I was inspired to write this post after watching the latest Network Chuck YouTube video where he interviewed me regarding AWS at the 2018 Cisco Live conference. What struck me was the excitement surrounding the video as evidenced by the comments on all the major social media channels. There are so many students excited to start these various certification tracks!
In that regard – I wanted to break down what cloud really is. For this definition, we turn to the NIST. They identify 5 common characteristics of cloud solutions. Here they are for you in plain English. Keep in mind that I turned to the NIST as these specific charactersitics they point out are frequently tested across all the various cloud vendors.
Questions? Please let me know in the comments below this post. I am VERY responsive to these comments.
- On-demand self-service – this characteristic means that a customer of cloud technologies (even if you are a customer of your own company’s private cloud) can provision and manage resources without the intervention of cloud hosting administrative personnel. For example, you might deem that you need a new Web server to advertise a particular product or service. You can completely provision and configure and deploy this We server without contacting anyone responsible for hosting the cloud solution.
- Broad network access – this aspect of cloud states that your cloud resources should be available over the network and accessed through standard mechanisms. These standard access approaches (such as HTTPS) promote the use of the cloud by thin or thick client platforms (for example, mobile phones, tablets, laptops, and workstations).
- Resource pooling – the provider’s computing resources are pooled to serve multiple clients using a multi-tenant model. This model allows multiple customers to securely use the same physical hardware of the provider. At any time, the cloud provider can use different physical and virtual resources dynamically assigned and reassigned according to consumer demand. You should note that this approach provides a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources. If required, the customer is typically able to specify location at a higher level of abstraction (such as country, state, or datacenter). Examples of resources that are typically pooled include storage, processing, memory, and network bandwidth.
- Rapid elasticity – capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward in accordance with demand from customers. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
- Measured service – cloud systems automatically control and optimize resource use by leveraging a metering capability. This is done by the provider at some level of abstraction appropriate to the type of service. For example, the metering may be based on storage, processing, bandwidth, or active user accounts. Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. This is where cloud services your IT department pays for are often compared to a utility bill. Like the electric bill, you can be billed monthly, for just those services you used.
Here are just some of the networking components you should be familiar with if you are interested in mastering AWS.
- Network Interfaces – this logical network component serves to represent a physical network interface card (NIC); as such, this component can be configured with IPv4 and IPv6 addresses
- Route Tables – just as would exist on a physical router, AWS route tables contain a set of rules, called routes, that are used to determine where network traffic is directed
- Internet Gateways – an internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses
- Egress-Only Internet Gateways – a VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances
- DHCP Options Sets – DHCP provides a standard for passing configuration information to hosts on a TCP/IP network; the options field of a DHCP message contains the configuration parameters; some of those parameters are the domain name, domain name server, and the netbios-node-type; the option sets allow you to configure such options for your virtual private clouds (VPC)
- DNS – AWS provides you with a DNS server for your VPC, but it is important to realize that you can also use you own
- Elastic IP Addresses – a static IPv4 address designed for dynamic cloud computing; an Elastic IP address is associated with your AWS account; with this address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
- VPC Endpoints – enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection
- NAT – you can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances; AWS offers two kinds of NAT devices—a NAT gateway or a NAT instance, but strongly recommends the use of NAT gateways
- VPC Peering – a networking connection between two VPCs that enables you to route traffic between them privately; you can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region
- ClassicLink – allows you to link your EC2-Classic instance to a VPC in your account, within the same region; this allows you to associate the VPC security groups with the EC2-Classic instance, enabling communication between your EC2-Classic instance and instances in your VPC using private IPv4 addresses
A service of AWS that fails to get a ton of attention is Service Catalog. This service seeks to enable organizations to create and manage catalogs of IT services that are approved for use on AWS. It permits organizations to centrally manage their commonly deployed IT services and can help maintain appropriate governance and compliance.
The idea is your end users (IT staff) can quickly deploy the IT services they need that you have approved and that they will do so following the constraints that you have set.
- Standardization – you can place restrictions on the types and configurations of AWS resources launched
- Self-service discovery and launch – permit users to browse listings of services and applications available to them, and to launch them as provisioned products
- Fine-grained access control – IAM users and groups form the basis of permissions for the resources listed in the catalogs
- Extensibility and version control – products can be added to various portfolios from a single copy, and versioning updates all copies
AWS Service Catalog terminology:
- Products – an IT service that you want to make available for deployment on AWS. It can consist of AWS resources such as EC2 instances, storage volumes, databases, monitoring configurations, and networking components. You create products through the import of CloudFormation templates.
- Portfolios – a collection of products along with configuration information.
- Versioning – Service Catalog allows you to manage multiple versions of products in your catalog.
- Constraints – Template and Launch constraints allow you to carefully control deployments.
- Stack – as mentioned above, the building block for the Products are CloudFormation stacks.