AWS 的云计算安全概览

AWS_亚马逊_会议总结

Amazon Web Services 会议总结简要 1AWS服务概览 2AWS存储服务 3AWS计算服务和网络 4AWS管理的服务和数据库 5AWS部署和管理 1 AWS服务概览 ?基本服务 ◆Amazon S3(Simple Storage Service) ◆Amazon EBS(Elastic Block Store) ◆Amazon EC2(Elastic Compute Cloud) ◆Amazon VPC(Virtual Private Cloud) ◆Amazon IAM(Identify and Access Management) ?客户为什么使用AWS ◆敏捷性 ◆平台功能的广度和深度(10区域26可用区52边缘站点) ◆持续的迭代和创想 ◆成本节省和灵活性(以可变费用取代固定资产嵌入规模经济让企业成本更低) ◆帮助中国客户数分钟走向国外(各种定价模式支持变化和稳定的工作负载模型,当 企业的规模增长时有更低的价格)

灵活基础服务架构 ? AWS 针对大企业的更新 ◆ 经验 ◆ 功能广度和深度 ◆ 创新的步伐 ◆ 全球业务 ◆ 价格理念 2 AWS 存储服务 主要选项 Amazon S3(Simple Storage Services)重点介绍 Amazon EBS(Elastic Block Store) Amazon Glacier AWS Storage Gateway AWS Import/Export S3特点 适用于换联网的存储服务本地联机 HTTP 访问 随时随地从WEB 存储和检索任意量的数据 高耐久 高扩展 可靠 快速 客户 更多的使用 应基础设 价格

亚马逊 AWS Amazon EBS的功能更新

亚马逊AWS Amazon EBS的功能更新 Amazon EBS(Elastic Block Store,简称EBS)为Amazon EC2实例提供块级存储服务。EBS卷需要通过网络访问,并且能独立于实例的生命周期而存在,也就是说假如EC2实例出现问题,那么存放在EBS卷上的数据还是可以得到保存。Amazon EBS提供高可用性、高可靠性的存储卷,并可以与一个正在运行EC2实例相连接且在实例中显示的为一个设备。对于那些需要建立数据库、文件系统或需要访问原始数据块级存储的应用程序来说,EBS非常合适。对于刚接触EBS概念的用户,可以把它看成是类似传统企业中的SAN存储服务来理解EBS的功能定位。不过需要注意的是一个EC2实例可以加载多个EBS卷,但是一个EBS卷同时只能被加载到一个EC2实例。 EBS有几个重要的功能特点。首先,EBS是可靠、安全的存储,每个EBS磁盘卷会在一个可用区中被自动复制来提升数据的可靠性。其次是比较高的性能。EBS通过Provisioned IOPS(PIOPS)卷可以提供高达4000IOPS/卷,能够满足绝大部分应用的需求,而且用户还通过RAID方式来实现高达48000的IOPS要求。第三,EBS支持快照功能,从而使得用户可以快速创建数据备份。由于EBS快照是保存在S3上面的,因此这些备份数据可以得到高达11个9的持久性。另外,这些EBS快照还可以跨区域进行复制,从而实现磁盘数据的跨区域迁移。 Amazon EBS最近新增了下面两个用户反馈非常积极的功能。 1.EBS卷的加密 有时候用户想要对EBS卷进行加密,从而更好保护自己的数据。以前,用户只能通过选择一个可以在文件系统级别进行数据加密的方案自己实现。现在,EBS提供了一个新的卷加密选项,用户在新创建EBS卷的时候可以选择是否创建一个加密的卷,如下图所示:

亚马逊 AWS 认证解决方案架构师–专业人员样题

Your company’s on-premises content management system has the following architecture: ?Application Tier – Java code on a JBoss application server ?Database Tier – Oracle database regularly backed up to Amazon Simple Storage Service (S3) using the Oracle RMAN backup utility ?Static Content – stored on a 512GB gateway stored Storage Gateway volume attached to the application server via the iSCSI interface Which AWS based disaster recovery strategy will give you the best RTO? A) Deploy the Oracle database and the JBoss app server on EC2. Restore the RMAN Oracle backups from Amazon S3. Generate an EBS volume of static content from the Storage Gateway and attach it to the JBoss EC2 server. B) Deploy the Oracle database on RDS. Deploy the JBoss app server on EC2. Restore the RMAN Oracle backups from Amazon Glacier. Generate an EBS volume of static content from the Storage Gateway and attach it to the JBoss EC2 server. C) Deploy the Oracle database and the JBoss app server on EC2. Restore the RMAN Oracle backups from Amazon S3. Restore the static content by attaching an AWS Storage Gateway running on Amazon EC2 as an iSCSI volume to the JBoss EC2 server. D) Deploy the Oracle database and the JBoss app server on EC2. Restore the RMAN Oracle backups from Amazon S3. Restore the static content from an AWS Storage Gateway-VTL running on Amazon EC2 An ERP application is deployed in multiple Availability Zones in a single region. In the event of failure, the RTO must be less than 3 hours, and the RPO is 15 minutes. The customer realizes that data corruption occurred roughly 1.5 hours ago. Which DR strategy can be used to achieve this RTO and RPO in the event of this kind of failure? A) Take 15-minute DB backups stored in Amazon Glacier, with transaction logs stored in Amazon S3 every 5 minutes. B) Use synchronous database master-slave replication between two Availability Zones. C) Take hourly DB backups to Amazon S3, with transaction logs stored in S3 every 5 minutes. D) Take hourly DB backups to an Amazon EC2 instance store volume, with transaction logs stored in Amazon S3 every 5 minutes. The Marketing Director in your company asked you to create a mobile app that lets users post sightings of good deeds known as random acts of kindness in 80-character summaries. You decided to write the application in JavaScript so that it would run on the broadest range of phones, browsers, and tablets. Your application should provide access to Amazon DynamoDB to store the good deed summaries. Initial testing of a prototype shows that there aren’t large spikes in usage. Which option provides the most cost-effective and scalable architecture for this application? A) Provide the JavaScript client with temporary credentials from the Security Token Service using a Token Vending Machine (TVM) on an EC2 instance to provide signed credentials mapped to an Amazon Identity and Access Management (IAM) user allowing DynamoDB puts and S3 gets. You serve your mobile application out of an S3 bucket enabled as a web site. Your client updates DynamoDB. B) Register the application with a Web Identity Provider like Amazon, Google, or Facebook, create an IAM role for that provider, and set up permissions for the IAM role to allow S3 gets and DynamoDB puts. You serve your mobile application out of an S3 bucket enabled as a web site. Your client updates DynamoDB. C) Provide the JavaScript client with temporary credentials from the Security Token Service using a Token Vending Machine (TVM) to provide signed credentials mapped to an IAM user allowing DynamoDB puts. You serve your mobile application out of Apache EC2 instances that are load-balanced and autoscaled. Your EC2 instances are configured with an IAM role that allows DynamoDB puts. Your server updates DynamoDB.

亚马逊AWS的云计算服务有哪些优势

亚马逊AWS的云计算服务有哪些优势 亚马逊AWS作为云计算服务的领军者,AWS对SaaS解决方案的设计提供了一些云计算服务最佳实践。 亚马逊AWS的云计算服务第一个云计算服务最佳实践就是将平台化的功能隔离出来,SaaS产品的更新速度是非常快的,但是我们仍然能够总结出一些核心的功能是基本不变或者能够在很多其他新的产品模块中重用的。我们要将这部分功能分离出来进行平台化改造以服务于更多的其它功能,将这些功能平台化以后也会降低整个系统的耦合性从而支撑更多的SaaS应用的功能。对通用功能的平台服务隔离可以更好的调优和独立扩展,同时重用核心服务并结合应用框架的使用会极大提升应用开发的效率。 亚马逊AWS的云计算服务第二个最佳实践是优化成本和性能,在传统的技术架构下这两者之间往往需要进行一定的平衡,而在AWS云的架构下的SaaS服务云模式下往往可以实现鱼与熊掌兼得。在每个架构层次实现弹性的横向扩展可以让我们实现按使用量付费的模式,而不需要为了获得强大的性能而提前付出大量的资源成本,同时我们在SaaS的AWS架构下可以使用更小的、平行的资源单位进行扩展,从而更为贴近SaaS环境下的实际资源需求,在合适的场景下尽可能的采用完全由AWS托管的服务(比如Amazon DynamoDB等)来降低SaaS合作伙伴的运维成本并提升效率。 亚马逊AWS的云计算服务第三个最佳实践是针对SaaS解决方案设计的。云计算服务,首先对于多租户的设计要针对SaaS应用自身的特点来进行规划,总体的设计原则是系统会有多个帐号,而一个帐号会对应多个用户,一个用户又会对应多个角色;其次是对于系统处理各种请求时要按照优先级进行分级管理,在通过使用AWS各种服务如SQS、SWF等对系统进行解偶后,对AWS 资源集约使用的前提下,对请求分优先级处理会极大提升SaaS架构的处理能力和稳定性;接下

相关主题
相关文档
最新文档