Let’s say if you want to try out an operating system, you might have to get a hardware, install operating system. If you already have a machine then you might have considered dual boot or virtual machine. This kind of exercises are good when you want to learn these things. However, if you just want to get a machine, try things out then running a machine on cloud would be a suitable option. A fully functional machine is now ready within few minutes and it only takes few clicks. Cloud vendors provide tons of options for virtual machines (VM or instances).
Following are some of the available for VM
- Choice of Operating System — Windows, Mac, Redhat, Ubuntu and so on
- Predefined instances with X memory, Y storage, Z CPU and N network bandwidth — also possible to customize these parameters
You would need a way to securely connect to a VM. You can create (public-private) key pair on your machine or create one directly through cloud provider.
Furthermore, you can specify rules traffic going in and out of the VM by creating a Security Group.
Pricing models in AWS ($.$$)
You can create a VM, use it and terminate it. You would be charged for how long you used a VM. As you created instances on-demand, these instances are also referred as On-demand instances.
If you are going to consistently run VMs for a year or 3 then you can take advantage of savings plans. AWS has discounted rates for different instance types if you have purchased a savings plan.
If you are going to run specific type of VM in a specific region for a year or 3 then you can checkout reserved instance pricing. If you need instances at fixed time frame then you can take discount on Scheduled Reserved Instances.
Let’s say you are running your application on a machine at home. 1000s of people use your application everyday. Most of the time, users are happy. Occasionally when all of them try to use it at the same time, they have observed slow response. You can buy another machine. With an additional hardware and changes to your application, you can handle over 2000 users. You have additional hardware for just-in case situation. In the same way, cloud providers have additional unused compute resources on standby mode. One can run VM on it at heavy discount. When the cloud providers want it back, VM will receive a warning. This kind of VM or instances are called spot instances. One can do a lot by using spot instances. For example, Clemson University was able to use 1.1 million vCPUs using spot instances (https://aws.amazon.com/blogs/aws/natural-language-processing-at-clemson-university-1-1-million-vcpus-ec2-spot-instances/).
It is also possible to get a real machine or dedicated host in the cloud and run instances on it. Pricing model is a subject on it’s own. I would recommend to glance over Savings plan 2019 re:invent in the reference section.
Storage
In case of AWS, by default data gets written to a storage service called Elastic Block Store (EBS). EBS is similar to hard disk that can be attached/detached with multiple VMs.
Following is a screenshot of some of the storage options available while creating a VM as of August, 2022. If your application reads/writes quite a lot of data from disk then you need a storage option that matches your use-case. Cloud providers give you data on what kind of performance you can expect on different type of volumes.
You can checkout some of the other storage options available on cloud at https://jigarr.medium.com/disk-storage-on-cloud-e8968a8eb662.
Security
Security Key pair — to connect securely with your VM
Security group — intercepts traffic going in and out of your VM and forwards or drops packets based on the rules you configured. For example, if you only allow access to port 22 (Usually used for SSH) from IP-address-a; then only packets from IP-address-a on port 22 would reach to the VM.
As VMs are part of a subnet. Network Access Control List (NACL) meant to secure a subnet is also filtering the traffic. So there is a gatekeeper at Network level and body guard right in front of the VM. Refer to https://jigarr.medium.com/networking-in-amazon-web-services-7fc6d4afb926 to understand networking concepts in VPC at a high level. Both Security Group and NACL are list of rules but they have some important differences which can be found VPC_Security.html.
As Security group (SG) is directly linked with a machine, you only need to define what traffic is allowed. If you are running a website on port 8080 of a VM, you definitely allow traffic from any machine in the world to port 8080. Your VM would present some webpage to the user. The traffic going back to the user is allowed by SG. SG are stateful.
NACL is applicable on network level. NACL needs to be told about traffic going in and out of the network specifically. Additionally, you would also need to specify Allow/Deny traffic.
If you are having trouble connecting to your VM on AWS, I would recommend to try out “Reachability Analyzer”.
In this post I covered
- Instance | Virtual machine
- Pricing models
- Elastic Block Store
- Security Groups
- Network Access Control List (NACL)
What’s next?
References
Spot instance — https://youtu.be/ITG1OpHz-JQ
Spot instance 2017 intro — https://youtu.be/BlNPZQh2wXs
Spot instance 2019 re:invent — https://youtu.be/7q5AeoKsGJw
Storage options for EC2 — Storage.html
Savings plan 2019 re:invent — https://youtu.be/uQ9ry-9uUvo