Types of Cloud Services - Web Services

Pelle Jakovits Outline

• Overview of different types of • IBM quantum computers in IBM cloud • Disadvantages / advantages of using Cloud Services to build applications – Vendor Lock-in

5/11/2021 2/55 Cloud computing

• Has emerged as the backbone of modern economy – Offers subscription-based services anytime, anywhere following a pay-as-you-go model • Shorter establishment times for start-ups • Creation of scalable global enterprise applications • Much more than just IaaS, PaaS and FaaS – Has enabled many specialized and provider-managed services • Has enabled Infrastructure-as-code model

5/11/2021 3/55 Cloud Providers and Services we have discussed

• Amazon Web Services – Compute: EC2 – Storage: S3, Elastic File Storage, RDS – Data: Data pipelines, EMR – Scaling: Elastic Load Balancing, Auto Scale, CloudWatch • OpenStack • OpenShift • • IBM Functions, Cloudant

5/11/2021 4/55 AWS Management Console

• You can manage your complete AWS account with management console – AMI Management – Instance Management – Security Group Management – Elastic IP Management – Key Pair management • Have different pages for different services

5/11/2021 5/55 AWS Management Console

5/11/2021 6 Identity and Access Management (IAM)

• How can an enterprise or group of users use one credit card? • Manage IAM users – Create new users and manage them – Create groups • Manage credentials – Create and assign temporary security credentials • Manage permissions – Creating policies for specific services and users – Can use very fine-grained granularity

5/11/2021 7/55 AWS Identity and Access Management

5/11/2021 8/55 IAM user view

5/11/2021 9/55 AWS Access Policies

• Define which user groups get access to which resources – Define policies – Attach policies to user groups • Very high granularity – Specify individual service actions, cloud availability zones, negation rules, resources the rules apply to • Can become very complex - a very high number of different services and service actions to manage

5/11/2021 10/55 AWS Access Policies

5/11/2021 11/55 IAM policy example

5/11/2021 12/55 IAM policy example

5/11/2021 13/55 AWS CloudFormation

• Provides an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion • It is based on Deployment template modeling – Templates describe the AWS resources, the associated dependencies, and runtime parameters to run an app. – The templates describe stacks, which are set of software and hardware resources. – Similar to TOSCA, CloudML and RightScale server templates • Define services in YAML or JSON format • Hides several details – How the AWS services need to be provisioned – Subtleties of how to make those dependencies work.

5/11/2021 14/55 Resources: Ec2Instance: Type: 'AWS::EC2::Instance' Properties: SecurityGroups: - !Ref InstanceSecurityGroup - MyExistingSecurityGroup KeyName: mykey InstanceType: t2.micro ImageId: ami-7a11e213 InstanceSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0 5/11/2021 15/55 AWS CloudFormation • Amazon provides several pre-built templates to start common apps, such as: – WordPress (blog) – LAMP stack (Linux, Apache, MySQL, and PHP) – Gollum (wiki used by GitHub) • There is no additional charge for AWS CloudFormation. • You pay for the utilized AWS resources (e.g. EC2 instances, Elastic Load Balancers, etc.) • http://aws.amazon.com/cloudformation/

5/11/2021 16/55 CloudFormation Designer

5/11/2021 https://www.syntouch.nl/custom-cloudwatch-metrics-revisited/ 17/55 AWS Lightsail

5/11/2021 18/55 AWS Lightsail

• A Virtual Private server – Simplified EC2 • Monthly price instead of hourly like in EC2 • Automatically configures networking, access, and security • Includes load balancer and scaling for increased traffic • Supports containers • When: Want to set up a simple site, have fixed costs, less management

5/11/2021 19/55 AWS Data Pipeline

• Service for orchestrating data movement and processing tasks inside AWS

• DataNode - Location of the data source or destination. (SqlDataNode, S3DataNode, ...) • Activity - Operation to perform on data (CopyActivity, EmrActivity, ...) • Schedule - When data pipelines activities are initiated (On-demand, CRON, ...) • Precondition - Conditions for when pipeline tasks can be executed • Resource - EC2 resources or other AWS services Activities depend on

• Open Source alternative: Apache NiFi

5/11/2021 20/55 AWS Snowball

• Device for secure and physical Data Migration • Storage capacity: 50 – 80TB • Migrate Big Data: analytics data, genomics data, video libraries, image repositories, backups, etc.

5/11/2021 21/55 AWS Snowball Edge

• Device for Data Migration together with Onboard pre- processing capability. • Onboard compute service options: – AWS Lambda, EC2 AMIs – 26 or 52 vCPUs – Optional GPU for machine learning and real time video analysis • Storage capacity: 100TB • Clustering: Up to 20 nodes

5/11/2021 22/55 AWS Snowmobile

• Petabyte- to Exabyte-scale data transfer service for moving extremely large amounts of data to AWS • 100 PB of Data => as much as 1,250 AWS Snowball devices • Pricing: – $0.005/GB per month – $5243/PB per month

5/11/2021 23/55 AWS Glue

• Scalable serverless data integration – No servers to manage • Automate data integration at scale • Visual and code-based interfaces to define data integration services

5/11/2021 24/55 AWS Glue services

• AWS Glue Data Catalog – Central and persistent metadata store for data assets stored in different AWS services – Automatic schema discovery – Manage and enforce schemas for data streams • AWS Glue DataBrew – visual data preparation tool – 250 pre-built transformations to automate data preparation tasks – filtering anomalies, converting data to standard formats, and correcting invalid values • AWS Glue Elastic Views – Combine and replicate data across multiple data stores – Build materialized views using SQL – Changes to source data trigger updates to the materialized views – Supports Amazon DynamoDB, S3, Redshift, Elasticsearch, RDS, Aurora

5/11/2021 25/55 AWS Glue

5/11/2021 26/55 AWS Data Exchange

• Find, subscribe to, and use datasets • 80+ qualified data providers – Reuters, Foursquare, Vortexa, IMDb • AWS Data Exchange charges customers to store data you load to the service • Measure storage usage in “Byte-Hours” • Providers can ask subscription fee (or provide for free) • Providers can verify subscribers who get access and see an overview of subscribers

5/11/2021 27/55 Machine Learning

• TensorFlow on AWS – On-demand performance optimised TensorFlow VMs • AWS managed PyTorch - – TorchServe - Deploy trained PyTorch models at scale – TorchElastic - training large-scale deep learning models • Amazon Lookout – Vision: Spot product defects using computer vision – Metrics: Detect anomalies in metrics and identify their root causes – Equipment: Detect abnormal behavior by analyzing sensor data • : Conversational AI for Chatbots • Amazon Forecast: Time-series forecasting service, no machine learning experience required • Amazon CodeGuru: Automate code reviews and optimize application performance with ML-powered recommendations

5/11/2021 28/55 Amazon SageMaker

• Build, train, and deploy machine learning models • Automated machine learning • Data Wrangler to clean and • Feature store for storing, updating and sharing ML features • Clarify for detecting bias in models • Distributed training for scaling up model training

5/11/2021 29/55 AWS Analytics

• AWS Athena - Interactive analytics • AWS Elastic MapReduce - Big data processing • - Data warehousing • Amazon Kinesis - Real-time analytics • Amazon Elasticsearch Service - Operational analytics • Amazon Quicksight - Dashboards and visualizations

5/11/2021 30/55 RoboMaker

• Simulate and deploy robotic applications • WorldForge: Generate randomized simulation worlds that mimic real-world conditions • Run large-scale, parallel simulations • Managed ROS/Gazebo environment • ROS Cloud Extensions – mazon Rekognition for object detection – Amazon Kinesis for video streaming – for converting text to speech – Amazon Lex for speech recognition • Hardware developer kits from Intel, Nvidia, Qualcomm

5/11/2021 31/55 RoboMaker world simulation

5/11/2021 32/55 AWS DeepRacer

• Machine learning through a cloud based 3D racing simulator • Experiment with sensor inputs, reinforcement learning algorithms, neural network configurations and simulation to- real domain transfer methods • Fully autonomous Physical 1/18th scale race car driven by reinforcement learning, • Global racing league.

5/11/2021 33/55 End User Computing services

• AWS WorkSpaces - fully managed, persistent desktop virtualization – Users can access data, applications anywhere, anytime, from any supported device – Eencrypted, managed, and persistent virtual machines to work from anywhere – Provision Windows or Linux desktops on-demand and scale to thousands of desktops

• AWS AppStream - managed non-persistent desktop and application virtualization service – move your desktop applications to AWS – Deliver demos, trials of desktop applications through a browser to customers in minutes

5/11/2021 34/55 Networking

• Amazon VPC - Define logically isolated network for AWS resources • AWS Transit Gateway - Connect VPCs and on-premises networks • AWS PrivateLink - Provide private connectivity between VPCs, services, and on- premises applications • Amazon Route 53 - Route users to applications with a managed DNS service • Elastic Load Balancing - Automatically distribute traffic across instances, containers and Lambda functions • AWS Shield - Safeguard applications running on AWS against DDoS attacks • AWS Firewall Manager - Centrally configure and manage firewall rules • Amazon CloudFront - Securely deliver data, videos, applications, and APIs to customers globally with low latency, and high transfer speeds • AWS App Mesh - Provide application-level networking for containers and microservices • Amazon API Gateway - Create, maintain, and secure APIs at any scale

5/11/2021 35/55

• Game engine with no royalties or seat fees • Only pay for the AWS services used (EC2, data transfer, database) • Open Source - https://github.com/aws/lumberyard • Designed for live, multiplayer, community-driven games • Based on CryEngine (Far Cry, Prey) • No fee for single player games – can deploy on private servers

5/11/2021 36/55 Amazon GameLift

• Service hosting solution that deploys, operates, and scales cloud servers for multiplayer games • 21 regions - bring game servers closer to users • Up to 200 players in a single game session • Services to manage user matchmaking automatically • Automatic scaling for up to hundreds of thousands of clients • DDoS protection • Provide real-time data on player demand, server capacity, CPU and memory utilization, and create operational alarms • Supports Unreal Engine, Unity, Amazon Lumberyard, and custom C# and C++ game engines. • Pay for the compute resources and bandwidth your games actually use

5/11/2021 37/55 CloudWatch monitoring

• Get access to logs • Explore and visualize metrics – Create Dashboards • Define Event rules – Works hand-in-hand with AutoScaling – Define alerts and alarms • Monitor performance of VMs and Containers and Lambda functions

5/11/2021 38/55 CloudWatch monitoring Dashboards

5/11/2021 39/55 Media Services

• Kinesis Video Streams - Capture, process, and store media streams for playback, analytics, and machine learning • MediaConnect - transport and secure live videos • MediaConvert - create video processing workflows for broadcasting • MediaLive - broadcast-grade live video processing service, converting input from cameras or videos into breadcast • MediaStore – storing and managing Videos • MediaTailor - Ad insertion service for video providers – to monetize • Elastic Transcoder – Scalable service for converting video into specialized formats used by end user devices • Nimble Studio – Collaborative Cloud Video editing and creation powered by cloud infrastructure

5/11/2021 40/55 Application Integration

• Amazon Simple Notification Service (SNS) - – Service for delivering notifications for clients and Apps – Pub/sub, SMS, email, and mobile push notifications • Amazon Simple Queue Service (SQS) - Message queue that sends, stores, and receives messages between AWS services and Applications • Amazon MQ – Managed message broker for Apache ActiveMQ and RabbitMQ • Amazon AppFlow - Automate data transfer between SaaS apps and AWS services – From , Zendesk, Slack, and ServiceNow, etc – To and Amazon Redshift, etc • AWS Step Functions – Coordinate multiple AWS services into serverless workflows – Define function chains • Amazon Managed Workflows for Apache Airflow (MWAA) - – Run Apache Airflow at scale without provisioning or managing infrastructure – Like Apache NiFi, but more programmer friendly

5/11/2021 41/55 Internet of Things

• IoT Core – Managed service to connect IoT devices and AWS resources without need to provision or manage servers • FreeRTOS - open source OS for microcontrollers – integrated with AWS services • IoT 1-Click - trigger AWS Lambda functions directly from IoT devices • IoT Analytics - prepare, filter, transform, and enrich IoT data for analytics • IoT Device Defender • IoT Device Management – register, organize, monitor devices • IoT Events – detect and respond to IoT events • IoT Greengrass – deploying local computing, ML, messaging processes on microcontrollers • IoT SiteWise - collect, organize and analyse data originating from industrial deployments using a Cloud gatweway device • IoT Things Graph – Visual programming, workflows for creating IoT applications

5/11/2021 42/55 IoT Things Graph

5/11/2021 43/55 BlockChain

• Simplify and speed up developing blockchain and ledger applications • Amazon Quantum Ledger Database (QLDB) – Fully managed ledger database that provides a centralized, immutable, and cryptographically verifiable transaction log – Centralized ownership • Central authority owns and manages the ledger • shared with parties that are working together. • Amazon Managed Blockchain – Managed service to create and manage scalable blockchain networks – Decentralized ownership – Multiple parties can transact with one another without having to know or trust each other • Example: Company wants to set up a Blockchain application to track product supply chain from raw material producer to end customers

5/11/2021 44/55 IBM quantum computers

• 28 quantum computers available in IBM cloud • Full Stack Quantum Software – Programming languages, IDE, testing, auto- completion, deployment • Access through a job queue

• https://quantum-computing.ibm.com/

5/11/2021 45/55 5/11/2021 46/55 IBM quantum computers

5/11/2021 47/55 IBM quantum programming

5/11/2021 48/55 IBM quantum computers

5/11/2021 49/55 Advantages of using Cloud services

• On-demand and real-time deployment of resources and services • No up-front costs and free quotas when starting up • Less management effort – Ease of use • Many tailored services ready-to use • Automatic scalability – often managed in the background • Can deploy services closer to users globally

5/11/2021 50/55 Disadvantages of using Cloud services

• Limited control over underlying resources and hardware • May be difficult to estimate costs ahead of time – Cost optimization may become a complex problem • Risk of data confidentiality • Managing access policies for a large group of users becomes difficult because of very high granularity of control. • Vendor lock-in (next slide) • What happens if someone manages to get access to your cloud account?

5/11/2021 51/55 Vendor lock-in

• If you build complex applications to be dependent on specific cloud provider services – What happens if you would like to move to a different provider or deploy the application on own servers? – Do used services even have alternative implementations? • After you store all your data in clouds storage – Can be very expensive to migrate data • If quality of service declines, client will be stuck with it • If provider raises prices • If provider no longer updates service – Amazon data pipeline has not been updated in years with service coverage

5/11/2021 52/55 Conclusions

• There are a very wide variety of cloud services available • Using cloud services to build your applications has many advantages – But need to be careful to mitigate the potential effects of the disadvantages • Should always consider the Vendor lock-in risk, potential effect and available alternatives

5/11/2021 53/55 Next lecture

• Cloud deployment modelling – TOSCA standard – Infrastructure-as-code – Cloud DevOps and RADON project

5/11/2021 54/55 Next lab

• Windows Azure Public Cloud services

5/11/2021 55/55