讲解INFOSYS735、辅导company analysis、辅导web/html编程、讲解web设计
调试Matlab程序|辅导Web开
INFOSYS735 Lab Project 1 – Part I & II
Customer requirements and company analysis
Edit this document to add your responses to the questions or tasks below.
1.0 Customer Analysis: (slides 13-17)
NB: How would you answer/explain these concepts to the customer for THEIR understanding
1.What is high availability?
High availability is about ensuring that your application’s downtime is minimized as much as possible with the need for human intervention. For example, if the availability level is 99%, there are 3.65 days per year when the application is not accessible, but if the availability level is 99.999%, there are only 5.25 minutes per year when the app is not accessible. Therefore, high accessibility can provide our users with better user experience and user satisfaction
2.Why do I need to worry about high availability? I have a disaster recovery plan.
Disaster recovery plan refers to that when the system fails and catastrophic damages occur to the system, the service can be re-established. The establishment process usually requires a certain amount of downtime and human intervention. While high availability focused on technology design and implementation is usually required in the establishment process. High availability, on the other hand, can be automated without human intervention to reduce system downtime.
3.Our customers have asked us if our application is highly available. So, if all of our resources are in the cloud in one Availability Zone in the US West (Oregon), can we tell our customers that we are highly available?
No, if we only have one Availability Zone, when a disaster happens, we will lose all resources and files, and the system will be inaccessible immediately.
4.What is the difference between load balancing and elasticity?
Load balancing acts as the “traffic cop” to distribute a large number of network requests to different servers to balance the load. Elasticity scales in or out plans or resources depend on our usage.
5.The system will store a lot of sensitive personal information. We need to make sure that we can strictly control access. How do we do that?
We can use IAM to strictly control the access rights of sensitive data, and only assign a few users who can access the data access rights.
6.Due to the nature of our application, we track all of the app related access. How will we track all of the infrastructure access?
With CloudTrail, we can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of our AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
1.2 Identify AWS Services (slide 20)
Identify the POTENTIAL services needed and the purpose for each service that will be used to move A Medical Company’s current environment to AWS
1 Glacier: Medical companies have a large number of documents that are not accessed for a long time, and Glacier provides a very low-cost storage space to do this.
2 RDS: To store some user relational data, as well as data required by the web server.
3 EC2: EC2 is used to deploy the websites of the medical company. It can be used to browse products provided by the company and conduct online consultation through the website.
4 Server Migration Service: By using SMS, we can easily migrate a on-premise server to a cloud server with just a few clicks on the console.
5 IAM: Control access rights for different users and roles to ensure the security of data. For example, only a part of the users has access to read user profiles and personal information stored on Glacier.
6.VPC: Use VPC to place the database of company in a private subnet that cannot access the network to ensure the data security of the database.
7. Load Balance: When a user visits a company's website, a large number of requests are assigned to different instances, which can reduce the probability of network congestion.
8. Autoscaling Group: To?increase or decrease number of instances according to the amount of visit flexibility and reducing the cost.
1.3 User Authentication (slides 21-23)
Document groups, users and roles that need to be created.
Group Name: System administrator
Group Permissions: programmatic access and Admin permissions for all resources
Users in Group: 2 users
Group Name: Database administrator
Group Permissions: All permissions for RDS
Users in Group: 2 users
Group Name: Monitoring
Group Permissions: Read permissions for all EC2 RDS S3
Users in Group: 4 monitors
Role Name: auditor
Role Permissions: read/write S3
Complete the following table:
Requirement Solution
Should be at least 8 characters and 1 uppercase, 1 lowercase, 1 special character, and a number To set rules of a password policy in IAM that define the type of password,
Change passwords every 90 days and ensure that the previous three passwords can’t be reused. Enable password expiration in password policy of IAM.
All administrators require programmatic access Create an access key (access key ID and a secret access key) for that user.
Administrator sign-in to the AWS Management Console requires the use of Virtual MFA Force the user to open a Virtual MFA Device
2.0 Detailed Requirements
Use this space to sketch a diagram of your proposed network. Just draw (free-hand) a proposed architecture for this problem using slide 25 as a guide.
2.1 Network and Security
Complete this chart to document the VPC solution
VPC Region Purpose Subnets Azs CIDR Range
Complete this chart to document the DEV subnet solution
Subnet Name VPC Subnet Type
(Public / Private) AZ Subnet Address
Complete this chart to document the TEST subnet solution
Subnet Name VPC Subnet Type
(Public / Private) AZ Subnet Address
2.2 Web and Application Tier
Complete this chart to describe the type, size, and justification for the instances you will use for each tier
Tier Tag* OS Type Size Justification # of instances User Data?
Complete these charts to describe the load balancer and instance security
Load Balancer Name* External/Internal Subnets SG Name* Rule Source
For Web Tier web-elb web-elb-sg
For App Tier app-elb app-elb-sg
Instance Tier SG Name* Rule Source
Web Tier web-tier-sg
App Tier app-tier-sg
Database Tier db-tier-sg
2.3 Business Continuity
Complete this chart to describe the automatic scaling launch configuration
Tier OS Type Size Configuration Name* Role Security
Complete this chart to describe the automatic scaling groups
Tier Launch Configuration* Group Name* Group Size VPC Subnets ELB Tags
Web WebTier WebTier
App AppTier AppTier
2.4 Auditing
Administrators must be able to track every AWS service related action in the account. How can these requirements be satisfied using AWS?