Hybrid Envir. and Migration

Question 1

Border Gateway Protocol

Answer 1

BGP is a path-vector protocol it exchanges the best path to a destination between peers.. the path is called AS path

Question 2

ASN

Answer 2

They Way BGP identifies different entities with in the network

Autonomous system Numbers are the way that BGP identifies different entities with in the network

Allocated by IANA

ASN are unique and allocated by IANA(0-65535), 64512 -65534 are private

Question 3

Autonomous systems(AS)

Answer 3

Multiple routers controlled by one entity a network in BGP

Routers controlled by one entity considered a network in BGP

Question 4

Are connections between two different Autonomous Systems in the BGP network Automatic ?

Answer 4

Not automatic - peering is manually configured

Question 5

How does BGP Operates ? what Protocol?

Answer 5

it operated over TCP/179 - it’s reliable

Question 6

How can you manipulate the AS path ? And why would you want to ?

Answer 6

AS Path Prepending can be used to artificially make the satellite path look longer making the fiber path preferred

Shorter paths get priority even if the longer that would offer better performance ex. a long fiber path vs a short satellite path

Question 7

Why is BGP important in AWS ?

Answer 7

used by some AWS services such as:

• Direct Connect
• Dynamic Site to Site VPNs

Question 8

AWS Site-to-Site VPN

Answer 8

VPN connection between VGW and CGW

a logical connection which creates a highly available IPSEC VPN between an AWS VPN and external network such as on-premises traditional networks

Question 9

Virtual Private Gateway(VGW)

Answer 9

Logical gateway object which can be the target on route tables

something you create and associate with one VPC and can be the target on one or more route tables

Question 10

Customer Gateway(CGW)

Answer 10

Logical piece of configuration within AWS and also the physical configuration

used to refer to both the logical piece of configuration within AWS

and the thing that configuration represents

Question 11

How would you design an Highly Available Site-to-Site VPN connection ?

Answer 11

By default when a virtual gateway it’s is created, it creates two ENI in the AWS public zone in two different AZ but there is only one Customer Gateway by default to create a HA connection you would need to add a second CGW connection preferably in another building which would then add two more ENI in 2 different AZ for that connection so you would have two connections 4 VGW and 2 CGW

Question 12

Drawback for Site-to-Site VPN?

Answer 12

speed limitations 1.25Gbps

Latency consideration -inconsistent , runs over public internet

cost-AWS hourly cost, GB out cost , data cop(on premises)

Question 13

Benefits of using Site-to-Site VPNs ?

Answer 13

speed of setup- hours.. all software configuration

can be used as a backup for direct connect(DX) and also can be used with DX for quick provisioning in the the beginning of a DX to establish connectivity

Question 14

AWS Direct Connect

Answer 14

physical private link connecting your business premises to its public and private services.

Question 15

VIFS

Answer 15

DX connection can have multiple virtual interfaces(VIFs)

there are both private VIF(VPC) & Public VIF (public Zone Service)

Question 16

Draw backs to Direct connect

Answer 16

Takes much longer to provision cs. VPN

DX port provisioning is quick the cross connect takes longer

extension to premise can take weeks/months

No encryption

Question 17

Benefits of using DX

Answer 17

faster 40GB with aggregation

low consistent latency, doesn’t use business bandwidth (no public internet)

Question 18

How can you enable encryption on DX?

Answer 18

the public VIF allows connections to AWS public services

inside the VPC we already have a virtual private gateway because that is what is used for any private VIFs running on DX (Private VIFs don’t have encryption)

what we can do is create a VPN using the ENI endpoint created by VPG and instead of using the public internet as the transit network you can use the public VIF running over Direct connect

IPSEC VPN over public VIF you get the benefits of DX the encryption of IPSEC

Question 19

How can you design Resilience when using Direct Connect ?

Answer 19

AWS region(assumed to already be resilient ) is connected to a direct connection location , the location has AWS DX router and a Customer or provider DX router a single cross connection

the Direct connect location is the connected to customer on premises router which is one connection

to design resiliency you need 2 cross connections and another customer customer premises connection so ideally a separate DX location connected to another customer location (ideally geographic separate)

Question 20

Transit Gateway(TGW)

Answer 20

Network Transit Hub to connect VPCs to on premise network

Question 21

Benefits of using TGW

Answer 21

supports transitive routing

share between accounts using AWS TAM

Peer Attachments with different regions .. same or cross account

Question 22

What other network resources can TGW be used with ?

Answer 22

VPC, site-to-site VPN, and Direct connect Gateway

Question 23

Storage Gateway

Answer 23

Hybrid storage Virtual Appliance (on-premises*)

Extension of file & Volume storage into AWS

Question 24

Storage Gateway Use cases

Answer 24

volume storage locally and backup into AWS

Tape Backups into AWS using AWS storage instead of physically Tapes

can provide an emulation layer using AWS storage but presenting this to backup software as a physical tape architecture

Migration of existing infrastructure to ASW

you can use it AS TRICKLE MIGRATION

Question 25

Storage Gateway Mode

Answer 25

you pick when creating SGW

Tape Gateway (VTL) mode:

virtual tapes => s3 and Glacier

File mode - SMB and NFS:

file storage backed by s3 objects

Volume mode (Gateway cache/ stored) - ISCSI:

Block storage backed by s3 and EBS snapshots

Question 26

Explain the two options Volume gateway mode ?

Answer 26

cached - the the primary data is stored in AWS and frequently accessed data is cached locally ideal for extending storage into AWS

Stored = the primary data is stored on-premises and asynchronously replicated into ASW an EBS snapshot is created from the backup data ideal for migrations into AWS

Question 27

Snowball

Answer 27

ordered from AWS, log a job , Device delivered (not instant)

Data encryption using KMS

50TB or 80TB capacity

only storage

Question 28

Snowball Edge

Answer 28

Both storage and computer

storage optimized(with EC2)- 80TB, 24vCPU, 32 GIB Ram 1TB SSD

computer optimized/Compute with GPU - 100TB + 7.68 NVME, 52 VCPU and 208 GIB RAM

Question 29

Snowmobile

Answer 29

Portable DC with a shipping container on a truck

special order

ideal for single location when 10PB+ is required

up to 100PB per snow mobile

Question 30

When should you user Snowball?

Answer 30

multiple devices to multiple premises

Question 31

When would you use Snowball Edge?

Answer 31

ideal for remote sites or where data processing on ingestion is needed

Question 32

When would you use Snowmobile?

Answer 32

not economical for multi-site(unless huge) or sub 10 PB

Question 33

What is a directory?

Answer 33

stores objects (e.g. user, Groups, computers, server file shared) with a structure(domain/tree)

multiple trees can be grouped into a forest

commonly used in window environments

Sign-in to multiple devices with the same username/password provide centralized management assets

Question 34

AWS Directory Service

Answer 34

AWS managed implementation

Runs within a VPC

can be isolated , integrated with existing on-premises systems, or act as a ‘proxy’ back to on-premises

Question 35

How would you implement HA with AWS Directory Service?

Answer 35

Deploy into multiple AZ

Question 36

AWS Directory Service Modes: Simple AD Mode

Answer 36

Standalone directory which uses samba 4

integrated with AWS services- EC2 instances can join simple AD and workspaces can use it for logins and management

Question 37

AWS Directory Service Modes:

AWS Managed Microsoft AD

Answer 37

Supports applications which requires MS AD specific schema or schema updates can

primary running location is in AWS Trust relationships can be created between AWS and on-premises directory system

Question 38

AWS Directory Service Modes:

AD connector

Answer 38

Allows AWS services which need a directory to use an existing on-premises directory

Primary directory is located on-premised requests from AWS are proxied back to the existing directory

Question 39

Drawback of AD connector

Answer 39

Only a proxy .. no local functionality

if private connectivity fails.. the AD proxy won’t function- interrupting services at the AWS side

Question 40

Draw backs for simple AD Mode ?

Answer 40

up to 500 user(small)

or 5,000 users(Large)

not designed to integrated with any existing on-premises directory system

Question 41

Benefit of using AWS Managed Microsoft AD?

Answer 41

Resilient if the VPN fails ..

services in AWS will still be able to access the local directory run-in in Directory service

Question 42

When would you user Simple AD?

Answer 42

the default. simple requirements . A directory in AWS

Question 43

When would you use Microsoft AD?

Answer 43

Applications in AWS which need MS AD DS or you need to trust AD DS

Question 44

When would you use AD connector ?

Answer 44

use AWS services which need a directory without storing any directory info in the cloud proxy to you on-premises Directory

Question 45

AWS DataSync

Answer 45

Data Transfer service to and from AWS

migration ,Data processing Transfers, Archival/cost effective storage or DR/BC

designed to work at huge scale

Keeps metadata(e.g. permission/timestamps)

Built in data validation

Question 46

Key features of DataSync?

Answer 46

scalable - 10gbps per agent

bandwidth limiters (avoid link saturation)

incremental and schedule transfer options

compession and encryption

automatic recovery from transit errors

Question 47

How is DataSync billed ?

Answer 47

pay as you use per GB cost for data moved

Question 48

What AWS service can be integrated with DataSync?

Answer 48

s3,EFS, and Fsx

Question 49

DataSync : Task

Answer 49

a ‘job ’ within data sync, defines what is being synced, how quickly, from where and to where

Question 50

DataSync: Agent

Answer 50

software used to read or write to on-premise data stores using NFS or SMB

Question 51

DataSync : Location

Answer 51

every task has two locations from and to e.g. network file system(NFS), server manager block(SMB), Amazon EFS, Amazon FSx and Amazon S3

Question 52

FSx for windows File server

Answer 52

Fully managed native windows file server/shares (low admin over head)

designed for integration with windows environments

integrates with directory service or self0managed AD

Question 53

What is the resiliency of FSx for windows File server ?

Answer 53

FSx for windows File server can be deployed in a singe Az or Multi-AZ within a VPC

Question 54

FSx for windows File server key features

Answer 54

VVS - user Driven Restores

Native File system accessible over SMB

windows permission model

support Distributed file system(DFS) sale-out file share structure

integrates with DS or your own directory

Question 55

FSx for Lustre

Answer 55

Managed Lustre- Designed for HPC-Linux client(POSIX)

Machine Learning, Big Data , Financial Modeling

100’s GB/s throughput & sub millisecond latency

Question 56

FSx for Lustre Deployment types

Answer 56

Scratch - Highly optimized for short term no replication & fast

Persistent - Long term, HA(in one AZ), self-healing

Question 57

Key features of FSx for Lustre

Answer 57

Metadata stored on metadata Targets (MDTs) Just 1 target

Object are stored on called object storage targets(OSTs)(1.17Tib)

Baseline performance based on size

Size - min 1.2TiB the increments of 2.4TiB

Burst up to 1,300 MB.s per TiB(credit system)

Question 58

FSx for Lustre: Scratch Storage

Answer 58

Base 200 MB/s per TiB of storage

Question 59

FSx for Lustre: Persistent storage

Answer 59

Persistent offers 50 MB/s,

100MB/s and 200MB/s per TiB of storage

Question 60

Draw backs FSx for Lustre: Persistent

Answer 60

Larger File system means more server, more disk, and more chance of failure

persistent has replication within one AZ only

Auto-heals when hardware failure occurs

Question 61

Draw backs FSx for Lustre: Scratch

Answer 61

Scratch is designed for pure performance

short term or temp workloads

No HA .. no replications

Question 62

FSx for Lustre backups

Answer 62

both scratch and persistent you can backup to S3 with both manual or Automatic 0-35 day retention

Question 63

How big is the Direct Connect Port ?

Answer 63

A 1gbps or 10Gbps Network Port into AWS

at a DX location 1000 Base-LX if your capacity is 1 gbps

or

10 GBase-LR if using 10gbps

Question 64

What is the requirement need for your Customer Router to be able to use AWS direct connect ?

Answer 64

requires Vlans/BGP

Question 65

What can be Subscribers to SNS Topic?

Answer 65

subscribers ex : HTTP(s), Email(JSON) ,SQS , Mobile Push SMS messages & Lambda