NGINX Plus on AWS

NGINX Plus on AWS

Scott Ward— Solutions [email protected]

NGINX on AWS

NGINX – Usage on AWS and best practices

Who is AWS?

© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.

A broad and deep platform that helps customers

build sophisticated, scalable applications© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.

A Culture of Innovation: Experiment Often & Fail Without Risk

Who is using AWS and what are they using it for?

Startups on AWS

http://aws.amazon.com/solutions/case-studies/


Enterprises on AWS



Infrastructure

Foundation Services

Regions Availability Zones

Storage(Object, Block and Archive)

NetworkingSecurity & Access Control

Platform Services

Databases

Relational

NoSQL

Caching

Analytics

Hadoop

Real-time

Data warehouse

App Services

Queuing

Orchestration

App streaming

Transcoding

Email

Search

Deployment & Management

Containers

Dev/ops Tools

Resource Templates

Mobile Services

Identity

Sync

Mobile Analytics

Notifications

EnterpriseApplications

Virtual Desktops

Data Workflows

Usage Tracking

Monitoring and Logs

Compute(VMs, Auto-scaling and Load Balancing)

CDN and Points of Presence

Collaboration and Sharing

10 regions26 availability zones52 edge locations

Infrastructure

AWS Services Overview

Amazon EC2 – Virtual Servers & resizable compute capacity

Auto Scaling – Scale compute resources up and down

Elastic Load Balancing – Load balancer for compute in-stances

Amazon Elastic Block Storage (EBS) – Block storage for EC2

AWS Service Overview

AWS Identity and Access Management – AWS Account Access Controls

Amazon Route 53 – Scalable Domain Name System

Amazon CloudWatch – Resource and Application Monitoring

NGINX on AWS

NGINX

Who is using NGINX on AWS• Startups, Enterprises, Government Agencies• Example: NASA/JPL Mars Curiosity Mission

NGINX – NASA/JPL

Where NGINX fits

Installing NGINX Plus on AWS

• Launch from AWS Marketplacehttp://aws.amazon.com/marketplace

• Search on “NGINX Plus”– Amazon Linux– Ubuntu

• 30 Day Free Trial !!

• Launch and Verify– $ /etc/init.d/nginx status

http://aws.amazon.com/marketplace

NGINX - Security RecommendationsUse SSH for accessing your hosts

Security Groups to control inbound/outbound traffic

Connection Method

Protocol Port Range Source IP or Group Comments

HTTP tcp 80-80 CIDR IP Range non-encrypted web traffic

HTTPS tcp 443-443 CIDR IP Range encrypted web traffic

SSH tcp 22-22 CIDR IP Range ssh access

SSH tcp 873-873 CIDR IP Range rsync access

SSH udp 5405-5405 CIDR IP Range corosync traffic

Control access here

Load BalancingBehind ELB

region

Route53 hosted zone

Elastic Load Balancer

Web App 1

NGINX Plus EC2 instances

Web App 2 Web App 3

Load BalancingDIY

region

Web App 1

NGINX Plus AMI

Web App 2 Web App 3

Elastic IP

Load BalancingDIY Considerations – Being Auto Scaling Aware

Command Line Option

describe-auto-scaling-instances

describe-instances

Update NGINX configuration

Load BalancingDIY Considerations – Being Auto Scaling Aware

SQS and SNS for notifications

Auto Scaling group

Current State

NGINX

Amazon SQS

Auto Scaling group

Scale up

NGINX

Scale down

Amazon SNS

Amazon SQS

Auto Scaling group

NGINX

Performance

EC2 instance Sizing• Workloads vary

– Start small and move up

Testing Steady State

Initial Launch

T2 class M3 General Purpose Bigger Moreor

Auto Scaling group

EC2EC2

EC2EC2

EC2

EC2

EC2

G2

GPUenabled

M3

General purpose

Memoryoptimized

R3

CR1M2

Storage and IOoptimized

C3

Computeoptimized

CC2C1

I2

HI1

HS1

CG1M1

Broad Set of Compute Instance Types…


PerformanceTraffic profiles

• SSL termination = CPU resources• Lots of small requests = CPU resources• Web Socket = CPU resources• Content Caching = Memory & Instance

Storage• Bandwidth Heavy = Horizontal scaling

Performance Planning

• Determine the right instance profile• Test, Test, Test, Test & Test• Run expected and un-expected traffic

patterns against your environment• Analyze results and tweak where needed

– Throw away what does not work• Monitor

Performance Baselines

Performance testing tools

– ab– jmeter– http_load– siege– curl-loader

– weighttp– httperf– wrk– sslswamp– your favorite tool

Performance Baseline Approaches

Different In-stance

Different Availability Zone

Different Re-gion

NGINXTest

Instance

region

Availability Zone

Availability Zone

NGINX Test Instance

region

Availability Zone

region

Availability Zone

NGINX Test Instance

High Availability – General Recommendations

region

Availability Zone 2

Availability Zone 1

EC2 EC2

region

Availability Zone 1

EC2 EC2

Auto Scaling group

Availability Zone 2

EC2 EC2

Auto Scaling group

Use multiple AZs in a re-gion

Auto Scaling to help with load changes

NGINX High Availability Configuration

• Highly available pair of NGINX instances on EC2 with a public IP Address

• Active/Passive Configuration• Corosync and Pacemaker for clustering


Corosync/Pacemaker

NGINX EC2 Primary

NGINX EC2 Standby

Elastic IP Address


Install and config steps• Allocate an Elastic IP address• Create IAM Instance Profile

– Assign Elastic IP

– Disassociate Elastic IP

– EC2 Describe

• Launch instances with IAM Instance Profile• Install NGINX HA

– $sudo yum install nginx-ha

– $sudo apt-get install nginx-ha

• Start NGINX HA config on both instances– $ sudo nginx-ha-setup

• Answer questions on both instances• Pick a primary• Done!!!

Configuration Verification===========

Last updated: Wed Mar 19 02:46:49 2014

Last change: Wed Mar 19 02:46:42 2014 via cibadmin on nginxha101

Stack: openais

Current DC: nginxha101 – partition with quorum

Version: 1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c

2 Nodes configured, 2 expected votes

2 Resources configured.

============

Node nginxha100: online

ha-ip (ocf::heartbeat:IPaddr2) Started

ha-nginx (ocf::nginx-ha:nginx-ha) Started

Node nginxha101: online

NGINX High Availability Architecture OptionsSame Region

region

Web App 1

Web App 2

Web App 3

Elastic IP

Availability Zone 1

Primary NGINX HA Instance

Availability Zone 2

Failover NGINX HA Instance

Web App 1

Web App 2

Web App 3

NGINX High Availability Architecture OptionsDifferent Regions

Region 1

Elastic IP


Web App 1Web App 2 Web App 3

Availability Zone 2



Availability Zone 1

Elastic IP



Availability Zone 2



Availability Zone 1

Region 2

Amazon Route53 hosted zone

NGINX High Availability Configuration Additional Considerations

• Make sure that both NGINX instances are configured the same for their jobs

• You get Active/Passive with two instances in cluster– Active/Active or more than two instances? Corosync and

Pacemaker documentation

Monitoring

Know what is going on with your environment at all times

Amazon CloudWatch

Default Amazon EC2 metrics

CPU Utilization (Percent)

Disk Reads (Bytes)

Disk Read Operations (Operations)

Disk Writes (Bytes)

Disk Write Operations (Operations)

Network In (Bytes)

Network Out (Bytes)

Status Check Failed (Count)

1 or 5 minute intervals

NGINX Metrics into Amazon CloudWatchstatus.html CloudWatch

Install Agent$ sudo yum install nginx-cw-agent$ sudo apt-get install nginx-cw-agent


Update Configuration $ /etc/nginx-cw-agent/nginx-cw-agent.ini

[source1]name=exampleorgurl=http://example.org/status [source2]name=examplecomurl=http://example.com/statushttp_user=testuserhttp_pass=testpass


Start Background AgentTest - $ /usr/bin/nginx-cw-agent.py –f startAll in - $ sudo service nginx-cw-agent start

View Metrics

NGINX with Amazon CloudWatch Logs

• Consolidate metrics and alarming for log files from 1 or many instances

• Define filters to parse content from your log files• Measure and alarm on specific attributes• Define retention period for your log files

EC2

CloudWatch


Filter

Alarm


EC2

EC2EC2

EC2 EC2

EC2

Capture logs from multiple instances in one place

CloudWatch

Backup Strategy - Options

Protect your configuration• Create an AMI with each new verified config• Snapshot the root volume• Store config files in Amazon S3 or source

repository – Deploy via user-data when new Amazon EC2

instance launches

• Continuous integration software to build new AMIs with your NGINX configuration

Scott Ward— Solutions Architect

AWS Pop-Up Loft925 Market Street

http://aws.amazon.com/start-ups/loft/

Than

k Yo

u!


[email protected]

Technology

NGINX Plus on AWS