블로그 이미지
분무기로 구름을 만들어 비가 내리다. 비내리는사막

카테고리

분류 전체보기 (28)
Cloud (9)
IT용어 (1)
뽐뿌 (1)
개인 (1)
Total
Today
Yesterday

달력

« » 2024.11
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

공지사항

최근에 올라온 글

기업들이 클라우드로 전환하면서 많은 것들에 변화가 생겼습니다.

클라우드는 단순히 인프라만 변화 되는 것이 아니라, 패러다임의 변화까지 줄 수 있는 파급력을 가지고 있습니다.

 

예산을 편성하기 위한 방법도 변화가 필요로 하고, IT 운영에 비용도 연결이 되어야 합니다.

 

우리의 핵심 가치를 어디에 둘 것 인가를 고민 해야 합니다.

무엇을 성과로 보고 측정 할 것인지..

KPI를 수립 함에 있어 아래와 같은 지표들을 통해서 아래와 같은 가치를 어떻게 높일 것 인지 고민 해야 합니다. 

 

비용 절감, 직원 생산성, 운영 안정성/복원성, 비지니스 민첩성

 

- 매년 출시 되는 새로운 애플리케이션

- 새 애플리케이션의 출시 시간

- 새로운 환경을 프로비저닝하는 데 걸리는 시간 (일)

- 배도 빈도 (주기/년)

- 프로덕션 환경에 배포 하는데 걸리는 시간 (일) 

- 테스트를 위해 배포 하는 데 걸리는 시간 (일)

- 릴리스 당 기능 수

- 총 인시던트 / 결함 수

- 테스트에서 발견 된 총 결함의 비율 (%)

 

- 평균 해결 시간 (MTTR)(시간)

- 결함에 대한 대응 시간 (시간)

- 고객 유지율 (%)

- 새로운 기능 도입(%)

- 릴리스당 가치 (잠재 수익 ₩,$)

- 직원 유지율 (%)

- 직원 결근율 (%)

- 직원 순 성과 점수/만족도

- 고객 순 성과 점수/만족도

 

Posted by 비내리는사막
, |

1. T 아카데미 동영상 강좌

https://www.youtube.com/channel/UCtV98yyffjUORQRGTuLHomw


2. T 아카데미 강좌 수강 (무료)

https://tacademy.sktechx.com/live/player/onlineLectureDetail.action


3. AWS 공인 솔루션스 아키텍트 - 어소시에이트 수험 가이드

https://github.com/serithemage/AWSCertifiedSolutionsArchitectUnofficialStudyGuide


4. 생활코딩 AWS 강좌

https://opentutorials.org/course/608/3002


5. 아마존 웹 서비스를 다루는 기술 - 온라인 원고 공개

http://pyrasis.com/aws.html


6. 아마존에서 소개 하는 AWS 공부방법

https://aws.amazon.com/ko/blogs/korea/how-to-learn-aws-cloud-books/


번외1. 코딩 교육

http://tryhelloworld.co.kr/

교육을 들으면서 실습 해볼 수 있는 환경 제공


AWS 정도현님 블로그


http://blog.creation.net/channy-cloud-clinic-ep11


Posted by 비내리는사막
, |

2016년 1월 7일자로 AWS의 12번째 Region인 한국의 Seoul Region이 오픈 되었다.


도입을 검토 하던 많은 기업과 사용자들에게 반가운 소식이 아닐까 싶은데,

기존에 일본에서 도쿄리전에서 사용하고 있던 사용자들은 마이그레이션에 대한 고민을 하지 않을 수 없을 듯 싶다.


사실 마이그레이션이라 함은 쉬운작업이 아니다. 

서비스 운영중에 옴긴다는 것은 많은 것을 고려 해야만 하고 신중해야 하는 작업일 것이다.


아직 서울 리전은 서비스에 오픈되어 있더라도 안되는 내용들이 조금씩 보이고 있다,

CloudFront 에서 ELB 검색이 되질 않는다던지..

Code 3총사들과 같은 서비스는 아직 오픈이 되어있지 않는다는 등.


그래서 일단 신중하라고 얘기하고 싶다. 

바로 서비스를 이전하기 보다는 테스트 먼저 선행 되어야 하며,그리고 이전을 위해서는 직접 하기 보단, 전문 업체에 의뢰하는 것이 좋다


혹여 이 글을 보는 분들 중에 당장 마이그레이션을 검토 중이라면 천천히 이동하는 것을 권고하고 싶다.


아마존에서 제공하는 마이그레이션 백서 (한글판)

RegionMigration_0401013.pdf

https://d0.awsstatic.com/whitepapers/International/ko/RegionMigration_0401013.pdf

Posted by 비내리는사막
, |

출처 : http://devops.com/2014/11/24/amazon-aws-best-practices-enterprise-perspective/


Amazon AWS has changed the IaaS game for startups and growth companies. There are several practices we must acknowledge the importance of during the adoption and implementation of AWS services. Readers are more than welcome to comment, suggest modifications and even add their own little practices they follow during roll outs and implementations. As clients start piloting cloud initiatives it is best to avoid common pitfalls. The below best practices are a good first step in that effort. Below we have compiled a top ten list to be expanded in the future of best practices we have learned during our aws deployments. We look forward to expanding this list in the future.


1.   Choose your VPC infrastructure carefully

a. As you move into the AWS environment often the first thing firms want to do is create a VPC, the question is what type of architecture is appropriate for you?  The answer to this question is driven by the intended use case.  Often internet based organizations will opt to go with a VPC containing Public and Private Subnets. Opting for this type of VPC ensures the services that don’t require direct access to the internet are in a segregated subnet while locating public services access to the public subnet.

b.   Existing enterprise firms intending to burst into the cloud often don’t intend to utilize public facing services and may opt instead for private only subnet and create a secure tunnel between their enterprise and the public cloud.

c.   The architecture with the greatest flexibility tends to be a public/private subnet ensuring the public subnet is available if necessary and can remain unpopulated if not needed.


2.   CIDR Block Selection is driven by two realities: VPC address space is fixed and can’t be changed after it is created.

a.Ensure your VPC address space doesn’t overlap with your corporate space, for internet based firms this is less of an issue, however for enterprise firms this can prevent the need to rebuild the environment after a significant investment in time and resources

b. While AWS allows CIDR blocks to be as large as /16 don’t waste space, having several very large subnets reduces one flexibility as needs arise to support multi-AZ services, or other eventual requirements.  On the other hand don’t overly constrain your environment.


3.   Environment Isolation is an important consideration, the same isolation that’s present in the physical environment should be present in the cloud environment.  The cloud give firms more flexibility in implementation of this isolation, in an effort to control cost, development, integration/test and production environments can be registered under separate accounts ensuring accurate billing and cost controls.


4.   Security: Use security groups to isolate services and management rules

a. Separate public traffic from private using subnets

b. Create a SSH gateway as an entry point for SSH communication

c. Create a VPN tunnel for management access


5.   VPC/Enterprise Integration

When integrating AWS into an existing enterprise environment planning will ensure minimal rework.  Often the key consideration is assigning IP ranges to AWS that do not overlap with the corporate space.  In this way routing between the corporate LAN and AWS will be seamless.


6. IAM: The primary AWS account should be treated like the traditional root user in Linux systems.

a. Create a separate account specifically for administration, with the minimum permissions necessary to perform the task at hand.

b. Create separate accounts for each user, or service to ensure audit traceablity

c. Permissions should be assigned to groups and users to the group, this will minimize duplication of effort

d. All users should utilize strong passwords, in this case refer to your corporate password policy.  Cloud passwords should be as secure as the corporate infrastructure.

e. Don’t share credentials this will wreck audit traceability, and corporate policy, use roles to assign permissions.

f.  Rotate credentials on a regular basis, the same way corporate credentials are rotated.


7.   Disaster Recovery :Remember Disaster Recovery is designed to get backup after a failure.  Traditional enterprise environments are often limited by the question do we need to building a duplicate system for recovery or can we through vendor SLAs perform a data recovery.  In terms of the cloud enterprise customers are able to (at a lower cost) duplicate their environments across availability zones, regions and vendors to create an exceptionally resilient service offering.

a. Do create multiple availability zones.

b. Do use an automated CM tool to maintain your configurations

c. Do create snapshot of your volumes.

d. Do run drills to ensure everything operates as it was architected.

e. Do run drill more than once.

f. Do ensure everyone relevant is aware of the procedure

g. Do architect you environment with sufficient redundancy, to minimize the need recovery efforts.


8.   Security Groups: Security Groups like traditional firewalls should be set with the least permission necessary to accomplish the mission.

a. Decide on a security group methodology; by creating groups to manage access to services ie allow access to ports 80 and 443 for nodes that will be a web server.

b. Create a ssh gateway/ Bastion node and group:

i. Only allow external SSH access to the SSH Gateway

ii.Only allow local SSH access from within a security group, or from the gateway node, this minimized an attackers ability to traverse the networks between zones.

c. Define an enterprise naming convention and stick to it.

d.Utilize the ability to assign multiple security groups to a single asset (up to 5 groups per asset).


9.   Naming Conventions: AWS assets should be named in such a way they can be readily identified, a suggested standardization around the purpose of the Instance, its environment, its region, and its sequence number.  An example of this might be haddop_dn_prod_usw1_001, this represents a production Hadoop data node, in the US-West 1 region.

a. When naming an AMI its a good practice to include the creation date as part of its name, and a complete description. This will minimize confusion when selecting ami for new instances.

b. When naming security groups and key pairs, continue to use the convention purpose, environment, region, function.  For example db_prod_usw1_key or ws_prod_usw1_sg


10. Elastic Load Balancing: Use multiple availability zones to balance traffic in the event of an environment failure (this can still happen within the cloud)

a. Use Route53 to balance traffic between regions, this is not supported by ELB

b. Use ELBs for more than just web traffic, most any protocol can be supported by the ELB, ensure your service can support it

c. ELB timeout after 40 seconds, ensure your application touches the socket before then to prevent the session from timing out.

These are my top 10.  Let me know what you think I missed.

Posted by 비내리는사막
, |

최근에 달린 댓글

글 보관함