© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

EC2 to VPC: A case study

Eric Schultze, AWS

Matthew Barlocker, Lucid Software Inc

November 14, 2013

About Me• Chief Architect at Lucid

Software Inc• Bachelors degree from BYU in

Computer Science• I love to

• play board games• go 4-wheeling• wrestle my sons• fly airplanes

• Follow me on nineofclouds.blogspot.com

Lucid Software

• Online Diagram Software• Online Print & Digital Publishing• Large Documents• Real-time Collaboration• All Changes Tracked• Vector Graphics• High Quality Images

Tech at Lucid• Google Closure• Javascript• PHP• Sharded MongoDB• Sharded MySQL• NodeJS

• SOA• Scala• Play!• Chef• Zabbix, Graphite• AWS

Lucid on AWS• Elastic Compute Cloud• Virtual Private Cloud• Elastic Block Store• Auto Scaling• Elastic Load Balancing• Simple Storage Service• CloudFront• Export/Import

• Relational Database Service

• Route53• Simple Notification

Service• Simple Email Service• Availability Zones• Regions

Why Lucid Chose Amazon VPC

• Pricing• Interoperability• Enhanced Features• Security

Other Benefits

• ELB security groups• Network ACLs• Elastic IP associations• VPN support• Reserved instance transfers

Drawbacks

• NAT cost and maintenance• Setup time• New terminology• Private subnet accessibility• Internal DNS names defaults

Things You Should Know

• EIPs or Public IPs in public subnets• NAT

• Not special• Public subnet

• Subnets• Route tables• Network ACLs• DHCP

Migration Plan

Migration Constraints• EC2 & VPC

communication• NAT traffic• Not Shared:

– Security groups– Load balancers– Auto Scale groups– Elastic IPs– EIP Limits

• Shared:– Instance Limit– EBS volumes– Snapshots– Instance Sizes– Zones– Regions

Migration Plan

• Move top layer first• Move one layer at a time• Meticulously manage security groups• Move monitoring/utility servers last• http://nineofclouds.blogspot.com/search/label/VPC

Starting Layout

Move Webservers First

Move Services Next

Move Databases Last

Top 5 Pain Points

5. Setup & Terminology• Subnets• DHCP• Network ACLs• Routes• Internet Gateway• Unavoidable

4. Security Groups• Groups Not Shared• EC2 open to NAT• Use Scripts• Avoidable using

public subnets

3. Access Private Subnets• OpenVPN• High Availability• SSH Tunnels• Unavoidable

2. MongoDB Migration• Election Algorithm• Intermediate Move to

Public Subnet• 15 min Downtime

1. NAT Bandwidth• NAT was t1.micro• Databases in EC2• Applications in VPC• Not enough

bandwidth through NAT

• Avoidable

Please give us your feedback on this presentation

As a thank you, we will select prize winners daily for completed surveys!

CPN301

Join the Team!• Building the next generation of

collaborative web applications• VC funded• High growth rate• Profitable• Graduates from Harvard, MIT,

Stanford• Former Google, Amazon,

Microsoft employees

https://www.lucidchart.com/jobs