联系方式

  • QQ:99515681
  • 邮箱:99515681@qq.com
  • 工作时间:8:00-23:00
  • 微信:codinghelp

您当前位置:首页 >> Web作业Web作业

日期:2019-05-17 10:10

INFOSYS735 Lab Project 1 – Part I & II

Customer requirements and company analysis


Edit this document to add your responses to the questions or tasks below.


1.0 Customer Analysis: (slides 13-17)

NB: How would you answer/explain these concepts to the customer for THEIR understanding


1.What is high availability?


High availability is about ensuring that your application’s downtime is minimized as much as possible with the need for human intervention. For example, if the availability level is 99%, there are 3.65 days per year when the application is not accessible, but if the availability level is 99.999%, there are only 5.25 minutes per year when the app is not accessible. Therefore, high accessibility can provide our users with better user experience and user satisfaction


2.Why do I need to worry about high availability? I have a disaster recovery plan.


Disaster recovery plan refers to that when the system fails and catastrophic damages occur to the system, the service can be re-established. The establishment process usually requires a certain amount of downtime and human intervention. While high availability focused on technology design and implementation is usually required in the establishment process. High availability, on the other hand, can be automated without human intervention to reduce system downtime.


3.Our customers have asked us if our application is highly available. So, if all of our resources are in the cloud in one Availability Zone in the US West (Oregon), can we tell our customers that we are highly available?


No, if we only have one Availability Zone, when a disaster happens, we will lose all resources and files, and the system will be inaccessible immediately.


4.What is the difference between load balancing and elasticity?


Load balancing acts as the “traffic cop” to distribute a large number of network requests to different servers to balance the load. Elasticity scales in or out plans or resources depend on our usage.


5.The system will store a lot of sensitive personal information. We need to make sure that we can strictly control access. How do we do that?


We can use IAM to strictly control the access rights of sensitive data, and only assign a few users who can access the data access rights.


6.Due to the nature of our application, we track all of the app related access. How will we track all of the infrastructure access?


With CloudTrail, we can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of our AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.


1.2 Identify AWS Services (slide 20)

Identify the POTENTIAL services needed and the purpose for each service that will be used to move A Medical Company’s current environment to AWS


1 Glacier: Medical companies have a large number of documents that are not accessed for a long time, and Glacier provides a very low-cost storage space to do this.


2 RDS: To store some user relational data, as well as data required by the web server.


3 EC2: EC2 is used to deploy the websites of the medical company. It can be used to browse products provided by the company and conduct online consultation through the website.


4 Server Migration Service: By using SMS, we can easily migrate a on-premise server to a cloud server with just a few clicks on the console.

5 IAM: Control access rights for different users and roles to ensure the security of data. For example, only a part of the users has access to read user profiles and personal information stored on Glacier.

6.VPC: Use VPC to place the database of company in a private subnet that cannot access the network to ensure the data security of the database.

7. Load Balance: When a user visits a company's website, a large number of requests are assigned to different instances, which can reduce the probability of network congestion.

8. Autoscaling Group:  To?increase or decrease number of instances according to the amount of visit flexibility and reducing the cost.


1.3 User Authentication (slides 21-23)


Document groups, users and roles that need to be created.


Group Name: System administrator

Group Permissions: programmatic access and Admin permissions for all resources

Users in Group: 2 users


Group Name: Database administrator

Group Permissions: All permissions for RDS

Users in Group: 2 users


Group Name: Monitoring

Group Permissions: Read permissions for all EC2 RDS S3

Users in Group: 4 monitors


Role Name: auditor

Role Permissions: read/write S3


Complete the following table:


RequirementSolution

Should be at least 8 characters and 1 uppercase, 1 lowercase, 1 special character, and a numberTo set rules of a password policy in IAM that define the type of password,

Change passwords every 90 days and ensure that the previous three passwords can’t be reused.Enable password expiration in password policy of IAM.

All administrators require programmatic accessCreate an access key (access key ID and a secret access key) for that user.

Administrator sign-in to the AWS Management Console requires the use of Virtual MFAForce the user to open a Virtual MFA Device


2.0 Detailed Requirements


Use this space to sketch a diagram of your proposed network. Just draw (free-hand) a proposed architecture for this problem using slide 25 as a guide.


2.1 Network and Security


Complete this chart to document the VPC solution


VPC Region Purpose Subnets Azs CIDR Range

Complete this chart to document the DEV subnet solution


Subnet Name VPCSubnet Type

(Public / Private) AZ Subnet Address

Complete this chart to document the TEST subnet solution


Subnet Name VPCSubnet Type

(Public / Private) AZ Subnet Address

2.2 Web and Application Tier


Complete this chart to describe the type, size, and justification for the instances you will use for each tier


Tier Tag* OS Type Size Justification # of instances User Data?

Complete these charts to describe the load balancer and instance security


Load Balancer Name* External/Internal Subnets SG Name*Rule Source

For Web Tier web-elb web-elb-sg

For App Tier app-elb app-elb-sg


Instance Tier SG Name* Rule Source

Web Tier web-tier-sg

App Tier app-tier-sg

Database Tier db-tier-sg

2.3 Business Continuity


Complete this chart to describe the automatic scaling launch configuration


Tier OSType Size Configuration Name* Role Security

Complete this chart to describe the automatic scaling groups


Tier Launch Configuration* Group Name*Group Size VPC Subnets ELB Tags

Web WebTier WebTier

App AppTier AppTier


2.4 Auditing


Administrators must be able to track every AWS service related action in the account. How can these requirements be satisfied using AWS?


版权所有:留学生编程辅导网 2018 All Rights Reserved 联系方式:QQ:99515681 电子信箱:99515681@qq.com
免责声明:本站部分内容从网络整理而来,只供参考!如有版权问题可联系本站删除。