AWS Well-Architected Framework – Disaster Recovery

 

• RTO is the time it takes after a disruption to restore a business process to its service level.
• RPO is the acceptable amount of data loss measured in time before the disaster occurs.
• Disaster Recovery With AWS

Backup and Restore – storing backup data on S3 and recover data quickly and reliably.

Pilot Light for Quick Recovery into AWS – quicker recovery time than backup and restore because core pieces of the system are already running and are continually kept up to date.

Warm Standby Solution – a scaled-down version of a fully functional environment is always running in the cloud

Multi-Site Solution – run your infrastructure on another site, in an active-active configuration.

• • AWS Production to an AWS DR Solution Using Multiple AWS Regions – take advantage of AWS’ multiple availability zones

Services

• S3 as a destination for backup data that might be needed quickly to perform a restore.
• Import/Export for transferring very large data sets by shipping storage devices directly to AWS.
• Glacier for longer-term data storage where retrieval times of several hours are adequate.
• Server Migration Service for performing agentless server migrations from on-premises to AWS.
• Database Migration Service and Schema Conversion Tool for moving databases from on-premises to AWS and automatically converting SQL schema from one engine to another.
• Storage Gateway copies snapshots of your on-premises data volumes to S3 for backup. You can create local volumes or EBS volumes from these snapshots.
• Preconfigured servers bundled as Amazon Machine Images (AMIs).
• Elastic Load Balancing (ELB) for distributing traffic to multiple instances.
• Route 53 for routing production traffic to different sites that deliver the same application or service.
• Elastic IP address for static IP addresses.
• Virtual Private Cloud (Amazon VPC) for provisioning a private, isolated section of the AWS cloud.
• Direct Connect for a dedicated network connection from your premises to AWS.
• Relational Database Service (RDS) for scale of a relational database in the cloud.
• DynamoDB for a fully managed NoSQL database service to store and retrieve any amount of data and serve any level of request traffic.
• Redshift for a petabyte-scale data warehouse service that analyzes all your data using existing business intelligence tools.
• CloudFormation for creating a collection of related AWS resources and provision them in an orderly and predictable fashion.
• Elastic Beanstalk is a service for deploying and scaling web applications and services developed.

• • OpsWorks is an application management service for deploying and operating applications of all types and sizes.

AWS Well-Architected Framework – Design Principles

 1. Scalability

• Scaling Horizontally – an increase in the number of resources
• Scaling Vertically –  an increase in the specifications of an individual resource

2. Disposable Resources Instead of Fixed Servers

• Instantiating Compute Resources – automate setting up of new resources along with their configuration and code
• Infrastructure as Code – AWS assets are programmable. You can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable.

3. Automation

• Serverless Management and Deployment – being serverless shifts your focus to automation of your code deployment. AWS handles the management tasks for you.
• Infrastructure Management and Deployment – AWS automatically handles details, such as resource provisioning, load balancing, auto scaling, and monitoring, so you can focus on resource deployment.
• Alarms and Events – AWS services will continuously monitor your resources and initiate events when certain metrics or conditions are met.

4. Loose Coupling

• Well-Defined Interfaces – reduce interdependencies in a system by allowing various components to interact with each other only through specific, technology agnostic interfaces, such as RESTful APIs.
• Service Discovery – applications that are deployed as a set of smaller services should be able to be consumed without prior knowledge of their network topology details. Apart from hiding complexity, this also allows infrastructure details to change at any time.
• Asynchronous Integration – interacting components that do not need an immediate response and where an acknowledgement that a request has been registered will suffice, should integrate through an intermediate durable storage layer.

• Distributed Systems Best Practices – build applications that handle component failure in a graceful manner.

5. Services, Not Servers

• Managed Services – provide building blocks that developers can consume to power their applications, such as databases, machine learning, analytics, queuing, search, email, notifications, and more.
• Serverless Architectures – allow you to build both event-driven and synchronous services without managing server infrastructure, which can reduce the operational complexity of running applications.

6. Databases

• Choose the Right Database Technology for Each Workload
• Relational Databases provide a powerful query language, flexible indexing capabilities, strong integrity controls, and the ability to combine data from multiple tables in a fast and efficient manner.
• NoSQL Databases trade some of the query and transaction capabilities of relational databases for a more flexible data model that seamlessly scales horizontally. It uses a variety of data models, including graphs, key-value pairs, and JSON documents, and are widely recognized for ease of development, scalable performance, high availability, and resilience.
• Data Warehouses are a specialized type of relational database, which is optimized for analysis and reporting of large amounts of data.
• Graph Databases uses graph structures for queries.
  • Search Functionalities
    • Search is often confused with query. A query is a formal database query, which is addressed in formal terms to a specific data set. Search enables datasets to be queried that are not precisely structured.
    • A search service can be used to index and search both structured and free text format and can support functionality that is not available in other databases, such as customizable result ranking, faceting for filtering, synonyms, and stemming.

7. Managing Increasing Volumes of Data

• Data Lake – an architectural approach that allows you to store massive amounts of data in a central location so that it’s readily available to be categorized, processed, analyzed, and consumed by diverse groups within your organization.

8. Removing Single Points of Failure

• Introducing Redundancy
  • Standby redundancy – when a resource fails, functionality is recovered on a secondary resource with the failover process. The failover typically requires some time before it completes, and during this period the resource remains unavailable. This is often used for stateful components such as relational databases.
  • Active redundancy – requests are distributed to multiple redundant compute resources. When one of them fails, the rest can simply absorb a larger share of the workload.

• Detect Failure – use health checks and collect logs
• Durable Data Storage
  • Synchronous replication – only acknowledges a transaction after it has been durably stored in both the primary storage and its replicas. It is ideal for protecting the integrity of data from the event of a failure of the primary node.
  • Asynchronous replication – decouples the primary node from its replicas at the expense of introducing replication lag. This means that changes on the primary node are not immediately reflected on its replicas.
  • Quorum-based replication – combines synchronous and asynchronous replication by defining a minimum number of nodes that must participate in a successful write operation.
• Automated Multi-Data Center Resilience – utilize AWS Regions and Availability Zones (Multi-AZ Principle). (See Disaster Recovery section)
• Fault Isolation and Traditional Horizontal Scaling – Shuffle Sharding

9. Optimize for Cost

• Right Sizing – AWS offers a broad range of resource types and configurations for many use cases.
• Elasticity – save money with AWS by taking advantage of the platform’s elasticity.
• Take Advantage of the Variety of Purchasing Options – Reserved Instances vs Spot Instances (See AWS Pricing)

10. Caching

• Application Data Caching – store and retrieve information from fast, managed, in-memory caches.
• Edge Caching – serve content by infrastructure that is closer to viewers, which lowers latency and gives high, sustained data transfer rates necessary to deliver large popular objects to end users at scale.

11. Security

• Use AWS Features for Defense in Depth – secure multiple levels of your infrastructure from network down to application and database.
• Share Security Responsibility with AWS – AWS handles security OF the Cloud while customers handle security IN the Cloud.
• Reduce Privileged Access – implement Principle of Least Privilege controls.
• Security as Code – firewall rules, network access controls, internal/external subnets, and operating system hardening can all be  captured in a template that defines a Golden Environment.
• Real-Time Auditing – implement continuous monitoring and automation of controls on AWS to minimize exposure to security risks.

12. Cloud Architecture Best Practices

There are various best practices that you can follow which can help you build an application in the AWS cloud. The notable ones are:

1. Decouple your components – the key concept is to build components that do not have tight dependencies on each other so that if one component were to fail for some reason, the other components in the system will continue to work. This is also known as loose coupling. This reinforces the Service-Oriented Architecture (SOA) design principle that the more loosely coupled the components of the system are, the better and more stable it scales.
2. Think parallel – This internalizes the concept of parallelization when designing architectures in the cloud. It encourages you to implement parallelization whenever possible and to also automate the processes of your cloud architecture.
3. Implement elasticity – This principle is implemented by automating your deployment process and streamlining the configuration and build process of your architecture. This ensures that the system can scale in and scale out to meet the demand without any human intervention.
4. Design for failure – This concept encourages you to be a pessimist when designing architectures in the cloud and assume that the components of your architecture will fail. This reinforces you to always design your cloud architecture to be highly available and fault-tolerant.

AWS Well-Architected Framework – Six Pillars

 

• The ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
• There are four best practice areas and tools for operational excellence in the cloud:
  • Organization – AWS Cloud Compliance, AWS Trusted Advisor, AWS Organization.
  • Having well-architected systems greatly increases the plausibility of business success which is why AWS created the AWS Well-Architected Framework. This framework is composed of six pillars that help you understand the pros and cons of decisions you make while building cloud architectures and systems on the AWS platform. You will learn the architectural best practices for designing and operating reliable, efficient, cost-effective and secure systems in the cloud by using the framework. It also provides a way to consistently measure your architectures against best practices and identify areas for improvement.

1. Operational Excellence

• The ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
• There are four best practice areas and tools for operational excellence in the cloud:
  • • Organization – AWS Cloud Compliance, AWS Trusted Advisor, AWS Organizations
    • Prepare – AWS Config
    • Operate – Amazon CloudWatch
    • Evolve – Amazon Elasticsearch Service
• Key AWS service:
  • AWS CloudFormation for creating templates. (See AWS Management Tools Cheat Sheet)

2. Security

• • The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
  • There are six best practice areas and tools for security in the cloud:
    • Security – AWS Shared Responsibility Model, AWS Config, AWS Trusted Advisor
    • Identity and Access Management – IAM, Multi-Factor Authentication, AWS Organizations
    • Detective Controls – AWS CloudTrail, AWS Config, Amazon GuardDuty
    • Infrastructure Protection – Amazon VPC, Amazon CloudFront with AWS Shield, AWS WAF
    • Data Protection – ELB, Amazon Elastic Block Store (Amazon EBS), Amazon S3, and Amazon Relational Database Service (Amazon RDS) encryption, Amazon Macie, AWS Key Management Service (AWS KMS)
    • Incident Response – IAM, Amazon CloudWatch Events
  • Key AWS service:
    • AWS Identity and Access Management (IAM)

3. Reliability

• • The ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
  • There are four best practice areas and tools for reliability in the cloud:
    • Foundations – IAM, Amazon VPC, AWS Trusted Advisor, AWS Shield
    • Change Management – AWS CloudTrail, AWS Config, Auto Scaling, Amazon CloudWatch
    • Failure Management – AWS CloudFormation, Amazon S3, AWS KMS, Amazon Glacier
    • Workload Architecture –  AWS SDK, AWS Lambda
  • Key AWS service:
    • Amazon CloudWatch

4. Performance Efficiency

• • The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
  • There are four best practice areas for performance efficiency in the cloud:
    • Selection – Auto Scaling for Compute, Amazon EBS and S3 for Storage, Amazon RDS and DynamoDB for Database, Route53, VPC, and AWS Direct Connect for Network
    • Review – AWS Blog and What’s New section of the website
    • Monitoring –  Amazon CloudWatch
    • Tradeoffs – Amazon Elasticache, Amazon CloudFront, AWS Snowball, Amazon RDS read replicas.
  • Key AWS service:
    • Amazon CloudWatch

5. Cost Optimization

• • The ability to avoid or eliminate unneeded cost or suboptimal resources.
  • There are five best practice areas and tools for cost optimization in the cloud:
    • Cloud Financial Management – Amazon QuickSight, AWS Cost and Usage Report (CUR)
    • Cost-Effective Resources – Cost Explorer, Amazon CloudWatch and Trusted Advisor, Amazon Aurora for RDS, AWS Direct Connect with Amazon CloudFront
    • Matching supply and demand – Auto Scaling
    • Expenditure Awareness –  AWS Cost Explorer, AWS Budgets
    • Optimizing Over Time – AWS News Blog and the What’s New section on the AWS website, AWS Trusted Advisor
  • Key AWS service:
    • Cost Explorer

6. Sustainability

• • The ability to increase efficiency across all components of a workload by maximizing the benefits from the provisioned resources.
  • There are six best practice areas for sustainability in the cloud:
    • Region Selection – AWS Global Infrastructure
    • User Behavior Patterns – Auto Scaling, Elastic Load Balancing
    • Software and Architecture Patterns – AWS Design Principles
    • Data Patterns – Amazon EBS,  Amazon EFS, Amazon FSx, Amazon S3
    • Hardware Patterns – Amazon EC2, AWS Elastic Beanstalk
    • Development and Deployment Process – AWS CloudFormation
  • Key AWS service:
    • Amazon EC2 Auto Scaling

AWS PRICING:

• There are three fundamental drivers of cost with AWS:
  • Compute
  • Storage
  • Outbound data transfer.
• AWS offers pay-as-you-go for pricing.

• For certain services like Amazon EC2, Amazon EMR, and Amazon RDS, you can invest in reserved capacity. With Reserved Instances, you can save up to 75% over equivalent on-demand capacity. When you buy Reserved Instances, the larger the upfront payment, the greater the discount.
  • With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing.
  • With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term.
  • The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term.
• There are also volume-based discounts for services such as Amazon S3.
• For new accounts, AWS Free Tier is available.
  • Free Tier offers limited usage of AWS products at no charge for 12 months since the account was created. More details at https://aws.amazon.com/free/.

• You can estimate your monthly AWS bill using AWS Pricing Calculator.
  • Estimate the cost of migrating your architecture to the cloud.
  • Generate the lowest cost estimate for your workload.

AWS Global Infrastructure

 Amazon Web Services provides the most extensive global footprint compared to any other cloud provider in the market, and it opens up new regions faster than others. In the short video lecture below, we’ll discuss the AWS global infrastructure and briefly talk about availability zones and regions in AWS.

• The AWS Global infrastructure is built around Regions and Availability Zones (AZs). So far, there are:
  • • 65+ Availability Zones
    • 20+ Geographic Regions
    • 5+ Local Region

• Regions provide multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking.
• Availability Zones offer highly availability, fault tolerance, and scalability.
  • Consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
  • An Availability Zone is represented by a region code followed by a letter identifier; for example, us-east-1a.

• An AWS Local Region is a single datacenter designed to complement an existing AWS Region. An AWS Local Zone places AWS compute, storage, database, and other select services closer to large population, industry, and IT centers where no AWS Region exists today.

• To deliver low-latency content to users around the globe, AWS has placed Points of Presence, which are either edge locations or edge caches. These points are used by Cloudfront and Lambda@edge services.
• Edge locations are locations that CloudFront uses to cache copies of your content for faster delivery to users at any location.

View the Interactive AWS Global Infrastructure Map here.

Sources:
https://aws.amazon.com/about-aws/global-infrastructure/
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/global-infrastructure.html
https://www.infrastructure.aws/

RHEL 8 PASSWORD recovery

 

Reset Forgotten root Password in RHEL 8

First, boot into your RHEL 8 system and select the kernel you wish to boot into. Next, interrupt the booting process by pressing ‘e’ on your keyboard.

RHEL 8 Boot Menu

On the next screen, locate that begins with kernel= and append the parameter rd.break and press Ctrl + x.

Append Kernel Parameter

On the next screen, ensure that you remount the sysroot directory with read and write permissions. By default, it is mounted with read-only access rights indicated as ro.

You can confirm this by running the command:

:/# mount | grep sysroot

Confirm Sysroot Directory Permissions

Now remount the directory with read and write access.

:/# mount -o remount,rw /sysroot/

Once again, confirm the access rights. Note that this time, the access rights have changed from ro (read-only) to rw (read and write).

:/# mount | grep sysroot

Confirm Directory Permissions

Next, run the command shown to mount the root file system in read and write mode.

:/# chroot /sysroot

Next, use the passwd command to reset the password. As usual, provide a new password and confirm it.

# passwd

Reset Root Password

At this moment you have successfully reset your password. The only part remaining is to enable file system relabelling. To do this execute:

:/# touch /.autorelabel

Enable File System Relabelling

Finally, type exit and then log out to begin the relabelling process.

SELinux Relabelling Process

This usually takes a couple of minutes and once done, the system will reboot upon which you can log in as the root user with the new password.

Reboot RHEL System

And that’s how you would reset a forgotten root password in RHEL 8.