Wednesday, September 26, 2012

Few more AWS updates

RDS Provisioned IOPS
Just as I mentioned in previous article that Provisioned IOPS (PIOPS) will be naturally extended to RDS as well, AWS just released PIOPS feature for RDS. You can read the full update here. Couple of points to be noted
  • This is currently available only for newly provisioned RDS Instances. If you create a new RDS Instance you will be able to specify the required IOPS
  • At the time of writing this article, specifying PIOPS is not yet available in Singapore region. It is available in US-East, US-West and EU-West regions
  • As the article notes, AWS will release an automate way to migrate existing RDS Instances to PIOPS RDS. I believe it will come with its own down time. I am wondering if AWS will make it without an endpoint change so that there will not be any change in the application side
  • For now, if you want to migrate the RDS Instance to PIOPS based, you can follow the below steps
    • Take an application downtime and stop all transactions hitting the RDS Instance
    • Create a new DB Snapshot from your existing RDS Instance
    • Create a new RDS Instance from the Snapshot and mention the required PIOPS
    • The new RDS Instance will come with its own endpoint which needs to specified in your application
Non BGP device support in VPC
AWS Virtual Private Cloud (VPC) is a great way for enterprises to extend their data center to AWS and use AWS for burst capacities. Workloads can be setup in public and private subnets within VPC with a secured IPSec tunnel to existing data centers. For a VPN connectivity there are two sides of the VPN tunnel - one at AWS side and the other at the Customer side. The AWS side of the tunnel is automatically taken care by AWS whenever we create a VPC. But on the customer side, one needs to have a compatible device that can talk to AWS VPC. Till now, these customer devices needs to support BGP protocol to successfully establish a VPN connection with VPC. Not anymore. AWS has released a new static routing feature that can create VPN connections from VPC to customer devices which do not support BGP protocol.
  • Most of the enterprises will have a device which support BGP protocol. But in our experience, we have seen that the network team sometimes find it hard to configure. Especially when the enterprise has existing VPN connections to other data centers. A lot of care should be taken while adding another VPN connectivity and advertising the right set of IP ranges. Otherwise, it might result in loops where traffic can be diverted elsewhere bringing critical systems down
  • With Static routing, testing a VPC setup becomes very easy. Most of the offices and corporate branches might have devices which support IPSec but not BGP. In such cases, this comes pretty handy to test out a VPC setup. It would be worthwhile to quote a real life example that we faced. As a practice, we generally test out all architecture recommendations before we make the recommendations to our customer. For one of the large enterprise customer, the architecture involved VPC with VPN connectivity to their data center. We were able to successfully create the VPC architecture in AWS and configure all the routing. But to test it out, we needed to have a device at our office that supports BGP. We had a simple device that supported IPSec but not BGP. We had to procure a new device and continue with the testing. This will not be the case anymore
  • Here's the complete list of devices that AWS VPC supports - both BGP (dynamic) and non BGP (static) ones
SQL Server RDS in VPC
RDS for SQL Server is now available within VPC. This has been long pending from AWS. VPC is the way any typical enterprise would like to move their workloads into AWS and use AWS for their burst capacities. With enterprises, SQL server is still the widely used database and non-availability of SQL Server RDS within VPC has been a long pending issue. Not anymore. We can now provision a RDS SQL Server within a VPC and let AWS manage the database such as patching, upgrades and automated backups.
  • Multi-AZ deployments are not yet available. Unlike RDS MySQL, RDS SQL Server still does not support Multi-AZ deployments. So in case of any primary failure, we will have to recover the DB Instance from the latest backup (latest automated snapshot)
  • Read Replicas for RDS SQL Server are not yet available.
  • Scaling Storage - MySQL RDS allows us to scale the storage space on demand. If we start with 100GB MySQL RDS and once we near the 20% available free space, we can always increase the storage space to, say, 200GB. RDS will automatically increase the underlying storage space without causing any database downtime. This is currently not available for RDS SQL Server
  • RDS SQL Server currently supports only SQL Server authentication. Windows authentication is not yet supported