational database

No joinsEventual consistency - updates eventually appearNo transactions – single item updateNo locking

LimitsLimits100 domains per account250,000,000 attribute name-value pairs per domain256 attribute name-value pairs per itemQueries return …

Pricing:Machine utilization: $0 14/hour after first 25 free Machine utilization: $0.14/hour after first 25 free hours/monthFees for data transfer in and out (Free for access from EC2)


SimpleDB Operationsp pSOAP and REST APIDomains: Create/List/DeleteDomains: Create/List/DeletePutAttributes

DomainNameAttributeNameAttributeNameAttribute.N.Name/Attribute.N.ValueAttribute.N.Replace – add or replace

DeleteAttributesDomainNameAttributeNameAttribute.N.Name/Attribute.N.Value

GetAttributesDomainNameAttributeName.n


SimpleDB Select queriesp q

“SQL-like” Select query languageVarious limitations

Sort by attribute must appear in where clause and select list…

select * Select operation

SelectExpression

select * from domainNamewhere SomeAttribute > 2order by SomeAttributelimit 10

NextTokenlimit 10


SimpleDB custom queriesp q

Query[‘SomeAttribute’ > 2]

DomainQueryExpresssion

[ SomeAttribute > 2] sort ‘SomeAttribute’

Pagination with: MaxNumberOfItems/NextTokenR t It NReturns ItemNames

QueryWithAttributesAdd A ib N ( i l)Adds AttributeName.n (optional)Returns values


Using SimpleDBg pReplace joins by denormalizing/duplicating data

E.g. Duplicate child data in parent in parent-child l i hirelationship

Parallelize SimpleDB requestsAn application should/could issue multiple requests in parallelp

Partition data across multiple domainsE.g. People1, People2Improves performanceS l hUse SimpleDB when:

You can tolerate inconsistenciesYou don’t need transactionsi e bad for banking but good for social network read i.e. bad for banking but good for social network, read intensive data

E.g. http://blog.adaptiveblue.com/?p=1145People-Interaction-Thing (1-N N-1)St I t ti i P l d i ThiStore Interaction in People and in Thing


Amazon SQSQQueues:

As many as you wantUnlimited sizeMessages deleted after 4 daysAWS might delete queues that are idle for > 30 daysMessage are to 8Kb (store binary and larger messages in Message are to 8Kb (store binary and larger messages in S3 or SimpleDB)

Semantics of distributed queuingOrder is not guaranteed

lAt-least onceReceiveMessage returns messages from a subset of servers, e.g. possibly no messages

Pricing:g$0.000001 per Request$0.100 per GB – all data transfer in$0.170-0.100 per GB – data transfer out


SQS API detailsQSOAP API onlyManaging queriesManaging queries

Create/List/Delete QueuesSending a Message

SendMessageSendMessageProcessing a message

ReceiveMessageDeleteMessagee ete essageVisibility timeout: a received message that is not deleted within the timeout will reappear

Queue attributesSetQueueAttributes/GetQueueAttributesApproximateNumberOfMessagesVisibilityTimeout


Java libraries for AWS

JetS3tJetS3tRich API for accessing S3jets3t.dev.java.net/j j

TypicaAPI for SQS, EC2, SimpleDBcode.google.com/p/typica

SimpleJPASubset of JPA on Subset of JPA on Simple DBcode.google.com/p/simplejpa


Summaryy

Amazon-style cloud computingI di t t l bl Immediate access to a scalable infrastructurePay as you go – no upfront investment/commitment requiredEasily scale up/downOptional proprietary servicesOptional proprietary services

Cloud ToolsEasy deployment and testing from Maven y p y gand GrailsConfigure multiple clustersRun JMeter tests in parallelRun JMeter tests in parallel


Final thoughtsg

• Download Cloud Tools today:• http://code.google.com/p/cloudtools

• Checkout Cloud Foundry:• http://www.cloudfoundry.com

B b k ☺• Buy my book ☺• Send email:

• [email protected]

• Visit my website:• Visit my website:

• http://www.chrisrichardson.net

• Talk to me about consulting and trainingtraining

Phone: 510 904 9832


Documents

Running Java and Grails applications on Amazon · PDF fileRunning Java and Grails applications on Amazon EC2 Chris Richardson Author of POJOs in Action Founder of Cloud Tools and Cloud