Mod 1 - Understanding Cloud Flashcards
What really makes a data center so special and demanded?
A. Redundancy everywhere
B. Huge power systems
C. Fast internet
D. Special cooling and airflow
Devops:
Definition
Gives devs way to automatically introduce and test new code into an application without taking app down.
Devops Process:
- Creates dev only environment where they can run new code.
- Then run in test env with specific end users.
- UAT - Then run in Staging where real world prod traffic is allowed to access env to test code.
- Then roll into prod env
Scale Up(Vertically):
Increases the server resources ex. Increase RAM
Scale out(horizontally):
Increases number of servers of the same resource type
Canary Deployment
When you have four of the exact same instance type of a server and ship new code into one of them to see how they do. If there are issues, roll it back. If success, ship to more servers.
What is a 3 tier app
-frontend app
-Backend app
-database that stores the data
Monolithic app
bundle of the 3 tier app in one app, running on one server
Microservices
architecture of many small applications that make up one giant application
What is the All Services AZ menu option?
shop for services
What is the All resources AZ menu option?
resources you already deployed
Blades
term for windows you open in azure, ex. Clicking into Disks section of VMs area
What are the two IaaS Use Case?
A. Testing and development: Best when you have a need to have control over the environment. Have special app that can be moved to cloud with redundancy, but still control env.
B. Migrations : Lift and shift virtual machines from On-Prem to Cloud
IaaS Model Responsibilities
In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security.
You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on
IaaS Model Definition
Replicating on prem servers and VMs to cloud env where you manage and control the env. Ex. Do OS patches
Private Cloud
Local datacenter where data is stored on physical servers you have control over and are responsible for OS patches, designing vnet/ virtual network, Software patches, and Runtime environment
Capex
typically a one-time, up-front expenditure to purchase or secure tangible resources. A new building, repaving the parking lot, building a datacenter, or buying a company vehicle are examples of CapEx.
Is cloud computing Opex or Capex
Opex
OpEx
spending money on services or products over time. Renting a convention center, leasing a company vehicle, or signing up for cloud services are all examples of OpEx.
PaaS Model Responsibilities
In a PaaS environment, the cloud provider maintains the:
-physical infrastructure,
-physical security,
-and connection to the internet.
They also maintain the
-operating systems,
-databases,
-development tools,
-and business intelligence services
Shared Responsibilities:
-networking settings and connectivity within your cloud environment,
-network and application security,
-directory infrastructure.
Ex. Like a domain joined machine: IT maintains the device with regular updates, patches, and refreshes.
What is the PaaS Use Case?
A. Development framework: PaaS provides a framework that developers can build upon to develop or customize cloud-based applications
B. Analytics or business intelligence: Tools provided as a service with PaaS allow organizations to analyze and mine their data, finding insights and patterns and predicting outcomes to improve forecasting, product design decisions, investment returns, and other business decisions.
PaaS Definition
responsible for building and shipping app and the code, making sure it’s secure
Azure App services
service that deploys web hosting apps
Message Queue
queue that microservice instances are listening to and pick up messages that are put in queue
T-SQL
Microsoft’s dialect of SQL used in MS SQL
SaaS Model Responsibilities
You’re responsible for
-the data that you put into the system,
-the devices that you allow to connect to the system,
-and the users that have access.
The cloud provider is responsible for
-physical security of the datacenters,
-power,
-network connectivity,
-and application development and patching
What is the SaaS Use Case?
A. Best when you have don’t need to maintain anything, just need access to software to accomplishes a task.
Ex. * Email and messaging.
* Business productivity applications.
* Finance and expense tracking.
SaaS Definition
cloud service that offers a subscription fee to access software in a browser online, hosting is managed by third party company. Ex. Adobe cloud
Consumption-Based Billing
Billing based off of the usage of cloud resources that are actually deployed. Ex. Azure VM can cost $0.10 per hour or billed for Network Egress(amount of bandwidth used)
What are the 4 responsibilities that are always retained by you?
- Data
- Endpoints
- Account
- Access management
Who manages security in IaaS?
You manage entire security
Who manages security in PaaS?
Shared responsibility
Who manages security in SaaS?
All on azure, but we control who connects into app(account mngmt) and need to develop security policies on accessing the app and sharing data
Network security Group
an access control list that defines what traffic is let into a vNET
Deployment Order for Azure networking
- VM
- Public IP
- vNIC
- vNET
- NSG
vNET
private address space, can create subnets out of this space. Ex. Set space to 10.0.0.0/8»10.0.1.0/24 (253 VMs)
How are VMs accessible when first deployed?
they are only accessible via the Public internet, assigned Public IP address and a vNIC that are stand alone resources
- Stretch networking
when you have on prem subnets that have layer 2 connectivity with azure vNET subnets
What are the steps/prompts to deploy a basic VM
- Login to Azure portal
- Select Virtual Machine service
- Select Azure VM
- Create VM
a. Set Basic settings
i. Set name based off of app VM used for, what env(Prod or Test), number if there are multiple
ii. Set availability zones
iii. Set password
iv. Set inbound port rules(this sets your NSG)
b. Set disk settings
i. Can add data disk attached to VM
c. Set virtual network
d. Review settings
Do Resource groups and availability zones need to match?
No
How do you deprovision a VM?
Need to use Stop button. shutting down the VM if RDP’ed doesn’t deprovision VM
How do you delete a VM in azure portal?
To delete, use Delete button and config options, select all boxes to completely delete
How do you upload ssh keys to azure portal?
- Navigate to VM page
- Select Connect drop down
- Select one of the connection options ex. RDP or SSH or Bastion
What is the Bastion AZ resource?
secure way to connect to VM without exposing them through public IP addresses. Deploy it and it will prompt for azure creds and 2FA
what are availability sets designed for
designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
Availability Sets
template of saved availability settings to apply to a group of VMs ex. Spread VMs across certain domains
Fault Domain default settings
By default, an availability set will split your VMs across up to three fault domains. This helps protect against a physical power or networking failure by having VMs in different fault domains (thus being connected to different power and networking resources).
- Fault Domains
grouping of azure datacenter resources with same power and network components.
how long is given an update group to recover after updates applied
An update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts.
- Update domains
a group of azure datacenter resources that get updated at the same time or in a grouping. Azure only ever updates one domain at a time so setting AS to multiple ensures your AS doesn’t get interrupted and have different update schedules
Why use more than 1 fault domain?
Setting to more than 1 ensures a physical failure won’t impact all VMs
o Should have 1 FD per VM if you can only afford to have one VM down at a time
VM Scale Sets
azure resource that helps manage a group of load balanced VMs
Stateless workloads
something like a web connection that isn’t maintaining a session, just used for load balancing between many VMs
What are the min and max options for Autoscaling in VM scale sets
- Min of 1 instance
- Max of 10
What’s an example of shared responsibility(PaaS) for networking?
Azure will setup backbone routing and private IP addressing, while you handle the Public IP addressing
What’s an example of shared responsibility(PaaS) for runtime?
Azure setups up the environment from your choice depending on what code language you wrote your app in ex. Python or .Node
What’s an example of shared responsibility(PaaS) for authentication?
Azure handles managing directory accounts and you can decide to accept certain user logins. Or you could manage the user directory and AAA yourself
Cloud computing
the delivery of computing services over the internet
what is a key feature of public cloud computing
Services are leased from a public cloud and Data from private cloud traverses the public internet in some way to reach the public cloud
what is hybrid cloud
a computing environment that uses both public and private clouds in an inter-connected environment
what is a private cloud model
It’s a cloud (delivering IT services over the internet) that’s used by a single entity
what are always the three consumer duties in cloud
- The information and data stored in the cloud
- Devices that are allowed to connect to your cloud (cell phones, computers, and so on)
- The accounts and identities of the people, services, and devices within your organization
what are always the three cloud provider duties in cloud
- The physical datacenter
- The physical network
- The physical hosts
what are the four things that there is shared responsibility depending on service model?
Operating systems
Network controls
Applications
Identity and infrastructure
What are cloud models?
The cloud models define the deployment type of cloud resources
what is a multi-cloud environment
environment you deal with two (or more) public cloud providers and manage resources and security in both environments.
what are 4 benefits of public cloud
No capital expenditures to scale up
Applications can be quickly provisioned and deprovisioned
Organizations pay only for what they use
Organizations don’t have complete control over resources and security
what are 4 benefits of private cloud
Organizations have complete control over resources and security
Data is not collocated with other organizations’ data
Hardware must be purchased for startup and maintenance
Organizations are responsible for hardware maintenance and updates
what are 3 benefits of hybrid cloud
Provides the most flexibility
Organizations determine where to run their applications
Organizations control security, compliance, or legal requirements