CompTIA Cloud+ Security Groups vs Network ACLs

July 23, 2018 at 3:50 pm

This Nugget is a sample Nugget from the CompTIA Cloud+ CV0-002 course at CBT Nuggets. In this video, we examine the differences between Security Groups and Network ACLs in AWS.

Cloud+

What’s New in AWS – July 21, 2018

July 21, 2018 at 12:20 pm
aws

Classic Three Tier Architectures in AWS

July 20, 2018 at 4:21 pm

AWS Three Tier

Note that the three-tier architecture consists of the following:

  • Presentation tier – consists of the components that users interact with; this might include web pages and/or mobile app user interface components
  • Logic-tier – contains the code required to translate user actions initiated at the presentation tier to the functionality required by the application
  • Data-tier – consists of storage media that hold the data relevant to the application architecture; this might be a database, object stores, caches, or file systems

AWS offers many technologies to assist with the presentation tier of your architecture. The Amazon Cognito service can assist with the creation and management of user identities. S3 might be the source of any static Web content you need to store and the deliver for the tier. The API Gateway can be enabled for cross-origin resource sharing compliant. This permits web browsers to invoke APIs from within your static web pages.

You can consider the logic tier to be the “brains” of the architecture. This certainly lends itself to the power of the API Gateway and Lambda functionality. They combine to allow a revolutionary new serverless approach to the multi-tier architecture. Thanks to advantages that come with serverless implementations, new levels of high availability, scalability, and security are possible. While a more traditional server-based implementation of the three-tier architecture might require thousands of servers in order to scale, a serverless environment does not need a single virtual server in its operation.

The data tier of your architecture can be utilized with a wide variety of AWS solutions. We often organize these into two broad categories. Amazon VPC-hosted data stores and IAM-enabled data stores. VPC-hosted data store options include:

  • RDS – several relational database engine options here
  • ElastiCache – boost performance with in-memory caching
  • Redshift – simple data warehousing capabilities
  • EC2 – data stored within technology offered by an EC2 instance(s)

IAM-enabled options include:

  • DynamoDB – an infinitely scalable NoSQL database
  • S3 – infinitely scalable object-based storage
  • Elastisearch Service – a managed version of the popular search and analytics engine called Elastisearch

What’s New in AWS – July 12, 2018

July 12, 2018 at 11:00 am

aws

Advantages of Cloud Technologies

July 3, 2018 at 6:35 pm

Cloud

It is no major surprise that various public cloud vendors (led by AWS) are experiencing more and more success than ever before. The list of advantages continues to grow! Here are just some:

  • CapEx is replaced by OpEx: Using public cloud technologies enables start-ups and existing organizations to provide new features and services with a minimum of Capital Expenditures. Instead, public cloud expenses revolve around monthly Operating Expenses. For most organizations, OpEx represents significant advantages when compared to significant CapEx investments.
  • Lack of contractual commitments: Many public cloud vendors charge on an hourly (if not less) basis. For most services, there is no long-term commitment to an organization. You can roll out new projects or initiatives, and if needed, rolled back with no contractual commitments long term. This lack of contractual commitment helps increase the agility of IT operations and lowers financial risks associated with innovative technologies.
  • Reduction of required negotiations: New account establishment with public cloud vendors is simple, and prices for the major public cloud vendors continuously reduce. This reduction in prices and the ease of account setup reduces the need for cost negotiations as might have existed early in the world of service provider interactions.
  • Reduced procurement delays: Additional resources can be set up with most cloud implementations within seconds.
  • “Pay as you go” model: If more resources are needed to support a growing cloud presence, you can get these resources on demand and pay for them only when needed. Conversely, if fewer resources are required, you can run less and only pay for what you need.
  • High levels of security possible: Since you can focus on the security of your resources and the cloud provider can focus on their security responsibilities (such as physical security and hypervisor security), the resulting infrastructure can meet stringent levels of security. This security model is appropriately termed the Shared Responsibility model.
  • Flexibility: Thanks to features in public cloud vendors like AWS, you can quickly scale the cloud-based infrastructure up and down, and out and in as needed. This advantage is often termed elasticity. Auto-scaling functionality inside of AWS allows the dynamic creation and destruction of resources based on actual client demand. Such scaling can occur with little to no administrator interaction. By the way, when discussing scaling the resources of a service, we are scaling those resources horizontally (out and in with elasticity), while the service made up of those resources is being scaled up and down (vertically because the single service is getting bigger or smaller). A single service scales both up and down, and out and in – depending on the context.
  • A massive global infrastructure: Most of the public cloud vendors now offer resources located all over the globe. This global dispersion or resources serves large multinational organizations very well since resources needed for certain parts of the globe can be stored and optimized for access in those regions. Also, companies with clients all over the world can meet with similar access advantages when servicing the needs of clients.
  • SaaS, PaaS, and IaaS offerings: Cloud technologies have become so advanced that organizations can choose to give applications to clients, development environments or even entire IT infrastructures using the technologies that make up the cloud. In fact, since cloud can offer about any component of IT these days, many refer to cloud as an Everything as a Service (XaaS) opportunity.
  • Emphasis on API support: More and more, cloud vendors are taking an Application Programming Interface (API) first approach. This makes the same configuration possible with REST APIs (typically used) that would be possible with an SDK, CLI, or GUI. The API first approach means no interface (CLI or GUI) changes are made until API calls are made first. Thus, there is nothing that cannot be automated!

An AWS Multi-Tier Application Example

June 22, 2018 at 5:50 pm

One of the joys of AWS is the ease with which we can design and implement scalable, decoupled, multi-tier applications. In this post, I want to provide an example of the services you might use (and their purpose) in the hosting of a Web Application.

Users can find your Web Application thanks to Route 53 of AWS. This is the highly available Domain Name System (DNS) network service. This service handles the forwarding of client requests to the correct components in your AWS application infrastructure.

To optimize client access and reduce latency, you can use the CloudFront service which provides a global network of edge locations that can offer caching and improved performance of content delivery.

S3 can store the Web resources (such as static web pages and graphics) required by the Web Servers that make your application accessible from the Internet.

Elastic Load Balancing can distribute HTTP requests from clients to the various Web Servers that make up the Internet facing presence. Elastic Load Balancers can also distribute traffic to the various Application Servers you are using as well.

EC2 instance are perfect for your Web Servers and Application Servers. You can choose the ideal software platforms and hardware instances to meet your needs. For example, your Web Servers can be simple Amazon Linux instances running Apache, while your Application Servers can be more complex Windows Server systems (if required).

Auto Scaling can be used with the Web and Application Servers to dynamically scale the Web Application presence as needed. EC2 instances can be created and destroyed dynamically as traffic increases and decreases beyond set thresholds.

For data storage required by the Web Application, you can rely on the Amazon Relational Database Service. RDS permits the selection of a relational database technology from a large number of popular options including Oracle and SQL Server. Amazon even has their own option of Aurora.

S3 Storage Classes in AWS

June 9, 2018 at 11:49 pm

Solutions Architect

S3 Standard – this class offers:

  • Durability of 99.999999999% across multiple AZs – three minimum
  • Low latency
  • Resilient in the event of entire AZ destruction
  • 99.99% availability
  • An SLA governing performance
  • Encryption of transit and rest data
  • Lifecycle management

S3 Standard-Infrequent Access – this class offers:

  • Many of the S3 Standard features such as incredible durability
  • Designed for less frequent access, but still provides for responsiveness
  • This class is ideal for workloads like backups
  • You can actually set this class at the object level in a bucket that contains S3 Standard class objects
  • Note that this class reduces availability slightly at 99.9%

S3 One Zone-Infrequent Access – this class offers:

  • This might be an ideal class for objects like secondary backup copies of data
  • The objects in this storage class could be replicated to another region should the need arise to increase the availability
  • As you would guess, availability here is reduced slightly to 99.5%
  • There is a risk of data loss in the event of an AZs destruction

S3 Glacier – this class offers:

  • An ideal storage class for the archiving of data
  • Access times to archived data can be from minutes to hours depending on your configuration and purchase plan