HW_HCIA-Cloud Service V3.0 Course Flashcards
abstraction of the internet and the infrastructure that underpins it.
Cloud
enables access to comprenhensive public services through the internet and serves as an extensive service platform with software, application and information resources provisioned for governmental bodies.
E-Gov cloud
software technology that makes it easy to build, deploy, and manage software robots that emulate humans actions interacting with digital systems and software.
RPA - Robotic Process automation
application, data, runtime environment middleware, OS, {users need to focus on the system and application layers} we as cloud providers, work with virtualization, server,storage, network
Iaas
Unlike IaaS or SaaS service models, PaaS solutions are specific to application and software development and typically include:
Cloud infrastructure:Data centers, storage, network equipment, and servers
Middleware software: Operating systems, frameworks, development kits (SDK), libraries, and more
User interface:A graphical user interface (GUI), a command line interface (CLI), an API interface, and in some cases, all three
We handle all resources
Saas
on demand self-service, elasticity, resource pooling, metered services, quick deployment, broad network access
Benefits of cloud computing
common features of cloud computing
massive scale, homogenity, virtualization, resilient computing, low cost software, advanced security technologies, geographical distribution, service orientation.
Building a fully connected world
HW
compute, network, storage
tech used in cloud
virtualization, container
compute
classic network, virtual network
network
storage services include
block storage (high performance, low latency), file storage(file sharing among multiple servers and enterprise depts) , object storage (flat easy to scale - architecture , data backup)
refers to the process of creating multiple VM’s that share the hardware resources of a physical server)
Virtualization
scalable, distributed and available resources
offer of virtualization
partitioning, isolation, encapsulation and independence
main features of virtualization
a physical server can run multiple vm’s
partitioning
isolation
sandbox
encapsulation
Because of this isolation, if one virtual instance crashes, it has no impact on the other virtual machines or the host system. Furthermore, data is not exchanged from one virtual instance to the next.
ECS
elastic cloud server
two challlenges in the development of container technology:
unified platform
usability
computing essentially refers to
the process of obtaining information.
container
lightweight, portable technology for application packaging. Standard unit that packages an application code and all it’s dependencies.
HUAWEI CLOUD services
elastic cloud server (ecs), auto scalling (AS) - increases or decreases number of ECS dinamically, image management service (IMS) provide OS images for ECs
Study further: container timelines
whats the main difference between a container and a VM
containers virtualize OS instead of hardware.
startup speed in a container
seconds
OS dependency in a container
all containers share the host OS
HUAWEI Cloud container Services
cloud container engine, cloud container instance, software repository for container. (study these concepts further)
Kubernetes
often abbreviated as K8s is an open-source platform designed to automate the deployment, scaling, and management of containerized applications. It was originally developed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF). Kubernetes provides a framework for automating the deployment, scaling, and management of containerized applications.
Network
they bridge devices and vm’s helping them communicate between them.
this device it acts as a gateway for data access and decides how to forward it
router
gateway
device that connects a subnet to an external network
what layer does the router operate on?
Routers operate on the third layer of the OSI Model, the Network-Control Layer. the router is an interconnection device on the network layer
study further: switching protocols
two common virtual switch models
OVS and EVS
whats the ovs switch model?
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. The main purpose of Open vSwitch is to provide a switching stack for hardware virtualization environments, while supporting multiple protocols and standards used in computer networks.
whats the evs switch model?
EVS is a virtual switch that spans one or more compute nodes and their VMs, hence its ‘elastic’ character. Through the switch, VMs connect to one another from anywhere in the network.
huawei cloud network services
- Virtual Private Cloud (VPC)
- Elastic IP (EIP)
- NAT Gateway
- Elastic Load Balance (ELB)
- Direct Connect
- VPN
- Enterprise Switch
- Cloud Connect
- VPC Endpoint (VPCEP)
- VPC Peering
storage
vm’s access storage thorugh the virtuaization layer.
mainstream storage types
block storage, file storage, object storage
Block storage
is a type of storage that divides data into evenly sized blocks, typically accessed through protocols like iSCSI or Fibre Channel, and is commonly used for applications requiring high-performance, low-latency access to data, such as databases and virtual machines.
is a type of storage that organizes data into files and folders, accessible through network file system (NFS) or server message block (SMB) protocols, and is suitable for storing unstructured data like documents, images, and videos, often used in file servers and network-attached storage (NAS) systems.
file storage
Object storage
is a type of storage that stores data as objects within a flat namespace, accessed via HTTP-based APIs like Amazon S3 or OpenStack Swift, and is ideal for storing large volumes of unstructured data such as media files, backups, and archives, offering scalability, durability, and flexibility.
https://www.jscape.com/blog/12-file-transfer-protocols-businesses
study further: file transfer protocols
enterprise storage and distributed storage
study further
HUAWEI cloud storage services
elastic volume service, scalable file service, object storage service
REST API
Representational State Transfer Application Programming Interface, is an architectural style for designing networked applications. It is an approach used in web services development where APIs are designed to utilize the principles of REST. It emphasizes a stateless client-server interaction where each request from the client contains all the necessary information for the server to understand and fulfill it.
Study further
protocolos de enrutamiento
Bare Metal Server (BMS)
provides dedicated physical servers in single-tenant environments. It provides excellent computing performance and data security for core databases, key application systems, and high performance computing. It also offers the high scalability of a cloud-based service. NO LOSS PERFORMANCE
Alkalid three key capabilites that deliver an amazingly simplied experience
dynamic negotiation and governance, global scheduling, a way top select the most appropiate computing power.
Huawei cloud provides the following delivery modes
public cloud, hybrid, edge cloud
how does the product centric approach work?
- Provide products, applications, and services.
- A large number of such enterprises.
- Poor anti risk capabilities
Platform centric approach
- Provide industry specific platform services.
- Market share of over 30%.
- Fierce competition.
Ecosystem centric
- Few of these exist
- Large-scale, cross-industry , and influential in the society, unique ways of surviving and developing competence.
the following billing modes are available for ECS
pay per use, spot price, yearly billing
AZ?
contains one or more physical data centers.
IAM?
Identity Access Management
Project?
a project is used by IAM to group and isolate resources in the same region. A project is used for physical isolation. Resources cannot be transferred between IAM projects. They can only be deleted and then provisioned again.
Why ECS?
auto scaling, stability and reliability, competitive edge, security
application scenarios for ECS
Website and RyD and testing, and small-scale databases
memory optimized ecs
large memory size and performance
essentially, ECS is
a virtual machine runnning on cloud
IMS?
Image Management Service
AS?
Auto scaling
BMS
physical server, BMS can be configured and purchased on the cloud platform. It combines the scalability of VMs with the high performance of physical servers. Provides dedicated servers on the cloud
why BMS?
- high security: dedicated servers, vpc network and security group.
Server security protection.
Disk backup and restoration
Dedicated storage - Agile development
- High performance
- Quick integration
-Low latency storage
Elastic Volume Service (EVS) in Huawei Cloud
is a block storage service provided by Huawei Cloud that allows users to create and manage elastic volumes (block storage) for their cloud instances. EVS provides features such as scalability, high availability, and data persistence.
Study further
BMS architecture
BMS network - VPC
is a logically isloated, configurable and manageable virtual network. It helps to improve the security of BMSs in the cloud system and simplifies network deployment. Seamless interconnection and high speed access.
BMS network - High speed network
self explanatory (provides high speed for AZ)
BMS - User defined VLAN
these cannot communicate with each oher
BMS-InfiniBand Network
have low latency and high bandwitdth
IMS?
Image Management Service (IMS) allows you to manage the entire lifecycle of your images. You can create ECSs or BMSs from public, private or shared images.
Why IMS?
you can share images between accounts, regions. It is secure, centralized, convenient, flexible. Image management using APIs.
IMS: image types - public
standard image provided by the cloud platform. It contains an OS and is available for everyone.
IMS: image types - private
created by users and available to the one person who created it.
IMS: image types - Marketplace image
a third party image published in the Marketplace. It has an OS, various applications, and custom software preinstalled.
IAM?
Identity authentication management
IMS?
Image management service
Scenarios where AS can be utilized
e-commerce: during big promotions
Heavy-traffic portals: service load changes are difficult to predict for heavy-traffic web portals, that’s where AS comes into play.
What is the Cloud Computing engine
is a highly scalable, high performance, enterprise class Kubernetes service for you to run containers and applications. With CCE, you can easily deploy, manage and scale containerized applications on Huawei Cloud.
cluster
collection of cloud resources required for running containers, such as cloud serves and load balancers.
pod
consists of one more related containers that share the same storage and network space.
node
server (VM or PM) on which containerized pplications run.
service
abstraction which defines a logical set of pods and a policy by which to access them.
container
running isntance of a docker image.
image
binary that includes all of the requirements for running a contaiiner.
theres no opportunity of rollback when updating a cluster
true
OLAP database
Study further
RDS (RELATIONAL DATABASE SERVICE)
BASES DE DATOS ALOJADAS EN LA NUBE, ESTABLES, CONFIABLES Y ESCALABLES OUT OF THE BOX
MOST COMMON RDS
MYSQL, POSTGRE
4 MOST IMPORTANT RELATIONAL DATABASE FEATURES
ATOMICITY, CONSISTENCY ISOLATION AND DURABILITY
DRS online migration and synchronization diagram
study further
disaster recovery
can only be done with mysql
from data wharehouses to data lakes
a datawharehouse was used to sdtorage information where you could have external information (extract, transform and load)
repositorio centralizado que nos permite almacenar nuestros datos sin estructurar a cualquier escala
data lake
sobre el obs del Huawei cloud
- Study further: Gauss DB
- Study further: cloud search service
-Huawei’s web application firewall
-Anti DDoS(AAD)
-todas las direcciones de Hawei Cloud traen proteccion anti DDoS cuando el ancho de Banda del cliente excede el tera hay que utilizar anti DDoS avanzado - Host security service
-Database security service
-CBH: your security O&M manager on cloud
hybrid transactional analytical processing (base de datos OLAP)
what does AZ stand for?
Availability zone
kunpeg : CPU developed by Huawei
provides access control for ECs
Security group
Automatically distributes incoming traffic across multiple backend servers based on configured listening rules also expands the capacities of your applications and improves their availability by eliminating single points of failure (SPOFs).
ELB (Elastic Load Balance)
can establish uo to a 100 million concurrent connecitons, the deploiyment is simple and takes effect immediately.
ELB which can also be used with AS
ELB consists of three components
load balancers, listeners and backend server groups.
A load balancer is
an instance that ditributes incoming traffic across the backend servers in different availability zones.
ELB supports the following load balancing algorithms
round robin (the weight has to be 0) , least connections, source IP hash, Connection
health checks have to be sent starting from the following IP address
100.125.0.0/ 16 —-> 16 is the mask
establishes secure, reliable, and cost-effective encrypted connections between your on-premises network or data center and a virtual network on Huawei Cloud.
VPN (Virtual Private Network)
VPN involves three key components:
VPN gateway: a virtual gateway of VPN on the cloud. It establishes secure private connections with a customer gateway in your on-premises network or data center.
Customer gateway: a resource that provides information to Huawei Cloud about your customer gateway device. It can be a physical device or software application in your on-premises data center.
VPN connection: a secure channel between a VPN gateway and a customer gateway. VPN connections use the Internet Key Exchange (IKE) and IPsec protocols to encrypt the transmitted data.
VPN tunnels support three protocols
PPTP, L2TP and IPsec
uses a secure network protocol suite that authenticates and encrypts data packets to provide secure encrypted communications between different.
Internet protocol security (IPsec) VPN
if we have two ECSs using the same VPC they are able to access each other directly, if we have ECSs in different VPCs but within the same region, we can use
VPC peering for connection (if they are in different regions, vpn has to be used)
provides network address translation service for servers in a VPC and enables servers to share an EIP to access the internet. These can be either public or private.
(NAT) Gateway
public NAT gateways provide SNAT and DNAT, what do these do?
SNAT(source network address translation) translates private IP’s into EIP’s allowin servers in different AZs in a VPC , (Destination source netowrk address translation) DNAT it is generally used to redirect packets destined for specific IP address or specific port on IP address, on one host simply to a different address mostly on different host.
RPO stands for
Recovery Point objective
various disk tyoes, elastics scalability, real time monitoring
EVS advantages
A shared EVS disk can be attached to a maximum of
16 servers
what is an EVS snapshot?
a complete copy or image of the disk data taken at a specific point in time. They are used for disaster recovery. Meaning you can restore the disk data to the state from ehere the snapshot was taken.
Both EVS disk backup and EVS snapshot provide redundancy for the EVS disk data, improving reliability. can you list three differences between them?
data storage: in backup, the data is stored in OBS; instead of EVS disks. Data can be restored even when the EVS disk is damaged. In snapshot, the snapshots are stored with the disk data.
