Bastion Host and On-Premises High Availability

Question 1

Describe a good fault-tolerant way to ensure high availability for Bastion Hosts in a VPC. What is the problem with this approach?

Answer 1

• Keep two hosts, each in a separate availability zones
• Use a Network Load Balancer with a static IP address
  
  • Note ALB will not work, as ALB’s operate at layer 7 and this is layer 4
• Have health checks to fail over when a host goes down
• Problem: Expensive!

Question 2

Describe a good cheap option for ensuring high availability for Bastion Hosts in a VPC. What is the problem with this approach?

Answer 2

• One host in one AZ, behind an ASG with health checks and a fixed EIP.
• If the host fails, the health check fails, so the ASG provisions a new EC2 instance in a separate AZ.
• You can use a user data script to provision the same EIP for the new host
• Problem: System is down while health check fails and new Bastion Host is brought up

Question 3

In the context of AWS, what does SMS stand for? (the M is not Message)

Answer 3

Server Migration Service

Question 4

What does AWS SMS do?

Answer 4

Server Migration Service supports incremental replication of your on-premises servers in to AWS

(so think back-up tool, multi-site strategy, DR)

Question 5

What does AWS Application Discovery Service do?

Answer 5

It helps enterprise customers plan migration projects by gathering information about their on-premises data centers

Question 6

What does VM Import/Export do?

Answer 6

• Migrate existing applications in to EC2
• Can be used to export your VMs to your on-premises data center.

Question 7

What are the high-level AWS services that can be used on-premises?

Answer 7

• Database Migration Service
• Server Migration Service
• AWS Application Discovery Service
• VM Import/Export
• Download Amazon Linux 2 as an ISO