Hybrid Environments

Question 1

What is BGP (optional, not required for SAA)

Answer 1

Border Gateway Protocol

“Path vector protocol” - exchanges best path to a destination with its peers

“Can I get from A to B to C to D or is there a direct path from A to D” type info

Question 2

AWS Site to Site VPN

Answer 2

A logical connection between a VPC and on-prem network, encrypted using IPSec

VPN can be over public internet or via DirectConnect

Full HA if you design it correctly

S2S VPN is quick to provision - less than an hour

VGW - Virtual Pvt Gateway - another logical object and associate with a VPC and is a target in one or more route tables

CGW - customer gateway - its either the logical conf in AWS or physical conf in the client side

VPN connection is between VGW and CGW

VPC -> VGW -> endpoint(s)-> CGW (router on client side)

Single CGW means single point of failure so not fully HA yet.

To be fully HA add another CGW ideally in a separate building/location

Question 3

Static and Dynamic VPN

Answer 3

Dynamic VPN uses BGP

Static does not use BGP

Question 4

VPN considerations

Answer 4

Speed limitations - 1.25 Gbps - AWS limit (exam!)
Cap for VGW -> 1.25 Gbps

Latency considerations - inconsistent over public internet

Hourly cost to operate, GB out cost, data cap on premises

Speed of setup - hours - all software configuration

Can be used as a backup to DirectConnect

Can be used with DirectConnect

Question 5

What is AWS DirectConnect

Answer 5

A 1 Gbps or 10 Gbps connection into AWS
Even 40Gbps with Aggregation

Does not use public internet, low latency, does not disrupt business bandwidth

BUT….No Encryption… BUT you can overcome this by running VPN/IPSec over the public VIF (virtual interface) provided by DirectConnect

Question 6

What is SnowBall?

Answer 6

Physical devices to load data onto and ship to AWS
50TB or 80TB configurations
Economical when needing to upload 10TB to 10PB data to AWS

Multiple devices can be ordered to multiple premises

Only a storage device, no compute

Question 7

What is Snowball Edge?

Answer 7

Same as Snowball but with Compute
Larger capacity, faster networking

3 types

• Storage opmitized with EC2 - 80TB, 24vCPU 32GB + 1TB SSD
• Compute optimized - 100TB, 7.68G of NVME, 52vCPI and 208Gib Memory
• Compute optmized with GPU Capability - scientific analysis etc

Ideal for remote locations where data processing is required during data ingestion

Question 8

What is Snowmobile?

Answer 8

Portable Datacenter in a container literally on a truck
Special Order
Over 10PB of data transfer/processing to AWS
Not economical for multi-site or less than 10PB

For multi-site use Snowball Edge

Question 9

What is AWS Directory service?

Answer 9

Managed service for Directory

• stores identity and asset information - users, groups, computers, file shares
• inverted tree structure - a “domain”
• multiple tree structures can be grouped into a “Forest”
• Centrally managed authentication and identities
• Popular AD is Microsoft AD
• Another one is Samba - open source

Runs within a VPC
HA, by deploying to multiple subnets in multiple AZs
Some services like AWS WorkSpaces (virtual desktop like Citrix) requires AD
Can be integrated with on-prem, or be isolated or “proxy” connections to your on-prem system

Question 10

Modes of AWS Directory?

Answer 10

1. Simple AD which is based on Samba - lightweight
   create users within Simple AD
   - 500 users in small mode, 5000 in large mode
   - can integrate with AWS Chime, AWS connect, AWS RDS, Workspaces, AWS console, EC2 also
   - runs in isolation, not a full implementation like Microsoft AD
2. Managed MS AD mode - can have a trust relationship with your on-prem AD, via VPN or direct Connect
   - it trusts your on-prem directory
   - it also works in isolation if required
3. AD Connector
   - Eg AWS Workspaces, imagine you have an on-prem AD and you want to use just this one AWS product
   - you can use your on-prem AD to run WorkSpaces
   - Point the ad connector to your on-prem AD
   - it is a proxy for any AWS services that needs an AD
   - cannot work in isolation

Question 11

What is DataSync

Answer 11

AWS DataSync is a product which can orchestrate the movement of large scale data (amounts or files) from on-premises NAS/NAS into AWS or vice-versa

Question 12

What is FSx?

Answer 12

FSx for Windows Servers provides a native windows file system as a service which can be used within AWS, or from on-premises environments via VPN or Direct Connect

FSx is an advanced shared file system accessible over SMB, and integrates with Active Directory (either managed, or self-hosted).

It provides advanced features such as VSS, Data de-duplication, backups, encryption at rest and forced encryption in transit.

Single or Multi-AZ mode - uses ENIs

Native FS over SMB, Windows Permission model

Managed service - no admin overhead

Integrates with AWS Directory or on-prem AD

Question 13

What is FSx for Lusture?

Answer 13

Managed implementation of the Lusture FS for high performance workloads

Machine Learning, Big Data, Financial Modeling

100 of GBs of throughput and < 1ms latency

Deployment types

• Scratch - Highly optimized for short term, no replication and fast
• Persistent - HA in single AZ, self healing

Available over VPN or DirectConnect but you need high bandwidth to use it effectively

Lazy Loaded from S3 as data as needed