CSA - Certified Solution Architect

Deep-dive into the Exoscale cloud platform. Learn how to automate cloud infrastructure, leverage our features and get an unmatched understanding of our product range.

INTRO

Do you want to know more about Exoscale and dive into more technical depth, but you need help figuring out where to begin? Then, this Level 200 Certified Solution Architect - Course is where your journey begins. It will help you learn the core technical concepts, dive into networking components and configuration, and introduce you to critical cloud topics.

You learn about the Exoscale platform products, fundamental technology concepts (VMs, cloud-init, automation, scaling, data traffic, object storage, block storage, backup), and the necessary networking themes (switching, routing, network load balancing, and private networking). Furthermore, we look into more advanced topics like CDNs, database as a service, container orchestration, cloud challenges, and, last but not least, pricing.

IaaS+

Infrastructure as a Service is the cloud service model we support with the Exoscale platform and a bit more, hence, IaaS+.

Platform

A state-of-the-art IaaS platform providing the building blocks for your application infrastructure.

Data Centers

Getting the necessary cloud infrastructure components is easy. In Europe, there is always an Exoscale data center near you.

Before we start the Solution Architect journey, we need a quick overview of the main benefits of using the cloud infrastructure provided by the Exoscale platform and the portfolio of products it consists of.

Exoscale Benefits

The real beauty of the cloud is that everything is customizable and automatable in a variety of ways:

• OpenAPI with all platform functions available
• Exoscale CLI a flexible command-line interface
• Terraform plugins for extensive automation
• IAM/Keys for extensive configuration and access control
• Custom Templates for the ultimate support in OS version choice

Exosscale Products

This course targets people who do not need to sell cloud services or develop software for cloud platforms; it is aimed at solution architects. So we are talking about people with the to-be-build skill set of defining and implementing cloud infrastructure. Solution architects keep the cloud infrastructure up-to-date, scaling it up or down and saving operational costs by doing so.

Getting the necessary cloud infrastructure components is easy. In Europe, there is always an Exoscale data center near you.

Compute

Details

Exoscale offers a range of products related to cloud servers, also known as virtual machines or Compute Instances. These products allow users to easily manage virtual machines, create instance pools, and ensure fault tolerance through anti-affinity groups. SKS and Block Storage options provide scalability, increased computational power, and storage flexibility. IAM and organization management tools allow for secure access control and user management. With various networking products available, users can configure workloads to meet their specific requirements, including secure private networking, firewall management, Network Load Balancer, Elastic IP addresses, and IPv6 support.

Exoscale’s cloud infrastructure is simple, fast-performing, and can scale with businesses’ needs. Overall, Exoscale offers a comprehensive and flexible cloud computing platform suitable for organizations of all sizes and industries.

NOTE! Here, you can find all the details in the online documentation for COMPUTE.

Instances

For better requirement matching, various instance types are available to use:

• Standard: Provide a balanced mix of CPU cores, RAM, and SSD local storage to cover a variety of use cases and allow you to implement your architecture.
• CPU Optimized: These are optimized for CPU-intensive applications, offering a higher CPU-to-memory ratio. They offer a more significant computational advantage for workloads like batch processing, media decoding and encoding, network appliances, or high-performance web servers.
• Memory Optimized: These are the best performance-to-cost ratio for memory-intensive workloads and are ideal for RAM-intensive applications. They double the memory per core with a price reduction of up to almost 25 % compared to Standard Instances.
• Storage Optimized: These are the same mix of CPU and RAM as our Standard Instances but use larger drives, greatly expanding the overall data capacity. Consequently, they lower the cost per GB by more than 60 %.
• GPU1: Provides up to 4 dedicated NVIDIA Tesla P100 graphic cards to perform deep learning, high-performance computing, or other types of intensive computation. Save up to 75% compared to the competition, and no long-term commitment.
• GPU2: Based on Tesla V100, offers nearly double single-precision and double-precision teraflops compared to GPU1, as well as 640 dedicated Tensor Cores to train AI models that would consume weeks of computing resources in a few days.
• GPU3: Is the all-rounder for AR, VR, Simulations, Rendering, AI, and more. Combining the latest Ampere RT Cores, Tensor Cores, and CUDA Cores with 48 GB of graphics memory allows the A40 to deliver a unique set for visual computing workloads.

Instance Pools

Exoscale Instance Pools are a service to automatically provision groups of identical Compute instances. You can define several instances in the pool, and the service will keep the required number up and running for you to achieve.

• High Availability: Using an Instance Pool ensures that the target quantity of instances is running.
• Elasticity: Instance Pools can be scaled up and down dynamically. Hence, the number of instances matches the actual load for better cost efficiency.

NOTE! Here, you can find more details on Instance Pools.

SKS (Scalable Kubernetes Service)

Exoscale’s SKS is a managed Kubernetes offering, which consists of:

• Managed Kubernetes control planes
• Dynamic Nodepool attachment
• Control Plane access management facilities
• Full API support

Exoscale’s Scalable Kubernetes Service (SKS) provides a powerful and efficient way to deploy and manage your applications quickly. With this fully managed K8s service, you can quickly scale up and down your worker nodes and have complete control over the entire life cycle of your cluster.

Exoscale provides various integration options, including CLI, API, portal, Terraform support, and deep NLB integration.

NOTE! Here, you can find more details on SKS.

Block Storage

Exoscale’s Block Storage offers a robust and distributed block device solution for Exoscale Compute instances, known for its redundancy and reliability. A Volume, a singular storage unit, can be partitioned and formatted to accommodate directories and files. One of the critical features of Block Storage is the Snapshot, which captures the state of a volume at a specific moment, allowing users to create new volumes based on that state.

NOTE! Here, you can find more details on Block Storage.

Templates

Exoscale provides various Compute instance templates from which to choose. However, you can customize templates to suit your needs further. In addition to using a Cloud-Init configuration via an instance’s user data or a configuration management tool such as Puppet, Ansible, or Terraform, you can also create customized templates. You can use custom templates to launch a custom operating system or custom template configuration on Exoscale, which allows you to deploy ready-to-go instances with minimal startup configuration.

NOTE! Here, you can find more details on Custom Templates.

Security Groups

Exoscale Security Groups provide a modular way to define and compose firewall rules. The rules are managed at the hypervisor level to restrict incoming and outgoing network traffic.

NOTE! Here, you can find more details on Security Groups.

Elastic IP

All Exoscale instances include a native IPv4 address leased from a global pool. This address is strongly coupled to the Compute instance itself. When you destroy the instance, you release the IP address to the global pool without guarantee that you will ever get the same IP address again. However, there are various cases where you may want an IP address to persist. By creating an Elastic IP, you can have a specific IP address for your organization. You can then attach it to one or several instances besides their native IP address.

The simplest use case for this feature is to use an Elastic IP as a persistent IP address you can move between instances. This allows you to circumvent the IP address change when destroying an instance. You can always switch the underlying instance and point traffic to the same address with an Elastic IP.

NOTE! Here, you can find more details on Elastic IPs.

Load Balancers

A Network Load Balancer (or NLB) is a Layer 4 (TCP/UDP) load balancer that distributes incoming traffic to Compute instances managed by an Instance Pool. An NLB comprises several services, each bound to an Instance Pool in the same zone as the NLB. Services will efficiently forward connections reaching the NLB’s IP address to the member instances of the Instance Pool.

While the instances remain individually accessible through their public IP, the NLB will expose a single IP address for all services and distribute the incoming traffic across the members of the Instance Pool following the service’s rules. NLB services will update automatically when the Instance Pool scales up or down, distributing traffic across all reachable member instances of the pool and excluding unreachable ones using an integrated health check functionality.

NLB acts only on incoming traffic, so all return traffic from the backend to the client that originated the request goes out directly from the pool member instance.

NOTE! Here, you can find more details on Network Load Balancer.

Private Networks

The Private Network is a classic layer 2 segment: it is as if your instances were attached to a dedicated switch. This means:

• You can use any ethernet-compatible protocol (IPv4, IPv6, NetBIOS).
• Security group rules do not apply to traffic inside private networks.
• Multicast and broadcast are authorized.
• Only your instances are attached to the segment.
• No encryption is performed, but your packets do not leave our data center.
• Private Networks can be managed.
• Private Networks do not span across several zones.

Each instance may provision one or more additional unmanaged and managed network interfaces. This interface is bound to a private network segment shared only with your other instances.

NOTE! Here, you can find more details on Private Networks.

SSH Keypairs

SSH keypairs can authenticate to your Compute instances running Linux without a password, leveraging SSH Public-Key authentication’s added security. Public-key authentication is both:

• Secure: Breaking an SSH key requires so much time and computational power that these attacks are impractical in the real world. SSH keys are much more secure than even very strong passwords.
• Convenient: Instead of managing per-instance passwords or sharing them across your organization, every person who needs access to your servers gives you their public key. You can then set up granular access control by adding those keys only to the relevant instances. Suppose you need to revoke someone’s access. In that case, simply revoking their key prevents them from logging in without affecting other people’s workflow.

NOTE! Here, you can find more details on SSH Keypairs.

Anti-Affinity

Anti-Affinity groups let you specify which instances should run on separate hosts. For example, in an HA (high availability) cluster, you could keep your instances on distinct hypervisors to ensure more reliable fault tolerance.

NOTE! Here, you can find more details on Anti-Affinity Groups.

Storage

Object Storage

Exoscale’s Simple Object Storage (SOS) is a scalable and cost-effective solution for storing and managing large amounts of data. It offers highly available multi-redundancy storage, ensuring data safety and accessibility. You can store various files and objects, such as assets, backups, and media files. Your data remains in the exact location you store it, and Exoscale replicates it in at least three physical copies for maximum safety.

Features Overview:

• S3 compatible
• Direct HTTP/S access
• Metadata support
• ACL and CORS support
• For any data
• Pay for what you use
• Free inbound traffic

The S3-compatible API allows for easy integration with existing workflows and applications. SOS provides low latency, high bandwidth, and secure HTTP(s) access, allowing fast and secure data management from any location. You can enhance this with Exoscale’s CDN integration.

NOTE! Here, you can find all the details in the online documentation for STORAGE.

CDN

Exoscale’s CDN service, developed with Ducksify, makes distributing your assets globally with Akamai’s delivery network simple. It improves performance and user experience by caching assets in multiple locations. You can easily integrate it with our SOS service to make content available through the CDN endpoint.

Features Overview:

• Modern protocol support
• World-class delivery availability
• Improved download completion rates
• Leveraging the Akamai Intelligent Platform
• QUIC (Quick UDP Internet Connections) support
• Enable on your SOS bucket
• Volume-based pricing
• Powered by Ducksify

The CDN offers predictable pricing and is a reliable solution for enhancing your application’s performance.

NOTE! Here, you can find all the details in the online documentation for CDN.

DBaaS

Details

Exoscale’s end-to-end encrypted database as a service (DBaaS) offering is a powerful solution for businesses to host their data and databases in the cloud securely. With this service, users can start within minutes, making it easy to quickly deploy and manage their databases without any delays or downtime. In addition, Exoscale’s DBaaS offering is entirely GDPR-compliant, ensuring businesses can meet regulatory requirements and keep their data safe and secure. Furthermore, as a fully managed service, Exoscale takes care of all the maintenance and management of the databases, allowing users to focus on their core business activities.

Features Overview:

• Full lifecycle management
• Termination protection
• Automatic backup policy
• Available in all zones
• Dedicated instances

Finally, Exoscale’s DBaaS offering supports a wide range of open-source databases, allowing users to choose the best database and providing a robust and secure solution for businesses that host their data and databases in the cloud.

DBaaS Overview

Managed PostgreSQL Service often referred to as Postgres is an advanced, open-source relational database management system (RDBMS). Renowned for its robustness, performance, and extensive feature set, it supports complex queries, transactions, and advanced data types. PostgreSQL is highly extensible and standards-compliant with SQL. Due to its reliability, data integrity, and concurrency features, it is widely used in various environments, from small-scale applications to large-scale enterprise systems. Additionally, it supports numerous programming languages and can handle massive amounts of data efficiently.

Managed MySQL Service is a widely used, open-source relational database management system (RDBMS) known for its speed, reliability, and ease of use. MySQL, developed by Oracle Corporation, supports standard SQL and provides a powerful, flexible, scalable database management solution. It is commonly used for web applications, often in conjunction with PHP, due to its integration with various platforms and ability to handle large volumes of data efficiently. MySQL offers strong support for transactional processing, data replication, and security, making it a popular choice for developers and enterprises seeking robust database performance.

Managed Kafka Service is an open-source stream-processing platform developed by the Apache Software Foundation. It is designed to build real-time data pipelines and streaming applications. Kafka efficiently handles high-throughput, low-latency data transfer and can process millions of messages per second. It operates as a distributed system that ensures fault tolerance and scalability. Kafka’s core components—producers, consumers, brokers, topics, and partitions—enable the reliable streaming and storage of data across various systems. It is widely used for log aggregation, event sourcing, real-time analytics, and integrating disparate systems.

Managed OpenSearch Service is an open-source search and analytics engine derived initially from Elasticsearch and maintained by the OpenSearch community and Amazon Web Services (AWS). It provides capabilities for indexing, searching, and analyzing large volumes of data in real-time. OpenSearch is designed to be scalable, highly available, and secure, supporting full-text search, structured search, and complex data analysis. It includes OpenSearch Dashboards for data visualization, enabling users to create interactive charts, graphs, and dashboards. OpenSearch is widely used in log and event data analysis, monitoring, and business intelligence applications.

Managed Valkey Service is an open-source, high-performance key/value data store with a Redis™ compatible interface suitable for a wide range of workloads, including caching and message queues. It even serves as a primary database, providing replication capabilities and high availability for critical data. Valkey natively supports robust data structures—such as strings, numbers, hashes, lists, sets, sorted sets, bitmaps, and hyperloglogs—allowing in-place data manipulation using an extensive command set. With built-in Lua scripting and the option to extend functionality through module plugins, Valkey enables developers to create new commands, data types, and more, making it a versatile choice for low-latency data operations and diverse application needs.

Managed Grafana Service is an open-source analytics and monitoring platform that allows users to visualize, analyze, and alert on data from multiple sources. Known for its customizable and interactive dashboards, Grafana supports a wide range of data sources, including Prometheus, Graphite, InfluxDB, and Elasticsearch. It provides powerful query capabilities, real-time alerting, and flexible visualization options like graphs, heatmaps, and histograms. Commonly used for monitoring system performance, application metrics, and business KPIs, Grafana helps teams make data-driven decisions by providing clear, comprehensive insights into their data.

NOTE! Here, you can find all the details in the online documentation for DBAAS.

DNS

Details

Exoscale’s cloud-native DNS provides a powerful solution for businesses looking to take complete control of their DNS and automate deployments. With Exoscale’s DNS, users can easily manage new records and zones, giving them complete control over their infrastructure. Exoscale’s DNS is also built on an anycast network, providing low-latency resolution for users worldwide. This ensures users can access their applications quickly and easily without delays or interruptions.

Features Overview:

• All common records available
• GEO replication
• Easy redirects
• ALIAS support
• Anycast DNS
• Per zone pricing
• Powered by DNSimple
• Easily integrate with Let’s Encrypt

Exoscale’s DNS also offers geo-replicated redundancy, providing optimal uptime and ensuring that users’ applications are always available, even in a failure. Overall, Exoscale’s cloud-native DNS is a robust and reliable solution for businesses looking to manage their DNS and ensure the availability of their applications.

NOTE! Here, you can find all the details in the online documentation for DNS.

IAM

Details

Exoscale provides various interaction methods with its platform, including programmatic access via the command line, your preferred programming language, integrations with third-party tools, and a user-friendly web portal. Regardless of the method, Identity and Access Management (IAM) will define permissions and actions for individuals and services on your platform.

IAM is composed of 2 primary building blocks:

• Roles act as a container for a single policy and add some options.
• Policies are rules describing what can and cannot be done.

Exoscale IAM, or Identity and Access Management, is a system that manages access to resources within the Exoscale cloud environment. Exoscale is a cloud service provider that offers various services, including computing, storage, and network solutions.

Exoscale IAM enables administrators to control who has access to specific resources, manage user permissions, and enforce security policies. Here are some key features and functions of Exoscale IAM:

• User Management
• Roles and Policies
• Access Control
• Security and Compliance
• API Access

Using Exoscale IAM, organizations can effectively safeguard their cloud resources, comply with regulatory requirements, and streamline user access management, ultimately enhancing the security and efficiency of their cloud operations.

IAM Users

So far, IAM has allowed you to create keys that could be restricted and fine-tuned according to their permissions. While practical and powerful, IAM Keys have always been intended for programmatic usage, while users could not be limited in scope beyond the predefined roles:

• Owner
• Tech
• Billing (former Admin)

Now, we are enhancing the IAM functionality, bringing the same powerful features to organizations’ users, offering you more control and flexibility. This means you can now limit a user’s scope of action in the web portal like you would for an IAM Key, with precise and fine-grained IAM Roles.

Typical use cases include:

• give a user read-only access
• generally, fine-tune what a user can see or do in the web portal

It is important to note that:

• All new organizations will immediately start with IAM users
• All existing organizations will be migrated

NOTE! Here, you can find all the details in the online documentation for IAM.

Marketplace

Details

• Scale up your applications
• Access a curated collection of solution templates
• Leverage ready-to-use managed services

Web

The compplete marketplace portfolio with description can be found here: exoscale.com/marketplace

Portal

The tighly integrated marketplace products are easy to reach in the product portal: portal.exoscale.com/marketplace

NOTE! You need to be logged in to your portal account!

Organization

Overview

In this section of the Portal, you find:

• Billing
• Credit Cards
• Invoices
• Subscriptions
• Audit-Trail
• Quotas
• Legal

Billing Info

Billing Details

The organization display name is used for invoices. It must be between 4 and 225 characters, cannot be composed of only numbers, and cannot be a UUID. It is not currently possible to modify the country associated with your organization. Please contact support if you need assistance. It is not currently possible to modify your organization’s VAT number.

Credit Threshold

You will receive an email notification when your credit balance drops below the specified threshold, set by default to 15 CHF/EUR/UDS. To avoid service disruptions, top up your balance regularly according to your consumption needs.

Usage Overview & Detail

Usage Overview: outlines your consumption for a specific time frame and your current billing mode. If your billing mode is set to Post-Paid, you will receive an invoice based on your monthly consumption, and your default credit card will be charged for the due amount.

Usage Detail: provides itemized views of your consumption for the same time frame stated under Usage Overview.

Billing Mode

Post-Paid: You will receive an invoice based on your consumption every month. Your default credit card will then be charged for the due amount. To activate the Post-Paid billing mode, you need to meet the following requirements:

• Your account must be older than 90 days
• All your invoices must be paid
• You need to have a saved credit card and set it as the default

Wire-Transfer: You will receive an invoice based on your consumption every month. You have 30 days to pay your invoice by wire transfer.

NOTE! The Wire-Transfer billing mode is activated upon request after a case-by-case examination.

Redeem Coupon

If you have a promotional coupon, you can redeem it by entering the code in the Coupon Code field.

Credit Cards

It is the location for determining which credit card is associated with the organization. Our payment processing partner, Adyen, safely stores credit card details.

Invoices

You can look up all your invoices in excellent tabular form (Invoice Number, Total, Emission Date, Due Date, Status, Actions). Clicking on the table headers enables a different sorted view of the invoices.

Subscriptions

It is the location where you can view and manage your DNS Zones and Support Plans subscriptions in excellent tabular form.

Audit-Trail

You can see all the tracked security-relevant user activity and API usage here. The tool allows you to list and search for events that interact with Exoscale resources.

Quotas

Is the location where you can view and manage quotas on the following specific resources:

• Instances
• Custom Templates
• Snapshots
• GPUs
• SKS Clusters
• Elastic IPs
• Private Networks
• Network Load Balancers
• IAM Access Keys
• DBaaS Services
• Object Storage Buckets
• Block Storage Volumes
• Block Storage cumulative size (GiB)
• Max size of a Block Storage Volume (GiB)

Legal

It is structured into two Tabs:

• Terms: Here, you find the Legal Documents for your organization, including the Terms & Conditions you excepted and when, as well as the version of the Data Processing Addendum you excepted and when.
• Compliance Center: Exoscale is committed to helping our customers comply with industry and government regulations. Our Compliance Center contains all the information you need about our compliance posture, including information about our security controls, policies, procedures, certificates, attestations, and compliance reports. We will continue to update this center as our compliance posture evolves. For some of the reports, a Non-Disclosure Agreement (NDA) is necessary, which can be done by clicking the REVIEW AND ACCEPT button.

Support

Details

In this section of the Portal, you can view and manage your support tickets by status (All, New, Waiting, Open, Closed). Exoscale’s support services are designed to cater to various customer needs, from developers and testers to enterprises running critical workloads. Here’s a breakdown of what each support plan includes:

Built-In Support

Built-In Support is included for all customers at no additional cost. It is ideal for testers, developers, and non-critical applications.

• Initial Response Time: Best-effort
• Support Hours: Office Hours
• Limited Audit Trail: 1 month of mutation events
• Limited Monthly Usage Reports: Aggregated by resource type
• Ticket Support

Starter Plan

Starter Plan is suited for startups and SMEs running production infrastructures. It includes everything in the Built-In plan plus additional features.

• Initial Response Time: 4 hours
• Support Hours: Office Hours
• Two-Factor Authentication (2FA)
• Single Sign-On (SSO)
• Limited Audit Trail: 1 month of mutation events
• Monthly Usage Reports: Reporting per resource
• Ticket Support

Price: 100.00 EUR/CHF/USD per month

Pro Plan

Pro Plan is tailored for companies running sensitive production infrastructures. It includes everything from the Starter plan plus faster response times and event tracking.

• Initial Response Time: 1 hour
• Support Hours: Extended Office Hours
• Two-Factor Authentication (2FA)
• Single Sign-On (SSO)
• Comprehensive Audit Trail: All API traffic, retention at customer discretion
• Monthly Usage Reports: Reporting per resource
• Ticket Support
• Phone Support

Price: 500.00 EUR/CHF/USD per month

Enterprise Plan

Enterprise Plan is designed for companies running critical workloads, offering the highest level of support and fastest response times.

• Initial Response Time: 30 minutes (24/7)
• Support Hours: 24/7
• Two-Factor Authentication (2FA)
• Single Sign-On (SSO)
• Comprehensive Audit Trail: All API traffic, retention at customer discretion
• Monthly Usage Reports: Reporting per resource
• Dedicated Customer Success Manager
• Custom Compliance Form
• Ticket Support
• Phone Support

Price: 5% of IaaS consumption (minimum 2,500 EUR/CHF/USD per month)

Overview: Support Features & Plans

*) 5% of IaaS consumption (minimum 2,500 EUR/CHF/USD per month)

Additional Information

• Office Hours: Mon-Fri, 8 am to 6 pm CET/CEST
• Extended Office Hours: Mon-Fri, 7 am to 8 pm CET/CEST
• PEN-Testing & Right to Audit: Available across all plans

By choosing the right support plan, you can ensure that your needs are met effectively and promptly, allowing you to focus on what matters most—growing your business.

NOTE! Here, you can find details on the case priority schema in the online documentation for SUPPORT.

Compute

COMPUTE

The Compute product is for scalable, on-demand cloud servers in a privacy-minded public cloud setting to host everything from simple applications to complex architectures. Start a virtual machine (VM) in seconds, and integrate current on-premises or hybrid-cloud deployments using standard DevOps tooling, would that be Terraform, Kubernetes, Ansible, or the tools of your choice.

VM Creation – Essential Properties

• Hostname - Easier Server Identification
• Template - Linux, Windows, Custom, Marketplace
• Zone - Data Center Locations
• Instance Types - RAM, CPU Core Configurations (T-Shirt Sizes)
• Disk - Size Configurations

VM Creation - Further Properties

• Keypair
• Security Groups
• Private Network
• IPv6
• Anti-Affinity Groups
• User Data
• Snapshots

VIDEO

VM Creation Process

EXAMPLE - create a Linux VM and install a web server

Walking through a step-by-step example for creating a new cloud server (VM) with a web server manually:

• Create Security-Group for HTTP and SSH access
• Create SSH Keyfile for access
• Start a Virtual Machine
• Install a Web Server via SSH

VIDEO

EXAMPLE

Security Group

Security Groups are the VMs firewall, all VMs are linked to at least one Security Group (default).

default

• BLOCK all incoming traffic
• ALLOW all outgoing traffic

Security Group - configure a new sample-group

For our example:

• ALLOW 22 for everyone
• ALLOW 80 for everyone

VIDEO

Security Groups

SSH Keys

How-to create an ssh key pair

Linux and Mac

• Use the command line tool ssh-keygen

Windows

• Use the program PuTTYgen (puttygen.exe) and export the OpenSSH public key

Create SSH Key - my-key

Import SSH Key - public key

NOTE: NEVER share the PRIVATE KEY with anyone !!!

VM Creation - Example

• Hostename = my-new-vm
• Template = Linux Ubuntu 20.04 LTS 64-bit
• Zone = DE-FRA-1
• Instance Type = STANDARD - Tiny
• Disk = 10 GB
• Keypair = my-key
• Security Groups = sample-group

VIDEO

VM Creation

VM Usage

Connecting to the Server depends on your client OS used to access your VM. Adding the SSH Key and accessing your VM follows a different sequence of tools used. Below you see examples of the most common access scenarios.

Access from Linux or Mac

Run the following commands:

> ssh-add id_rsa
> ssh root@SERVER-IP

Access from Windows

• Start the PuTTY authentication agent program Pageant and add the SSH Key
• Start the program PuTTY and enter the Server IP

VIDEO

VM Usage

Web Server Install

Installing NGINX web server via the apt-get package manager:

> apt install -y nginx
> systemctl start nginx

Web Server accessible via server IP:

EXAMPLE - create a Windows Server VM and access it

Creating a Windows VM follows the same Step-by-Step pattern as a Linux VM; you select an appropriate Windows Server template. The creation process runs in the same way.

To access the Windows Server VM, you must configure a Security Group that allows port 3389/TCP. This is the port for the remote access protocol used by the Microsoft Remote Desktop application. To connect as administrator to the Windows Server VM, use the shown password and the Microsoft Remote Desktop application.

Virtual Machines (VMs)

Frequently used applications of VMs on Exoscale are:

• Web Servers
• Machine Learning
• Processing/Storing Data
• Firewalls/Gateways
• Terminal Servers
• …

Anti-Affinity Groups

How can you increase availability and fault tolerance for your application?

Using more than one instance is the start of redundancy running them on different hosts = different hypervisors increases the availability. The feature for controlling this behavior is called Anti-Affinity Group. Instances in one Anti-Affinity group are all placed by the platform on different hosts, which increases the resilience against the failure of your application.

Anti-Affinity Group Specs:

• Anti-Affinity Groups can be freely created and VMs assigned to it
• Anti-Affinity Groups support also Instance-Pools
• Up to 8 VMs can be in the same Anti-Affinity Group
• All 8 VMs will then be on different hypervisors

VIDEO

COMPUTE - Recap & Summary

Cloud-Init

CLOUD-INIT

Cloud-Init is the industry-standard method for cross-platform cloud instance initialization and supports all major public cloud providers and provisioning systems for cloud infrastructure installations. During boot, Cloud-Init identifies the cloud it runs on and initializes the system accordingly. Cloud instances will automatically be provisioned during the first boot with networking, storage, SSH keys, packages, and other system aspects already configured. Cloud-Init provides the necessary glue between launching a cloud instance and connecting to it so that it works as expected.

User Data

The User Data field can be used for configurations after the cloud instance has been booted. You can use either distribution-specific scripting languages (bash, PowerShell, etc.) or the distribution-independent method of cloud-config. For example, you want to install the web server nginx automated after the cloud instance finishes booting.

Simple Example - distribution-specific

#!/bin/bash

sudo apt-get update
sudo apt-get upgrade –y
sudo apt-get install –y nginx
sudo systemctl start nginx

This example is specific for a Linux distribution.

Simple Example - distribution-independent

#cloud-config

package_upgrade: true
packages: 
   - nginx
runcmd:
   - systemctl start nginx

This example is independent and works cross-platforms.

VIDEO

Intro

Complex Example

• Install and configure Web Server
• Download our application from an SOS bucket using a presigned key
• Install the application
• Run the application

#cloud-config
package_upgrade: true
packages:
  - nginx
  - nodejs
  - npm
write_files:
  - owner: www-data:www-data
    path: /etc/nginx/sites-available/default
    content: |
      server {
        listen 80;
        location / {
          proxy_pass http://localhost:3000;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection keep-alive;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
        }
      }
runcmd:
  - systemctl restart nginx
  - cd "/home/webapp/myapp"
  - [ wget, "https://sos-de-muc-1.exo.io/demo-webinar/application.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=....", -O, /home/webapp/myapp/app.zip ]
  - unzip app.zip
  - npm init
  - nodejs index.js

VIDEO

Complex Example - Theory

VIDEO

Complex Example - Demo

Overview

LINK Cloud-Init Documentation

cloudinit.readthedocs.io

Automation

AUTOMATION

Taking the basic concept of cloud-init to the next level by using methods like:

• CLI … Command Line Interface
• API … Application Programming Interface
• IaC … Infrastructure as Code

Infrastructure as Code

Infrastructure as Code (IaC) manages and provides computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

• Specify your whole infrastructure as programming code
• Automated infrastructure management
• Quickly start, modify or delete your whole infrastructure
• Code is also documentation
• Terraform Plugin provided by Exoscale

The approach of immutable infrastructure is practiced in this concept by never updating and always replacing.

Example

data "exoscale_compute_template" "ubuntu" {
  zone = local.zone
  name = "Linux Ubuntu 20.04 LTS 64-bit"
}

resource "exoscale_security_group" "web" {
  name = "web"
}

resource "exoscale_compute_instance" ”webserver" {
  zone               = local.zone
  name               = "webserver"
  type               = "standard.medium"
  template_id        = data.exoscale_compute_template.ubuntu.id
  disk_size          = 10
  security_group_ids = [
    data.exoscale_security_group.default.id, 
    exoscale_security_group.web.id,
  ]
  user_data          = <<EOF
#cloud-config

package_upgrade: true
packages:
  - nginx
write_files:
  - owner: www-data:www-data
    path: /var/www/html/index.html
    content: |
      Hello world!
runcmd:
  - systemctl restart nginx
EOF
}

VIDEO

Infrastructure as Code

VIDEO

Infrastructure as Code - DEMO

Application Programming Interface

Exoscale Public API

https://openapi-v2.exoscale.com

• Everything on Exoscale can be controlled via the API
• Full potential for automation
• Implementable in every programming language
• Specifically limit access using IAM

Example

import requests
from exoscale_auth import ExoscaleV2Auth
import secret
auth = ExoscaleV2Auth(secret.api, secret.key)
response = requests.get("https://api-de-fra-1.exoscale.com/v2/instance", auth=auth)
print(response.text)

VIDEO

Application Programming Interface

Command Line Interface

Exoscale CLI – exo

https://community.exoscale.com/documentation/tools/exoscale-command-line-interface/

exo is Exoscale’s official command line interface to access all platform services. It allows you to manage your infrastructure from a user-friendly command line tool with the benefits of being scriptable.

Example

> exo compute instance create my-new-vm
 ✔ Creating instance "my-new-vm"... 16s
┼──────────────────────┼──────────────────────────────────────┼
│   COMPUTE INSTANCE   │                                      │
┼──────────────────────┼──────────────────────────────────────┼
│ ID                   │ xxx-xxx-xxx-xxx                      │
│ Name                 │ my-new-vm                            │
│ Creation Date        │ 2022-11-30 14:39:19 +0000 UTC        │
│ Instance Type        │ standard.medium                      │
│ Template             │ Linux Ubuntu 22.04 LTS 64-bit        │
│ Zone                 │ ch-gva-2                             │
│ Anti-Affinity Groups │ n/a                                  │
│ Security Groups      │ default                              │
│ Private Networks     │ n/a                                  │
│ Elastic IPs          │ n/a                                  │
│ IP Address           │ 159.100.242.231                      │
│ IPv6 Address         │ -                                    │
│ SSH Key              │ -                                    │
│ Disk Size            │ 50 GiB                               │
│ State                │ running                              │
│ Labels               │ n/a                                  │
┼──────────────────────┼──────────────────────────────────────┼

> exo compute instance list
┼─────────────────┼───────────┼──────────┼─────────────────┼─────────────────┼─────────┼
│        ID       │   NAME    │   ZONE   │      TYPE       │   IP ADDRESS    │  STATE  │
┼─────────────────┼───────────┼──────────┼─────────────────┼─────────────────┼─────────┼
│ xxx-xxx-xxx-xxx │ my-new-vm │ ch-gva-2 │ standard.medium │ 159.100.242.231 │ running │
┼─────────────────┼───────────┼──────────┼─────────────────┼─────────────────┼─────────┼

> exo compute instance delete my-new-vm
[+] Are you sure you want to delete instance "my-new-vm"? [yN]: y
 ✔ Deleting instance "my-new-vm"... 12s

VIDEO

Command Line Interface

Scaling

SCALING

The Exoscale Platform provides two ways of scaling:

• Vertical
• Horizontal 

Which way should be used also depends on your app’s architecture, and there is an impact on the operational procedures as well.

Vertical

• Can be done any time, while the instance is stopped
• Billing is always by the second

Horizontal

• Can be done any time, no instance stopping necessary
• Billing is always by the second

VIDEO

Scaling

Instance Pools

Multiple compute instances with the same configuration in a group:

• Increase or decrease the amount of compute instances in an Instance Pool any time
• Increasing
  • will automatically boot up an instance with the same parameters again (template, cloud-init, …)
• Decreasing
  • will destroy the oldest VM in the Pool this way the whole pool can be cycled
• Often used together with cloud-init to provision the instances with an application.

Automation

• Can be scaled down and up by sending commands to the Exoscale API or CLI
• Easily and fully automatable out of the box using Kubernetes

VIDEO

Instance Pools

Traffic

TRAFFIC

Data exchange between computers is called traffic, and in cloud computing, this is an important topic at least from two angles:

• performance
  • throughput
  • latency
• cost
  • data volume
  • timeframe

So let’s look into it.

Internal Traffic

Definition Internal:

• Between all Exoscale Services inside a zone
• Between all Exoscale Services beyond zone borders

Internal traffic is free!

Incoming Traffic

Traffic coming from the internet is free.

Outgoing Traffic

Traffic towards the Internet is billed. BUT, it comes with a free tier at Exoscale:

• 1.42 GB per instance in the period of one hour
• Free traffic is shared in the organization
• Free traffic is only available in the hour created

Example

Two examples to illustrate the free tier and the billing aspects:

• Instance A and B
  • A creates 2 GB of outgoing traffic
  • B creates 0.5 GB of outgoing traffic
  • Completely under free tier, as both together have 2.84 of free traffic
• Instance A exist inside one hour
  • A creates 2 GB of outgoing traffic
  • 1.42 GB are free, 580 MB are to be paid

VIDEO

Traffic

Storage

STORAGE

Simple Object Storage (SOS) is an S3-compatible object storage to store your assets, files, and metadata. Furthermore, it is a cost-effective solution to support your application and backup or serve your data from any Exoscale zone with no hidden fees, using your existing S3-compatible tooling and a familiar API.

• Simple to use
• High-available, replicated 3 copies of each object
• URLs to files can be configured with ACLs
• ACLs (Access Control List) permission control:
  • private - only with API key accessible
  • public-read - everyone can read, e.g. for static files
  • public-read-write - everyone can read and write -> NOT RECOMMENDED
  • manual edit - grant specific permissions to other orgs

VIDEO

Simple Object Storage

Use Cases

Case – Static Files:

• Backups
• HTML-Files
• Pictures
• Videos
• Archives of various files (e.g., *.zip, *.tar, and for bootstrapping an app on a server)
• Best suitable for
  • Integrated in the app itself (S3)
• Not suitable for
  • Shared File Systems
  • Storage under Databases

Case – Static Web Files:

• Upload static files to S3
• Set ACL public-read either manually or automatically (e.g., WordPress plugin)
• Embed links to files directly in HTML
• Users will download files from SOS bucket
• Providing fast access and high-availability

Case – Backup Files:

• Install a backup agent on a VM (e.g., CloudBerry)
• Configure S3 bucket as target
• If restore needed:
• Create VM
• Install agent
• Configure as restore from S3 bucket
• Backup Files are saved securely and privately in the Storage Bucket

Access Methods

Access Interfaces for SOS:

• Exoscale UI
• Exoscale CLI
• S3 CLI

Every programming library which supports S3:

• Easy to embed in existing apps
  • PHP
  • Java
  • NodeJS
  • Python
  • …

Every Application which supports S3:

• Cyberduck … browse files with a GUI, delete files, upload large files
• CloudBerry, Acronis, Veeam, … Backup Software
• Flexify.IO … is a great way to migrate data back and from on-premises or other cloud storage
• MountainDuck … mount SOS as Windows Drive
• rclone … Linux CLI to copy whole directories, synchronize multiple buckets/zones

VIDEO

Uses Cases / Access Methods

VIDEO

SOS - DEMO

Content Delivery Network

CDN:

• Automatically distributed all public-read files to the Akamai network if activated
• 120 locations worldwide
• Users can download static files with low latency from the nearest server
• Used when high scalability and low latency are requirements
• Easy to use; just the read-URL of the files changes
• Files must be set to public-read

VIDEO

CDN

COMPONENT ==========

{: type=“html” display_name=“Pre-signed Keys " }

Pre-signed keys can be used to:

• Give temporary access to private files
• Give unique access to private files (e.g., for cloud-init scripts)
• Key included in the URL
• Must be created using the CLI or a S3 library

VIDEO

Pre-signed Keys

VIDEO

Pre-signed Keys - DEMO

Block Storage

Exoscale Block Storage is a highly available and scalable block storage service designed to provide persistent storage for your instances. With Block Storage, you can dynamically increase storage capacity and optimize costs without compromising performance or data durability. It integrates seamlessly with your virtual instances, allowing you to manage storage volumes independently from the lifecycle of your instances.

• Flexible storage management
• High durability, with data replicated inside the zone
• Volumes can be easily attached or detached from instances
• Volumes can be scaled up
• Current Performance:
  • Around 5000 IOPS
  • Around 250 megabyte/s data transfer
• Snapshot capabilities to protect data and facilitate disaster recovery
  • Snapshots are incremental
• Block Storage needs to be mounted, Local Storage is still required for the OS of an instance

Block Storage is typically Read-Write-Once, meaning it can be attached to only one instance at a time. This contrasts with Read-Write-Many volumes, which can be shared across multiple instances. Due to the absence of locking mechanisms required for shared access, Block Storage often delivers superior performance, making it an ideal choice for database hosting.

The term “Block” in Block Storage derives from its nature as a block device. This implies that a filesystem must be initialized on the volume by the operating system before use.

Snapshots, being incremental, offer a cost-effective strategy for creating backups. However, given their incremental nature, it is prudent to complement them with additional backup solutions, such as transferring backups to Object Storage, to ensure comprehensive data protection.

If you need Read-Write-Many functionality, one approach is to attach a Block Storage Volume to an instance and configure an NFS (Network File System) server on it.

Local Storage

Each Exoscale instance is equipped with a minimum of 10GB of local storage, which serves as the installation medium for the operating system. This storage utilizes high-performance NVMes, capable of supporting a significant number of input/output operations per second (IOPS) and bandwidth. This makes it exceptionally well-suited for applications with high-performance demands. Unlike Block Storage, however, this local storage is inherently tied to the instance it accompanies and cannot be transferred or shared between instances.

• Volume bound to an instance
• Volume can be scale up
• High performance bandwidth and IOPS

Backup

BACKUP

Solutions:

• Backup solutions existed well before cloud services were invented
• Companies or teams had their specific preferred backup solution
• Exoscale does not impose a specific solution
• Multiple possibilities available

VIDEO

Backup

Snapshots

Do a full snapshot of a VM

• Easy to implement and automate
• Easy to fully restore Restores
• Easily create a template from a Snapshot

Hard to do partial restores

• Always the full disk is snapshotted -> Consumes a lot of space and incurs cost
• When a VM is deleted, Snapshots are also deleted
• Can be inconsistent, e.g., recovery of a Database might not be possible.

VIDEO

Snapshots

Agent Based Backup

Backup the filesystem to an S3 bucket (potentially in a different zone):

• Incremental
• Partial restores
• Great flexibility
• Economical
• Harder to implement -> Requires a third-party application

Restoring – Option A:

• Restore file system directly (i.e., using Restic)

Restoring – Option B:

• Restore whole system (i.e., using UrBackup, Bareos)

VIDEO

Backup - Agent Based

VIDEO

Restore - Option A

VIDEO

Restore - Option B

Networking

NETWORKING

This topic has many layers and can be intimidating and complex sometimes. Therefore, we break it down into smaller pieces to convey the cloud-relevant parts of it and introduce Exoscale networking features. If the diagram below looks intimidating to you, don’t worry. After completing this section of the course, it will feel very natural.

The next steps are to look into the following topics and demystify networking:

• Switching/Routing
• Load Balancing
• Private Networks

and at the same time refere to the network layer model and match our topics to it.

Switching/Routing

SWITCHING/ROUTNG

Layer 2 - Switching

• Uses Mac Addresses (hardcoded into devices)
• Only for traffic in a local or private network
• Done by switches

Example Mac address: f8:4d:89:84:eb:8e

Layer 3 - Routing

• Uses IP Addresses
• For traffic and routing in a global manner
• Done by routers

Example IP address: 10.55.22.1/32

Local Network

• Switches don’t care for IP-Addresses - only Mac-Addresses – Layer 2 !!!
• Each computer can talk to the other on the same local network
• And it must be on the same subnet

VIDEO

Switching / Routing - Part 1

IP Addresses

A subnet for one IP address

A subnet for two IP addresses

More subnets

A subnet for 256 IP addresses

VIDEO

Switching / Routing - Part 2

Routing Subnets

• Talk to different subnets –> router (gateway) must be used
• Gateway IP needs to be specified –> Gateway IP must be usually on same subnet

VIDEO

Networking

Private Network

PRIVATE NETWORK

• Local Network between Instances
• Private networks can be freely created
• Instances must be in the same zone
• No Security Groups are in between
• Layer 2 - like a simple Switch connecting all instances
• Private IP Addresses/Subnets can be freely chosen best from reserved IP ranges
• IP Addresses must be configured via SSH/RDP or Cloud-Init
• Managed Private Networks can automatically provide IPs via DHCP

Reserved Subnets - can be used for private networks:

• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

Granular DHCP Support via the CLI

Exoscale’s Managed Private Networks support granular DHCP configurations, providing enhanced control over network settings through the CLI.

• [DHCP Option 3] Default Gateway (Router): Sets the IP of the default gateway for external traffic.
• [DHCP Option 6] DNS Servers: Specifies DNS server IPs for domain name resolution.
• [DHCP Option 42] NTP Servers: Defines IPs for time synchronization with NTP servers.
• [DHCP Option 119] Domain Search List: Supplies a list of domain suffixes supporting multi-domain environments (limited to 255 octets).

VIDEO

Private Network

VIDEO

Private Network - DEMO

Gateway Considerations

An additional Gateway is required when:

• Connecting private networks over different zones
• Connecting private networks to the company network
• Connecting a private network to the internet
• Connecting private networks together

As Gateway, another instance can be used:

• Ubuntu with routing configuration
• VyOS Router templates

VIDEO

Gateway Considerations

Load Balancing

LOAD BALANCING

Network Load Balancer

• Can forward ports/services to different Instance Pools.
• Traffic will be only forwarded to Instance Pool members with a successful health check.
• If you want to allow access from the Internet, you need to open the Ingress Rules for target-port and healthcheck for all (0.0.0.0) in the Instance-Pools Security Group.
  • If you only want to enable load balancing from specific subnets, you can just let that subnet or security group access the target-port. Additionally, you need to add a rule with Source Type being Security-Group-Public and select public-nlb-healthcheck-sources for the healthcheck.
• Healthchecks can be observed via API.
• Strategies
  • Round-Robin - Incoming traffic will be forwarded to each member in equal proportions and circular order.
  • Source-Hash - A given source address will always be forwarded to the same instance.

VIDEO

Load Balancing

VIDEO

Load Balancing - DEMO

Managed Elastic IP

• Can forward traffic to one instance or distribute traffic across multiple instances
• Traffic distribution is not necessarily even
• No configuration on target instances is necessary
• Traffic on all ports is forwarded
• Healthchecks are done – but cannot be observed
• To be reachable, ports from the EIP must be opened for all

NOTE: Cannot be used for outgoing traffic

VIDEO

Managed Elastic IP

Comparison - Network Load Balancer / Managed Elastic IP

Network Load Balancer

• Routes to Instance-Pools
• Even traffic distribution
• Route single ports (services)
• Healthchecks can be observed

Managed Elastic IP

• Routes to individual Virtual Machines
• Even traffic distribution is not guaranteed
• Route whole IP/all ports
• Healthchecks done but cannot be observed

VIDEO

Comparison

Unmanaged Elastic IP

• Simple Fail-Over IP Address
• It needs to be configured on the instance itself
• It can be used as an outgoing IP via a loopback interface
• Security Groups apply normally

cloud-init configuration

#cloud-config
write_files:
  - path: /etc/netplan/51-eip.yaml
    content: |
      network:
        version: 2
        renderer: networkd
        ethernets:
        lo:
          match:
            name: lo
          addresses:
            - 159.100.241.235/32
runcmd:
  - [ netplan, apply ]

VIDEO

Unmanaged Elastic IP

Security Groups

Allow defining and composing firewall rules:

• Power of VLANs
• Block incoming traffic by default
• Allow outgoing traffic by default
• Traffic to and from the Internet can be blocked entirely (private instance)
• Source address can be specified as a subnet or as another Security Group, or as a Public Security Group (which simply are Security Groups defined by Exoscale for specific purposes)

Security Groups Examples

Frontend Security Group

• Allow 0.0.0.0/0 for port 80/tcp
• Allow 0.0.0.0/0 for port 443/tcp
• Allow 90.80.60.0/24 for port 22/tcp *

*) allow clients originating from the given subnet – e.g., company network - to connect to SSH; not on the diagram

Backend Security Group

• Allow Security Group Frontend for port 8080/tcp
• Allow Security Group Backend for port 8080/tcp *

*) without this rule, backend instances cannot access each other on 8080

VIDEO

Security Groups

VIDEO

Security Groups - DEMO

Cloud Challenges

CLOUD CHALLENGES

This section highlights the most common problems you can face on your cloud journey. Awareness of those topics should lead to better architecture decisions and storage technology selections. Therefore, the last two sections in this course are dedicated to these topics in more detail. But first, let’s jump into the area of cloud problems and build a better understanding of common pitfalls.

Special Snowflake

Issue Description

• A single server – installed by hand – undocumented
• IP Addresses or credentials hard-coded in several systems
• Also, cannot transfer IP Addresses to the cloud
• Should only be migrated with planned downtime and roll-back scenario

VIDEO

Special Snowflake

Huge Instance

Issue Description

A customer wants …

• 512 GB of RAM
• A huge disk (> 15 TB)
• A small instance (i.e., 2 cores) with a big disk (i.e., 512 GB)

It rarely makes sense, especially for databases. Very expensive in the cloud. Sometimes not possible.

VIDEO

Huge Instance

Backup

Issue Description

• On-premises backups are often done on a full VM image basis. This works poorly in the cloud and will get expensive.
• Backups must be re-tooled to be done on a software basis for at least parts of the recovery process.

VIDEO

Backup

Migration

Issue Description

Possibilities:

• Transfer of the files of the server themselves (i.e., using rsync on Linux) – the most straightforward solution
• Using a backup tool

Convert an existing image (i.e., VMware) to QCOW2 and create a template:

• For advanced users
• Cannot delete template as long as instances boot from it
• Custom Templates
• Must install *.iso files locally first, and the resulting image will then be provided as QCOW2

VIDEO

Migration

Network Throughput

Issue Description

• No cloud provider has SLAs for bandwidth or latency between two VMs.
• On-premises, this SLA is easy to guarantee thanks to a dedicated network infrastructure.
• Services need to be built smaller and fault-tolerant.

VIDEO

Network Throughput

Licensing

Issue Description

• Some software is not licensed in a cloud-friendly way
• Software that requires purchasing a license for every possible CPU core the software COULD run on
• Software that restricts the license or support to officially certified hypervisors only

VIDEO

Licensing

Architecture

ARCHITECTURE

There are challenges in the cloud. We just have reviewed to most common ones. Building reliable, scalable, and well-performing cloud-based solutions is down to leveraging proven architectures and best practices and thinking of cloud-native approaches to the challenges you want to solve.

Simple Architecture

Quickly scale up for more performance and easily scale down to safe cost or serve a scenario with fewer performance needs. It is also important to safely store all data and configurations in backups and enable applications to be highly available. All of those requirements are reflected in your architecture.

VIDEO

Architecture

Stateless Architecture

Applications with stateless architecture (stateless apps) allow you to easily scale:

• Keep data in a database or S3 storage
• Don’t save data locally on a disk
• Don’t save session-states locally inside the apps RAM, instead:
  • Use JWT (JSON Web Tokens)
  • Save session state in a database (e.g., Redis)

-> Stateless Apps can be booted multiple times in conjunction with a Load Balancer & Cloud-Init.

VIDEO

Stateless Architecture

Monolith vs Microservices

Two very common application architecture used for designing solution on-permises and in the cloud, but also very different ones.

VIDEO

Monolith vs Microservices

Kubernetes

Scalable Kubernetes Service (SKS)

Potential requirements for your application:

• High-Availability
• Automated vertical and horizontal scaling
• Updates without downtime
• Self-Healing
• Load balancing
• Cost Effectiveness
• Simple development and release process

-> Consider our Managed Kubernetes SKS

-> Courses available: SKS Starter & SKS Advanced

VIDEO

Kubernetes

High Availability & Disaster Recovery

Expect the Unexpected

• Design and develop plans before things happen
• Plan how you want to achieve High-Availability use e.g., Kubernetes, Load-Balancers
• Backup your files, preferably in a different zone than your main infrastructure
• Weigh out recovery time vs. effort
  • Having a zone-failover in a matter of seconds is a very elaborate and expensive behaviour
  • As a zone-failure is very unlikely, a plan is still needed, but planning in more downtime makes things easier
• Have a disaster recovery plan

Database

DATABASE

Looking at databases, we see that the managed version delivers the benefits of simplifying the tasks associated with provisioning and maintaining a database. However, you will still need some experience working with databases to interact with them as you build and scale your app.

Exoscale DBaaS is an excellent solution for everyone looking for a diverse portfolio of open-source data services used in all applications and business solutions and gaining the following benefits:

• Daily Backups included - backups are done on a daily basis and are included with every DBaaS offering.
• Completely Integrated - integrated DBaaS for your instances. Easily manage your database, instance, or storage from the same interface.
• Automate Everything - easily automate everything with our simple web portal, CLI, API, or tools like Terraform.
• 99.99% Uptime SLA - all DBaaS (cluster) offerings come with an uptime SLA of 99.99%.
• No Vendor Lock-In - keep your cloud infrastructure independent and flexible with our offering of open-source databases.
• Your Data Stays In Europe - all data is stored in the country of your chosen zone, fully GDPR-compliant. DBaaS is available across European zones.

VIDEO

Database as a Service

• Different plans available with different sizing and amount of nodes
• Each plan comes with a specific amount of backups
• See also: https://www.exoscale.com/pricing/#dbaas

VIDEO

Database as a Service - DEMO

DBaaS Plans

DBaaS Update

Update Process – how does it work ?

Database always accessible via a DNS-Address

Update Process handles everything fully automatic in the background:

• Fork database, and synchronize all data
• Test whether new databases is healthy
• Point DNS now to new DBaaS instance
• Old instance is discarded
• Clients will reconnect

-> Downtime of less than 10 seconds

Update Process - Step 1

Update Process - Step 2

Update Process - Step 3

VIDEO

DBaaS Update

DBaaS - Further Possibilities

What is possible depending on the database:

• Attach external read replicas
• Use a variety of extensions
• Use multiple nodes
• Change specific parameters of the database
• Migrate from the old provider
• Connection pooling

-> Consider our Managed Database as a Server DBaaS

-> Intro Course available: Database technologies and benefits of managed database services

Typical Web Application

Description

Our example architecture consists of the following explained components, and it demonstrates the practical usage of several products together and the associated costs.

Application Servers

run the web application. The application reads from the DB servers via the Elastic IP v2, and users access this web service via another Elastic IP v2 that distributes traffic evenly among them. Upload user files to the Public File Bucket. Installed in an Anti-Affinity group.

Database Server

operate a shared database (MySQL, MongoDB, etc.) that is capable of replicating data. Installed in an anti-affinity group to ensure that the individual components are never on the same physical host.

Backup Server

responsible for reading the data and uploading it to the Backup Bucket object storage.

Public File Bucket

stores and publishes user files, such as profile pictures, and makes them publicly available.

Backup Bucket

holds the backups of the DB servers and the Public File Bucket.

Elastic IP

in v2 is used as a simple load balancer in this scenario that distributes traffic evenly.

Exoscale DNS

responsible for resolving the service domain name (example.com).

VIDEO

A Typical Web Application

Calculate Product Pricing

Calculate Product Pricing

Usually, you want to know the cost for a resource on a monthly basis, like you know your cost for other subscriptions like your mobile data plan, Spotify, Netflix and so forth.

The official pricing can be found on the web __exoscle.com/pricing __ and in the official price list. There you can find hourly pricing for the different products. In the Exoscale realm, we calculate with 720 hours per month, and other cloud providers use, e.g. 730 hours per month, this information is relevant if you want to compare monthly pricing.

Application Server Instances Calculation

2 x 720 x (100 x 0.00014 + 0.04666) = €87.35/month

• 2x Medium (€0.04666/h)
• 100 GB disk (€0.00014/h/GB)
• 720 hours per month

Database Server Instances Calculation

3 x 720 x (400 x 0.00014 + 0.04666) = €221.75/month

• 3x Medium (€0.04666/h)
• 400 GB disk (€0.00014/h/GB)
• 720 hours per month

Backup Server Instance Calculation

1 x 720 x (50 x 0.00014 + 0.01458) = €15.54/month

• 1x Tiny (€0.01458/h)
• 50 GB disk (€0.00014/h/GB)
• 720 hours per month

Elastic IP Calculation

2 x 720 x 0.01389 = €20.00/month

• 2x Elastic IP v2 (€0.01389/h)
• 720 hours per month

Exoscale DNS Calculation

1x SMALL = €1/month

• 1x SMALL
• monthly subscription

With DNS you enrol to a monthly recurring subscription, automatically renewed. Every package entitles you to register up to the indicated number of zones.

SMALL     ( 1 Zone  =   €1/month)
MEDIUM    (10 Zones =   €5/month)
LARGE     (50 Zones =  €25/month)

Calculate Scenario Pricing

Calculate Scenario Pricing

For an overall scenario pricing, we have to add up all component prices - like the ones we calculated before - in our scenario, add data transfers to the internet and amount of storage in rest to the equation.

Additional storage costs are associated with the Simple Object Storage (SOS). A scalable, reliable, and cost-effective solution to support your application. Backup or serve your data from any Exoscale zone with no hidden fees, using your existing S3-compatible tooling and a familiar API.

Application Server Data Transfer Calculation

6 x 720 x 1.42 GB = 6134.40 GB/month

• data transfer to the Internet: 1000 GB/month
• free tier definition = 1.42 GB/h/instance

The free tier for our web-application consisting of 6 instances is 6134 GB; the monthly data transfer is 1000 GB to the Internet; hence it is below the free tier for our scenario.

Public File Bucket Calculation

200 x 0.020 + 10000 x 0.020 = €204.00/month

• 200 GB data stored
• 10 TB data transferred (10000 GB)

Backup Bucket Calculation

1000 x 0.020 = €20.00/month

• 1 TB data stored (1000 GB)

Calculation of Complete Scenario

Application Server Instances            €  87.35/month
Database Server Instances               € 221.75/month
Backup Server Instance	                €  15.54/month
Elastic IP	                            €  20.00/month
DNS	                                    €  €1.00/month
Application Server Data Transfer        €  €0.00/month
Public File Bucket	                    € 204.00/month
Backup Bucket                           €  20.00/month
------------------------------------------------------
TOTAL                                   € 569.64/month

Pricing Calculator

Pricing Calculator

A simple and convenient tool to get product pricing for various configurations always available here:

www.exoscale.com/calculator