1 00:00:00,150 --> 00:00:01,090 Hello and welcome back. 2 00:00:01,140 --> 00:00:06,580 Now it's time to talk about a new HBO service and that is Amazon Elastic file system or abbreviated 3 00:00:06,670 --> 00:00:07,130 us. 4 00:00:07,170 --> 00:00:12,770 We will learn what it is how it works what our amount targets and why do we need them. 5 00:00:12,780 --> 00:00:16,770 And also we learn about security groups and as they relate to each other. 6 00:00:16,830 --> 00:00:20,360 So let's dive in and find out what if this is all about. 7 00:00:20,370 --> 00:00:23,290 So for us is an elastic find system what does it provide you. 8 00:00:23,390 --> 00:00:27,000 It provides you with politics compliant or Unix based. 9 00:00:27,000 --> 00:00:28,350 Basically file system. 10 00:00:28,350 --> 00:00:36,010 So if you are used to mounting file systems on your Linux servers or instances that is what if this 11 00:00:36,060 --> 00:00:37,610 is going to provide to you. 12 00:00:37,650 --> 00:00:43,320 So that's a highly available durable scalable file storage not object storage. 13 00:00:43,320 --> 00:00:45,230 So it's not a replacement for three. 14 00:00:45,510 --> 00:00:51,870 And at the same time it's not drive virtual drive that you can install an operating system and use it. 15 00:00:51,870 --> 00:00:58,200 This is going to provide the file service where the files saved on this file system can be accessed 16 00:00:58,380 --> 00:01:05,400 and can be read or written to from multiple clients and the clients will be on easy two instances or 17 00:01:05,520 --> 00:01:06,350 on premise servers. 18 00:01:06,380 --> 00:01:07,620 So let's go through the text. 19 00:01:07,680 --> 00:01:15,450 So if s provides simple scalable file storage in the cloud for use with easy to or on premise servers 20 00:01:15,720 --> 00:01:21,020 but all have to be Linux because if it is on premise that will be through direct connect connections. 21 00:01:21,030 --> 00:01:24,210 One might ask why not through a VPN. 22 00:01:24,210 --> 00:01:24,800 Think about it. 23 00:01:24,800 --> 00:01:29,170 Now you want to move files back and forth from an IP perspective. 24 00:01:29,280 --> 00:01:30,060 That should be fine. 25 00:01:30,090 --> 00:01:37,320 But from a service perspective it appears once high performance wants that mission of transferring files 26 00:01:37,320 --> 00:01:42,380 from on premise to each of us to be highly reliable and performance. 27 00:01:42,390 --> 00:01:42,940 Right. 28 00:01:42,990 --> 00:01:47,520 And that's why Direct Connect is the main one recommended by abuse with Amazon. 29 00:01:47,520 --> 00:01:51,390 If yes applications have the storage they need when they need it. 30 00:01:51,390 --> 00:01:52,850 So it is elastic. 31 00:01:52,860 --> 00:01:53,160 OK. 32 00:01:53,190 --> 00:01:59,080 So what do I need to state at the beginning with a 10 gig or one tier or petabytes. 33 00:01:59,100 --> 00:02:02,010 You don't have to just store files and it grows. 34 00:02:02,010 --> 00:02:08,160 It stretches as you store files and you will be built based on usage airfares storage capacity is elastic 35 00:02:08,190 --> 00:02:11,920 growing and shrinking automatically as you add and remove files. 36 00:02:11,940 --> 00:02:14,040 It has a simple Web services interface. 37 00:02:14,070 --> 00:02:21,240 So when you go to the ESF service in Italy as console you will easily be able to create file systems 38 00:02:21,270 --> 00:02:22,970 and use them as you need. 39 00:02:22,980 --> 00:02:27,500 And that simple interface will allow you to create and configure file systems quickly and easily. 40 00:02:27,510 --> 00:02:31,660 Do you need to worry about what the underlying infrastructure that's not yours that's managed by it 41 00:02:31,670 --> 00:02:40,140 obvious for you and by using f us you are avoiding the complexity of patching configuring creating deleting 42 00:02:40,410 --> 00:02:41,890 file systems in the cloud. 43 00:02:41,970 --> 00:02:49,350 So if we look quickly at the drawing we have multiple Availability Zones in one Italy s region and this 44 00:02:49,350 --> 00:02:57,730 multiple Availability Zones they can use a file system by mounting a file system to easy two instances 45 00:02:57,730 --> 00:03:04,410 we we're going to talk about the amount targets and it is going to use NF s or network file system Protocol 46 00:03:04,410 --> 00:03:07,980 Version 4 and also supports version four point one. 47 00:03:07,980 --> 00:03:14,370 And the DCP port so all the communication between the AC two instances and the amount targets as we 48 00:03:14,370 --> 00:03:18,740 learn later on our DCP IP based on Port 2049. 49 00:03:18,840 --> 00:03:24,840 The service itself each of us is designed to be highly scalable highly available and highly Europe so 50 00:03:24,840 --> 00:03:27,690 you don't need to worry about data to be lost. 51 00:03:27,690 --> 00:03:32,610 You don't need to worry about a single failure in within the database infrastructure that will take 52 00:03:32,610 --> 00:03:34,100 down your file system. 53 00:03:34,140 --> 00:03:39,630 Amazon if first file system store data and meta data so not only your files but the meta data all the 54 00:03:39,630 --> 00:03:43,700 files of course multiple Availability Zones in an obvious region. 55 00:03:43,710 --> 00:03:46,530 Remember when we were talking about UBS UBS. 56 00:03:46,530 --> 00:03:50,110 If you are using it locally on an easy to instance what will happen. 57 00:03:50,220 --> 00:03:53,500 It's limited to an availability zone in each of us. 58 00:03:53,520 --> 00:03:56,820 Your data is already in multiple of any citizen in the region. 59 00:03:56,880 --> 00:03:59,570 If it's file systems can grow two petabytes scale. 60 00:03:59,610 --> 00:04:06,480 As we mentioned it can drive high levels of throughput and it will allow massively parallel access from 61 00:04:06,510 --> 00:04:09,120 Amazon to instances to your data. 62 00:04:09,120 --> 00:04:15,810 So multiple instances can use that if as file system at the same time as opposed to e-business where 63 00:04:15,810 --> 00:04:20,390 it's only one instance that can have that UBS attached to it at a time. 64 00:04:20,460 --> 00:04:26,060 Amazon he feels provides file system access semantics such as strong data consistency and file looking 65 00:04:26,070 --> 00:04:29,160 and we'll talk about that in more detail later on. 66 00:04:29,190 --> 00:04:35,310 It is limited to Linux instances why as we mentioned it is POS X compliant and that's why it requires 67 00:04:35,400 --> 00:04:37,760 Linux or Unix based operating system. 68 00:04:37,800 --> 00:04:44,010 And for some eyes there are some NFA s client tools that you need to install on the AC two instances 69 00:04:44,010 --> 00:04:46,920 in order to be able to mount that to each of us. 70 00:04:47,040 --> 00:04:53,490 So as we mentioned it supports the little file system version four point one and 4.0 and that will be 71 00:04:53,490 --> 00:04:57,240 the protocol that can be between the instance and the amount targets. 72 00:04:57,240 --> 00:05:02,960 So the applications and tools that you are going to use on your easy two instances or on premise servers 73 00:05:02,960 --> 00:05:09,410 today with any other five system are going to be the same that you use them with Amazon airfares basically 74 00:05:09,680 --> 00:05:15,620 migrating to ESFS is all about migrating your files and it should be the same protocol that you used 75 00:05:15,950 --> 00:05:23,270 with your NF S. based file system multiple Amazon you two instances in the same region in the same VPC 76 00:05:23,390 --> 00:05:28,700 an indifferent availability zones so they could be in the set so they are in the same region in the 77 00:05:28,700 --> 00:05:35,960 same VPC but they could be in different availability zones as we have here a b and c they can access 78 00:05:36,050 --> 00:05:37,870 the if as file system at the same time. 79 00:05:38,570 --> 00:05:44,690 And this will provide a common data source so the files if they are all or the application on all these 80 00:05:44,720 --> 00:05:49,400 they need it they will find these files available for them on the file system. 81 00:05:50,060 --> 00:05:55,340 So it's a common data source for workloads and applications running on more than one instance or server 82 00:05:55,430 --> 00:06:02,570 so it can be accessed from on premise and from on NWS instances or servers at the same time and you 83 00:06:02,570 --> 00:06:07,600 can mount an Amazon airfares file system on instances in only one VPC at a time. 84 00:06:07,640 --> 00:06:08,790 So I haven't. 85 00:06:08,790 --> 00:06:16,720 If as instances a file system can that be served by VPC 1 and VPC 2 at the same time. 86 00:06:16,730 --> 00:06:17,540 The answer is no. 87 00:06:17,630 --> 00:06:19,410 So let's talk now about mon targets. 88 00:06:19,430 --> 00:06:21,720 What are these blue rectangles. 89 00:06:21,780 --> 00:06:27,380 The easy two instances will use them in order to connect to the if a service or the file system that 90 00:06:27,380 --> 00:06:28,550 I have created. 91 00:06:28,550 --> 00:06:30,070 How can that happen. 92 00:06:30,170 --> 00:06:37,600 So the amount targets are no more than Ian eyes that will be launched in your VPC when you create them. 93 00:06:37,610 --> 00:06:42,680 So as are configuring you have to define which VPC you cannot just say that I want to create a file 94 00:06:42,680 --> 00:06:45,050 system that will be everywhere. 95 00:06:45,050 --> 00:06:50,750 So you select a VPC from your VIP is and then the next step will be define which availability zones 96 00:06:50,840 --> 00:06:56,660 you want mount targets to be installed at or fixed at and what anybody else will do it will introduce 97 00:06:56,720 --> 00:06:58,940 in ice elastic network interfaces. 98 00:06:58,940 --> 00:07:06,020 These are the amount targets so they have IP addresses from the subnet where you can choose to be created 99 00:07:06,260 --> 00:07:13,050 and they will take the IP addresses and they will be accessible to your instances using IP or disappear 100 00:07:13,070 --> 00:07:13,850 IP protocol. 101 00:07:13,850 --> 00:07:14,450 Fine. 102 00:07:14,450 --> 00:07:15,620 Is that all what I need to do. 103 00:07:15,620 --> 00:07:15,970 No. 104 00:07:15,980 --> 00:07:19,550 There is a security group considerations that will talk about shortly. 105 00:07:19,550 --> 00:07:25,790 So to access your Amazon your first file system in a VPC you create one or more mound targets in the 106 00:07:25,790 --> 00:07:26,630 VPC. 107 00:07:26,640 --> 00:07:28,540 Okay I have three availability zones. 108 00:07:28,550 --> 00:07:31,410 Do I need one in each availability zone. 109 00:07:31,410 --> 00:07:36,140 No you can create one in any availability zone and you can reach it from the other subnet but other 110 00:07:36,140 --> 00:07:37,790 subnets in the other availability zones. 111 00:07:37,790 --> 00:07:39,130 But this is not recommended by. 112 00:07:39,180 --> 00:07:39,900 Yes. 113 00:07:39,950 --> 00:07:40,730 So what do I do. 114 00:07:40,730 --> 00:07:46,210 It is recommended by GW that you have one mount target in each availability zone. 115 00:07:46,220 --> 00:07:50,140 How about if I have multiple subnets in an availability zone. 116 00:07:50,150 --> 00:07:51,500 Do I need to create more than one. 117 00:07:51,500 --> 00:07:51,770 No. 118 00:07:51,800 --> 00:07:57,770 One is enough and the amount target in itself is highly available so you don't need to worry about that 119 00:07:57,770 --> 00:07:58,030 mount. 120 00:07:58,040 --> 00:08:01,650 Target failing and then you will not have access to it. 121 00:08:02,150 --> 00:08:08,390 So to access that you need to install amount targets and the main target will provide an IP address 122 00:08:08,450 --> 00:08:12,920 for NSF V4 in point at which you can mount an Amazon. 123 00:08:12,930 --> 00:08:20,230 If as filesystem you mount your file system using DNS names which resolves the IP address of the ESFS 124 00:08:20,300 --> 00:08:26,120 mount target in the same availability zone as your easy to answer so you can provide the file system 125 00:08:26,270 --> 00:08:30,860 name and then the mounting will happen as you go with a command Linux command. 126 00:08:30,890 --> 00:08:36,390 You can create only one mount target in each of ageism so it's only one and it is recommended but it 127 00:08:36,390 --> 00:08:40,820 really has to have one in each available it is known that you are going to use if there are multiple 128 00:08:40,820 --> 00:08:46,130 subnets in and if anybody's on in your VPC you create a mound target in one of those objects only one 129 00:08:46,850 --> 00:08:52,190 then only see two instances in that celebrities on even the ones in different subnets can reach out 130 00:08:52,190 --> 00:08:59,290 using IP to these mound target you can mount an Amazon if file system in your VPC through NF s. 131 00:08:59,300 --> 00:09:03,020 As we mentioned and mound targets you don't need to air about their failures. 132 00:09:03,020 --> 00:09:05,900 They are in themselves highly available now. 133 00:09:05,900 --> 00:09:13,280 I went on into the operating system the Linux operating system and I applied the mount command for that 134 00:09:13,280 --> 00:09:16,620 file system into my is it or onto my easy to instances. 135 00:09:16,640 --> 00:09:17,520 Then what. 136 00:09:17,570 --> 00:09:22,610 Then it becomes a directory as you name it while you are doing that it will become a directory that 137 00:09:22,610 --> 00:09:28,640 you can use as any other Unix directory so you can upload files copy files make directories or some 138 00:09:28,640 --> 00:09:29,330 directories. 139 00:09:29,330 --> 00:09:30,370 So on and so forth. 140 00:09:30,380 --> 00:09:37,230 One thing to note that the IP addresses and the DNS names for your amount targets and availability zone 141 00:09:37,370 --> 00:09:39,140 are static so they're not dynamic. 142 00:09:39,140 --> 00:09:40,100 They're not keep changing. 143 00:09:40,130 --> 00:09:40,900 They're all the same. 144 00:09:40,940 --> 00:09:46,330 And keep this in mind when you designed for high availability and feel overs to other Availability Zones. 145 00:09:46,440 --> 00:09:51,410 So if your application tries the Mount target on available it is on one and cannot. 146 00:09:51,530 --> 00:09:54,140 It can fail over to another Liberty Zone. 147 00:09:54,140 --> 00:09:55,580 What does a W recommend. 148 00:09:55,580 --> 00:09:59,420 It obviously commands that you create mon targets in all the availability zones. 149 00:09:59,550 --> 00:10:05,300 So you can easily mount the file system on easy two instances that you might launch in any of the related 150 00:10:05,300 --> 00:10:05,820 zones. 151 00:10:05,820 --> 00:10:10,080 How about if I'm not using it now I haven't availabilities on I'm not launching an easy two instances. 152 00:10:10,080 --> 00:10:14,060 Why don't you create them on target and use it later on you're not being charged for the wrong target. 153 00:10:14,100 --> 00:10:15,660 Security Group considerations. 154 00:10:15,670 --> 00:10:21,600 Remember when I said that NF S. is going to be used between the amount target war between DC and I and 155 00:10:21,690 --> 00:10:27,180 you're easy to instance in ISO that will be the IP routing back and forth between them in the same subnet 156 00:10:27,210 --> 00:10:32,820 or in different subnets based on where the mouse target is and where the easy to instance is fine but 157 00:10:32,820 --> 00:10:37,800 the Eon I as we know any and I need be US will have a security group attached to it. 158 00:10:37,830 --> 00:10:41,640 So this rectangle that is red and black. 159 00:10:41,640 --> 00:10:43,100 Same thing here. 160 00:10:43,110 --> 00:10:44,510 These are security groups. 161 00:10:44,520 --> 00:10:51,750 So these security groups must allow the traffic going out from here to there an eye of the Mount target 162 00:10:51,810 --> 00:10:57,690 and that security group in the Mount target should allow that traffic inbound if the outbound from here 163 00:10:57,690 --> 00:10:59,670 is allowed and the inbound here is allowed. 164 00:10:59,700 --> 00:11:04,770 The response will be allowed automatically and this association or mounting will happen. 165 00:11:04,800 --> 00:11:06,420 And then you can use it freely. 166 00:11:06,450 --> 00:11:10,610 What if one of the security groups does not allow the traffic the mounting will not happen and you will 167 00:11:10,620 --> 00:11:12,800 not be able to use it as simple as that. 168 00:11:12,810 --> 00:11:18,150 So imagine as if these are too easy two instances that Id like to communicate and apply the same that 169 00:11:18,150 --> 00:11:21,830 we learned of applying security groups of different easy to instances. 170 00:11:21,840 --> 00:11:27,260 So both the easy to instance and amount target need to have associated security groups and the security 171 00:11:27,270 --> 00:11:29,700 groups act as a virtual firewall as we know. 172 00:11:29,700 --> 00:11:34,450 And you can use the security groups you associated with the amount target to control inbound traffic. 173 00:11:34,500 --> 00:11:41,280 So can I reference here in this security group as the source the security group off the easy to instance. 174 00:11:41,280 --> 00:11:41,790 Yes you can. 175 00:11:42,030 --> 00:11:48,150 So you can do it by the side there block or the subnet and you can do it also by the name of the security 176 00:11:48,150 --> 00:11:48,700 group. 177 00:11:48,720 --> 00:11:49,440 All right. 178 00:11:49,440 --> 00:11:50,720 So let's take a break. 179 00:11:50,730 --> 00:11:51,930 I will see you after the break. 180 00:11:52,170 --> 00:11:52,560 Thank you.