11 Miscellaneous Topics Flashcards
What is AWS Storage Gateway?
A bridge between on-premises data and AWS storage, running as a virtual machine or hardware appliance, using common protocols like iSCSI, NFS, or SMB.
What AWS services does Storage Gateway integrate with?
EBS, S3, and Glacier.
Not EFS
What are common use cases for Storage Gateway?
Data migration to AWS, cloud storage extensions when on-premises storage is constrained, and backups.
What is Volume Gateway in AWS Storage Gateway?
A SAN that presents block storage volumes to on-premises devices using iSCSI.
What are the two operating modes of Volume Gateway?
Stored mode and Cached mode.
What does Stored mode in Volume Gateway do?
Stores all data locally on-premises and asynchronously uploads it to AWS as EBS volume snapshots in S3.
What does Cached mode in Volume Gateway do?
Stores frequently accessed data locally while keeping all data in AWS, accessible through the Storage Gateway.
How does Tape Gateway function in AWS Storage Gateway?
As a virtual tape library (VTL) that stores data in S3 or Glacier.
What does File Gateway enable in AWS Storage Gateway?
Access to files stored in S3 using NFS (Linux) or SMB (Windows).
How is File Gateway different from Volume Gateway?
File Gateway allows direct access to the S3 bucket, while Volume Gateway requires accessing S3 data via the Storage Gateway.
What caching does File Gateway provide?
Read and write caching locally to improve performance.
What happens if multiple File Gateways are used?
Files aren’t lost, and changes made by one gateway can override others’ changes.
What does the NotifyWhenUploaded API in File Gateway do?
Uses EventBridge to notify other gateways when files have changed, so they can update their caches.
What is the difference between AWS Transfer and DataSync?
Transfer is used by applications running in the cloud. DataSync moves data in and out of the cloud
What is AWS DataSync used for?
AWS DataSync moves data between on-premises and AWS, or vice versa.
What feature ensures data integrity in AWS DataSync?
Built-in data validation ensures data integrity.
Where does the AWS DataSync Agent run?
The AWS DataSync Agent runs on-premises.
What protocols does the AWS DataSync Agent use to connect to existing storage?
The AWS DataSync Agent uses NFS or SMB protocols.
What is a Task in AWS DataSync?
A Task defines what data is being synced and includes options like traffic throttling or scheduling.
Which AWS services can AWS DataSync synchronize data to?
AWS DataSync can synchronize data to EFS, FSx, and S3.
What is AWS Direct Connect?
A physical connection into a DX location, which has a direct link to an AWS Region.
What is a dedicated connection in AWS Direct Connect?
A single physical connection assigned to a single customer.
What is a hosted connection in AWS Direct Connect?
A connection re-sold by AWS partners and shared with multiple customers.
Who installs the physical connection for AWS Direct Connect?
The customer or a third-party.
What are the costs associated with AWS Direct Connect?
A fixed hourly cost and a charge for data transfer.
Does a single AWS Direct Connect connection have redundancy?
No, a single Direct Connect connection does not have redundancy.
Who owns AWS Direct Connect locations?
They are not AWS-owned; they are typically major third-party data centers where AWS rents a cage.
What are Virtual Interfaces (VIFs) used for in AWS Direct Connect?
They are used for configuration of connections.
What is a Public VIF?
A VIF that gives access to public AWS endpoints (e.g., *.REGION.amazonaws.com).
It also gives access to Public IPs of EC2 instances etc.
What is a Private VIF?
A VIF that gives access to Private Virtual Gateways attached to VPCs.
How many VIFs can a single dedicated Direct Connect connection have?
50 public & private VIFs and 1 transit VIF.
How many VIFs can a hosted connection have?
Just one.
What is MACSec in the context of AWS Direct Connect?
A security protocol that encrypts frames, providing encryption in transit at Layer 2.
This protects the connection from the customer router to the AWS router
What are the key features of MACSec?
Data integrity, data origin authenticity, and replay protection.
How does MACSec operate?
It is hop-by-hop and only works between two adjacent network devices.
Does MACSec replace end-to-end encryption?
No, it does not replace end-to-end encryption using IPSec.
What identifies channels in MACSec?
The Secure Channel Identifier (SCI).
What does MACSec inject into each frame?
A 16-byte MACSec tag at the start and a 16-byte integrity check at the end.
What is required for authenticating connections in MACSec?
A CAK/CKN pair of keys added by the customer.
What is an LOA-CFA in AWS Direct Connect?
A Letter of Authorization – Customer Facility Assignment that authorizes a cross-connect from the AWS cage to the customer’s port.
What does the LOA-CFA establish?
A physical cable that establishes a Layer 1 connection.
How does AWS Direct Connect integrate with an on-premises network?
Using VLAN and BGP sessions.
Between which devices is the BGP session established in AWS Direct Connect?
Between the customer DX router and the AWS DX router, but it can be extended to the customer premises.
What is the purpose of VLANs in AWS Direct Connect?
To create multiple isolated connections between the customer and DX routers.
What is each Virtual Interface (VIF) created from in AWS Direct Connect?
A VLAN and a BGP session.
What is a Private VIF used for?
To access a specific VPC using private IP addressing.
Are Private VIF connections encrypted by default?
No, connections are not encrypted unless an application protocol (e.g., HTTPS) is used.
What type of frames are supported by Private VIFs?
Jumbo frames.
What does AWS advertise using BGP in Private VIFs?
The VPC CIDR.
What can the customer advertise using BGP in Private VIFs?
Specific corporate prefixes.
Can Private VIFs connect to VPCs in different regions?
No, they can only connect to VPCs in the same region as the DX location is advertised in.
What do Private VIFs connect to within a VPC?
A Virtual Gateway (VGW).
What is the purpose of Direct Connect Gateways?
To allow Private VIFs to access multiple VPCs and VPCs in other regions. They do this by logically mapping to Virtual Private Gateways
How many VGWs can be associated with a single Direct Connect Gateway?
Up to 10 VGWs.
Does a Direct Connect Gateway allow inter-VPC routing?
No, it only supports traffic between on-premises and VPCs.
What are association proposals in the context of Direct Connect Gateways?
They allow cross-account VPCs to connect. The VPC account creates the proposal, and the DX Gateway account must accept it to enable routing.
What does a Public VIF provide access to?
AWS public space resources, such as S3 and public IPs (e.g., Elastic IPs) of resources.
What does AWS advertise to customers through a Public VIF?
All AWS public IPs, including those in every AWS region.
Can customers advertise their own public IPs through a Public VIF?
Yes, customers can advertise any public IPs they own.
Is the advertisement of public IPs through a Public VIF transitive?
No, prefixes from other customers cannot be accessed via the VIF.
What does a Transit VIF connect to?
Transit Gateways from on-premises.
How many Transit Gateways can a Transit VIF be associated with?
Up to three Transit Gateways via a single DX Gateway.
What additional functionality does a Transit VIF provide?
It allows routing between two on-premises sites if both are connected to the Transit Gateway using Transit VIFs.
Can a single DX Gateway be associated with both Private VIFs and Transit VIFs?
No, a single DX Gateway can only be associated with either Private VIFs or Transit VIFs, not both.
What is used for end-to-end encryption over AWS Direct Connect?
An IPSec VPN over a Public VIF.
Why is a Public VIF required for an IPSec VPN?
Because the VPN endpoint has a public IP.
How does IPSec compare to MACSec in terms of overhead?
IPSec has higher overhead than MACSec but has wider support from routers.
Is AWS Direct Connect highly available by default?
No, it is not highly available by default.
What is a common failover pattern for a single Direct Connect connection?
Using a Site-to-Site VPN connection for failover.
What is an alternative to a single Direct Connect connection for redundancy?
Using two separate connections.
What is a Linked Aggregation Group (LAG) in AWS Direct Connect?
Multiple physical connections used as one logical connection.
What is the primary purpose of a LAG in AWS Direct Connect?
To improve bandwidth rather than resiliency.
Do all connections in a LAG need to terminate at the same Direct Connect location?
Yes, all connections must terminate at the same Direct Connect location.
What does AWS Migration Hub do?
Migration Hub tracks migrations managed by other services.
What does the Application Discovery Service do?
Application Discovery Service catalogues on-premises VMs, helping customers plan migrations.
How does the Application Discovery Service operate in agent-less mode?
In agent-less mode, it scrapes VMWARE and other management APIs.
How does the Application Discovery Service operate in agent-based mode?
In agent-based mode, it runs agents inside VMs, collecting detailed information about resource usage and network traffic.
What does the Server Migration Service do?
Server Migration Service migrates entire VMs as-is.
Is the Server Migration Service agent-based or agentless?
Server Migration Service is agentless, using a connector running on-premises to access data.
What feature of the Server Migration Service ensures minimal disruption to on-premises VMs?
It performs incremental replication of live volumes to avoid disrupting on-premises VMs.
What AWS service has the Server Migration Service replaced?
Server Migration Service replaced the now-deprecated VM Import / Export service.
What does the Database Migration Service do?
The Database Migration Service migrates data into RDS and DynamoDB.
Can the Database Migration Service migrate only data, or also ongoing changes?
The Database Migration Service can perform a one-off migration or migrate data along with subsequent changes to the original database.
What tool helps convert database schemas during migrations?
The Schema Conversion Tool converts schemas, allowing migrations between database engines.
