Overview

Amazon provides a suite of web services that enables developers to create dynamic and robust applications. Although these tools are effective and versatile, they can be complicated to use. RightScale is dedicated to providing powerful and intuitive solutions and ways to take full advantage of Amazon Web Services. Deploying on AWS can save you time, money, and administrative effort compared to building and maintaining more traditional systems. Deploying on RightScale will magnify your return on investment, cut your time to market, and reduce the resources required to manage your hosted environment. Before we show you how we make it easier, let's cover the basics of the services that Amazon provides. For more information, see http://aws.amazon.com/.

Elastic Compute Cloud (EC2)

EC2 introduces a new paradigm for web hosting. By allowing developers to scale their number of machines up or down within minutes, it offers the capability to create distributed and scalable applications that run in the cloud. EC2 is flexible, reliable, secure, and, most importantly, inexpensive. By only paying for the resources that you actually use, you can bring your multi-server application to market much more cheaply than ever before, and maintain an extremely high level of quality and availability. Let's take a look at some of the basic concepts of how this service works.

For more information, see http://aws.amazon.com/ec2/.

Amazon Machine Images

An Amazon Machine Image (AMI) is a packaged environment that contains a configured operating system--for example, Linux, Unix, or Microsoft Windows. RightScale supports and suggests using our own custom RightImagesTM. RightImages are designed specifically for use on EC2 through RightScale, and each contain a lightweight server installation with a suite of necessary tools prepackaged. We publish the scripts we use so that you can see how they work and even modify them, building your own to suit your particular needs.

Instance Types

Amazon provides a number of different instance types, representing varying degrees of computing power and so on. For example, a small instance runs on a 32-bit platform, while large and extra-large instances run on a 64-bit platform. Different instance types have different levels of computing power and hardware resources. See EC2 Instance Types.

SSH Keys

When you launch an image, you specify a particular SSH key to associate with that image. This allows you to gain access to your machines without using passwords. This is the recommended and most secure way to communicate with your instances. RightScale uses this key to configure and monitor your instances. You should not modify this key or your instances will no longer be able to communicate with the RightScale Dashboard and you won't be able to use key features.

Access Key IDs

Amazon issues two kinds of access key IDs to authenticate requests between instances. Your public access key identifies you as the originator of a request, but is not encrypted. Your secret access key is used to calculate a specific request signature that authenticates you as the true user for services that require authentication on your instances. As the name suggests, this key should be kept private.

X.509 Certificates

Amazon also issues two kinds of X.509 certificates to digitally sign bundled images in AWS. The private certificate is used to verify that a signature could only have come from you. You can request X.509 certificates from the AWS site.

Security Groups

To provide the highest level of security possible, Amazon has implemented security groups. Security groups provide functionality similar to a traditional firewall, but have some additional features. You have the ability to filter traffic based on IP address (either a specific address or subnet), packet types (TCP, UDP or ICMP), and ports (or ranges of ports). You can also grant access to an entire security group, allowing your trusted machines to access each other without having to open ports to the public.

Public Access

For even more security, Amazon provides the option of completely removing public access to an instance. This will ensure that you are safe from any outsiders gaining access to your machine, and even prevents denial-of-service attacks.

Simple Storage Service (S3)

Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.

Pricing for S3 is usage and location based, meaning that charges vary according to the amount of storage space consumed (measured in 1-GB increments) and corresponding transfers and get/put requests acting on the data, as well as the physical location (regional cloud) where data is stored. As part of the free usage tier, new AWS customers receive a 5 GB allocation of free S3 storage for one year.

For more information, see https://aws.amazon.com/s3/.

Simple Queue Service (SQS)

Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly scalable hosted queue for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components performing different tasks, without losing messages or requiring each component to be always available.

Pricing for SQS is usage based. New and existing AWS customers receive a set quantity of SQS queuing requests for free each month.

For more information, see http://aws.amazon.com/sqs/.

CloudFront (CF)

Amazon CloudFront is a web service for content delivery. It integrates with other Amazon Web Services to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no commitments.Amazon CloudFront delivers your content using a global network of edge locations. Requests for your objects are automatically routed to the nearest edge location, so content is delivered with the best possible performance.

CloudFront is priced based on usage (according to the quantity of data requests and size of the content transfered) and is not included in the AWS free usage tier.

For more information, see http://aws.amazon.com/cloudfront/.

AWS Import/Export

AWS Import/Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. AWS transfers your data directly onto and off of storage devices using Amazon’s high-speed internal network and bypassing the Internet. For significant data sets, AWS Import/Export is often faster than Internet transfer and more cost effective than upgrading your connectivity.

AWS Import/Export supports importing and exporting data into and out of Amazon S3 buckets in the US Standard, US West (Northern California), EU (Ireland), and Asia Pacific (Singapore) Regions. AWS Import/Export is priced based on usage and is not included in the AWS free usage tier.

For more information, see http://aws.amazon.com/importexport/.

SimpleDB (SDB) (beta)

Amazon SimpleDB is a web service for running queries on structured data in real time. This service works in close conjunction with EC2 and S3, collectively providing the ability to store, process, and query data sets in the cloud. These services are designed to make web-scale computing easier and more cost-effective for developers.

Traditionally, this type of functionality has been accomplished with a clustered relational database that requires a sizable upfront investment, brings more complexity than is typically needed, and often requires a DBA to maintain and administer. In contrast, Amazon SimpleDB is easy to use and provides the core functionality of a database--real-time lookup and simple querying of structured data--without the operational complexity. Amazon SimpleDB requires no schema, automatically indexes your data, and provides a simple API for storage and access. This eliminates the administrative burden of data modeling, index maintenance, and performance tuning. SDB is intentionally feature poor, and specific architecture considerations must be made before adopting SDB.

Pricing for SDB is usage based. New and existing AWS customers receive a set quantity of SDB machine hours and storage for free each month.

For more information, see http://aws.amazon.com/simpledb/.

Elastic Load Balancing

Elastic Load Balancing automatically distributes incoming application traffic across multiple EC2 instances. It enables you to achieve even greater fault tolerance in your applications, seamlessly providing the amount of load balancing capacity needed in response to incoming application traffic.

Elastic Load Balancing is priced based on usage (that is, hours during which your Elastic Load Balancer is running and the size of the data transfers) and is not included in the AWS free usage tier.

For more information, see http://aws.amazon.com/elasticloadbalancing/.

Route 53

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. It effectively connects user requests to infrastructure running in AWS--such as an EC2 instance, an Amazon Elastic Load Balancer, or an Amazon S3 bucket--and can also be used to route users to infrastructure outside of AWS.

Amazon Route 53 is priced based on usage (that is, the quantity of hosted zones used to store DNS records as well as the volume of DNS queries handled) and is not included in the AWS free usage tier.

For more information, see http://aws.amazon.com/route53/.

AWS Service Health Dashboard

Amazon now offers a dashboard that provides updated status information about all of their Amazon Web Services. If you are experiencing odd behavior with either EC2 or S3, you can now check this link and see if there is a temporary problem or disruption of service. In the event that there is a problem, you can also go to the AWS Service Health Dashboard to read relevant announcements and reports.

http://status.aws.amazon.com/

aws_service_health_dashboard.gif

EC2 Instance Types

EC2 offers a variety of 32-bit and 64-bit instance types. Be sure to choose a size that best meets your requirements:

  • Standard Instances - Best if you are running an application on a server and will have more CPU Memory. Standard Instances are broken up into first generation (M1) and second generation (M3) instances. First generation instances come at a lower cost but also provide less processing performance. Second generation standard instances provide high CPU and memory performance and are best suited for high traffic content management systems, encoding, and memcaching.
  • Micro Instances - Provides a small amount of consistent CPU resources that can increase CPU capacity in small burst. Best suited if you want lower throughput for applications and websites.
  • High-Memory Instances - Best if you have memory-intensive, high throughput workloads like databases, memory caching, and rendering.
  • High-CPU Instances - Best for your compute-level intense applications that will require more CPU resources than memory (RAM).
  • Cluster Compute Instances - Provides increased network-performance for High Performance Compute (HPC) applications.
  • Cluster GPU Instances - Through the use of parallel computing power, provides low latency and high throughput to increase application performance.
  • High I/O Instances - Best for database workloads (provides high levels of CPU, memory, and network performance).

See Amazon's EC2 Instance Types for the current instance pricing structure. You can also use the Simple Monthly Calculator to estimate your usage costs.

EBS Optimized Instance

Amazon charges an additional fee to use an Optimized Instance type. Although this instance type is not necessarily required to utilize the functionality of Provisioned IOPS - an Elastic Block Storage (EBS) volume type for running persistent, high-performance, and high-availability databases - it can help communication between EC2 and EBS. Performance benefits can be seen if you're using high amounts of network bandwidth and disk bandwidth at the same time. Additionally, Amazon guarantees that when a Provisioned IOPS volume is attached to an Optimized Instance, the volume will perform within 10% of their provisioned performance 99.9% of the time.

See Amazon's Instance Types page for descriptions of the currently available AWS Instance Types with EBS optimization.

Increasing Your AWS Limits

Amazon imposes initial limits on several of its resources (EC2 instances, EBS Snapshots, EBS Volumes, ELB, and Elastic IPs) in order to discourage inappropriate consumption. Although each AWS account has several default resource limitations, you can make a request to Amazon to increase these limits when necessary.

In order for you to increase your limits with Amazon you will need to fill out a different web form for each type of resource:

Hard Limits

AWS enforces maximum limits on certain resources for which you cannot make an increase request.

  • EC2 Security Groups (EC2 Classic)- Max: 500 in each region for each account. Each Security Group can have a maximum of 100 rules/permissions.
  • EC2 Security Groups (EC2-VPC) - Up to 100 security groups per VPC.

Email Sending Limitations

In a similar way, Amazon also places limits on the amount of email that can be sent from AWS accounts.  If you plan to send large amounts of email from EC2 instances and wish to have these limits removed from your account, you can place a formal request. 

Network Interfaces (ENI) and Private IP Addresses

Amazon also imposes limits on the maximum number of Elastic Network Interfaces (ENI) per instance type, and the maximum number of private IP addresses per ENI. ENIs and multiple private IP addresses are only available for instances running in a Virtual Private Cloud.

Please see the AWS article Elastic Network Interfaces (ENI) for additional information.

Launching a Windows Server on AWS

Although you can launch a Windows EC2 instance directly from an AMI, we strongly recommend that you launch a Windows server using a ServerTemplate so that you can take advantage of the built-in monitoring, alerting, and configuration scripts. There are several ServerTemplates that are available in the MultiCloud Marketplace for launching common Windows servers. Before you launch an instance directly from an AMI, see what's available in the MultiCloud Marketplace or follow one of our Windows Tutorials.

Create a Security Group for Windows

The first step is to create a security group for your Windows servers and open port 3389 so you can log in to the servers via Remote Desktop Connection (RDC) after launching them.

For information on managing networks and creating a new Security Group. see Creating a New Security Group.

Open TCP port 3389 for the security group. Set IPs to 0.0.0.0/0 to allow any IP addresses.

Launch a Windows Server from an Image

You are now ready to launch a Windows server. Go to Clouds -> AWS Region -> Images. Under the Amazon tab, you will find a list of distributed Amazon Machine Images (AMI) that you can use to launch fresh Windows instances on EC2. (Tip: Filter by nickname: win)

RightScale also published several Windows-based RightImages. See OS and Software Package Support for a current list of available images.

Find the desired AMI and click the associated Launch button.

Provide the configuration parameters as needed. Click Launch. Be sure to select the Windows security group that you just created.

In a couple of minutes, the server will become operational. You can click on the server's nickname to view more detailed information about the server.

Remote Desktop into the Windows Server

Now that the server is operational, you can click on the RDP icon to Remote Desktop directly into the Windows server.

NOTE: You cannot log into a Windows Server using Firefox. You must use Internet Explorer and ActiveX must be installed and enabled.

screen-SSHWindows-v1.png

10-windows_remote_screen.gif

Windows Standard Remote Desktop Connection

You can also use a Remote Desktop Connection to connect to the server. (Windows XP: All Programs > Accessories > Communications > Remote Desktop Connection). Enter the Public DNS Name (ex: ec2-75-101-230-246.compute-1.amazonaws.com) and click Connect.

09-windows_remote_desktop_plain.gif

The last step is to login as Administrator. The initial password is located under the Info tab of the operational server.

08-windows_remote_desktop.gif

Sending Reliable Email from EC2

Sending email reliably involves ensuring that messages are delivered without being rejected or blacklisted by spam filters, MTAs or MDAs. In order to send email reliably from EC2, there are several stategies that are available, including:

Email and Elastic IPs

When developing an email policy with your deployments, note that Elastic IPs are considered dynamic and not static in the global registry. This can create a challenge, as some destinations MTAs (Mail Transfer Agents) carry out a reverse DNS lookup on the SMTP client to verify the source of a receiving email. When a reverse DNS lookup is performed, emails that do not match the sender's domain can be dropped. Although this is technically outside mail RFCs and SPF should be utilized instead, it remains a common practice for mail administrators.

To stop destination mail (SMTP) servers from blocking email that originates from EC2 instances, you can map a DNS PTR record (reverse DNS) against the Elastic IP used with your SMTP server (for example, mail.mydomain.com). AWS released this support In March 2010.

Note: To apply for RDNS to be configured for your EIP, complete Amazon's Request to Remove Email Sending Limitations form.

Additionally, we recommend checking various/commonly used Real-Time Black Hole Lists (RBLs) to ensure the EIP of your SMTP server is not blacklisted. If you are blacklisted and unable to remove your IP from the blacklist, a new EIP should be purchased and applied to the SMTP server.

Tracking EC2 Usage Costs

Please see RightScale Optima for information on tracking EC2 usage costs.

AWS Limits

  • Disclaimer: We make a best effort to remain current with specific cloud resource limits, but please consider information from the Cloud Provider to be definitive if there is ever a discrepancy.

Soft Limits

Resource Default Limit Change Request
EC2 Instance 20 per region EC2 Instance Limit Increase Request
Elastic Block Storage (EBS) Per account:
* 20 TiB in total Standard volume storage
* 10,000 Provisioned IOPS or 20 TiB in total. Provisioned IOPS volume storage (whichever is reached first)
* 5 concurrent snapshot copies to a single EC2 destination region
* 5,000 total volumes per account
* 10000 total snapshots per account
EBS Volume Limit Increase Request
Elastic IP (EIP) 5 per region Elastic IP Limit Increase Request
Elastic Load Balancer (ELB) 10 Elastic Load Balancer Limit Increase Request
Cluster Compute Instance (CCI) 8 Cluster Compute Instance Limit Increase Request
High I/O Instance 2 High I/O Instance Limit Increase Request
Virtual Private Cloud (VPC) 5 Virtual Private Cloud Limit Increase Request
Email sent from AWS accounts Request to Remove Email Sending Limitations

Hard Limits

Resource Limit
Security Groups EC2-Classic - Maximum 500 Security Groups with up to 100 rules/permissions each
EC2-VPC - Max 100 Security Groups per VPC.

Network Interfaces (ENI) and Private IP Addresses

Amazon also imposes limits on the maximum number of Elastic Network Interfaces (ENI) per instance type, and the maximum number of private IP addresses per ENI. ENIs and multiple private IP addresses are only available for instances running in a Virtual Private Cloud.

Please see the AWS article Elastic Network Interfaces (ENI) for additional information.

Setting Up Amazon S3

Amazon's Simple Storage Service (S3) allows you to create 'buckets' (containers) for storing data such as images, database dump files, and database backups.

Prerequisites

  • Access to log into the AWS console and sign-up for cloud services. You cannot sign-up for the S3 service from the RightScale Dashboard.

Steps

Sign-up for Amazon S3

Before utilizing the remote storage capabilities of AWS S3 from within RightScale, you must Sign-Up for Amazon S3.

Create Cloud Credentials

You must specify the following information when you upload objects to an S3 bucket or retrieve private objects from a bucket. Fortunately, credentials are automatically created when the AWS cloud is added to a RightScale account.

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

If you are using ServerTemplates published by RightScale, many of them contain scripts for interacting with various remote object storage services like S3. Although, you will not find the following AWS credentials under the common location for user-defined credentials (Design > Credentials), you will be able to select them when you set up inputs.

[screen_Select_AWS_Key_v1.png

Further Reading