Hybrid Envir. and Migration Flashcards

1
Q

Border Gateway Protocol

A

BGP is a path-vector protocol it exchanges the best path to a destination between peers.. the path is called AS path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ASN

A

They Way BGP identifies different entities with in the network

Autonomous system Numbers are the way that BGP identifies different entities with in the network

Allocated by IANA

ASN are unique and allocated by IANA(0-65535), 64512 -65534 are private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Autonomous systems(AS)

A

Multiple routers controlled by one entity a network in BGP

Routers controlled by one entity considered a network in BGP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are connections between two different Autonomous Systems in the BGP network Automatic ?

A

Not automatic - peering is manually configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does BGP Operates ? what Protocol?

A

it operated over TCP/179 - it’s reliable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you manipulate the AS path ? And why would you want to ?

A

AS Path Prepending can be used to artificially make the satellite path look longer making the fiber path preferred

Shorter paths get priority even if the longer that would offer better performance ex. a long fiber path vs a short satellite path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is BGP important in AWS ?

A

used by some AWS services such as:

  • Direct Connect
  • Dynamic Site to Site VPNs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Site-to-Site VPN

A

VPN connection between VGW and CGW

a logical connection which creates a highly available IPSEC VPN between an AWS VPN and external network such as on-premises traditional networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Virtual Private Gateway(VGW)

A

Logical gateway object which can be the target on route tables

something you create and associate with one VPC and can be the target on one or more route tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Customer Gateway(CGW)

A

Logical piece of configuration within AWS and also the physical configuration

used to refer to both the logical piece of configuration within AWS

and the thing that configuration represents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How would you design an Highly Available Site-to-Site VPN connection ?

A

By default when a virtual gateway it’s is created, it creates two ENI in the AWS public zone in two different AZ but there is only one Customer Gateway by default to create a HA connection you would need to add a second CGW connection preferably in another building which would then add two more ENI in 2 different AZ for that connection so you would have two connections 4 VGW and 2 CGW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Drawback for Site-to-Site VPN?

A

speed limitations 1.25Gbps

Latency consideration -inconsistent , runs over public internet

cost-AWS hourly cost, GB out cost , data cop(on premises)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Benefits of using Site-to-Site VPNs ?

A

speed of setup- hours.. all software configuration

can be used as a backup for direct connect(DX) and also can be used with DX for quick provisioning in the the beginning of a DX to establish connectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Direct Connect

A

physical private link connecting your business premises to its public and private services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VIFS

A

DX connection can have multiple virtual interfaces(VIFs)

there are both private VIF(VPC) & Public VIF (public Zone Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Draw backs to Direct connect

A

Takes much longer to provision cs. VPN

DX port provisioning is quick the cross connect takes longer

extension to premise can take weeks/months

No encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Benefits of using DX

A

faster 40GB with aggregation

low consistent latency, doesn’t use business bandwidth (no public internet)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can you enable encryption on DX?

A

the public VIF allows connections to AWS public services

inside the VPC we already have a virtual private gateway because that is what is used for any private VIFs running on DX (Private VIFs don’t have encryption)

what we can do is create a VPN using the ENI endpoint created by VPG and instead of using the public internet as the transit network you can use the public VIF running over Direct connect

IPSEC VPN over public VIF you get the benefits of DX the encryption of IPSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How can you design Resilience when using Direct Connect ?

A

AWS region(assumed to already be resilient ) is connected to a direct connection location , the location has AWS DX router and a Customer or provider DX router a single cross connection

the Direct connect location is the connected to customer on premises router which is one connection

to design resiliency you need 2 cross connections and another customer customer premises connection so ideally a separate DX location connected to another customer location (ideally geographic separate)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Transit Gateway(TGW)

A

Network Transit Hub to connect VPCs to on premise network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Benefits of using TGW

A

supports transitive routing

share between accounts using AWS TAM

Peer Attachments with different regions .. same or cross account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What other network resources can TGW be used with ?

A

VPC, site-to-site VPN, and Direct connect Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Storage Gateway

A

Hybrid storage Virtual Appliance (on-premises*)

Extension of file & Volume storage into AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Storage Gateway Use cases

A

volume storage locally and backup into AWS

Tape Backups into AWS using AWS storage instead of physically Tapes

can provide an emulation layer using AWS storage but presenting this to backup software as a physical tape architecture

Migration of existing infrastructure to ASW

you can use it AS TRICKLE MIGRATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Storage Gateway Mode
you pick when creating SGW **Tape Gateway** (VTL) **mode**: virtual tapes =\> s3 and Glacier **File mode** - SMB and NFS: file storage backed by s3 objects **Volume mode** (Gateway cache/ stored) - ISCSI: Block storage backed by s3 and EBS snapshots
26
Explain the two options Volume gateway mode ?
cached - the the primary data is stored in AWS and frequently accessed data is cached locally ideal for extending storage into AWS Stored = the primary data is stored on-premises and asynchronously replicated into ASW an EBS snapshot is created from the backup data ideal for migrations into AWS
27
Snowball
ordered from AWS, log a job , Device delivered (not instant) Data encryption using KMS 50TB or 80TB capacity only storage
28
Snowball Edge
Both storage and computer storage optimized(with EC2)- 80TB, 24vCPU, 32 GIB Ram 1TB SSD computer optimized/Compute with GPU - 100TB + 7.68 NVME, 52 VCPU and 208 GIB RAM
29
Snowmobile
Portable DC with a shipping container on a truck special order ideal for single location when 10PB+ is required up to 100PB per snow mobile
30
When should you user Snowball?
multiple devices to multiple premises
31
When would you use Snowball Edge?
ideal for remote sites or where data processing on ingestion is needed
32
When would you use Snowmobile?
not economical for multi-site(unless huge) or sub 10 PB
33
What is a directory?
stores objects (e.g. user, Groups, computers, server file shared) with a structure(domain/tree) multiple trees can be grouped into a forest commonly used in window environments Sign-in to multiple devices with the same username/password provide centralized management assets
34
AWS Directory Service
AWS managed implementation Runs within a VPC can be isolated , integrated with existing on-premises systems, or act as a ‘proxy’ back to on-premises
35
How would you implement HA with AWS Directory Service?
Deploy into multiple AZ
36
AWS Directory Service Modes: Simple AD Mode
Standalone directory which uses samba 4 integrated with AWS services- EC2 instances can join simple AD and workspaces can use it for logins and management
37
AWS Directory Service Modes: AWS Managed Microsoft AD
Supports applications which requires MS AD specific schema or schema updates can primary running location is in AWS Trust relationships can be created between AWS and on-premises directory system
38
AWS Directory Service Modes: AD connector
Allows AWS services which need a directory to use an existing on-premises directory Primary directory is located on-premised requests from AWS are proxied back to the existing directory
39
Drawback of AD connector
Only a proxy .. no local functionality if private connectivity fails.. the AD proxy won't function- interrupting services at the AWS side
40
Draw backs for simple AD Mode ?
up to 500 user(small) or 5,000 users(Large) not designed to integrated with any existing on-premises directory system
41
Benefit of using AWS Managed Microsoft AD?
Resilient if the VPN fails .. services in AWS will still be able to access the local directory run-in in Directory service
42
When would you user Simple AD?
the default. simple requirements . A directory in AWS
43
When would you use Microsoft AD?
Applications in AWS which need MS AD DS or you need to trust AD DS
44
When would you use AD connector ?
use AWS services which need a directory without storing any directory info in the cloud proxy to you on-premises Directory
45
AWS DataSync
Data Transfer service to and from AWS migration ,Data processing Transfers, Archival/cost effective storage or DR/BC designed to work at huge scale Keeps metadata(e.g. permission/timestamps) Built in data validation
46
Key features of DataSync?
scalable - 10gbps per agent bandwidth limiters (avoid link saturation) incremental and schedule transfer options compession and encryption automatic recovery from transit errors
47
How is DataSync billed ?
pay as you use per GB cost for data moved
48
What AWS service can be integrated with DataSync?
s3,EFS, and Fsx
49
DataSync : Task
a ‘job ’ within data sync, defines what is being synced, how quickly, from where and to where
50
DataSync: Agent
software used to read or write to on-premise data stores using NFS or SMB
51
DataSync : Location
every task has two locations from and to e.g. network file system(NFS), server manager block(SMB), Amazon EFS, Amazon FSx and Amazon S3
52
FSx for windows File server
Fully managed native windows file server/shares (low admin over head) designed for integration with windows environments integrates with directory service or self0managed AD
53
What is the resiliency of FSx for windows File server ?
FSx for windows File server can be deployed in a singe Az or Multi-AZ within a VPC
54
FSx for windows File server key features
VVS - user Driven Restores Native File system accessible over SMB windows permission model support Distributed file system(DFS) sale-out file share structure integrates with DS or your own directory
55
FSx for Lustre
Managed Lustre- Designed for HPC-Linux client(POSIX) Machine Learning, Big Data , Financial Modeling 100's GB/s throughput & sub millisecond latency
56
FSx for Lustre Deployment types
Scratch - Highly optimized for short term no replication & fast Persistent - Long term, HA(in one AZ), self-healing
57
Key features of FSx for Lustre
Metadata stored on metadata Targets (MDTs) Just 1 target Object are stored on called object storage targets(OSTs)(1.17Tib) Baseline performance based on size Size - min 1.2TiB the increments of 2.4TiB Burst up to 1,300 MB.s per TiB(credit system)
58
FSx for Lustre: Scratch Storage
Base 200 MB/s per TiB of storage
59
FSx for Lustre: Persistent storage
Persistent offers 50 MB/s, 100MB/s and 200MB/s per TiB of storage
60
Draw backs FSx for Lustre: Persistent
Larger File system means more server, more disk, and more chance of failure persistent has replication within one AZ only Auto-heals when hardware failure occurs
61
Draw backs FSx for Lustre: Scratch
Scratch is designed for pure performance short term or temp workloads No HA .. no replications
62
FSx for Lustre backups
both scratch and persistent you can backup to S3 with both manual or Automatic 0-35 day retention
63
How big is the Direct Connect Port ?
A 1gbps or 10Gbps Network Port into AWS at a DX location 1000 Base-LX if your capacity is 1 gbps or 10 GBase-LR if using 10gbps
64
What is the requirement need for your Customer Router to be able to use AWS direct connect ?
requires Vlans/BGP
65
What can be Subscribers to SNS Topic?
subscribers ex : HTTP(s), Email(JSON) ,SQS , Mobile Push SMS messages & Lambda