AWS Certified Solutions Architect Associate 2023 (Full Free AWS course!) - Day Two
AWS Certified Solutions Architect Associate 2023 (Full Free AWS course!) - Day Two
Welcome to our latest Live FREE AWS Bootcamp! In this Livestream series AWS Certified Solutions Architect Associate 2023 (Full Free AWS course!) we provide free AWS certification training, for the AWS solution architect certification (SAA-CO3 exam). Whether you are wondering which aws certifications should i get, or you know what you want this is for you. We offer this AWS certification course free to you as part of our mission. We provide this free aws certification course online to assist individuals in building their cloud architect or cloud engineering careers.\r
\r
Get our FREE eBook and Lab Demos to go along with this http://bit.ly/41fCEJE\r
\r
This AWS cloud computing full course will help with your AWS solution architect certification, build your cloud architect career skills, and is an essential part of your cloud computing career training. That’s why we provide this AWS full course tutorial, and other AWS training free to help the cloud architect community!\r
\r
Please use this FREE AWS course to elevate your cloud computing career, achieve your certification, and ace your AWS solution architect interview questions.\r
\r
If you enjoyed this content from Go Cloud Careers and want to learn how to get a cloud job, please subscribe to the Go Cloud Architects channel.\r
\r
More Content for you!
Learn more about our award-winning training programs at https://training.gocloudcareers.com
Take the Cloud Architect Challenge, May 2nd, sign up here https://bit.ly/3HCTevZ
FREE Webinar, learn how to become a cloud architect https://my.demio.com/ref/01ppStEkIUVx…
Free Interview Webinar, register here https://bit.ly/3IP4B4M
FREE Interview Guide get yours today, http://bit.ly/3KKRVx0
FREE How to Get Your First Architect Job Guide, get yours today, http://bit.ly/41rixJl
Learn about our Elite Cloud Architect Bundle, https://training.gocloudcareers.com/b…
Learn about our How to Earn More Money in Tech Program, https://training.gocloudcareers.com/c…
Sign Up for Our Updates, https://www.gocloudcareers.com/form-o…\r
\r
At Go Cloud Careers and Go Cloud Architects we are focused on helping you be the best at your dream cloud career.\r
\r
Every day we speak with people looking to build their cloud architect careers. Unfortunately, many people are confused by the various cloud computing job roles, such as the difference between a cloud architect vs cloud engineer. This makes it hard to build your cloud architect career development program, which is necessary to get the right cloud computing career training.\r
\r
You can find some more of our content below:\r
\r
What Is A Cloud Architect | Cloud Architect Job (What Does A Cloud Architect Do) - • What Is A Cloud Architect | Cloud Arc… \r
\r
Can I Be A Cloud Architect? | Cloud Architect Career Advice (Get Cloud Hired) - • Can I Be A Cloud Architect? | Cloud A… \r
\r
What Does A Cloud Architect Do | Cloud Architect Job (Cloud Architect Roles and Responsibilities) - • What Does A Cloud Architect Do | Clou… \r
\r
How To Start A Career In Cloud Computing | Tech Career Transition Coaching | Changing Career To Tech - • How To Start A Career In Cloud Comput… \r
\r
\r
Our goal at Go Cloud Architects and Go Cloud Careers is to make technical training as accessible as possible to as many people as possible. That is why we create FREE technical content for the community. Make sure to check out our multitude of free content below.\r
\r
FREE CCNA Networking Bootcamp – • CCNA Networking Bootcamp \r
\r
FREE AWS Advanced Networking Bootcamp – • AWS Advanced Networking Bootcamp Nove… \r
\r
\r
Learn more about us here: https://www.gocloudcareers.com\r
\r
Please follow, like, or subscribe to us on our other platforms: \r
\r
Go Cloud Architects Facebook Page: https://www.facebook.com/gocloudarchi… \r
\r
Mike Gibbs LinkedIn Page: https://www.linkedin.com/in/michael-g…\r
\r
Go Cloud Architects LinkedIn page: https://www.linkedin.com/company/go-c… \r
\r
Twitter: https://twitter.com/Gocloudcareers\r
\r
#awstraining #cloudarchitect #cloudcareer #cloudjob
Content
78.799 -> Hello everyone this is Alonzo once you know
how to get your first cloud job please register
83.09 -> for our webinar will teach you everything
that you need to know and answer your questions
87.67 -> along the way hope to see you there
166.31 -> Hello everyone this is Alonzo wants to know
how to get your first cloud job and please
170.36 -> register for our webinar will teach you everything
that you need to know and answer your questions
173.69 -> along the way hope to see you there?
198.92 -> My name is Richard Im cloud hired I can see
I am cloud hired that yes, come and join and
299.37 -> get cloud hired.
300.37 -> I cloud tired. I'm cloud hired. I'm cloud
hired. Hey. Go Cloud Architect family. I'm
308.5 -> cloud hired. Oh, guys. I'm cloud hired. I'm
cloud hired thanks to go cloud architects,
321.039 -> it worked for me a now I’m cloud hired because
because of go cloud architect’s program.
327.46 -> I am cloud hired.
329.26 -> I am cloud hired. Thank you, Mike, and the
go cloud team
366.699 -> Welcome back, everyone, we're here for day
three of the completely free, AWS Certified
373.72 -> Solution Architect Associate 2023 course.
My name is Michael Gibbs, and I'm the founder
378.47 -> and CEO of go cloud careers and I'll be your
instructor throughout this week.
383.139 -> I have my master producer here is day two,
which dated I call it. You said day three,
391.3 -> you are too excited you yourself.
394.32 -> It's day two. Apologies, everyone. There's
been a lot of things going on in our world
398.32 -> right now. So even I get my days confused
periodically. So day two of the AWS Solution
404.03 -> Architect certification course. You know what
some of the things we'll cover here will help
409.879 -> you with some AWS Solution Architect interview
questions. And this is a complete AWS full
415.039 -> course tutorial, and free AWS training. And
it's a free AWS certification course online.
422.129 -> So with this free AWS course we're going to
help you pass the AWS Certified Solution Architect
426.879 -> Associate the exam just to you know, is SAA
does SEO three, it used to be the SAA does
433.02 -> co2 But this is a more modern exam, the SAE
ACO three, and we're gonna have a lot a lot
437.69 -> of fun here. Now, I want to make sure that
you all know some things we're going to do
445.31 -> to help you, I want you to all sign up for
the how to become the ultimate cloud architect
451.46 -> or how to get your first cloud architect job
webinar. It is tomorrow evening. And we will
456.75 -> tell you everything you need to do to get
your first cloud architect job certifications,
462.12 -> maybe three to 5% of what you need to do.
And I want you to all get these elite cloud
466.32 -> architect or AWS Solution Architect jobs,
or Azure Solution Architect jobs or Google
471.69 -> a Solution Architect jobs, I want to know
that you've got the best cloud computing career
475.71 -> because that's what we're all about. So join
us tomorrow on the completely completely free,
481.03 -> AWS Certified, I'm sorry, on the completely
free how to get your first cloud job. As a
487.09 -> cloud architect, it will be well worth your
time, and will be on a platform where we can
491.56 -> speak live and talk to each other so we can
make sure we can answer any questions you
495.53 -> have to help you build the best cloud computing
career. While we're at it, I want you to completely
502.63 -> download the completely free AWS Certified
Solution Architect, associate and professional
508.479 -> ebook and labs, you know, we're going to be
focused heavily on the concepts here. Why?
515.36 -> Because you get hired based on the concepts
if you're a cloud architect or a Solution
519.32 -> Architect, guess what you design, present
and sell, you don't even touch the technology.
523.95 -> But it's more than that. If you're a cloud
engineer, you're going to be performance tuning.
529 -> And the challenge is knowing what could do
not how to do it how to do it is nothing,
534.029 -> you can go straight to the AWS website. And
they've got complete step by step instructions.
538.61 -> So in the labs, which you can download, you
can watch on your own time, you can practice
542.76 -> those as well. But guess what, we're going
to focus heavy, heavy, heavy on the concepts
548.93 -> because that's what it's going to take to
win the interview. And that's also what it's
552.26 -> going to take to be able to know how to do
any of these jobs. I've interviewed 1000 AWS
556.97 -> Certified people that took the courses out
there, which is why we do ours free. And while
560.55 -> they all knew how to configure, they didn't
understand what they were doing and why they
563.49 -> were doing it, which meant they were unemployable.
And I went to getting the best jobs, because
567.29 -> we're all about giving getting you all cloud
hired. So make sure make sure that you attend
575.53 -> the completely free how to get your first
cloud job in America and get the free additional
579.95 -> AWS resources because I want you all hired,
passing your certifications and having the
584.16 -> absolute best career. If you miss day one.
Don't worry about it. You can catch day one
588.649 -> on our YouTube channel each day stands alone.
And I go back and watch it tonight. And enjoy
595.06 -> day one and today we're going to cover day
two I know I called it day three but it's
599.209 -> really day two today. I was all excited about
all the things we're doing. Because let's
602.649 -> face it, that's just me, I love doing these
things. Many people ask us which AWS certifications
608.62 -> to get as a rule, the AWS Certified Solution
Architect Associate is the starting point.
614.839 -> Now which certifications you should get is
completely dependent upon the career you desire.
618.52 -> But the AWS Certified Solution Architect Associate
is a basic intro to cloud computing. And that's
624.47 -> what we're going to do. So let's start talking
about the AWS Solution Architect, training,
634.649 -> because this is an AWS cloud computing full
course at least as it pertains to passing
638.26 -> the Certified Solution Architect Associate
exam. So yesterday, we talked about the orchestration
646.13 -> of the cloud and getting our data to the cloud
and storage. But today, we're going to begin
650.82 -> by talking about computing on the cloud. But
before we do that, can you guys all give me
656.779 -> a hashtag that says AWS Solution Architect
Associate Certification in the chatbox. And
663.519 -> that way, I know you're awake, alert oriented.
I'm a medical person, we medical people like
668.96 -> to know that the people are know where they're
at. That's why when somebody falls down, we
672.279 -> say, You know what time it is, you know who
the president is, you know where you're located.
675.68 -> So I like to know that you're all awake, alert
and oriented. This is medicine, we would call
679.76 -> times three, which was my old fun career internal
medicine. Before I went into tech 25 years
685.54 -> ago, and let me tell you, I will never go,
I've never looked back. And I love Tech Tech
690.64 -> Tech Tech tickets, the greatest thing. So
for all you guys that are putting Cisco Cisco
695.31 -> over there, I love that name. I spent about
a decade at Cisco, AWS Solution Architect
700.26 -> certification, fantastic. A diverse Solution
Architect certification, I love it. I'm seeing
704.089 -> all this AWS Solution Architect certifications
out there. So I know you're awake. I know
708.88 -> you're here. And I know you are ready to go.
Love it. So fantastic. And if you're a nurse,
718.079 -> you can that's wonderful, wonderful, wonderful.
I was a nurse and then a nurse practitioner,
722.089 -> and I was a firefighter paramedic even before
that. And health care, people become great
727.3 -> architects, because they're used to asking
people questions, and they're used to communicating
730.721 -> with people. And for the nurse that's here.
If you ever had to sell your patient into
734.3 -> taking a medication, which I know you have,
or following healthy lifestyle guidance, guess
738.821 -> what? We do that with technology all the time
as architects, so let's have some fun, and
744.1 -> let's get into the content. So a cloud or
cloud computing is nothing more than renting
750.96 -> space in somebody else's networking data center.
That's it. It's somebody else's data center,
755.449 -> the red space. And again, what is involved
in these things, it's routers and switches
760.529 -> and servers and storage, physical load balancers,
firewalls, intrusion detection, intrusion
768.449 -> prevention systems and cabling. That's it.
That's what the data center is, and guess
772.511 -> what the cloud is. It's renting space in that.
So when we talk about computing, guess what,
778.49 -> we're going to be talking about the same thing,
because cloud computing is nothing new. First
783.121 -> cloud I worked on was in 1996. And it hasn't
changed very little, even though the marketing
787.35 -> people does. So renting space and somebody
else's, even though IKEA, I am thrilled to
791.649 -> see you here along with Lady guitar. So let's
talk about computing. In the data center,
800.82 -> we've got these physical servers, everybody,
okay? physical servers. And in the cloud,
807.43 -> they still have the physical servers. Now
in our data center, typically speaking, we
812.61 -> take these servers, and we either put VMware
on it and virtualize the servers. On today's
819.09 -> modern world, we either use Nutanix, which
is one of my favorite hybrid cloud solutions,
824.05 -> or we use IBM OpenStack, which is more commonly
used than Nutanix. But they're all great private
829.639 -> clouds. And what are these things? Do they
enable us to take our servers, virtualized
834.44 -> the servers and reuse them to full capacity
and scale up and scale down just like the
840.18 -> cloud? And when you're on the cloud, guess
what? You still need servers, even serverless
845.3 -> uses servers, it's a marketing term no matter
what you're on servers. So in the data center,
851.46 -> we call it a virtual machine. And guess what,
what are we going to be talking about today
855.68 -> on the cloud virtual machines, nothing's new.
So if you've used a VMware virtual machine,
861.68 -> or a Microsoft Hyper V virtual machine, or
if you've used a Citrix virtual machine, or
869.64 -> if you use the KVM or QEMU virtual machine,
guess what we're gonna be using the same identical
874.61 -> stuff with a new name on the cloud, like the
husana Meet the new boss, same as the old
879.089 -> boss, it's the same stuff. So AWS is going
to call your virtual machines acpl instances,
885.12 -> because that's what they paid their marketing
people to do. Google is going to call them
889.27 -> Compute Engine instances. And Azure and Oracle
are gonna call them virtual machines, which
893.55 -> is really what they are. They're a little
little more you know, by a glass of water,
897.459 -> they call it what are not a hydration system,
whereas AWS has to throw the term elastic
901.88 -> and come up with all kinds of funny names
for everything. So when you pick virtual machines
907.63 -> on the cloud, how do you size them? The same
way, you've done it for the last two decades
914.339 -> in the data center, you size it based upon
CPU cores. you size it based upon DRAM. you
923.44 -> size it based upon storage capacity and performance,
which are typically going to be using block
928.62 -> storage for like we talked about yesterday,
unless it's a dedicated server. And we size
933.24 -> them based upon networking performance. That's
it. So if you need to figure out what you
938.681 -> need, how many cores do you need, and how
much DRAM do you do? Now I want to make it
942.459 -> very clear. bare metal server performance,
like the data center, and cloud server or
948.569 -> any virtual machine performance is not the
same. For example, if we use my favorite servers
954.529 -> right now, which are using these beautiful
AMD epic processors, and we have a server
960.019 -> that says has 128 cores, and four terabytes
of DRAM, that's 128 physical cores, physical
968.44 -> little CPU chips on the CPU. Now on the when
we deal with the servers, they can do something
973.71 -> called hyper threading, which is where then
the core can split into multiple cores.
979.759 -> Now, you've got a car that can drive at 90
miles an hour, and you split it into two cars,
986.51 -> each car can drive 45 miles an hour, seeing
things so in the data center, if you've gotten
992.12 -> 128, physical cores, they split into 256 virtual
cores. So when you buy 128 core server, say
1000.139 -> from Dell, or IBM, you're getting 128 physical
cores. When you buy 128 core server on the
1007.75 -> cloud, you're getting 120 virtual cores. So
it's basically 50% of the performance of your
1013.959 -> actual server. So keep that in the back of
your mind. Now, the reality is, in many cases,
1019.58 -> those virtual cores aren't being used. So
it's closer to the performance of say, 75%
1023.3 -> of the actual server. But gotta keep that
in mind, physical cores in the server and
1029.22 -> virtual cores. So when they're selling you,
virtual cores are not exactly the same as
1034.35 -> physical cores. And you're going to have to
test and kind of get the performance that
1038.199 -> you actually need. Now, the marketing department
decided to take something, basically, that
1045.179 -> is simple, and efficiency, and come up with
a bunch of silly names. Look, here's the reality,
1051.42 -> if I need a server, I'm going to basically
see which has the right cores, which has the
1055.53 -> right d RAM and which has the right network
performance. And I don't care about any of
1058.549 -> these silly letters, I'm going to google it.
But you know, AWS has pre made servers specifically
1065.679 -> for pre made uses, which may or may not match
your needs. And they basically came based
1070 -> with ARM based workloads, ARM based workloads
are great for web servers, they're super low
1074.159 -> power draw. They're not the highest performance
thing either. They've got your compute optimized,
1080.02 -> which you can, which you can work with, for
example. They've got your G based servers,
1086.64 -> which have GPUs in them, basically use them
for machine learning, if you're going to use
1089.669 -> your build your own machine learning environments
using say pytorch, TensorFlow or any of the
1094.02 -> machine learning tools that you might use,
you've got your eyes for high speed storage,
1097.75 -> you've got your M fi for general purpose to
do use it for databases, your M six again,
1102.69 -> or general purpose, but more application servers
or gaming servers, you got your R Series,
1107.179 -> which are really memory optimized, when you
need to lots of memory like a cache, for example,
1112.12 -> you got your T three, which are basically
burstable, which I think they get a little
1115.429 -> performance and you compressed a little more
out a little capacity when needed. Test Environment,
1120.45 -> realistically speaking, you got your ex ones,
which are really low price for DRAM and you
1125.28 -> need these high servers, huge in memory databases,
for example, you need four, six terabytes
1131.03 -> of RAM. These are the systems that you're
actually using. So kind of keep that in the
1133.39 -> back of your mind. They pre made these. And
they be may or may not be exactly what you're
1139.9 -> looking for. But really, you're going to be
sizing no matter what these things say based
1144.11 -> upon CPU, DRAM and network performance. Now,
realistically speaking, your traditional virtual
1157.32 -> machines on AWS support Linux on Windows,
like things you're going to stick on, whether
1163.88 -> it be Red Hat blonde to their Amazon Linux
is an offshoot of Red Hat Linux, just like
1171.08 -> Oracle Linux is an offshoot of Red Hat Linux.
The most common operating system on the cloud
1176.14 -> is not Amazon Linux, it's Ubuntu Linux, which
is what most people use, but you can use any
1184.591 -> of that you want. Any which your applications
are going to perform better. Typically, machine
1187.28 -> learning applications, for example, are better
on a button to super stability. Things often
1191.47 -> are better on Red Hat, but it's up to you,
your systems administrators to determine what's
1195.64 -> the best operating system for you. For the
most part, you can fill the plan I In this
1200.25 -> many Linux servers, but somebody is gonna
get closer on the Linux side, the Linux engineer
1205.59 -> is gonna help you select that. Now, AWS also
has an easy to instance that runs the Mac
1212.67 -> operating system, they call it mission critical,
but it's not mission critical. And here's
1216.14 -> the reason why it runs on a Mac Mini. And
a Mac Mini is not a mission critical system,
1221.71 -> it does not have a Xeon type CPU or an epic
type CPU, it does not support error correcting
1226.86 -> RAM. And it doesn't have any fault tolerance
in it whatsoever. So it's not mission critical.
1231.549 -> But it's great those Mac EC two instances
for, say, an application developer that needs
1236.14 -> to compile code, and they don't run on Mac
or use a Mac. Normally, you can use pre built
1241.299 -> virtual machines like many people do, or guess
what, you could use a custom virtual machine,
1247.059 -> you can create it just like you would in the
data center. pre built virtual machines are
1252.36 -> available from Amazon as machine image. A
machine image is basically an image of any
1256.93 -> server no different than a VMware image of
a server that you've been using for decades.
1260.82 -> Azure has their own images, Oracle has their
own images, Google has their own images. And
1267.73 -> typically, your machine instance is going
to need a compute system to run on. And it's
1272.07 -> going to need some block storage to store
your data. Now, like I said, you can build
1279.95 -> them, you can use a stock thing like the stock
operating system and build on top of it, or
1286.19 -> you can buy one. So let's say you have some
real security, you're not going to be using
1290.669 -> AWS WAF. And we'll talk about that when we
get to the security section, you're going
1294.409 -> to be using an industrial grade firewall,
if it matters, say something from Palo Alto
1298.45 -> or from Cisco, or from Fortinet or from checkpoint,
you're going to be getting that from the marketplace.
1306.59 -> And it's a prebuilt virtual machine optimize
operating system is fully hardened. And it's
1311.87 -> gonna with the precision firewall fix services.
And we can get, we can take one of our virtual
1319.74 -> machines in the data center and convert it
to an Amazon virtual machine image and relaunch
1323.69 -> it in the cloud. And that's what we're talking
about. Basically, we're just uploading our
1329.559 -> fifth our servers. And we can also just like
we do in the datacenter, VMware gives you
1335.19 -> an environment to take a physical server,
a bare metal metal server, and then turn that
1340.61 -> into an image that you could then run on the
VMware server, we do the same thing on the
1344.38 -> cloud, no different and there's tools to do
that. So let's talk about the Amazon machine
1353.5 -> image, I mentioned has an operating system
that's going to have lunch permissions, and
1357.429 -> it's gonna have a block device mapping, which
basically says, which block storage, you're
1360.3 -> not going to know when you've got this image
of a system. It's a single file that contains
1368.559 -> everything on the hard drive. It's really
cool. For many of you guys that are a little
1372.48 -> older, like me, if you've used semantic or
Norton Ghost knowledge, semantic ghost, and
1379.08 -> we could take a whole window system, we copy
it to an image, and then we could push that
1382.6 -> to 100 different computers that were configured
identically. That's an image sync thing. The
1389.243 -> image is that snapshot of a machine, we can
stick that in different regions, we can stick
1394.48 -> it in different clouds if we want to. Now
AWS would tell you to take that image and
1399.64 -> stick it in a different region for disaster
recovery. It's insanity, I'm going to tell
1403.83 -> you why it's insanity. You don't backup your
stuff to the same place. And the single cloud
1409.33 -> is the same place. Even if it's a different
reason. You Back it up to another environment.
1414.32 -> I wouldn't I wouldn't put like if I was worried
about my bank going bankrupt, like Silicon
1418.95 -> Valley Bank, just, you know, kind of had some
financial issues. I wouldn't put my money.
1422.9 -> And back in Silicon Valley Bank, I use a different
bank. So if you're going to do some disaster
1427.76 -> recovery, and we'll talk about that, don't
stick it in the same file. That's as ridiculous
1431.84 -> as you're worried about your bank putting
your extra money in the same bank and hoping
1435.16 -> that the banks, okay, it just doesn't make
any sense. Now, when you're dealing with virtual
1441.6 -> machines, what we're really talking about
is as follows. You got your operating system.
1451.58 -> Now, if we wanted to basically set up a virtual
machine to configure itself, like we've done
1457.43 -> forever, we'd write a script, typically a
bash shell script, or Windows, we'd write
1462.42 -> a PowerShell script. Systems admins have been
doing it forever. We can do the same thing
1467.561 -> on AWS. Let's say we've got auto scale and
we wanted to configure our servers coming
1472.679 -> up. We can basically write a little script
many bash shell script that for example, they
1478 -> call AWS COVID. A bootstrap script remember
bootstraps route for your for your exams.
1483.23 -> And realistically speaking, we can say update
the operating system. So let's say it's an
1490.19 -> Ubuntu system sudo apt apt get update sudo
apt apt get upgrade? We could have it immediately
1495.85 -> do that, and then we could have it so install
our web environment. I'm an architect and
1501.72 -> architects don't touch the technology. But
I think from I think I remember with a bunch
1506.2 -> of system, it's sudo apt install httpd or
Apache, we could set that up to install the
1513.24 -> web server, for example. While we're at it,
and basically, they're just simple scripts.
1522.5 -> Now, we're going to talk about the way you
rent your systems. A cloud is is like a hotel,
1531.13 -> you rent a room at a hotel, you rent space
in the cloud in somebody else's data center.
1536.049 -> That's it. So how do you rent it? Well, there's
a lot of ways that you can rent it. And we're
1544.11 -> going to talk about the renting options. The
first is on demand. What does that mean? And
1552.24 -> when when I use this, I started a new website
for my cat, Cindy, I have absolutely no idea
1560.46 -> how many, how many how many hits per day she's
gonna get. And if I knew, I would specify
1567.11 -> it, and I'd get a cheaper rate. But if I don't
know, I could stick it on an on demand server.
1572.48 -> I'm going to pay by the second. And what will
ultimately happen is, if I need capacity,
1582.1 -> I'll add other servers. Now, let's convenient
to not know what I'm going to pay for. So
1590.02 -> guess what? I pay extra, because I don't know.
So kind of keep that in the back of your mind
1595.549 -> and on demand instance, is as follows. You
purchase it, and you don't exactly know how
1604.51 -> much you're going to use. So you can on demand.
So on demand is very useful. And even if you
1609.21 -> do know what your capacity is, you're probably
still going to use on demand. I could also
1613.95 -> say specify five servers and use on demand
for additional capacity. So on demand, you're
1620.94 -> not 100% sure what your needs are, where you
might scale. You pay more but for the for
1626.799 -> the youth, but it's not always there. The
next purchase or renting option, if you want
1633.33 -> to call it is something called a reserve.
1637.269 -> What is that? Well, it's a follow. I know
I need 10 servers with 28 cores, and 128 gigs
1648.14 -> of RAM.
1649.14 -> I tell AWS I'm going to use 10 servers with
128 cores, and or 24 cores and 128 gigs of
1658.47 -> RAM. And guess what? I tell AWS I'm gonna
buy it for one year, or for three years. And
1665.35 -> the longer I commit to it, the cheaper the
price will give me why I just committed to
1670.93 -> it. Then again, if you're going to commit
to something, it's really no different than
1674.039 -> calling Dell and buying it for your own data
center. But there's that. But when you tell
1680 -> them, I'm gonna buy your stuff for a long
period of time, it enables AWS to know how
1684.19 -> much capacity they're going to need for their
systems. And they'll either know to buy new
1688.08 -> servers to support your needs. And that's
the way that work. So on demand, pay by the
1693.49 -> second, you pay the highest price, reserve,
and you can reserve it consistently full time,
1699.51 -> which is what we're talking about. You pick
a duration from one to three years. And the
1703.299 -> longer you commit to buying somebody else's
stuff, the cheaper the rate you go. And the
1711.549 -> next thing that we'll talk about is scheduled
reserved instances. So let's say for example,
1720.89 -> I know that I'm going to be running a big
batch computing job, and it's going to be
1724.49 -> every Friday, every Saturday and Sunday, and
it's going to be for 48 hours straight. I
1731.96 -> can tell AWS and schedule this capacity, and
I'm gonna prepay and commit to or at least
1738.69 -> commit to paying unnecessary prepay for say
three years. And I'll get a cheaper rate than
1743.88 -> if I used on demand. So on demand, pay about
the second highest price. Next low, the lowest
1749.94 -> we're gonna get here for Well, the next one
of the lower prices is going to be to reserve
1753.42 -> it for one to three years scheduled reserve,
we're going to pay more than if we reserve
1757.159 -> it constantly for three years, but we're still
going to get a discount on our rental prices.
1762.72 -> Now the cheapest option is something called
the spot instance. Google calls it a preemptable
1767.83 -> instance what's a spot instance? AWS usually
has extra capacity. And you can bid in an
1775.399 -> auction like manner on this x extra capacity.
If your bid gets one, you get cheap access
1784.01 -> to compute power. Sounds great, right? There's
always a caveat. Always a caveat. If you're
1790.85 -> using a spot instance, and somebody outbid
you on that instance, your system gets shut
1795.24 -> down, whatever you're working with stops and
you're out of luck. So, so Spot Instances,
1803.71 -> which are basically virtual machines that
you bet on are great. If you've got something
1807.929 -> that's not super important, and you've got
systems that are tolerant and being turned
1811.62 -> on and shut down, but don't put anything that
matters on it on demand, highest price, standard
1819.031 -> reserved instances where you're scheduled
for one to three years, low or one of the
1823.26 -> lower pricing options for long term consistent
use scheduled reserved, I'm going to reserve
1829.711 -> it every Saturday on Sunday or something like
that. You get a discount for it. Spot Instances
1833.87 -> the cheapest but do you really want to put
your systems on something that wasn't get
1837.899 -> shut down? Because somebody else tells you
when you're out of luck and you're offline?
1841.28 -> Probably not. So maybe good for experimentations?
No, we'll talk about tendency options. Typically
1854.47 -> speaking, when you're dealing with a cloud
computing environment, there's something called
1857.929 -> oversubscribed and your stuff is based on
what's oversubscription. Just like your internet
1863.43 -> service provider, your internet service provider
does not have enough capacity for everybody
1868.72 -> to use their stuff completely 100% at a time,
AWS won't really talk about this, but their
1873.639 -> service provider and all service providers
do this, generally speaking. So if I've got
1879.96 -> 120 cores on a server, I might sell 156 cores,
because we assume most people aren't using
1886.66 -> them all at the same time. Now, if everybody
uses their stuff, on the same time, there's
1892.57 -> performance constraints. I'm sure all of you
have experienced oversubscription in your
1896.63 -> life, when we all got stuck working home from
from home from COVID. I mean, I've been working
1901.33 -> home from decades. But when we all got forced
working from home from COVID, and all of a
1905.299 -> sudden everybody's in their house, and the
kids are watching YouTube videos, and somebody
1908.76 -> else is playing games and somebody else is
watching Netflix and you're trying to work
1911.679 -> on your internet came to a screeching halt,
is because your internet service provider
1915.809 -> did not have the capacity for all the people
that would be home at these times. So anytime
1920.48 -> you're dealing with cloud computing, it's
a service provider know they're going to be
1923.929 -> oversubscribed on their networking on their
computer. But let's talk a little bit more
1928.34 -> about shadow tenant. This is standard, you
rent some compute space from from your cloud
1933.779 -> provider, and your stuff is on there, your
competitor stuff is on there or somebody else's
1939.029 -> systems are all on the same server that shared
tenancy. This is standard unless you do something
1945.679 -> else about it. Now the next thing is something
called a dedicated instance. Now this is basically
1956.37 -> where you say, Go cloud careers is reserving
this entire server, an all of our virtual
1964.039 -> machines will be on that we can guarantee
that we're not over subscribed this way. And
1970.179 -> we can guarantee for security purposes that
nobody else is on our server is there usually
1974.909 -> speaking a security risk of having other people
on the same server, not really, the hypervisors
1979.029 -> are pretty darn secure. But if we want to
know that whole servers ours, we can do so.
1986.2 -> Now, what's the next option, the next option,
if you really need performance is to get a
1991.309 -> bare metal server. This is going to give you
the same performance that you had in the data
1996.03 -> center. Hey, wait, I can conceive data center
like performance of the cloud. That's how
1999.49 -> you do it with a bare metal server. And on
your bare metal server, you can do whatever
2003.759 -> you need. Maybe you're running some an application
that needs access to the actual MAC address
2009.72 -> on the Ethernet cord or a serial number. Or
you need to stick a security key and not have
2013.83 -> those kinds of things. That's the bare metal
server when a secure windows when you need
2017.74 -> access to the physical hardware. And guess
what, you got a staff that's fully trained
2023.8 -> on Nutanix. And they don't want them to learn
any of this AWS stuff, guess what, or VMware.
2030.77 -> You can purchase bare metal servers and run
your stuff directly on it. And then you don't
2036.21 -> even have to train your people in AWS and
AWS is basically transparent to them. You're
2040.49 -> just using their stuff. And it feels like
Nutanix or it feels like VMware. For the most
2047.7 -> part, it minimizes the learning curve for
you to do this. So now we know a little bit
2053.13 -> about the tenancy options. And we know a lot
about the purchasing options. Now there's
2061.53 -> more to cover on these virtual machines. Chris,
how long have I been speaking because we may
2065.379 -> need to take a few questions.
2068.27 -> Yeah, it's time to take some questions.
2071.27 -> Let's take some questions. All right. And
I'll quickly talk about the DevOps vs architect
2076.111 -> for about one minute even though it's not
related to the concept at some point.
2080.34 -> All right, so before we take some questions,
I want to ask everybody if you like what you're
2085.849 -> hearing and seeing, hit that like button,
hit that subscribe button, hit that notification
2091.53 -> bell button so you don't miss the next two
sessions that we've got. A see we've got 344
2099.86 -> People really watching but only 104 of you
like it apparently. So if you're enjoying
2104.59 -> it, make sure to hit that like button. So
let's get to some of these questions. And
2111.569 -> then we'll get back to the content after
2113.67 -> Mike has finished with these questions. Why
don't you go ahead and start with that DevOps
2121.96 -> versus,
2122.96 -> I'm gonna deal with the DevOps one, as well
as the Linux and Python question at the same
2126.7 -> time. That came out of butser. DevOps is a
career for software developers, because you
2134.05 -> must be a great programmer first, who automate
software release cycles. They get involved
2139.59 -> in tools like Jenkins and Spinnaker. And they
are 100% related to automation. And they all
2144.089 -> they are as a techie, that's all day long.
Automating software releases, cloud architects
2149.829 -> design present until technology, we don't
touch Linux, we don't touch Python, and we
2154.52 -> don't do DevOps. It has zero related to our
career. They are completely somebody else's
2160.15 -> career. Kind of the difference between an
airplane pilot and an airplane mechanic. An
2165.74 -> architect is a business executive who designs
presents and sells a technology solution.
2170.76 -> And there's a list of everything you need
to know to be an architect, and we're going
2173.64 -> to talk about all of it tomorrow, on the completely
free how to get your first cloud job. DevOps
2179.03 -> is a completely different career. Linux administration
is completely different architects are not
2184.92 -> allowed to touch the technology. If they work
for AWS, Azure, Google. Oracle, if they work
2192.319 -> for Accenture, Capgemini, Deloitte, architects
design it and sell it present it. Cloud engineers
2198.569 -> go and build it DevOps engineers go and build
and automate things. Once it's fixed, finished,
2203.93 -> it goes on to a maintenance team called sis
ops people. And once it's done that, if anything
2208.47 -> breaks, they call the Technical Support Center,
which is a different team. So now let's get
2212.08 -> back to the content. What's the difference
between bare metal physical and virtual server?
2219.71 -> A physical server is a bare metal server,
meaning you call Dell you call IBM to call
2224.46 -> HP and they ship you a server that's bare
metal. A virtual server is after you take
2230.99 -> that physical server, and you install hypervisor,
the AWS nitro hypervisor, the VMware hypervisor.
2238.64 -> Nutanix has a beautiful hypervisor KVM, which
is the hypervisor I'm pretty sure that's used
2244.15 -> in the OpenStack cloud. And then you chop
that server into multiple little virtual machines,
2249.97 -> which is a logical image. And that's there.
In fact, let's kind of Oh, actually, I thought
2255.95 -> I had it. I thought I had it in here. But
for some reason, maybe I don't have a picture.
2259.839 -> And that's such a good question. I'm actually
going to draw it out for you give me a minute.
2270.56 -> Okay, so let me do this. I'll actually go
back to my, my whiteboard, because I love
2274.24 -> this question. And I would go once you guys
to understand it. So let's go to season two,
2278.079 -> this is not okay, this is tenancy options
are here and create my slide, which is really
2284.25 -> what I wanted to do. Okay, so here we go.
Because this is a great question. We got a
2288.94 -> physical server. So let's say this is our
server hardware. This is our server. Next
2300.851 -> thing we're going to do is we're going to
install a thin layer of software, it's going
2304.93 -> to be called the hypervisor. And the hypervisor
is what's going to be involved in chopping
2315.63 -> up the server, two little mini servers. And
here, what we're going to be doing is we're
2320.31 -> going to be creating virtual machines all
on the same server. And what happens is, the
2325.18 -> virtual machine is going to have its operating
system, it's then going to have to do this.
2332.39 -> It's then going to have its application something
dependencies. And that's what it's going to
2338.75 -> be like so this could be a way that so we
can have one of these on the server and we're
2342.94 -> going to typically speaking of multiple, we
can have an another one. We could have another
2347.94 -> one. We can have another server, and we can
have another server. So that's typically what
2358.66 -> we're speaking with. We've got our server.
On top of that, we've got a hypervisor. And
2363.849 -> then we got all of our virtual machines and
one virtual machine could be Windows, one
2367.43 -> virtual machine could be Red Hat, one virtual
machine could be Ubuntu. So what we're really
2371.28 -> dealing with is taking one system, chopping
it down to another system. So virtual server
2376.359 -> is any one of these things that we're actually
dealing with any one of these things is a
2380.24 -> virtual server. The physical server is the
thing that you actually buy. Bare Metal is
2386.35 -> the physical server that has nothing on it.
Great, great, great question. How often does
2394.66 -> Spot Instances get shut down? It's based upon
utilization bidding and capacity and it changes
2399.77 -> over single day isn't worth the risk. It depends
on what you're doing. If I'm doing a test,
2404.24 -> it might be worth the risk. If I want to test
the 1000 routers running on virtual software
2408.26 -> and stretch them out for a period of an hour,
yeah might be worth the risk. Am I going to
2412.43 -> put something important on it? Of course I'm
not. So everything is everything with architectures
2417.619 -> based upon in business is based upon business
requirements. 100% There's no best tech ever.
2425.01 -> There's what works. And yes, there's entry
level Cloud Architect roles. I get people
2430.81 -> hired every day with zero background whatsoever.
Or any use good use case to Spot Instances?
2438.18 -> Yeah, if it doesn't matter, if you're looking
for cheap compute capacity, and it doesn't
2443.46 -> matter. Yeah. But for anything real, I wouldn't
be using it. test environments are beautiful.
2456.78 -> So a dedicated instance is different than
a dedicated host. A dedicated host is a bare
2463.44 -> metal system that you can do anything you
want with. install VMware ESXi, install Ubuntu
2473.589 -> Linux directly on it have physical access
to the hardware, and be able to use all the
2479.02 -> cores at maximum capacity, including physical
and virtual, a dedicated instance is basically
2486.13 -> running the AWS hypervisor, and you can create
all your virtual machines that are specifically
2492.14 -> AWS virtual machines, all there. So kind of
keep that in the back of your mind, there
2501.19 -> is a difference.
2504.89 -> can use VMware, AWS VMM is another problem
with Google Cloud, well, what you can do is
2509.35 -> you can create your virtual machine, which
is what I would, and then I would have that
2512.819 -> converted into an AWS virtual machine image.
And you could have that one converted into
2517.44 -> a Azure virtual machine image and another
one Google and then you can run three different
2520.91 -> clouds on it. So yes, you can convert one
to the other, but I would create my own virtual
2525.109 -> machine, the hard way, the original way, like
to VMware and then move it is the MO hybrid
2533.839 -> cloud, running VMware and connecting to a
public cloud as a hybrid cloud just like running
2537.98 -> Nutanix and connecting to a public cloud as
a hybrid cloud, just like running OpenStack
2542.25 -> and connecting it to a cloud as a hybrid cloud.
What are the use cases for a dedicated host,
2552.16 -> dedicated host, I want 100%. Total Control,
I want to put VMware on my system, so I don't
2558.75 -> have to deal with any of these AWS Management
consoles, and I want to do it my original
2562.27 -> way dedicated hosts. Or there are certain
critical business applications that require
2568.27 -> access to the physical hardware, and they
look for the physical hardware to boot up
2572.72 -> for the licensing purposes that must go into
dedicated hosts dedicated instance would probably
2577.19 -> be a good case, as I'm the US government.
And I don't want the Chinese government systems
2583.599 -> on the same system, or the Russian systems
or the Greek systems or the Israeli systems
2589.75 -> on the same system server physical server
as mine. That's when you use a dedicated Gnosis.
2599 -> Good question.
2604.29 -> We will discuss NAT gateways and Nat instances.
And we will cover that when we get to that
2610.63 -> content. What are some fundamental skills
needed to have better understanding of this
2614.28 -> course, network and data center, if you don't
understand the network and data center, you
2618.67 -> will never understand the Cloud. Please join
us tomorrow on the completely free how to
2622.45 -> get your first job webinar. And we will give
you 100% list of every single skill you need
2627.53 -> to know to be employable as a cloud architect.
2635.849 -> So let's get back to the content if you can
give me a hashtag. And the hashtag could be
2641.76 -> AWS Certified Solution Architect Associate.
2650.94 -> Okay, so let's get back to the content. Now
in AWS world. They tell you, you secure your
2663.76 -> virtual machine access with the security group,
I'm gonna tell you right now, that's great
2668.19 -> if you want to get hacked, but if it really
matters, you're gonna need to do much more,
2672.569 -> you're gonna need host based firewalls Host
Based ideas, you're gonna have to be removing
2676.75 -> unnecessary packages from the operating system
and closing unnecessary ports. But in AWS
2682.42 -> certification world which is very artificial
in nature, and contains about 5% of the knowledge
2686.619 -> of what you need to know to build any good
career. They say you can secure your AC till
2691.099 -> instance by six using a security group, which
is basically like a host based firewall, but
2695.76 -> that doesn't mean you shouldn't use your own
host based firewall to an all high security
2699.02 -> environments do So what's it look like? We're
going to talk about the concept of a security
2706.81 -> group. We'll talk about it much, much more
when we get to the security section. But I
2711.309 -> just want to briefly touch on that. Now, when
you set up your virtual machines, and if you
2715.19 -> download our free Labs, which is we gave me
the link earlier in the video, you'll be,
2721.619 -> you'll be setting up security groups. And
basically what it is, is it's a pre firewall
2725.89 -> before your traffic gets inside of the of
your virtual machines. Keep that in the back
2734.55 -> of your mind. And we'll we'll discuss much,
much, much more and much, much, much more
2740.28 -> depth are with me when we actually get to
the security section. So how do you give an
2751.559 -> IP address to assist them? Well, when you
set up your VPC and we'll talk about that
2759.819 -> much more later, and you're setting up your
virtual private data center, because that's
2764.88 -> what your VPC is, they call it a virtual private
cloud, but it's a virtual private data center,
2769.29 -> not a virtual private network, what you're
dealing with is you have to create your own
2773.64 -> IP address, base and cider range. And inside
of that every single virtual machine that
2779.42 -> you have, is going to be given an IP address
on the subnet that you create. And it's going
2785.21 -> to receive that address via the Dynamic Host
Configuration Protocol. Now, if it's inside
2790.819 -> of your VPC and it's internal, you're going
to be using private IP address spaces. And
2795.16 -> if you need to connect it to the internet,
you're going to need a global or a public
2800.16 -> IP address, which of course, the world calls
it a public IP address and AWS marketing people
2804.82 -> name that name that an elastic IP address,
I don't know where they come up with these
2814.589 -> marketing names. So keep that in the back
of your mind. Now you can also get a ipv6
2821.079 -> address. Now all ipv6 addresses are public,
we don't have any kind of RFC 1918, private
2826.349 -> IP addressing spaces like we normally would
keep that in the back of your mind. They're
2832.78 -> automatically assigned an ipv6 address if
you don't need ipv6, shut it off. The more
2839.29 -> addresses you have, the more things that are
open, the more the world can hack you. So
2843.109 -> only use what you need. Now, how do you manage
these systems? Well, how would you manage
2850.77 -> any virtual machine, you can either secure
shell into them or SSH, just like you would
2859.079 -> any other Linux machine, or router or switch
or viral. You could use the AWS Management
2867.901 -> Console, which is a web based browser based
way to do things, it is super easy. It's basically
2874.16 -> self explanatory, click, click, click, click
and it's done. And if you don't know, you
2879.97 -> can just Google the instructions. Having said
that, it is slow. Versus SSH, which is much
2885.78 -> faster if you know the commands. And great
question there from George, do I have anything
2892.88 -> he gets the marketing team? No. But there's
millions and millions of people that are 100%
2897.99 -> Confused by whether something is because the
marketing people made up funny names. If it's
2903.48 -> a Windows system, you can manage it via the
Remote Desktop Protocol, RDP. And you could
2909.78 -> do a lot of the management via the software
development kit. And here's how you can really
2913.4 -> set these things up. The whole world uses
TerraForm, they're gonna have one DevOps engineer
2917.291 -> deploy 1000s of these at the same time, in
many cases, and they can all do it via infrastructures
2922.41 -> code. So that's how you can set up these things.
Now we're also going to talk about outpost
2929.78 -> and what is outpost, it's fairly new. It's
a fully managed service that uses a virtual
2934.99 -> machine or an EC two instance. And something
that's an AWS supplied instance, it's a physical
2941.02 -> appliance that shipped to the customer and
plugged into the customer data center. Why?
2945.3 -> Because the latency of going to the cloud
is high versus running a virtual machine in
2949.531 -> your data center is there. So you can order
a server directly from AWS, stick it in your
2954.44 -> data center, and that's called an outpost,
I'm gonna tell you right now, you could buy
2958.15 -> that server from Dell for far, far, far, far,
far less than it would ever cost you to rent
2963.83 -> it out from AWS, at least, at least 400% less,
but it's up to you and how you want to do
2968.76 -> it three 400% cheaper to buy your own server.
But if you buy your own server, you're gonna
2972.98 -> have to have some knowledge on how to set
up the virtualization. If you buy this AWS
2977.38 -> outpost, the cool thing is, you can just click
a few Buck buttons on the AWS Management Console
2982.32 -> and set up your servers and it's fully managed
by AWS. You don't have to think about patching
2986.42 -> your hypervisor and things like that. So it's
the convenience factor. And in fact, when
2994.099 -> you go to a convenience store like a 711 in
the US or a Walmart in the US, you pay a lot
2998.7 -> more than you would in the supermarket. Right,
for a convenience. That's what we're talking
3004.26 -> about here. They do all the work for you,
they manage it. And because of that, you pay
3008.93 -> more but you got great performance just like
close to buying your own server. Okay, now
3016.15 -> we're gonna get into databases. So to make
sure I know you're here, give me a hashtag
3020.52 -> that says Databases.
3025.42 -> I see a hashtag that says databases give me
a hashtag that says Databases, we don't use
3033.869 -> acronyms. As architects spell it out databases,
your CEO doesn't know what you need. And an
3040.98 -> acronym, your hiring manager doesn't know
what you mean. And the reason we never use
3045.47 -> acronyms in technology, and some people do,
but you should never is they all can mean
3050.619 -> 10 different things. Somebody says VM, I don't
know if it's a voicemail vulnerability management
3054.64 -> or a virtual machine. And that's the point,
there's millions of things that all need the
3060.079 -> same thing. So communication, lack of clarity
causes errors. And I want you to have a great
3065.91 -> career and avoid acronyms whenever possible.
So we're going to talk about data bases. Even
3076.95 -> dB, I think of it means Dunnville. So keep
that in the back of your mind. That's why
3081.28 -> we never use acronyms, because they all mean
different things to different people. So what
3086.5 -> is a database? A database is this is an application
that enables us to store large amounts of
3093.86 -> information, large amounts. It facilitates
the sorting, calculating reporting and information
3100.24 -> sharing. And it is a critical component to
modern applications. Now, when we talk about
3105.67 -> these databases, I'm going to cover all of
them, I'm going to tell you which ones you
3109.57 -> should probably never use in real life. Why?
Because they will make multicloud impossible.
3116 -> And remember, 98% of organizations use multi
cloud. So I will cover all so you can pass
3121.79 -> the AWS exam, and then I'm going to tell you
don't use this, when it comes to things like
3126.26 -> Dynamo DB, and Amazon, Aurora, and a few other
ones, but we're going to cover them all. And
3133.79 -> then I'll tell you why you should or shouldn't
use certain ones. Now, when we're dealing
3139.339 -> with databases, for the most part, we're dealing
with the same ones that exist everywhere.
3144.19 -> We've got relational databases like Oracle,
we've got no SQL databases, like Mongo DB,
3152.119 -> or Apache Cassandra, we've got data warehouses,
which are things like Postgres. We'll talk
3158.45 -> a little bit about creating data lakes, I'll
show you the AWS way. And if we have time,
3163.41 -> I'll show you the real way. But we're gonna
first talk about relational databases. And
3171.18 -> this is the most common database that we deal
with in business. And it provides information
3177.609 -> and data that's related to each other. send
you the cat, Science Diet chicken. So Cindy,
3185.14 -> the cat goes and buy Science Diet chicken,
and got that in the database. Mike buys 500
3192.13 -> pounds of Sandy the cat of, of Science Diet
chicken, because it's 30% off. Okay, great.
3202.53 -> So that's what we're really talking about.
For my team. Lots of people are having a hard
3206.609 -> time finding the webinar tomorrow, please
pop that in there. So people can reach it.
3211.96 -> And we have a great cut Cindy, by the way,
oh, hopefully she'll pop it. So the reason
3217.13 -> organizations use relational databases is
to find information that's related to each
3222.809 -> other. 20% off yield this much in sales 30%
off yields this much in sales and enables
3228.91 -> the business to make better business decisions
by finding information that is related to
3233.39 -> each other. Because remember, no business
buys technology because it's cool. They buy
3237.66 -> it to improve their business. So with a relational
database, we've got a lot of structure. Basically,
3246.05 -> we have a row. And we have columns, kind of
like an Excel spreadsheet exactly that way.
3258.819 -> Now, when you're dealing with relational databases,
they're what's called a Tomic. And what does
3266.681 -> that mean? They use this thing called an acid
model. You could find a certification question
3270.54 -> on this, but you should know those transactions
are all or nothing meaning sending the cat
3276.549 -> order got placed or getting got placed. That's
it. They are consistent. The second I purchase
3284.4 -> Cindy's cat food, the database knows it and
all the read replicas etc. all know about
3290.59 -> it at the same time. It's consistent. It's
isolated. I buy fresh shrimp for Sunday. That's
3299.349 -> on a different entry. Then when I bought her
Science Diet, and Cindy gets her shrimp every
3305.08 -> single day, believe me, she's not getting
that she's getting turned in scarves every
3310.099 -> day. She's a very Happy Cat. And adorable,
meaning, once an order goes into that database
3317.539 -> or transaction goes to the database, it is
not lost. So they follow the atomic, consistent,
3325.26 -> isolated and durable model otherwise known
as acid.
3332.24 -> So when you look at a database, the key is
relational database, show the relationships
3336.96 -> between variables. That's why businesses are
using if you've got your order ID, your customer
3343.079 -> ID or amount, your email address, the person's
name and everything that's related to each
3349.78 -> other. So transactions, things like that,
you purchase something, and it's pretty great.
3355.799 -> So that now now you know what we're talking
about information that is related to each
3359.829 -> other. Now, when you deal with Amazon, you
got two options for your databases, you really
3369.47 -> want full control, don't use any other database,
anything, set up a virtual machine and install
3373.839 -> the database yourself, just like you did everywhere.
If you don't feel like setting it up, you
3378.869 -> can take the easy way out. And you can set
these things up. Now the relational databases
3386.619 -> available on Amazon or Amazon, Aurora, Maria
dB, Microsoft SQL Server, my SQL, Oracle DB
3393.44 -> and Postgres, which is typically used as a
data warehouse. We're going to begin with
3400.69 -> Amazon Aurora, and I'm going to tell you right
now, you probably should never touch this,
3405.23 -> but it's going to be on your certification
exam. If you use a proprietary database, when
3409.77 -> you use three clouds, you're going to have
trouble. And 98% of customers use more than
3414.03 -> one cloud for good reasons, single clouds,
a single point of failure and amount of how
3417.64 -> many regions and availability zones you use.
Because a control plane failure, network failure,
3423.799 -> or hacking event will take down an entire
cloud, as we've seen AWS go down first, globally
3427.519 -> for seven hours, which they call a power failure.
Although I've never seen a data center power
3431.97 -> failure in 25 years. So Amazon, Aurora is
a proprietary, meaning it's going to cause
3439.38 -> problems if you deal with anybody else. WARNING
WARNING, WARNING WARNING WARNING is a fully
3445.2 -> managed relational database. They say it's
MySQL and Postgres compatible, which means
3451.46 -> it is but try and get your information in
and out, you're going to be using tools. Now,
3457.16 -> what is good about this Amazon Aurora database
is it gives you some of the enterprise grade
3461.579 -> features that you would get an Oracle type
database or a paid database. And it's relatively
3467.859 -> inexpensive. So there is design. And if you
only had a small business that you never thought
3473.99 -> was going to grow, and it could tolerate an
hour or a day of downtime, this might be fine.
3478.29 -> But I don't know any business like that. Least
the cons I work with, and Amazon will tell
3484.64 -> you, it's five times faster than standard
MySQL. Yeah, MySQL is kind of a really slow
3489 -> database, and three times faster than Postgres.
Now, it's kind of a SaaS application or software
3497.369 -> as a service application, meaning a server
list and there's no servers for you to manage.
3501.66 -> And when you don't have any servers to manage,
it's like going to McDonald's and getting
3505.23 -> a hamburger, you've got no control over it,
because it's managed by somebody else. Versus
3509.83 -> having your grandmother who's a chef. Make
you the perfect hamburger. Kind of keep it
3518.27 -> that way. So now we're gonna get into MySQL.
It is an extremely common relational database.
3525.67 -> It's open source, it's been around for decades.
Oracle owns it now. Even though it's free.
3532.38 -> And it's used in a wide variety of applications,
you've probably heard of the LAMP stack, Linux,
3537.329 -> Apache, MySQL, PHP. That's what we're really
talking about. Now we can talk about Postgres.
3544.351 -> Postgres is an exceptional data warehouse.
It's also considered a relational database,
3550.34 -> very enhanced features that mean huge functionality
improvements over MySQL. And that's one you
3556.119 -> can either use their setup, which is basically
going to be on an easy to instance, otherwise
3559.78 -> known as a virtual machine. And guess what
it's going to be using block stores. Or you
3562.83 -> can just set it up yourself, whatever you
want. Maria dB. Now, this is another really
3568 -> exceptional relational database. It's open
source, which means it's free. And it works
3574.04 -> everywhere. It's created by the people that
created my SQL, but it's got a lot more additional
3578.27 -> features and functionality. Now we're gonna
get into a paid database, Microsoft SQL, a
3586.14 -> lot of this stuff out there is on Server supports
my SQL Server 2008 2012 2014. And this basically
3597.68 -> allows organizations that have Windows one
workloads that are dependent upon Microsoft
3602.15 -> SQL SQL server to be used. Now, Microsoft
has very different clustering and failover
3609.349 -> options than most databases. And there are
four versions of it express web enterprise,
3614.789 -> and standard. Look, you can use any of these.
And if you needed something different, you
3620.22 -> can always build the virtual machine and install
it. Now we're gonna go to the king of all
3628.46 -> relational databases, the Oracle database,
it matters in business. For the most part,
3634.63 -> they're using the Oracle database, and is
one of the most popular relational databases
3639.329 -> in the world. It has, for the most part, one
of the most extensive feature sets and functionalities.
3646.75 -> And it's developed, licensed and managed by
Oracle, AWS, relational database service support
3651.579 -> standard one, enterprise, and standard. Each
of these versions has different performance,
3658.34 -> flexibility and scalability options. There's
two versions of licensing supported by AWS
3663.819 -> for the Oracle database license included.
And basically, relatively speaking, in this
3668.41 -> version, the database is licensed to AWS,
and you're using their license. And you can
3673.631 -> use standard edition one or standard edition
two, or you can bring your own license to
3678.84 -> Microsoft. And this is assuming you have a
license you bought it, I mean, bring it on
3683.579 -> licensed AWS, you brought it and then you're
going to host your database. And the best
3686.67 -> now you got lots more license and flexibility,
standard enterprise Standard Edition one,
3693.06 -> Standard Edition two. Now in a bit, we're
going to talk about tuning the performance
3699.37 -> of these things with read replicas, caching
and killing, we're gonna have lots of fun
3703 -> with that. But before we do, we talked about
the relational databases that are supported.
3709.3 -> Now we're going to talk about no SQL databases.
Now, a no SQL database is not new there from
3717.069 -> the 1970s, if I remember correctly, from IBM,
and what a no SQL database means not only
3724.319 -> SQL. So we talked about a relational database
having very strict columns and rows with data
3730.66 -> that's related to each other. Great for transactions.
But what if you need a little more flexibility?
3738.74 -> See, anytime you've got tight constraints,
this must be this, this this? You start limiting
3746.15 -> scalability. So when no SQL database was designed
to give you a lot of flexibility in the way
3752.96 -> you store your information, you can store
structured data, like transactions, unstructured
3759.47 -> data, like where you stopped in a Netflix
movie. Oh, by the way, there's this new show
3763.579 -> called Night agent, I was watching it the
other day on Netflix. And you know, it's pretty
3767.7 -> interesting. Every time you push pause, and
you come back to it hours later, it takes
3771.42 -> you to the same spot. Because they're using
a no SQL database. I believe it's Apache Cassandra
3776.44 -> these days. Meaning I'm 99% sure they're using
Apache Cassandra to store your place. And
3783.279 -> that way, it stores your information. And
you can pull it can't do that kind of thing
3786.7 -> with a relational database, video game people
that actually play a game, right? And they
3791.32 -> go back to the same game, they stop it that
they're using a no SQL database, because it's
3796.569 -> very flexible. And basically, what happens
is we've got these pairs, and we've got IDs
3802.309 -> and values, and that's how the information
is retrieved.
3810.89 -> So AWS, has their own managed relational database
called Dynamo debate, something that I will
3818.329 -> never use ever, ever, ever not because it's
a bad database. It's an exceptionally good
3823.099 -> database, but use Dynamo DB. And guess what?
Now I got a problem with Google, Oracle, Azure,
3828.51 -> Nutanix. And OpenStack, I can't have that
for my business. I can't architect single
3832.74 -> points of failure. So this is something that's
right for the trash can AWS invented it, now
3838.779 -> you use this, you're stuck, you're handcuffed
to AWS. And when they raise your rates, you're
3842.22 -> out of trouble when they have an outage or
you're done and there's nothing you can do
3845.81 -> about it. So Dynamo DB, trash can go back
to something like MongoDB or Apache Cassandra,
3852.619 -> but you got to do this. It's not that it's
a bad database. It's that I don't believe
3855.589 -> in architecting single points of failure into
environments. So we will talk about Dynamo
3862.88 -> DB, because they're gonna have lots of questions
of it on your exam, because they want to put
3867.039 -> you in an environment all cloud providers
are all vendors want to put you in an environment
3870.98 -> where you're exclusive to their stuff. And
it gets really, really hard to leave, like
3877.94 -> the Hotel California, so you can check out
anytime you want. You can check in anytime
3881.49 -> you want, but you can never leave. I'm not
gonna have a career as a rock star, which
3885.48 -> that's another story. But so let's talk about
it. AWS has a fully managed serverless database
3890.73 -> called Dynamo DB. They say it's highly available
as long as AWS works, it's going to work for
3896.72 -> you. It's serverless which means there's no
management Have the servers, they're still
3901.31 -> servers, still servers, but they manage the
operating system, your storage, the security
3907.71 -> of it, and hopefully they do a good job of
it. And it stores your information on an SSD
3912.71 -> storage for better performance. Now, the good
news is, it's got low millisecond latency
3924.779 -> and encrypts all your data by default, and
it can be backed up with little or no performance,
3928.94 -> and it can be set up for global cross region
replication. Now when I say that it's proprietary,
3934.15 -> that doesn't mean you couldn't convert your
information and move to a second cloud, the
3938.309 -> problem is going to be when you want to synchronize
your data between the Azure cloud and AWS
3942.859 -> cloud, you can't do it with Dynamo DB. You
also can't do with Google Cloud, big table.
3949.349 -> And you can't do it with any of the proprietary
databases. So you really need to understand
3953.529 -> that. So it can be set up for cross region
replication again, great, but if the cloud
3960.77 -> goes down, doesn't matter how many regions
you're in. Now, because we're dealing with
3966.059 -> a no SQL database, we're dealing with name
value pairs. And we've got what's called the
3971.25 -> primary index, which is basically your primary
set up. But we can also set up secondary indexes,
3976.839 -> which allows applications have access to different
query products. DynamoDB secondary indexes
3984.47 -> can be something called global or local local
indexes will have the same partition key as
3988.75 -> the base table. Global indexes can span across
all database partitions. Now, there's going
3994.799 -> to be some limitations on saying a key value
can't go above 10 gigabyte, but that's pretty
3998.799 -> big. And to increase scalability, DynamoDB
is eventually consistent. What does that mean?
4007.609 -> It means that if I write information to the
database, other parts of it for a second or
4015.22 -> two may not have access to the most up to
date information. So does it matter? It depends,
4020.349 -> if it's a bank, and I purchased a million
dollars a Cisco stock, and then I'm going
4025.339 -> to sell a million dollars for an FIR for an
eighth of $1. More a second later, well, yeah,
4034.65 -> better be better be immediately consistent,
and this isn't going to work. But if there's
4040.119 -> something where you stopped in a you were
you stopped in a in a Netflix video, doesn't
4044.92 -> matter. If it's inconsistent for a period
of five seconds, of course it doesn't. So
4050.72 -> as you increase the scalability, you become
eventually consistent versus instantly consistent.
4056.35 -> Now, of course, you could configure DynamoDB,
should you be using this thing to be strongly
4062.19 -> consistent, meaning instantly consistent,
but that'll knock down your scalability. So
4067.03 -> everything with architecture is going to be
a choice. Everything you do if one thing affects
4070.39 -> something else, it's like throwing a pebble
in a river, or a lake. And you notice that
4075.089 -> reverberates and you see these things. That's
why architecture and engineering are different
4079.77 -> engineering is focused on the tech architecture
is focused on the big picture, because you
4083.98 -> got to be able to see everything was going
good. Keep that in the back of your mind.
4089.52 -> Now with Dynamo DB need to understand that
you provision the capacity, you have to tell
4095.29 -> it how much you're going to need before you
use it. You provision your read capacity,
4102.12 -> and your right capacity a ahead of time. And
that way there's sufficient capacity for your
4107.77 -> needs. Now, this is really scary, you could
set up Dynamo DB for auto scaling. Now normally,
4116.1 -> auto scaling adds capacity when you need it
and removes capacity. Pretty cool, exciting.
4119.48 -> And that's the whole reason we're on the call.
If it wasn't for auto scaling, for the most
4123.35 -> part, the call would be more expensive and
lower performance data center. But auto scaling
4127.33 -> is really exciting. Now DynamoDB auto scaling
is about the worst I've ever seen in my entire
4132.72 -> life. It scales up and doesn't scale back
down. Why is this so bad? Let's say you had
4138.95 -> a period of five minutes, where you needed
to scale up maybe 30 or 40 minutes, and then
4143.6 -> your capacity was reduced for the rest of
the year. That means what's gonna happen is
4147.56 -> you're gonna pay for the rest of the year
for the peak performance that you had five
4151.76 -> minutes, which is something don't ever want
to do. So with DynamoDB, which I don't recommend
4156.64 -> you use because it's proprietary, and it's
going to lock you into a single cloud, which
4160.779 -> no customer wants. If you've got to use it,
provision it ahead of time and don't allow
4167.28 -> auto scaling to work because it scales up
and not know. Now, in order to make this look
4173.76 -> more attractive to people, they offered a
new option because because people are not
4176.42 -> going to use something that doesn't work and
multi cloud and 98% of organizations are using
4181.71 -> multi cloud, AWS had to do something, they
created an ability to create an infrequent
4186.299 -> Access table, which gives you lower costs
for infrequent data you can save up to but
4191.6 -> there's a 25% fee to save and retrieve your
data. And it's DynamoDB as always priced upon
4197.17 -> throughput on demand capacity as we're talking
about is going to be available for a higher
4201.409 -> cost than fixed capacity. So what are some
use cases that AWS will tell you for Dynamo
4207.35 -> DB, or the same as any other no SQL database
when near unlimited scalability is required
4212.889 -> when lower latency is required, because these
things scale very well on latencies are low.
4217.55 -> All no SQL databases, when you got to store
a large amount of stuff, Internet of Things,
4222.81 -> devices that are all over the world. And I
think even doohickeys here, she wrote a beautiful
4229.86 -> article. And she wrote it on edge computing,
where you got all these Internet of Things
4233.219 -> devices coming in. That's what we're talking
about. Dynamo DB, or any no SQL database would
4238.909 -> be great for that game player state where
somebody's in a video game leaderboard, that
4244.53 -> kind of stuff. Netflix movies, when Netflix
uses Apache Cassandra these days, but you
4248.1 -> know, keep that in the back of a huge number
of financial transactions, ecommerce shopping
4253.35 -> cart inventory and tracking. You know, that's
what we're going to use this. Now we're gonna
4258.15 -> get into a data warehousing now for everybody
in the entire world, that means Postgres.
4267.08 -> Keep that in the back of your mind. AWS will
also have their own one, which again, I'm
4273.86 -> going to strongly recommend you don't use
because it's proprietary. So we'll talk about
4278.56 -> data warehousing. Data Warehousing, is where
you store large amounts of data. Why do you
4286.94 -> store humongous amounts of data? Same reason
we do any piece of technology to improve business
4294.32 -> performance. Keep that in the back of your
mind. So we take all this information. And
4305.23 -> for example, we stick it in a relational database,
and then we can run a business intelligence
4310.53 -> tool. And the business intelligence tool can
help us visualize the data, we can then take
4316.27 -> this data out and we can prep it loaded, create
our data, lakes, things like that. Now, you
4322.461 -> know there is that. So again, I'm going to
show you the AWS propriety proprietary way
4328.98 -> to do this, which is not what I'm recommending.
Here, you take data, you can store it, for
4334.11 -> example, in an object storage bucket, which
again, we're going to use on all clouds, we
4338.461 -> love this so far, then you're going to have
to map and reduce and normalize your data.
4343.32 -> The rest of the world uses a Python spark
script, I'm gonna recommend you create a Python
4347.57 -> spark script, or at least your database people
do. Why? Because it can take the date of the
4353.02 -> Python spark script and use the same script
on the Azure cloud on the Google Cloud at
4357.22 -> the same time. And then you're going to stick
your information into your data warehouse,
4362.07 -> which I recommend Postgres, not this Amazon
Redshift. And then from there, you can look
4366.65 -> at your data with a visualization tool like
Microsoft Power BI, Amazon Quickstart. So,
4374.57 -> now, we're going to talk about redshift, which
again, is something I don't recommend you
4378.731 -> ever use. I recommend you use Postgres or
another data warehouse, but I would never
4384.09 -> use a proprietary anything, because it's going
to help it's going to hurt you when it comes
4388.61 -> to multicol. So Amazon Redshift is an AWS
proprietary managed data warehouse solution.
4395.17 -> It helps you just like any other data warehouse
would work. And it's going to help you find
4401.75 -> actionable information, you can use it for
business analytics. And you can use redshift
4406.67 -> spectrum to provide real time insights into
your business. We'll talk a little bit more
4411.4 -> about this proprietary database,
4414.63 -> data warehousing database, AWS will tell you
it's fast, powerful, and fully managed. It
4421.27 -> can do petabyte scale warehousing, as can
any Postgres. It's based upon Postgres, which
4425.8 -> is good because you can do SQL queries, and
it works with applications, but just use Postgres.
4429.83 -> And don't even deal with this. And then you
can use the same thing on multiple clouds.
4434.219 -> know, when you're dealing with Amazon Redshift,
the primary architecture is built upon clusters
4439.77 -> of computing nodes, you're gonna have a primary
node that's going to be considered a leader
4443.48 -> node, and the compute nodes are going to support
the leader node. And your queries are always
4447.61 -> going to be directed to the leader node. What
we're going to do because I know I've been
4453.73 -> going long as I'm going to briefly mention
data lakes in the context of what AWS would
4458.29 -> consider for your exam, which is typically
different than when we do in real life. And
4462.699 -> then we're going to open up some questions
before we get into the storage and things
4465.57 -> like that. What is data lake? Data Lake is
a repository where you store structured and
4474.429 -> unstructured data, it's typically an object
storage. The reason organizations create data
4480.09 -> lakes, is because we want to have create a
location whole process a large amount of data,
4485.51 -> and it doesn't require you to structure the
data as you would in a database. For one of
4490.1 -> the people with a blue wrenches. Can you find
the data lake presentation where we had Praveen
4496.199 -> a really wonderful Big Data Architect on a
cloud architect speak for about two hours
4501.52 -> on how to create a data lake and what a data
lake is and pop them into the chat box for
4505.95 -> everybody that's here, because we don't have
the multiple hours to cover that. And I wish
4509.989 -> I was, but I've not been for being those an
incredible amount of Big Data architectures.
4513.25 -> I am an enterprise architect, a cloud architect,
a network architect. And I'd rather you hear
4518.69 -> from someone with 20 years of Big Data experience
on this, because you get better information.
4525.42 -> So that's why we created data lake, we store
large amounts of information, it's cataloged
4533.46 -> information. And that way you can query data
and you can look for it. This is what the
4539.651 -> AWS, once you see as a data lake, you're gonna
have your data sources, which is going to
4545.139 -> typically be a no SQL database, your data
warehouse and your relational databases, you're
4550.26 -> going to typically have someone write a Python
spark script for your data transformation.
4555.57 -> And then you'll create your data lake. And
there's several steps in the process of creating
4559.3 -> the data lake of normalizing data, analyzing
data, but that's where listed what we're talking
4562.96 -> about. Okay, let's go to some questions. And
then, because I know I've been speaking for
4569.909 -> approximately 30 minutes, and then we'll get
back to the content, we'll have all kinds
4572.929 -> of fun. At least I'm having fun. Uh, you guys
have been fun. How to make a relational database
4577.909 -> highly available? Well, Abby, Chuck, one is
what none, two is one and three is greater
4583.739 -> than two. So we're going to talk about that
when we talk about database performance tuning,
4588.62 -> but never have one. And never have a single
database. And realistically speaking, if it
4593.481 -> needs really needs to be highly available,
put it in multiple clouds, not a single cloud.
4597.53 -> Great question. And we'll get to more of that
later. What DB options you have to save MongoDB
4604.34 -> data to AWS? Well, if I was you, I would stick
a Mongo DB servers inside of AWS. And that's
4610.17 -> all you'd have to do. Read Lavaca does it
like taking backup but read replicas are for
4618.79 -> something else. But it can partially help
you with backup with back but it's really
4624.739 -> designed for something else? We'll talk about
that more when we talk about high availability.
4630 -> How do you ensure high availability and data
durability for databases in AWS don't just
4638.61 -> stick them in AWS Look, we've seen global
outage with AWS recent global outage with
4643.37 -> all the cloud providers. If you use a single
cloud provider, I promise you, you will see
4648.29 -> an outage. And it doesn't matter how many
regions you use, all tech fails, all service
4654.65 -> provider fails. In network architecture and
Enterprise Architecture we've been taught
4658.07 -> for the last 25 years, never put all your
eggs in one basket. And finance they say diversify
4663.13 -> your portfolio. We always add redundancy.
No matter how many availability zones and
4668.83 -> regions to use in a single cloud, you are
architecting a single point of failure. If
4672.62 -> you stick it in one cloud, take your database
and stick it in multiple clouds. Now you've
4677.12 -> got a truly high nobody database. Can I explain
the advantage of redshift? None? Don't use
4683.88 -> it. Instead use Postgres. Anytime you use
proprietary for everyone benefit you gain,
4690.48 -> you gain a whole lot of problems long term.
I wouldn't recommend you use it. Can you convert
4698.38 -> to DynamoDB to another type? Yes, you can.
But that means you can't use multiple calls
4704.63 -> at the same time. So you could be with AWS,
AWS as another seminar or global outage and
4710.48 -> they make up and they talk about something
like a power failure. You don't believe it's
4714.44 -> a power failure. Now you want to go to Azure,
or they raise your rates and you want to go
4717.98 -> to Azure. And now you got you got a problem.
But Sarah, if you want to run Azure and AWS,
4724.52 -> at the same time for high availability purposes,
you can't be converting data back and forth
4729.09 -> to each other, you need to use the same database,
trashed Dynamo DB, and use Mongo DB or Apache
4735.52 -> Cassandra across your clouds and you'll never
have a problem.
4742.81 -> So you have to match storage sizing with databases.
Yes, absolutely. That's the way we've done
4747.67 -> it for the last 20 years. Does AWS support
Cassandra? Yes, they do. Do they do without
4756.69 -> having to provision a minimum underlying infrastructures?
Yes, they do. They have a managed keyspaces
4761.02 -> Mark. I don't recommend using serverless.
I recommend your architects design something
4767.14 -> in your engineers build it whenever possible.
You have no control when somebody else provisions
4773.11 -> and managers have no control whatsoever. You
go to McDonald's. And they say Would you like
4779.11 -> fries with that and your hamburger comes out
consistently identically in a good enough
4783.75 -> manner? Every single time? I haven't been
to McDonald's in 10 years. But you know there
4788.48 -> is that if I go to Morton's and ask them to
make me a hamburger, I can select prime beef
4793.5 -> prime rib, filet mignon, New York Strip to
grind that hamburger into and they can basically
4800.4 -> make it medium where medium well, or whatever
I want. When you use a managed services, you
4806.46 -> don't get any of that. It's the do you want
fries with that? Now let's manage services
4812.07 -> Good. Well, they're often a little easier
to manage. But there's a trade off, you're
4817.03 -> going to trade off something, performance
tune ability. So the customers that I work
4824.031 -> with don't use as many managed services, they
use their own. Remember, you know, if you
4829.19 -> use managed services, it's a little cheaper,
and it's a little easier to manage. You don't
4833.05 -> need as many expensive people working on it,
but you give up control. And is that a good
4837.719 -> thing? Sometimes, yes, sometimes no. If you
have a team of inept people, and you don't
4841.17 -> want to train them, great. Use a managed service.
If you have good people, and you're not worried
4847.949 -> about their training, you can do many more
things. So what are the business requirements
4852.52 -> will always determine what you should use?
4859.84 -> Can I explain the redshift primary node? Absolutely.
4869.87 -> So basically, speaking, redshift is monitored
around clusters of computing nodes, you've
4875.91 -> got the primary node, which is called the
leader node, and every other node is called
4881.94 -> a compute node and supports the leader node.
But all the SQL queries go straight to the
4888.4 -> leader node. Good question. How do you normalize
data in the Data Warehouse? Well, once it's
4894.36 -> in the data warehouse, it's normalized. Typically
speaking, when you go from one database to
4898.9 -> another database, you're going to have to
map and reduce it. Now, AWS, of course, has
4903.84 -> its own proprietary Elastic MapReduce, but
and that's really, we'll talk about what that's
4910.07 -> based on what organizations really do is their
way to Python sparks growth, pi Spark is really
4914.86 -> created for normalizing data. And you can
set that same PI sparks threat up for at least
4922.92 -> your data, people will do it. And we architects
on toucheth, for example. And they'll set
4926.73 -> up that same script. And you can run that
same script on Azure and Google, or Nutanix,
4932.25 -> or OpenStack. And that's why you know, for
us, you know, we like to use standards, and
4936.79 -> we try to avoid proprietary things whenever
possible. How do you maintain a basic between
4942.86 -> multi cloud the same way you synchronize between
multifaith and you've got IP connectivity?
4946.76 -> That's it. As long as the network works, all
this stuff works. Is it possible to run multiple
4953.33 -> databases in the database instance? I don't
know what you mean by that. You can partition
4957.429 -> the database, which is sort of like up and
not exactly. But I'm not completely sure I
4963.82 -> understand. What you mean. Can you virtualize
the entire data center? Yeah, that's what
4971.9 -> a cloud is. Every Data Center has been virtualized
for the last 20 years for the most part. If
4978.96 -> you and the second half of that was, if you've
virtualized data center, and it goes down,
4983.69 -> you're done. Which is, and if you, you're
done. And if you've got 10 data centers connected
4989.54 -> by the same network, or 100 data centers connected
by the same network and the network goes down,
4997.07 -> guess what?
5000.8 -> What you're dealing with is all that goes
down, which is why you should never use a
5007.42 -> single call. Same problem. DynamoDB is not
scaled down your retinas the fact that his
5014.96 -> maximum number increases in the data 27. I
don't know what you're referring to, according
5017.672 -> to the AWS documentation that scales up in
terms of the throughput and capacity, but
5024.239 -> it doesn't scale back though. Is there a difference
between managed and fully managed? fully managed
5032.29 -> means you got no control whatsoever? Manage
generally means you have limited control.
5045.69 -> hypervisors not only split the physical machine
into multiple logical machines, they do that.
5049.65 -> But they also combine multiple physical machines
into one logical machine. Is this correct?
5054.35 -> Generally speaking? No. They combine multiple
physical machines into a compute pool that
5060.36 -> you can pull from just like a cloud provider
with good question. Good question. So before
5073.27 -> we go back to the content, let's talk about
let's me give you give you a hashtag because
5079.21 -> I want to know your awakened learning. Why
don't we chain that the one that that we give
5083.3 -> the next hashtag to hashtag free AWS course.
That way, I know you're awake, alert and oriented
5092.639 -> and while I'm waiting for that, you know If
you get a VMware vSphere, one of these environments
5102.65 -> that takes all your servers and adds it to
a pool, tech electric, if you add getting
5107.69 -> Nutanix called or an OpenStack cloud, it's
going to do the same thing and add it to a
5111.83 -> physical pool. That's what cloud software
does. It's different than a hypervisor. It's
5116.36 -> the control plane that manages it. AWS has
the control plane returning. So it's the control
5120.84 -> plane, every cloud has a control plane. And
if that control plane goes down, you lose
5126.33 -> everything.
5128.45 -> And yes, a shout out to all the people behind
the scenes, whether it be my Chief Operating
5143.27 -> Officer Christopher Johnson, my chief marketing
officer, Alonzo, whether it be Leo, who's
5148.38 -> back there, whether it be child who's back
there, whether it be Tyrone or Eddie or Anson,
5153.34 -> there's lots of people here, there's some
volunteers like even Doyle, who always thrilled
5157.03 -> to have here. Thank you all for all your participation.
And I know I'm missing people. AJ is one of
5167.03 -> them really great guy who's also helping.
5174.86 -> So let's talk a little bit about where you're
going to store your data. And database, right.
5182.53 -> Realistically speaking, you're going to have
three options. Option one is going to be you
5187.61 -> put it on provision IPs, which is AWS fastest,
which is still very slow storage, as I showed
5194.8 -> you compared to other storages yesterday.
Now your next option is general purpose, SSD,
5202.909 -> which is again, much slower than that. And
your last option is magnetic storage. So realistically
5209.4 -> speaking, if it matters, you're going to be
provisioned IO PS, you may get away with general
5213.65 -> purpose SSD on really small environments,
but you're probably not going to use magnetic
5218.42 -> storage for any kind of database. The latency,
okay. There's a cup, there's one more database
5226.23 -> I want to talk about. Before we get on. We
get onto this, and it's the quantum ledger
5233.3 -> database. Amazon has a quantum ledger database
that is fully managed and serverless. That
5240.28 -> automatically scales with application being
serverless that eliminates the need or worry
5243.61 -> to process server capacity uses tables and
indexes to query stored historical data. And
5250.3 -> unlike traditional databases, it's with not
immutable record, keeping audit logs like
5255.8 -> relational databases. AWS quantum letter does
not permit an update or delete operation.
5261.409 -> So if you've got something that's a database,
in a highly regulated industry, you can use
5266.69 -> the quantum ledger database. But again, there's
other industry databases that do this, that
5270.659 -> are not proprietary, so we recommend those.
Now, let's talk about database optimization.
5284.92 -> And we're gonna have Amazon database optimizations,
which is what we're going to talk about, these
5288.47 -> are the same things you would do with any
database, but either way, we'll talk about
5292.32 -> backups, automated backups, database snapshots
and encryption. You know, anytime we're gonna
5301.27 -> be dealing with optimizing our databases,
we're going to be talking about scalability.
5305.61 -> We'll talk about read replicas, we'll talk
about caching queuing, multi AZ, and realistically
5311.1 -> speaking, think multi cloud, which is not
part of any AWS certification, because it's
5316.469 -> part of reality backup. If it matters, you
kind of back it up right. Now, if you use
5324.69 -> one of the AWS managed database services,
like MySQL, or Oracle, they do some really
5331.63 -> good things for you. I like full control,
but you know, I have no problem using the
5335.63 -> Oracle managed database service on AWS. What
they do is they backup your data in a very
5341.94 -> great way. The entire database is backed up
on to an image. And you can retain this backup
5349.24 -> from one day to 35 days. And the backups happen
at the same time each day, for the most part
5355.88 -> to find window, which is really great. And
during the backup, you kind of got to know
5362 -> because it's pulling data off of the drive,
the database may be temporary unavailable.
5368.02 -> And when you're pulling the data off of the
drive to back it up the performance of the
5372.15 -> database, if it's not available, maybe severely
degraded, kind of keep this in the back. So
5378.3 -> when it gets backed up, it's going to be in
the form of the DB snapshot. Now you can also
5382.17 -> make your own snapshots. You know me I love
control. And DB snapshots are a point in time
5388.48 -> copy of the entire storage file, like that
old fashioned ghost image. That's 100%. It's
5395.92 -> got the operating system, all the patches
you put in there all the dependencies in there
5399.48 -> or your applications, and of course, all your
data so you can backup the whole thing, which
5404.65 -> is really cool. And you can relaunch that
thing instantly, should you have a problem,
5411.19 -> another region, another availability zone,
etc. And when you make a DB snapshot, it's
5422.01 -> available until you delete it.
5429.989 -> So what does it really look like? You've got
the relational database, and you can create
5436.51 -> a snapshot of it.
5444.139 -> Now, when you restore a database from a snapshot,
you're gonna get an identical new virtual
5456.27 -> machine with one exception, it's going to
come up with a new IP address, which means
5462.39 -> the old DNS name that you have is no longer
going to work. It's going to have a new DNS
5468.47 -> address too. So you may have to update your
DNS records if your systems use DNS to point
5473.19 -> to the new system. And the people typically
use DNS. And if you use the IP address of
5477.869 -> this system, by comparison, we don't recommend
for lots of reasons, then you're going to
5481.8 -> have to update the IP address mapping and
your application servers, which are going
5485.76 -> to the database. And when you restore it,
you take your snapshot image, and poof, you've
5495.88 -> got a new database with a new IP address,
just like I described. Add a new DNS drop.
5504.54 -> know, if you're going to store your data on
a database, or any hard drive in the hard
5511.03 -> drive lost on your identity is compromised.
Because what people can read your information.
5516.449 -> Do you want that? No. So Amazon supports encryption
at rest for all your database. So what does
5526.57 -> this really mean in all practical terms, it
means all the data stored on your server is
5532.54 -> encrypted. Effectively, what's going on is
the EBS volume of the block store to the virtual
5537.699 -> hard drive is encrypted. This is enabled by
enabling the Key Management Service, which
5545.35 -> makes it really easy to control the keys,
we talked about the key management service
5548.69 -> and when these kind of a lot of these things
yesterday. AWS also supports transparent data
5554.42 -> encryption. And Transparent Data Encryption
is typically used to be with Oracle and Microsoft
5566.35 -> SQL databases by default. And you can set
up transparent data encryption with the cloud
5571.42 -> HSM module hardware. It's like a hardware
key encryption kind of manual. We'll talk
5575.84 -> more about that later. And it's transparent
data encryption is really kind of cool. In
5581.59 -> encrypts the data on demand and decrypt the
data on demand. So when you store the data
5585.63 -> with transparent and encryption, it is encrypted.
When you pull the data is decrypted. And the
5593.34 -> cloud HSM is a hardware device for storage
and management of your encryption keys.
5601.4 -> AWS also supports encryption and transit.
What does this mean? It means that your data
5610.13 -> is sent as an encrypted encrypted on the way
to the database to be stored. And how does
5616.94 -> this work? Well, basically, it uses the TLS
protocol and SSL certificates. And you use
5624.06 -> a certificate to basically assist with the
authentication of the endpoints and your data.
5629.08 -> Basically, in the same way, when you go to
a website, I use it a little lock. And it's
5633.48 -> using SSL based encryption. That's really
what we're talking about. Now, databases have
5639.88 -> become really mission critical, mission critical
applications. So how do we improve the scalability
5647.05 -> of these things? Well, the simplest method
is to scale up, meaning we're in a server
5653.52 -> that's got eight cores and 32 gigs of RAM.
And we bump it up to a 64 cursor server with
5659.54 -> a terabyte of RAM, or 192 course server with
six terabytes around and we pick but at some
5665.86 -> point, I promise you, you're gonna run out
of capacity, no matter what you do, will run
5672.639 -> out. So when you run out of capacity, you're
going to have to add capacity. Now with some
5683.61 -> databases, like Apache Cassandra, for example,
you can write all databases as the same time
5689.77 -> I'm 90% sure Oracle database allows that as
well. But most do not. So we'll talk about
5699.59 -> how we're going To deal with this because
it's not like you can just auto scale a database
5703.36 -> the same way you can auto scale a web server.
Lots of trickiness here. And at some point,
5710.199 -> you just, you're gonna have to start getting
creative. No with no SQL databases. This is
5716.38 -> simple. Apache Cassandra, you just add servers
and it writes to them all at the same time.
5722.86 -> With Dynamo DB which sock and we're not recommending
you can basically partition the database and
5727.69 -> it chops or shards the database into partitions,
and the application will have the intelligence
5732.219 -> to route your traffic to the correct shard.
No, now with relational databases, it gets
5739.9 -> a little more complicated. What we do is we
add read replicas. Okay, what's a read replica?
5747.429 -> A read replica is a read only copy of the
data. Except for Maria DB as well. Now read
5758.13 -> only so what does this really mean? Right
now I'll give you an example. There's all
5763.61 -> the blue wrenches in this YouTube chat box.
For today, I am the primary master database,
5771.35 -> meaning I'm out here providing the information.
And many people are asking questions or things
5777.25 -> that I covered and they need a little clarification.
And they're usually the little blue wrenches,
5782.61 -> whether it be my chief operating officer Chris,
who's over in Tampa, Florida, or for Forca,
5788.27 -> who's over there in Cameroon, who's answering
questions or child who's over in Dallas, Texas,
5793.219 -> little supertall over there. And she's answering
questions. Or Alonso, who's over there in
5798.989 -> Katy, Texas answering questions or Edie over
in them in the Cameroon that's answering questions.
5803.57 -> They're kind of like read replicas, they basically
enable me to focus on what I'm teaching. And
5810.09 -> they help answer things. Kind of keep that
in the back of your mind. So the way we use
5815.96 -> read replicas is the database has something
called right capacity and read capacity in
5820.63 -> a primary database does it both. A read replica
is a as a read only copy of the instance.
5832.23 -> And what happens if we take the read load
off of the primary server and we push it on
5836.88 -> to some other servers, the primary server
can focus only on writing. And the read replicas
5842.65 -> can handle the read traffic. And remember,
if you've got a server that's going to read
5846.38 -> and write, and you can remove all the reading
and only has to write it can scale further.
5853.37 -> And why are we doing this because as I mentioned
previously, there's only going to be a certain
5858.21 -> amount of server cores and D RAM and disk
performance you're going to be able to get,
5862.73 -> so we're gonna have to we're gonna have to
get past us. And that's how we're going to
5872.06 -> do it. It's going to reduce the load. So what
does it look like architecturally, here's
5877.461 -> what it looks like. Basic three tier application,
we've got our web servers, which can auto
5882.23 -> scale. We've got our app servers with who
can auto scale, we've got our main or master
5888.19 -> database. And we've got the read databases.
And what happens is you'll point your questions
5892.96 -> to the read database, and that'll free up
the right database to do more.
5904.67 -> So when you use Read, read read replicas when
there's read activity, if it's all right,
5908.929 -> activity, read replicas aren't going to do
anything. When query traffic, meaning people
5914.65 -> are trying to read read read, read read is
slowing things down. You need a read replica.
5921.8 -> If you've got four times the read capacity,
and in the right capacity, add four read replicas.
5927.09 -> Because adding extra capacity. Now while we're
at it, I want to make a clear read replicas
5934.61 -> are used for performance. They do not aid
in availability or disaster recovery for the
5940.969 -> most part. Now the next thing we're going
to talk about is database caching. What is
5951.32 -> caching? Caching is a service to take frequently
accessed information and put it in memory.
5959.46 -> Caching works by taking a request and temporarily
storing the results of the request. Now, why
5966.57 -> would we use recursion? Let's say I'm going
to we're going to use a no SQL database with
5974.5 -> caching right now. And the reason we're going
to use a no SQL database is Taylor Swift gets
5978.8 -> a brand new cat. And she posts to Instagram,
Facebook, Twitter, Tik Tok, and LinkedIn.
5990.3 -> All the new photo of her cat and somebody's
pulling the information out. Pretend the cat
5998.13 -> is stored in the database the cat photo
6001.84 -> Now the read replica can answer the cuts question.
And then the cache can keep re answering it
6007.199 -> offloading the read replicas. So the read
replicas offload the right, or the primary
6012.85 -> database, and the caching can offload the
read replica. Now of all the information if
6017.07 -> one thing is for teller, so let's count into
listings for Katy Perry's cat. Another thing
6020.69 -> is for Christmas, Cool Cat Sunny. And the
next request is for my super awesome Princess
6025.08 -> cat, Cindy. By the way, I bought her from
my wife and realized two cats the second level
6029.52 -> my level of this little cat. But you know,
that's neither here nor there, you know, then
6033.42 -> the caching is not going to help. In fact,
if you add caching in an environment, while
6036.96 -> the requests are different, it will slow things
down. Caching is used from frequently accessed
6042.46 -> information. Now, typically, speaking, organizations
have been using caches forever. There's two
6053.53 -> caches which we that are typically used in
business. For the most part, businesses use
6059.219 -> Redis caches. And they also can use Memcache
D. Now, of course, in the cloud, you could
6069.96 -> set up your own servers with your own DRAM,
and set up your own Rama Redis Cache, or your
6075.35 -> own bucket, rhoncus D cache, or you can use
the fully managed AWS cache, there's no reason
6081.69 -> not to use these things. It's pretty simple
to set up. And you can basically use a premade
6089.91 -> Redis cache. Now people use Redis, because
it's got the most robust feature set of caches
6095.659 -> to typically use. And you can manage, you
know, Redis workloads to Elastic cache, or
6100.86 -> you could set up your own cache, which in
certain cases makes sense, it's based on the
6103.59 -> business requirements. Now, if you need something
simple, simple, simple, simple, simple, you
6109.03 -> can use elastic cache for Memcache. D, its
simplicity. And elastic cache is compatible
6115.239 -> with for Memcache. D is also compatible with
memcache D. So there's, you know, these caches
6120.44 -> aren't that different from each other. But
if it matters, you're going to be using Redis.
6125.23 -> I told you how caching sort of helps, I'll
show it to you visually. If the requests keep
6133.96 -> coming in for information that's on the database,
the cache can store that in memory, and provide
6139.01 -> the answers so that you don't have to do so
of course. Now, let's talk about database
6148.46 -> killing. And if you want, I'll actually architect
these things together for you to try and put
6153.34 -> it into context for you. What is killing for
the Americans is a complicated concept for
6161.09 -> the English or anybody that follows, you know,
colonial English language. It's simple because
6165.86 -> caching means put everything in a line. You
got to a plane in the UK, and they say, Please
6172.14 -> form a queue. So killing is really a means
to schedule the delivery of your data. It's
6180.24 -> used in lots of applications and why we're
using caching test question here for the AWS
6185.13 -> Solution Architect Associate. Why do you use
the cache is to decouple the traffic destined
6190.489 -> from the database. And your application services
used for application decoupling, you may see
6195.96 -> a test question on that most likely will.
Come caching is used to decouple it. Here's
6202.381 -> the way caching really works. Caching is used
for you got a sender who's sending a message,
6213.23 -> they stick the message in the cache. When
the receiver is ready to receive the message,
6220.369 -> guess what happens? It gets pulled from the
cache, I'm sorry, the cue, keep going to cash
6226 -> that's a cue. And then it's removed from the
queue. So I want you to think about this.
6231.3 -> If I'm sending messages as fast as I can,
and the receiver is not ready, they're going
6235.03 -> to be lost and dropped. But in this particular
environment, in this particular environment,
6242.78 -> I can dump all those messages into the queue.
And by dumping it into the queue, it gets
6252.86 -> a holding pattern. So I got a million messages,
I stick them in the queue. And when the system
6258.239 -> is ready, it will drain them. So caching promotes
scalability. It enables you to root CPU sizing
6265.72 -> and I'll show you why. And generally speaking,
the killing lowers your cost I'm sorry, keep
6270.489 -> calling, capturing and referring to queuing.
Now, most businesses use Apache Kafka as a
6276.71 -> cue. And you can set up a virtual machine
and use Apache Kafka on all your clouds at
6281.71 -> the same time and use your same beautiful
cue Apache Kafka as a queueing system. Or
6288.81 -> you could use the proprietary which I don't
recommend AWS SQS or simple queue service.
6295.52 -> And by doing so, it's a pre managed queue
for you. But if you're going to use three
6299.889 -> cloud Have, you're gonna have three different
proprietary queueing systems might not be
6304.44 -> the simplest, most elegant thing. But if you
use Apache Kafka, which works on all clouds
6310.449 -> and all data centers, at the same time, we're
gonna simplify your thing. So again, SQS is
6314.449 -> another service that, you know, I wouldn't
be architecting a day anything, unless it
6318.7 -> didn't matter. Because everything I do is
multicolor, just like 98%. So when it comes
6326.159 -> down to it, there's two options, there's a
simple step, there's a standard version, which
6330.02 -> is a simple queue. Basically, messages come
in and out as fast as they can, there's no
6335.449 -> guarantee of the order of the messages. And
if you need to guarantee the message delivery,
6343.73 -> what you could choose to do is you could set
up a FIFO queue or a first in first out queue,
6349 -> message, one goes, then message two goes in
the history, but it's going to slow it down,
6352.73 -> slow it down and slow it down. Why? Because
what if message one was 1500 bytes. Message
6357.56 -> two, two was, I'm sorry, was 1500 bytes. But
message three, four, and five were 64 bytes.
6364.219 -> The three, four and five is going to get there
most likely before message two. And when you
6368.06 -> set up first in first out, you're going to
slow the system down, but it's up to you.
6371.69 -> Some require some application and business
requirements required to do so. So the reason
6378.48 -> we're using these killing systems are as follows.
This, let's pretend we're looking at the CPU
6385.44 -> performance of a database. In your typical
333 tier environment, I use proprietary technologies
6391.94 -> here, just because it's an AWS class, when
I do these pictures, you got your web server
6396 -> coming in. You got your app server coming
in, its uses this proprietary queue, and then
6403.449 -> it gets stuck into the database, proprietary
DynamoDB. Now, if this was a regular database,
6410.48 -> which we're going to see as the CPU is going
to go up here is nothing, it's going to spike,
6415.3 -> it's going to go down CPU is going to spike
and it's going to go to nothing. But by using
6421.239 -> a killing system, we can smooth out. And by
using killing effectively, what we're doing
6431.409 -> is is realistically speaking, we're smoothing
it out. So that way we pop stuff in the queue,
6439.11 -> and we take it on a consistent basis, it's
kind of like driving a 40 miles an hour in
6442.92 -> your car, versus two miles an hour, 100 miles
an hour, two miles an hour, 100 miles an hour,
6448.28 -> which do you think is going to be more efficient
on fuel your cars longevity. That's why we
6456.81 -> use the cueing. So killing helps remove read
content, and I'm sorry, write contention that
6464.28 -> keeps messages from being lost. And what else
I'll also call is you can use the depth of
6468.67 -> the messages in the queue to trigger auto
scaling of different servers, which we love.
6476.65 -> So when should you use a queue when you want
to increase the scalability because there's
6480.5 -> a lot of write requests. So caching, reduces
read load, read replicas, take the read load
6486.58 -> off of the primary database server. Killing
reduces the right road, the right load. And
6494.54 -> it keeps you from losing critical messages.
So let me whiteboard this out. So you can
6500.3 -> kind of see how he would scale the database.
So wake up, everybody. Wake up, wake up, wake
6507.62 -> up. This is this is bonus content. This is
actual architecture information, which goes
6511.889 -> way above anything that's covered in the course.
So it's bonus bonus bonus. So make sure you're
6519.909 -> awake. So what does this really look like?
If you're, let's say here, is a web server
6529.92 -> or group of servers. I go, I think in this
direction. Some people think in the other
6537.25 -> direction both work depends on which country
you're from. Let's say you got your web servers,
6541.98 -> and you got your app servers. On the way into
the database,
6548.25 -> we put a kill. And Mike, we don't see your
thing.
6552.969 -> Oh, thank you for that. So we set up a web
server and app server and then we put a queue
6559.599 -> here. This could be SQS. It could be Apache
Kafka, it really doesn't matter. We're going
6566.23 -> to use queue
6572.679 -> by doing using the queue, we can increase
the scalability on the way into the primary
6579.21 -> database.
6591.42 -> And I'm going to show this for it's to make
life simple. And this is going to reduce the
6597.57 -> right load Because web messages coming from
the web server, the app server, instead of
6605.57 -> all being thrown to the database and potentially
lost, we're going to add a queue. Now if we
6610.25 -> want to increase the capacity of these other
right, the primary database reads, writes,
6617.3 -> reads writes. So if we want to offload all
the read work from the database over here,
6624.87 -> we're going to we're going to add some read
replicas.
6631.21 -> And now we're going to point all the traffic
to the read replicas. Now the read replicas
6645.03 -> are doing the answers. But what if we want
to reduce the load on the read replicas? Well,
6653.969 -> realistically speaking, we could stick a cache
here. And the cache where I'm putting it here
6659.38 -> architecturally is debatable, I'm using it
for simplicity and elegance to make it clear,
6664.17 -> what we're using it for the cache can reduce
the load on the read replicas that are doing
6673.489 -> all the rework. So you know, that's the why
we're using this. The cue reduces the right
6683.55 -> load on the cache and the read replicas reduce
the read load on the system.
6698.51 -> think now's a good natural time to pause and
answer some questions because I want to make
6702.09 -> sure everybody has a great learning.
6711.3 -> All right, give me a few seconds to find Sure,
the questions.
6766.15 -> Can you speak how this integrates to an instance
high levels for like instance, must because
6771.63 -> I don't know what that means it's missing.
Cloud, I'd love to answer your question. But
6776.88 -> it's missing. What's missing the question
you say how this integrates how that integrates?
6782.52 -> If you can help me, I'll be thrilled to answer.
You may have asked it at the time during the
6789.51 -> presentation. But you know, I don't know what
I was saying at the exact time. Chris, let's
6793.71 -> go to the next question. And I'm thrilled
to answer that if cloud provides the context.
6804.53 -> Any options to my to mitigate the greater
performance during a backup? Nope. It's just
6815.11 -> part of the system the way AWS has designed
it.
6821.17 -> Can you pull out your data of a proprietary
system? Lady Godiva? Absolutely. How difficult
6828.579 -> is it? Well, anytime you. Anytime you put
stuff into a proprietary system, you pull
6837.61 -> it out, there's going to be challenges. There's
going to be cost there's going to be development
6841.44 -> cost to kind of do these things. But yes,
you can do it. Will information be lost in
6847.89 -> the process? Yes. Is it going to be a perfect
migration? The answer is no. So it's best
6854.98 -> just to avoid proprietary in the first place.
What's the difference between a web server
6861.57 -> and an app server? You go to www.go Cloud
careers.com. You got a web server. Now when
6871 -> you sign in, as a student of our cloud architect
career development, which teaches you how
6876.78 -> to be a real architect and gets you hired
as an architect and changes your life forever,
6880.469 -> and gives you a great salary, our content
is housed in the application server that defines
6887.21 -> the logic Are you allowed to get in? What
are your permissions? What are your rights?
6892.219 -> That's the application where's the content
delivering store? That's an application server.
6896.38 -> And then of course, your information would
be in a database so you I like to, I like
6901.52 -> to call it into the this layer, the web server
presents it to you. Your business logic runs
6908.23 -> on the application server, and the database
stores your information. I hope that helps,
6915.8 -> because it's a great question.
6920.21 -> So I'm guessing that this comment that Clyde
just put in is clarification.
6928.27 -> How does the up
6932.07 -> and up because you asked about clarification
for what is this, I
6935.23 -> still don't know what that means code. Does
anybody on my team could know what that means.
6945.09 -> So how this integrates to an instance, they're
asking about how an app integrates with an
6954.98 -> instance,
6955.98 -> cloud, I really don't know what you mean.
But if you're asking about how an app works
6960.6 -> with a virtual machine, then what we're talking
about is somebody who writes code and the
6965.9 -> code sits on the operating system. Just like
anything that you would on your computer.
6971.4 -> How does the app talk to a database over an
application programming interface?
6975.77 -> Gotta hope Okay, that's how you that's that's
the kind of API's Okay, okay.
6989.579 -> Does Apache Kafka have the same level of compatibility
integrated with other services such as SQS
6996.17 -> Apache Kafka is the industry standard, and
it's used everywhere. It's nothing to set
7002.79 -> up and use. Everybody uses it on all clouds
and all data center.
7015.05 -> Difference between standard queue and first
in first out? Yes, standard queue, stuff goes
7020.56 -> in the queue and as fast as it can be drained,
it gets drained with no regards to message
7024.46 -> delivery. First In First Out, number of men
message goes in and number one message goes
7029.92 -> out number two, message goes in number two,
message go out. Number three, message goes
7033.77 -> in number three message goes on.
7061.199 -> Can the apps be accessed across to any apps
can be accessed anywhere in the world, across
7065.56 -> any cloud that you want, as long as you've
got IP connectivity, and you set it up right?
7083.11 -> I can't take too many unrelated I can't really
take unrelated questions, but I will do do
7088.8 -> again the difference between a DevOps engineer
and a cloud architect and please join us tomorrow.
7093.5 -> For the how to get your first cloud job on
our Cloud Architect is a business executive.
7097.67 -> I'm gonna say it again, it is a business executive
who is at least 5050 to 80% business and 20
7104.84 -> to 50%. Tech, that designs presents and sells
the solution. We never touch the data. We
7109.75 -> are not a lot of code, we are not a lot of
Configure. We're not a lot of types of systems.
7113.739 -> Ever. A DevOps engineer is a software engineer
first, who then automate software release
7121.159 -> cycles. In order to make software development
more agile DevOps and architecture have nothing
7126.71 -> to do with each other. They're kind of like
a parrot and alliances are that different
7131.8 -> from each other. kind of fight FIFO close
lose data. Any queue can lose data if the
7140.36 -> queue crashes. But as a rule, it doesn't matter
whether it's FIFO. Or, or first in first out
7148.68 -> unless the application or the database for
for some reason requires ordered delivery
7152.429 -> of messages. There's a load balanced and needed
for an app server sometimes. If you need more
7162.82 -> than one server for redundancy, or performance
purposes, which is generally Yes, you definitely
7168.02 -> might want to use a load balancer before we
wrap this over.
7179.69 -> Okay, going back to the content, um, we're
going to talk about extraction, translation
7188 -> and loading tools. I'm not a database professional.
I'm an architect and have been for decades
7199.96 -> but it, there's times where you need to get
data out of one database and put it into another
7205.46 -> database. And what we use for this is extraction,
translation and loading tools. AWS has their
7212.25 -> own, it's called Glue, which is okay, but
it's proprietary. And there are other industrial
7219.69 -> grade ETL tools that you can use across all
your columns. And if you've got a lot of databases,
7230.88 -> because each database has its own strengths
and weaknesses, and you want to pull information
7235.29 -> from one database to another database, you
will use an extraction, translation and loading
7244.51 -> tool. And Amazon has their own proprietary
branded one called Amazon glue. I don't really
7249.239 -> use proprietary anything when I don't have
to, but they have one. It's fully managed
7254.34 -> server list tool. And you know, according
to Amazon, it's real, real, real simple. You
7261.389 -> just point, your data, the glue to your data,
it'll automatically take care of everything
7268.42 -> you needed to worry about. According to AWS,
that's what they're going to tell you. It
7272.949 -> discovers the data and stores the metadata
in the catalog. And after the data is cataloged.
7277.98 -> It's searchable, and variable. The data can
be queried or stuck into another database.
7282.52 -> You know, what are we really talking about
from an architecture perspective to see what
7287.21 -> it looks like? There we go. We've got data,
for example, an object storage. And then it's
7295.15 -> going to stick it anywhere we need in which
database we want. Athena redshift, EMR again,
7301.13 -> map reduction is basically to take stuff in
and out of one, again, Python Spark, not Amazon
7305.69 -> EMR in most cases. And then you could visualize
the data with quick side Power BI tabular
7310.71 -> or some other data visualization tool. Now,
if, again, if you wanted to take your data
7323.02 -> from your own database, and then use one of
these proprietary AWS databases, you could
7328.631 -> use something called the schema conversion
tool. And what that does, is it takes your
7333.5 -> data from your database and massages it so
it sort of fits into an AWS proprietary database.
7342.29 -> Now, no schema conversion is going to be perfect.
So if you use this, it's going to take some
7349.8 -> work and development work from your database
team. But you can use those. And basically,
7356.53 -> it helps you migrate your database to a format
that's compatible with your target database.
7364.28 -> And if you started out with a really bad database
choice, and you outgrow it, what you're talking
7370.489 -> about is, this is a great way to get your
information into a better database, like Oracle,
7377.96 -> for example, or Maria dB, or some non proprietary
database, where you could use this to move
7384.4 -> it into a proprietary database, such as Amazon,
Aurora. But now you're on a stuck on a vendor
7389.88 -> proprietary system. But if you're already
on an Oracle database, there's no reason to
7394.691 -> use this tool in the first place. It helps
you get where you're looking for. So a schema
7403.63 -> conversion tool is really used to migrate
between a heterogenous database to convert
7408.599 -> the schema. And it basically helps with warehouse
application codes and SQL procedures, it's
7416.52 -> a nice tool to help you actually get to your
goals. And use this type of a tool to move
7424.46 -> from one database to another. Now let's talk
a little bit about high availability database
7432.02 -> design, at least as it pertains to your certification.
In our cloud architect career development
7438.69 -> program, we get much much much deeper because
we have the time we spend between five and
7442.36 -> 700 hours training a cloud architect, because
that's really what it takes to get to get
7446.28 -> your first job as an architect, we've got
15 hours here, or less. So we've got to focus
7450.84 -> on what we can actually teach in this period
of time, which is the exam. And I'm throwing
7455.46 -> in as many bonus nuggets of wisdom as I possibly
can for you because I want you to have the
7461.489 -> best. So assuming a single cloud is highly
available, which we don't believe in, but
7466.571 -> assuming you're gonna put it in a single cloud
per your exam. You know, we're going to talk
7473.38 -> about how they recommend you design a high
availability database on AWS. As a reminder
7481.119 -> from yesterday, AWS designs are things in
the regions and availability zones, or regions,
7486.179 -> a large geographic area, such as parts of
Europe, or half of the US continent by comparison.
7499.07 -> What we're talking about here You guys all
still hear me? Chris, can you still see me?
7504.28 -> Because my YouTube that I'm using for monitor
just went Yes. Okay. Okay. So according to
7513.09 -> AWS, if you want high availability, you can
put your databases into two availability zones
7520.52 -> in two different data centers. And if one
data center fails, you got a backup data center.
7528.69 -> Of course, if the cloud providers network
fails, if they get hacked, or the control
7531.88 -> plane goes down, you lose everything. But
this is an AWS certification exam. So you
7537 -> got to know the AWS principles. So I'm going
to tell you that a high availability database
7541.76 -> design uses a multi AZ environment. So what
happens is the database copies itself into
7549.699 -> another availability zone or data center.
Now, by keeping a copy of your database in
7558.75 -> another availability zone, you do not get
increased performance. It just has the information
7565.1 -> and it synchronizes it all the time. And should
your primary database go down the one or your
7570.6 -> data center go down the backup in the other
data center, otherwise known as availability
7577.01 -> zone will take over. So you copy a message
goes to the database send you the cat, but
7582.219 -> some new cat food transaction stored in the
database that gets copied to the database
7586.13 -> in the next availability zone. Kind of keep
that in the back of your mind, and you're
7590.77 -> good to go. And it's copied synchronously.
What does this look like architecturally,
7599.5 -> you've got the same thing in two different
data centers, your same web servers, app servers
7605.44 -> and database servers. And what happens as
your data is copied to the master, and it
7611.619 -> gets copied in availability, Zone A is copied
to the standby and availability zone date.
7617.55 -> So that's really what we're talking about
with regards to creating a high availability,
7620.91 -> if you want to call it that database architecture
in a single cloud. So let's say you've got
7633.17 -> your database and availability zone one and
your database and availability zone two. What's
7639.63 -> going to cause your database to failover from
datacenter, one to datacenter. Two, well,
7645.489 -> if the primary database fails, meaning the
server, guess what it's gonna shift to availability
7652.67 -> zone two, if the entire data center goes out,
like a power failure, because both power companies,
7660.29 -> and both generators and backup generators
and batteries backup style, then poof, your
7667.25 -> information is gonna go to the next one, where
likely you have a network outage in the data
7673.02 -> center. If you change the database, enter
the database instance, service type, poof,
7678.8 -> it's going to fell over. If you want to do
maintenance, like patch, or upgrade the database.
7686.52 -> It'll fail over to the backup while you're
doing the maintenance. Or if you issue a manual
7691.75 -> failover I'm going to reboot this reboot with
failover you reboot it and the backup one
7696.829 -> takes over and that way you don't lose anything.
Okay, we are now going to get to my favorite
7706.23 -> content, which is networking. But I'm going
to pause for five minutes now to make sure
7711.68 -> that we don't have any other questions related
to the database. Now we're gonna get to the
7719.38 -> fun stuff, which is networking, which we're
gonna get a little geeky. I'm sure. That's
7723.76 -> okay. It's my favorite.
7724.929 -> All right, give me just a second here.
7732.469 -> caught me off guard with the shorts short
slot there. Yeah. All right, here we go.
7764.679 -> Can the same load balancer be used for the
app server and web server in the cloud there?
7769.01 -> Your app server and web servers are going
to be on different subnets you're going to
7771.909 -> use a different load balancer.
7778.46 -> The database queue you mentioned is it something
that comes with as part of the AWS database
7782.56 -> feature or it's an architectural concept?
No, it's a both an architectural concept and
7787.45 -> it's a server concept. So either either you
know you you use a sword over like a Kafka
7801.32 -> queue, or use the SQS service, but it is an
actual functionality that is an architectural
7806.53 -> concept and a compute concept at the same
time. So, one would use the schema conversion
7815.52 -> tool, if I want to go from my datacenters,
Oracle server to Azure, Amazon Aurora, which
7823.801 -> I would never do, then I would use the schema
conversion tool, whatever use glue, no. But
7829.88 -> for your exam, if I want to pull data from
one of my databases like redshift, and pop
7835.32 -> it into Aurora, I might use glue because it
kind of normalize your data. And that's a
7840.46 -> great question, sir.
7845.51 -> So you're saying that ensuring high availability
multiple easy's I don't call that high availability,
7851.68 -> but it is port carding exam, high availability
in multiple regions? Guess what? Still not
7857.56 -> high availability. Because you've got a single
cloud, one hacker comes in and knocks down
7861.17 -> the cloud. And guess what, you lost everything.
There's a big BGP problem on the AWS cloud
7867.059 -> like or like the Google Cloud was taken down
from a BGP problem or Facebook was taken down
7871.27 -> like a whole day from a BGP problem where
at least half a day or eight hours, something
7874.9 -> crazy like that, poof, whole cloud goes down.
So I don't consider a single cloud ever a
7880.05 -> high availability system? I'm just telling
you, what do multiple reasons do. It puts
7884.599 -> your stuff halfway in the US and halfway and
Europe. But if the cloud goes down, and guess
7889.22 -> what you're still done. So that's not really
a high availability, performance environment.
7897.239 -> Is a web server the same thing as a client
server know, a client server could be a web
7901.59 -> server or an application server, a file server.
A web server is a type of server that serves
7907.5 -> web pages.
7917.78 -> Okay, we'll get back to this. So Chris, or
Alonzo, when are you guys in the chatbox?
7933.07 -> If you can help me, or when there was a song
when I was younger, and it says y'all having
7936.23 -> a good time, then they go t t, t, t, t, t,
t, I don't remember the song. But if you're
7940.53 -> all having a good time, you know, let's get
back to this, please give me a hashtag that
7944.15 -> says AWS Solutions Architect Associate. So
I know you're awake, alert and oriented, and
7953.48 -> blocked out to high availability is never
in a single cloud. It's like putting all your
7957.88 -> money in a single basket, and then hoping
that you don't get stolen from or the basket
7963.82 -> doesn't catch fire or you don't drop it or
you don't lose it or nobody breaks into you.
7967.32 -> So no, central cloud is never high availability.
So we're gonna now get into some basic, basic,
7978.88 -> basic networking. And again, if you guys didn't
hear the hashtag, if you guys can put hashtag
7984.9 -> AWS solution, Architect Associate, we're not
fans of any kind of acronyms around here.
7991.45 -> Kind of keep that in the back of your mind.
So let's do a basic networking review. No
8000.73 -> basic, anything would start without the OSI
model. The OSI or the open systems interconnect
8007.86 -> model is a model that network engineers, network
architects, cloud engineers, cloud architects,
8014.25 -> and anybody who works in tech needs to know
why. Because, you know, you've heard me be
8022.34 -> very unhappy with AWS marketing terms or Azure
marketing firms or Google Marketing teams.
8027.13 -> Why? Because they complexity. Imagine a doctor
trying to work in an environment where the
8034.36 -> same pill has 50 different names. How many
people will die when Doctor one and Doctor
8041.46 -> two and Doctor three wouldn't even know they're
on the same patients in the same medications
8044.87 -> people just die. In it's anything that matters
depends upon clear language. And we must speak
8053.809 -> the same terminology. If we want to be serious.
If I walk into a Chief Information Officers
8060.09 -> office and talk about s3 and EC two, I will
be fired my replaceable thank me for the nice
8065.17 -> job and I will be escorted out of the room
by security because the Chief Information
8068.73 -> Officer is not going to understand the gibberish
that I'm talking about. Now if I talk to the
8073.341 -> chief information officer about his virtual
machines and his object storage, now we're
8078.4 -> on the same page. So the OSI model is standard
language that everyone uses in the networking
8086.92 -> world. It's a means to get rid of garbage
marketing term, so we always always can communicate.
8094.25 -> If I speak to somebody in Tel Aviv, guess
what? And I talked about a layer one problem
8099.21 -> in networking He or she is going to No, no,
if I speak to Tyrone in South Africa, guess
8105.251 -> what, and I say we've got a layer two problem
Tyrone's going to know what it is. And we
8110.321 -> must have precision language. And we're dealing
with precision anything. The network is the
8115.07 -> heart of the cloud. It's not software is the
network, network goes down, cloud goes down.
8121.159 -> And that's why organizations typically don't
think of the network and those that don't
8126.74 -> think of the network pay a big price in terms
of outages. And anybody that knows, networking
8132.61 -> knows you can't use a single service provider.
Because we've never been allowed to for decades.
8138.01 -> So let's talk about it. And I'm going to whiteboard
it out for you because I want you to see it.
8141.89 -> I'll share my screen here. layer one, the
physical cable between you and your and your
8152.38 -> switch, or your router wire, whether it be
fiber optic. If so, you know on a wire, we're
8159.949 -> sending electrons, technically, on fiber,
we're sending light. So layer one that we're
8166.75 -> talking about is the physical layer, cable
cable. Layer two is the data link layer. That's
8177.191 -> the actual hardware we're using. It's your
Wi Fi card. It's your Ethernet card, hardware,
8185.929 -> hardware, whether it was a serial interface
for a wine interface or an ISDN interface,
8191.96 -> or an Ethernet card. So layer one, why are
layer two physical card hard coded address,
8200.59 -> hardware address. If you go to your computer
it has a MAC address, layer two address physical
8206.63 -> wire, layer two data link hardware. Now next,
we'll move up to the network layer where we've
8214.55 -> got a logical address your IP address 192168
1.3 That is an IP address. layer one wire,
8225.61 -> layer two hardware card layer three logical
addressing. You can't really change the MAC
8230.5 -> address on your computer, but you can change
its IP address now let's say we're talking
8238.229 -> about transport. The next layer four is transport.
Do I send my data in a reliable fashion meaning
8244.58 -> TCP? IP? Am I sending UDP traffic for a real
time traffic such as voice or video? Or am
8253.48 -> I sending a test message like a ping to a
Windows computer? Ping Alonso's computer like
8261.54 -> an ICMP echo when he sends me an ICMP reply
that you've got. Now realistically, when it
8269.469 -> comes to network engineers and network architects,
that's it. layer one wire, layer two card,
8276.069 -> layer three logical address or IP address
layer four TCP, UDP or ICMP. We're going to
8282.46 -> cover the rest. Now at layer five or the session
layer, we're dealing with something called
8287.109 -> the socket which really controls the connection.
At layer six, we're talking about presentation
8293.71 -> of data. But there is some networking that
occurs here. Encryption, for example, occurs
8299.38 -> at layer six. And the applications are what
you use you go to your web browser that is
8304.13 -> a layer seven application, think HTTP DNS
sec. So layer one wire, layer two card, layer
8310.51 -> three, logical address layer four protocol,
TCP, UDP, ICMP, layer five, session, layer
8316.501 -> six, presentation and encryption. layer seven
is the application itself. Now when it comes
8326.5 -> to networking, whether it's in the data center,
whether it's in the cloud, it's completely
8331.71 -> irrelevant. Everything needs an address. Why
do you need to address you need to be able
8336.51 -> to communicate with the system? Let's say
for example, I wanted to send Eva do IKEA
8342.09 -> a letter and thank her for some of the really
great blogs that she collaborated with me
8347.33 -> on. By the way, on our website, there's some
really great cloud architect interview question
8352.059 -> blogs, you could do I could work very closely
with me on that. And she wrote a beautiful
8355.389 -> archinaut article on on edge computing, I
recommend everybody read. So how are you going
8365.569 -> to know how to find it? Well, you got to know
to go to www.co co careers.com. Otherwise,
8370.16 -> you're not gonna see these great articles.
If I want you to send a letter to my mother,
8378.219 -> I need to know her address. How else would
the post office know how to send my letter
8382.63 -> there? Well, when it comes to message delivering
and computers, we need an IP address. It's
8387.06 -> basically a no different than the address
in your house. And every address on your network
8393.53 -> must be unique. How will the mail system to
work 123 Main Street I have a 123 Main Street
8402.39 -> in Philadelphia, New Town Bucks County, Ben
Salem Bucks County Levittown Bucks County.
8409.13 -> Every city in the world has like a 123 Main
Street, okay. But what's different, that makes
8415.85 -> that unique? The postal code or the zip thing,
same thing with IP addressing every device
8421.75 -> needs a system that's going to talk to each
other, which must be unique. Now, inside of
8427.97 -> your system, you can use private addresses,
but they must be unique inside of your organization.
8432.69 -> And anything in the external internet also
needs to be unique. Now when we deal with
8437.72 -> IP addressing, we're going to deal with two
versions ipv4 and ipv6. ipv4 is the 32 bit
8445.59 -> address that we've been using for as long
as I can remember, I've been using since the
8452.95 -> late 80s. And ipv6 was actually invented a
long time ago, but we're starting to use ipv6
8460.391 -> addresses, the world still hasn't even adopted
3040 years later.
8469.47 -> So when you pop addresses for your VPC, inside
of your VPC are going to use private addresses.
8479.64 -> If you want to know Private Addressing, you
truly want to understand it, I recommend you
8483.571 -> read and you should all read this, the Internet
Engineering Task Force RFC Request for Comments
8489.37 -> 1918 that as the specification for IP addresses,
that all network Architects like me. And inside
8498.939 -> of that they specified it internally. Because
we don't have enough IP addresses. Organizations
8504.841 -> should use the 10 dot zero slash eight address
base, the 172 16 dot 0.0, all the way to 172
8514.95 -> 31 dot 0.0 slash 16, which can also be summarized
or aggregated into 172 16 dot 0.0, slash 12.
8523.99 -> And the 192 168 dot 0.0 Slash 16 address base.
These are private IP addresses to be used
8530.24 -> inside your organization. And they are not
globally relevant. I'm going to mention this
8538.05 -> right now just because we're going to talk
about classless inter domain routing for a
8541.88 -> little bit. We used to have these things 3040
years ago called IP classes. And that was
8548.64 -> basically meaning where every single network
used a specified subnet mask. So let's say
8557.61 -> we had the one dot 0.0 slash eight network.
We had 16 million addresses on that address.
8563.18 -> But here's the problem. Every card on our
router needs to be on a different subnet.
8569.69 -> So if we use four different slash eights,
or classic addresses, we'd be burning through
8575.69 -> 64 million IP addresses. Now the Class B address
base had a slash 16 and was from the 128 dot
8589.48 -> 0.0 all the way to 190 1.255255255. Now guess
what? If you do that each subnet uses 65,534
8603.31 -> addresses with 535. I think it's 534. And
that would basically if so if you had four
8610.649 -> different subnets, or routers on a card, you
would actually burn through 102 260,000 addresses
8616.601 -> again, it would be ridiculous. Now a Class
C address, which had a slash 24, which was
8623.58 -> in 190 2.0 dot zeros all the way to the 223
to 255255255255 Slash 24 would be 254 addresses.
8631.45 -> And of course, there's the Class D address
spaces were used for IP multicast. And that's
8637.45 -> the TT 4.0 dot 0.0 and the 239 dot 255255
2.5. Nobody uses IP classes. We're using classless
8644.609 -> inter domain routing since then that really
means just subnetting. Modern Times classes
8651.17 -> addresses and routers are going to build a
map of the network. And what happens is matter.
8657.52 -> Routers are going to have a table in them.
And they're going to say to reach the 192
8661.65 -> 168 dot 1.0 slash 32. Take interface X to
reach the 192 168 1.4 subnet takes interface
8673.39 -> y to reach the 192 168 1.8 slash 32. So slash
30 subnet reach zero slash 30 subnets. I'm
8683.58 -> giving you right now take interface Zed. And
that's what we're talking about. And that's
8690.35 -> what we're talking about is subnetting because
we have to optimize our IP addresses space
8694.71 -> and we can't waste it. Every interface needs
to be there. So let's Let's say for example,
8701.3 -> we used a single class C IP address 192 168
1.0 slash 24, which gives us 254 hosts. And
8714.21 -> we had one subnet, which was the 192 168 1.0,
slash 28. And then the next subnet would be
8719.89 -> 192 168 dot 1.16, slash 28. And then the next
subnet would be 192 161 68.1 dot 32 slash
8728.61 -> 28. And I did a free subnetting webinar, somebody
from my team posts the free subnetting webinar
8734.58 -> inside of this chat box to help people get
to their goals. Because I can cover the four
8740.77 -> hours of that webinar over here. But I'll
also have a couple of examples. Here, I decided
8752.43 -> to create slash 28. So that same IP address
that I showed you, and you can see the different
8759.5 -> subnets. Actually, do you want me to do a
subnetting webinar, if you want me to do a
8763.84 -> subnetting webinar, do two things type hashtag
subnetting webinar? And also Chris will do
8770.95 -> a poll to see if we got enough of you, we'll
probably do something anyway.
8774.729 -> Yeah, I'll put a poll in the chat box for
everybody if you want to subnetting web.
8784.29 -> So let's see how many people pull it and how
many hashtags subnetting webinars we got because
8788.23 -> you want it I'll do it
8789.23 -> don't know when will fit in the schedule,
but I'll find a way to do it.
8802.27 -> And as you can see, I submitted the slash
28 into multiple smaller subnets.
8817.68 -> Now if subnetting is taking a big network
and chopping it down to little networks, of
8823.939 -> course, we got to do the opposite, right?
We've got to be able to take multiple small
8829.63 -> networks and bring it into a single big network.
Why would we do that? Let's go back to what
8840.66 -> I just showed you see how we have all these
slash 28 subnets. Now if you've got a direct
8849.53 -> connection to AWS and to your VPC, you can
only give them 100 routes. Could you imagine,
8854.96 -> you know, we've already using all these routes
over here. But we can summarize that into
8860.979 -> a single route. Because when we only have
100 routes, we gotta get real, real crap creative.
8867.24 -> So super netting, which is done for route
summarization to reduce the memory load on
8871.38 -> the routers, and the CPU load on the routers
is the exact opposite of subnetting. And it
8877.64 -> is absolutely critical. Anytime we're dealing
with those, you're only going to hear this
8882.569 -> here. You won't realistically, you'll barely
see it on AWS advanced networking, because
8887.14 -> it's so basic, it's not even worth your time.
But you need to know how to do this for an
8892.31 -> architect need to know this because if they
get this wrong, the whole system falls apart.
8897.8 -> So Super NES take many small subnets and combine
it into a giant subnet. And it's really done
8904.85 -> for the router. So here's an example. Here
we've got 192 168 dot 0.01 92 168 dot 1.0
8916.45 -> slash 2004 192 168 dot 2.0 Slash 24 and 192
168 dot 3.0 slash 24. And then we summarize
8927.63 -> that into 192 168 dot 0.0 slash 20. This is
classless inter domain routing, subnet down
8934.109 -> supranet up, and it's all related to your
traffic engineering that your network architects
8938.561 -> and your cloud network architects and your
cloud network engineers need to be careful
8942.25 -> of and believe me, without the cloud networking
people, everything will fall apart. Next thing
8953.62 -> we're going to deal with is ipv6 addresses.
Again, it is a new form of IP addressing new
8959.42 -> is in the last 20 to 30 years old, and people
are starting to use it. Like everything in
8965.11 -> tech. It moves super slow. We all think it
moves fast because the networking marketing
8970.42 -> vendors keep changing the name of the same
old things. But the things that I worked on
8975.04 -> in 1996 are the same things I worked on today.
Of course now it's better, faster, cheaper
8980.03 -> and more reliable, but there is not. So ipv6
addresses are just a newer form. And every
8989.16 -> interface, as I mentioned previously is assigned
an ipv6 Global Address. Where do we typically
8995 -> use ipv6 addresses and mobile phones? Now
have IP Six addresses with a 32 bit binary
9002.58 -> meaning 01 for 32 bits. ipv6 uses 128 bit
hexadecimal address, binary 01 hexadecimal
9018.22 -> 0123456789 Alpha Bravo, Charlie, Delta Echo
Foxtrot. So we've got 16 vs two, so 16 to
9031.649 -> the 120/8 power versus two to the 32nd power.
See the difference here are talking scalability,
9039.62 -> hugest. Chris, the next thing that we want
to cover is the virtual private cloud otherwise
9045.729 -> known as the virtual private data center.
Where are my time? Was
9056.79 -> it gone for about 20 minutes.
9058.13 -> Okay, let me take a few minutes of questions
before we get to VPC?
9085.65 -> Good question, what's the difference between
a high availability failover site and a disaster
9089.37 -> recovery site? A failover site is you have
a data center over here. And you've got a
9095.88 -> data center here. And if this fails, everything
goes to this one. That's high availability
9100.99 -> failover. And disaster recovery site is a
complete and total or partial backup of your
9108.59 -> systems either ready to go for failover or
in an in a manner where it's just stored and
9114.84 -> not ready to go. So for example, if I'm going
to use a physical data center, and I've got
9121.08 -> two data centers, one in New York, and one
in New Jersey, and one in physical Philadelphia,
9126.09 -> I've got three data centers in a close proximity
of a nuclear bomb, were to attack or a massive
9134.22 -> earthquake that covers that small area, or
a massive hurricane were to come. And all
9143.3 -> those environments go down. I'm done. Now,
by comparison to a high availability failover
9151.12 -> site, a disaster recovery site is typically
like 1000 plus miles away. And it's owned
9156.96 -> by different people under different people's
control. So AWS would say, Hey, you can have
9163.05 -> your stuff in US east, west, east and US West,
and you can back it up to Europe. And then
9167.94 -> when the AWS code goes down, you got nothing,
something my grandmother would call book us.
9173.12 -> For those of you that know what I mean. By
comparison, if I was just using, if I was
9179.75 -> using the AWS cloud on the Azure Cloud for
high availability, I might store all my data
9185.05 -> into Google. And that way, and all my virtual
machines into Google on that with AWS health
9190.229 -> and Archerfield, I got a backup cloud. It
will be on your exam, but you should never
9195.67 -> ever, ever, ever, ever, ever, ever do your
disaster recovery in the same cloud as your
9200.78 -> systems. Because that's like putting all your
eggs in one basket all over again. So I hope
9204.95 -> I answered your question
9208.72 -> What's the main difference between TCP and
UDP? Huge difference. TCP is reliable. So
9218.93 -> Chad, I send you a message and you say got
it, like send me a message to I sent a message
9224.33 -> to and Chad you say got it. And then said
if you got to let me speed it up, we're gonna
9229.189 -> send you messages three and four. And you
say got him and then I'm gonna send you some
9232.24 -> more. I'm gonna let you send you messages
5678 You're gonna say got it Mike. And then
9237.191 -> I'm going to send you 910 11 and 12 and you
don't respond. So I'm going to resend you
9242.96 -> 910 11 and 12 until you respond. Of course
I'm going to slow it down and listen you want
9248.151 -> message after your last one by comparison
UDP as me sending you data as fast as I can
9253.55 -> and I don't care if you receive it or not.
So if I'm going to send you something really
9259.1 -> critical that I need acknowledgement on it's
going to be sent via TCP. So TCP is typically
9266.399 -> sent for files for example now What if his
voice What if I said you my cat Cindy is beautiful.
9275.43 -> And I and you lost the word my cuts and you
got my cut Cindy is you lost is and how beautiful
9282.38 -> my cuts end beautiful. That's voice that's
like your cell phone for example or video
9287.75 -> on Netflix. It pixels up for a second and
it goes back to normal that's supposed to
9293.109 -> be TCP retransmits so now what if I said to
you, beautiful is my cat Cindy, because we
9298.361 -> lost them in the messages and we say em I'd
still be able to interpret it but you so for
9302.25 -> voice and video, it's always UDP. For reliable
transport of anything mission critical like
9309.38 -> a file, it's always done via TCP quick question.
9320.5 -> Good failover site Florence runs at the same
time as the original site, and the data should
9325.17 -> be synchronized and identical. Yes. Good thinking.
Kira and Charles, what are the limitations
9335.55 -> of ipv4, realistically speaking, the number
of IP addresses two to the 32nd power, major
9341.33 -> problem. Otherwise, it's perfect. What are
some challenges associated with transitioning
9347.21 -> from ipv4 and ipv6 Bri addressing your systems,
setting up the routing protocols and rebuilding
9355.04 -> the routing table? That doesn't sound like
much, but I'm going to tell you, cci is like
9360.13 -> me had been cleaning up people's IP addressing
scheme massive mistakes for decades, what
9365.171 -> happens is typically, they have somebody that's
like a sysadmin, or a programmer that thinks
9370.46 -> they know IP addressing. And it's not that
these people aren't smart programmers, no
9375.109 -> programming sysadmins no systems administration.
And the person that sets up the IP addressing
9380.7 -> plan needs to be the best network architect
in the entire building. Because it takes so
9385.48 -> much networking capabilities. In order to
be able to do these things. They need to be
9389.399 -> the most senior person because no IP addresses
are kind of like the roads in a city. If the
9394.78 -> roads are designed poorly traffic is traffic
jams all the time. So the readdressing as
9400.33 -> the main plan and resetting up the interior
gateway protocols such as OSPF or many systems
9404.979 -> to intermediate systems to deal with it. And
the exterior gateway protocols such as BGP
9409.13 -> to deal with a new ipv6 address family, not
that it's nothing to somebody like me, because
9414.05 -> I've been dealing with this forever. But it's
something that's going to take the help of
9418.16 -> a strong network engineer, at minimum or on
a great network architect. Good question.
9428.779 -> How do you create an IP address? I don't know
what you mean by that. How do you assign an
9433.83 -> IP address is going to typically done via
DHCP or Dynamic Host Configuration Protocol.
9443.66 -> Okay, I'm gonna get back to the content. But
if you want a subnetting webinar, please vote
9450.95 -> for the subnetting webinar. So vote for the
subnetting webinar, let me know I'm hashtag
9460.01 -> AWS Solution Architect Associate as well,
as you know, click on that vote for the subnetting
9466.25 -> webinar, we know your way. So we're gonna
you know, the AWS VPC section is pretty deep.
9475.4 -> And because we're now dealing with your virtual
private data center, which was all that a
9479.54 -> cloud is, what I'm going to do is, is cover
as much as I can today, we may go over a little
9484.34 -> bit, because I'm trying to avoid Saturday
for everybody. And I want to give you guys
9488.14 -> even if we go a little longer. So let's talk
about the components of the VPC, its routing.
9497.37 -> It's routers that connect to the Internet
called Internet gateways. We'll talk about
9501.8 -> egress only internet gateways, not instances
and not gateways. We'll talk about elastic
9506.46 -> IP addresses, VPC endpoints, VPC, peering
access control lists, specifically network
9511.97 -> access control lists, and security group.
9520.36 -> To begin, first, let's talk about routing
tables. How do you get your traffic to its
9525.67 -> destination? The routers doing? So how do
the routers do it? Typically speaking, they
9531.41 -> run a little protocol, they all talk to each
other. And they tell each other the routes,
9535.76 -> they build a map of the network. And when
it comes to routing, there's going to be two
9540.59 -> ways where you can build your routing tables.
Option one, you manually tell it. So for any
9546.21 -> of you that are like 50, or I'm not quite
50, but any of you guys that are between 40
9550.7 -> and 65. Perhaps you remember you wanted to
go to your friend, Billy Bob's house or Julie's
9557.08 -> house or Sarah's house and you didn't know
where they lived and they gave you their address.
9562.64 -> And you picked up a physical piece of paper
map and you looked at it. And then you wrote
9567.399 -> down some paper that said I 95 for 22 miles
north. Get off at the i 95 Exit take route
9575.689 -> to 22 for three miles east. Then make a right
onto 123 Main Street at her house is 22 123
9583.97 -> Main Street, wrote it down via paper. Guess
what? That was great. And then poof, we're
9591.479 -> trying to drive to our friend Julie's house
and the road is blocked by police officers.
9596.05 -> Now we don't know how to get there. And they'll
point you to some detour and you get lost
9599.97 -> Four hours later, you get there, you're all
frustrated, you're just came the invention
9605.86 -> of the GPS, recalculating, and they got to
the destination. So with routers, we've got
9612.069 -> two options, we can use a dynamic routing
protocol called BGP, make sure you follow
9616.62 -> me on LinkedIn, pop this thing out, I'm gonna
get you some unbelievable blidi pre training
9621.649 -> completely free. I'm gonna release it real
soon. Follow me on LinkedIn if you want to
9627 -> get it. And so realistically speaking, anything
that matters is going to use dynamic routing
9639.17 -> protocols. But the routers are going to build
a map. And here's what the map is going to
9643.78 -> look like. It's going to say, hey, to reach
the 172 16 dot 1.0. subnet, it's right here.
9648.819 -> I'm already on that subnet. So it's local.
To reach the 192 168 dot 0.0, subnet, use
9655.399 -> this interface. Papa Charlie X Ray 123456.
To reach the one to 168 1.0 slash 24, which
9665.61 -> is more specific than the previous one, reach
the Papa Charlie X ray 654321 interface. I
9673.34 -> want to go to the internet. Look, notice we
have what's called the default route. So all
9676.511 -> zeros, which says if you don't know where
to go, go here. Reach out Internet Gateway,
9682.899 -> India golf whiskey 123456. So kind of keep
that in the back of your mind. I use phonetic
9689.149 -> alphabets constantly. Because, again, I'm
all about precision language, a language that's
9692.98 -> used in every country in the world to make
things simple.
9699.569 -> Now, what is it looking like in the enterprise,
I'm wanting you to guys have some more knowledge.
9707.3 -> Typically speaking, we're going to have what's
called an Interior Gateway Protocol that's
9710.979 -> optimized for speed. And you know, there were
lots of internet Interior Gateway routing
9717.25 -> protocols. Over the years there was rip there
was roughly two there was IGRP, EIGRP, OSPF
9723.859 -> and immediate systems intermediate systems.
In today's world, it's either OSPF which is
9730.74 -> what most enterprises uses, or the global
Internet service providers, we use OSPF or
9736.37 -> intermediate systems, intermediate systems.
So what you'll see is, these are dynamic routing
9740.87 -> protocols, the organizations themselves internally
will run their own Interior Gateway Protocol
9746.069 -> that's optimized for speed. And we'll run
what's called an exterior gateway protocol,
9752.91 -> which is what's used to connect to internal
external entities. So Interior Gateway Protocol
9760.641 -> locally, exterior gateway protocol between
things. When an organization connects their
9766.01 -> data center to the cloud. Inside of their
data center, they're running an Interior Gateway
9770.74 -> Protocol, like OSPF. And when they connect
to the cloud provider to exchange routing
9776.32 -> information, they're using BGP, because that's
really the only exterior gateway protocol
9781.25 -> we use in modern times. So that's the way
that kind of looks. And I'm going to briefly
9789.8 -> graze over BGP, because it'll take me at least
four hours to do a BGP workshop. And I've
9796.609 -> got a really beautiful document coming for
you please follow me on LinkedIn, you don't
9800.05 -> want to miss this document. So when you're
connecting to AWS, overthinker, direct connection
9808.25 -> or potentially even a VPN, you've got to find
a way to exchange routing information, why
9813.38 -> your data center won't be able to reach them
if you don't have the routes. And the cloud
9816.99 -> won't be able to reach your users if it doesn't
have their route. So you need to get the routing
9820.84 -> work. And it's going to be via BGP, and AWS,
as well as all cloud providers support connecting
9827.21 -> to them via BGP, because it's, it's your organization's
and the cloud providers exterior to you. We
9834.63 -> use BGP because it's incredibly tunable and
highly scalable. We can do all kinds of traffic
9839.68 -> engineering, a, take this link to go here,
take this and load share back and forth BGP
9845.06 -> is amazing. It's beautiful. I've got over
10,000 hours of experience with it, and I
9849.27 -> love it. And I use it for everything as the
old network architect. test question for you
9854.44 -> might see it, you'll see you'll definitely
see it on the AWS advanced networking, which
9857.72 -> I don't recommend you take because it's too
basic. You'll likely see it on one of either
9861.59 -> the Certified Solution Architect, associate
or professional, probably the professional
9865.33 -> but you may see it on either one. BGP uses
TCP port 179. I'm gonna say it again, BGP
9872.27 -> uses TCP port 179. Why do I say this to you?
Well, chances are, you're gonna have a firewall,
9880.36 -> right? Or an access list somewhere for security.
If you need to connect and you've got a firewall
9885.529 -> between you and AWS, and you don't allow TCP
ports 179 Guess what? BGP connection will
9894.21 -> close. No traffic will get anywhere. Also
with BGP, you will require it Autumn autonomous
9901.149 -> system to identify your organization. When
you connect to BGP, you must use it with direct
9911.91 -> connections. And there's a tremendous amount
of tuning options, but document that I'm releasing
9916.779 -> will explain every last one on. AWS also supports
the community, no expert, which is great if
9924.75 -> you don't want to become transit, which is
way beyond the concept here. It's also far
9928.42 -> beyond the AWS advanced networking, we're
getting into CCIE concepts, which I can't
9932.319 -> do in the short period of time. But what it
means is this. If I tell Chris information
9940.74 -> about my routes, and Chris tells Alonso information
about my routes, Alonso can reach all of my
9947.11 -> routes through Chris, that's called transit.
If I tell Chris, Chris Do not tell Alonzo
9954.35 -> about any of these routes, Alonso can't reach
me through Chris. So the note export community
9962.06 -> means don't tell your people downstream or
upstream any routes that you've learned from
9967.66 -> this provider, and AWS supports. AWS implementation
supports very basic BGP implementation, but
9976.12 -> they do support weight local preference as
path specific as your routing information
9979.64 -> etc. And they only only will let you use 100
routes. So 100 route is nothing. I worked
9990.23 -> on networks years ago that had 20 and 30,000
routes and that's before right when Robert
9994.18 -> for small with like a couple 100 megahertz
CPUs in them, kind of put that into context,
10001.96 -> megahertz. So it's all about using the right
IP addresses.
10012.62 -> Let's talk about an Internet Gateway, what's
a gateway everybody, it's just a router. A
10017.47 -> gateway is a router. So if you want to connect
to the internet, you need a router that connects
10023.25 -> to the internet, right? So AWS calls the routers
that connect to the internet, internet gateways.
10029.37 -> Good logical term truthfully told the really
owes. An AWS will tell you there's no bandwidth
10037.12 -> constraints or performance limitations and
your Internet Gateway. There's always performance
10041.29 -> limitations, but for the most part, it's about
the speed you need. And it's just a router
10045 -> that connects to the internet. Here's how
you create one it's very simple. You basically
10052.84 -> go to the management console CLI and you attach
an internet gateway to your VPC, which is
10057.13 -> a virtual private data center, you create
a default route, which was that zero dot 0.0
10061.41 -> route and you send all unknown traffic to
that Internet Gateway, you need a public IP
10068.55 -> address on the Internet Gateway. As well as
any systems that need to be reachable from
10074.399 -> the internet now, an Internet Gateway means
the system that are behind it with a public
10078.55 -> address are reachable from the internet. Internet
Gateway reachable inbound and outbound from
10086.02 -> the internet both ways. Now, what do you guys
think this means? Means hackers can find you.
10093.311 -> hackers can find you. So Internet Gateway
means you're available to be hacked. So he
10100.28 -> has the right next generation firewalls, intrusion
detection, intrusion prevention systems, etc.
10106.25 -> Set up your demilitarized zones intelligently
none of that's covered in the AWS Certified
10110.681 -> Solution Architect, associate or professional.
But if you're going to be an architect, you
10114.109 -> need to know these things. We teach it obviously
in our cloud architect career development
10117.46 -> program. So just understand, Internet Gateway
means reasonable in and out. What's it look
10125.88 -> like over here architecturally, according
to AWS looks very simple.
10132.79 -> You've got your virtual private data center,
which you can see as you've got some virtual
10139.21 -> machines.
10140.81 -> Let's say the they're all behind a load balancer
behind the router, the public address on the
10147.16 -> load balancer would have this IP address of
3.3 dot 3.3. It's a public address, which
10152 -> is routable to the internet, all systems behind
this which all fall in the cider range of
10157.34 -> 172 16 dot 0.0 slash 16. If they don't know
what to go, they look at the routing table.
10163.84 -> So just look at this. You can see two subnets
over here. 172 16 dot zero slash 20 for which
10170.59 -> the routing table shows us local in the upper
right hand corner, the 172 16 dot 0.0 dot
10176.39 -> 3.0 Slash 24 is also local because it's inside
of our environment. And there you go. That's
10182.801 -> your default route 0.0 dot 0.0 slash zero
which says if you don't know where to go,
10187.29 -> go to the Internet Gateway. That's all we're
talking about. Same thing we've done routers
10196.32 -> internet, own internet gateways all that ingress
which means coming in an egress which comes
10204.14 -> out, traffic comes in, you can be hacked so
secure accordingly. Now let's talk about something
10213.05 -> called an egress only Internet Gateway egress
means it allows your traffic go out, but it
10219.979 -> doesn't allow any traffic to come in. So an
egress only Internet Gateway is designed for
10226 -> your systems that use ipv6. And it allows
your systems to go out to the internet, maybe
10233.27 -> update their operating system, download patches,
etc. But it doesn't allow external traffic
10238.819 -> in. So it's much more secure than using Internet
Gateway. It's still be using firewalls and
10243.93 -> things behind it anyway. But keep that in
mind. Internet gateways are stateful. What
10253.05 -> does this mean? So here's the thing. I'm sitting
behind my phone, my phone just became a firewall.
10261.279 -> And I want to go to the cindy.com website
to see photos of the beautiful scenery of
10268.79 -> the cat doing cat things, jumping up, sleeping,
wherever it's needed to cut, though she has
10274.6 -> all kinds of fun per day. She looks like this,
by the way. But my phone is the firewall and
10282.34 -> I want to go to the cindy.com website. I type
www.sedar.com on my website. DNS tells me
10289.77 -> the ipv6 ipv4, ipv6 of the website and my
traffic hits my default gateway goes through
10295.5 -> my firewall and out to the internet. Now when
I stuck my traffic through the firewall, the
10303.13 -> firewall paid attention to me and it says
Mike Gibbs is going to www dot send you the
10309.97 -> cat.com. So my my request goes through the
firewall, it pierces the firewall, it goes
10316.279 -> out to the internet to the sydney.com website.
sydney.com says, here's the photo of me your
10321.59 -> requested Mike, or daddy, whatever you want
to use, it goes through the firewall, and
10326.29 -> it comes back to me. Why is her traffic allowed
through the firewall, because the firewall
10332.22 -> has a table that says Mike Gibbs went to www.sedar.com
sydney.com was answering Mike Gibbs so allow
10339.42 -> the traffic. Now, conversely, we now have
a hacker on the internet wants to get the
10344.989 -> mic get his computer that's behind the firewall,
he or she sends their traffic to the firewall
10350.5 -> to me to the firewall and the firewall says
denied. Next hacker comes in denied next hacker
10355.8 -> tries to come in denied. And why is that because
the firewall doesn't know about it, it has
10361.47 -> no state. So the state is merely tracking
that. What happens if the firewall saw me
10369.88 -> go through the connection, remember that it's
stateful. That's what stateful means. So egress
10379.24 -> only internet gateways allow your traffic
out to the internet and returning back. But
10382.99 -> it does not allow me to connectivity. And
that's typically used for your host to get
10387.979 -> back to get patches. Not instances. Well,
realistically speaking, not instance, is something
10397.75 -> that in the old days, you would have stuck
behind your Internet Gateway, which would
10402.84 -> translate your private addresses into public
addresses. Now, the reality is AWS has a better
10411.04 -> service called the NAT gateway, we'll get
to this but you might still need to create
10414.439 -> your own version of a NAT instance, even if
it's not an AWS NAT instance, Nat translates
10419.25 -> one address to another. Why might you need
to do this company a address their systems,
10427.16 -> you then 10 dot 0.0 address base. Company
A is a big, strong, powerful company and it
10432.359 -> just bought Company B and get switched up
IP addresses, company B is using 10 dot 0.0
10437.72 -> slash eight. Now I told you your address base
needed to be unique between them. So if Company
10444.92 -> A wants to talk to Company B, and they use
the same IP addresses, they got a problem
10448.25 -> doesn't work. So we might use to use NAT or
network address translation to translate these
10454.25 -> addresses into different addresses so the
systems can talk to each other. And there's
10458.13 -> multiple forms of Nat, one to one NAT one
of many NAT static NAT dynamic NAT, Pat, I
10461.74 -> mean, most of those aren't even covered in
the AWS advanced networking, but you may need
10466.229 -> to do them. So critical information for the
cloud architect or the cloud network architect.
10471.17 -> And that's why we have training this way beyond
this, but we're focused on certifications
10474.24 -> in order to pass the exam. So in that instance,
is available as an AMI, meaning an image that
10483.1 -> you can use from AWS or you could create your
own NAT instance if you needed to do not.
10487.67 -> But if you're going to use not connecting
to analysis to connect to the internet, you
10491.07 -> have to put it in a public subnet. And basically
it's gonna have a default route to the gateway.
10494.899 -> And all your hosts will have a default route
to the will basically have a default route
10499.93 -> to The NAT instance, which will then have
a default route to the NAT gateway that's
10504.83 -> going to look like this gotcha uses in a private
subnet. They want to go to the internet there
10509.35 -> have a route that says go to the NAT instance,
the NAT instance send your traffic to the
10514.84 -> NAT gateway, which sends your traffic out
there to the internet. Now that was getting
10524.08 -> pretty complicated. So AWS decided to come
up with a simpler solution. And they came
10529.75 -> up with a NAT gateway, which is a fully managed
service. The NAT gateway connects you to the
10535.96 -> internet and translate your private addresses
into a public address. Now NAT gateways do
10542.57 -> something that's called Pat, or port address
translation is also known as NAT overload,
10548.41 -> where they translate a tremendous number of
addresses into a single address. And they
10553.21 -> do that by using an IP address plus a port
number to separate each IP address. If you
10558.42 -> want to know more about that, we've got a
free CCNA course that you can actually see
10563.14 -> on our website, my team and pop a link to
them. So what happens is a NAT as a NAT gateway
10570.42 -> is fully redundant inside of availability
zones, if you've got two availability zones,
10574.22 -> guess what you need two NAT gateways, you
put it in a public subnet, and it's got a
10578.05 -> public IP automatically assigned to it for
the life of the gateway. And basically, you
10583.83 -> just give all your systems a route to the
NAT gateway, it's kind of like a NAT instance,
10589.54 -> Internet Gateway all in one without you having
to think about the security concerns to the
10593.729 -> same degree as you would with a not a not
an Internet Gateway, which basically provides
10598.12 -> full internet access behind the NAT gateway.
So your systems are here, you attach to the
10602.23 -> NAT gateway, and it provides Internet access
and not services network address translation
10607.24 -> at the same time.
10613.42 -> Now, on your computer, if you want to connect
it to the internet, you got to plug it into
10617.83 -> the network, right, the Ethernet card on your
computer. Or you could use Wi Fi. Tip secret
10625.24 -> here. If it matters, you don't use wireless
ever, you're not going to see a data center
10629.53 -> built on wireless. They wire things out. If
you want to go see a concert, chances are
10636.52 -> most of the stuff behind the scenes is going
to be wired certain things are going to be
10640.33 -> wireless that they have no choice but most
everything's going to be wired. Why because
10644.5 -> wires are more responsible than wireless are
more reliable than wireless. So every computer
10653.2 -> needs to be plugged into the network. And
what is it used is called a network interface.
10658 -> So when we deal with AWS, their marketing
folks call it an elastic network interface,
10663.5 -> an elastic network interface, there's just
an Ethernet port, or a virtual ethernet port.
10668.8 -> And by default, you basically would set up,
you turn on your system and it comes with
10675.92 -> one network interface. Now there are times
where you might want to put a system on two
10683.58 -> different subnets at the same time. And you
can basically put two coasts. And if you did
10689.399 -> that two subnets for us to interest fail,
you'll see a lot of people teaching you to
10694.1 -> do this with a bastion host, which is one
of the worst security things you could potentially
10697.72 -> do. Except for not the Azure bastion host.
But the way most people do it, I'm not even
10702.05 -> going to cover that just don't make a bastion
host. We've got a video on why you shouldn't
10706 -> create Bastion hosts at least for most parts
like they teach in the certification. But
10712.35 -> done it intelligently it can be used. Actually,
there's no intelligent way to do it. What
10717.85 -> happens with a bastion host is you stick a
host on the internet on the public internet
10721.739 -> with two network cards, and it's got a backdoor
into your private systems. You can SSH to
10726.63 -> this thing on the internet, wide open on the
internet. And then you can backdoor into your
10731 -> systems but so can any hacker. But there are
business reasons. Maybe you've got users on
10736.39 -> two different subnets and maximum performance.
You don't want to route between subnets in
10741.61 -> your router that there are reasons you multihomed
thing. Or you can create a private management
10745.62 -> network and manage things over the management
network. There's there's lots of reasons you
10751.029 -> need a multihomed service. Now, if you need
a public address, like on a web server, or
10758.71 -> on a load balancer, if there's multiple web
servers behind the load balancer, we're going
10764.25 -> to public IP address you're going to need
one. So what do you think a public IP address
10768.34 -> is called? An elastic IP address because the
marketing terms of the word elastic. So what
10775.41 -> what is an elastic IP address? It's a public
address that you borrow from AWS and you keep
10781.73 -> it as long as you need it. And when you're
finished with it, you just have to return
10787.75 -> it. AWS is global addressable, and it gets
given to another user when they're ready.
10793.56 -> An elastic IP address can be a single public
address. It can be it can make could have
10798.491 -> a public address that's mapped to Many private
addresses, as with Nat overload, otherwise
10802.359 -> known as port address translation with a NAT
gateway. And we can can set it up in multiple
10808.91 -> ways. Here's what it actually looks like,
architecturally speaking.
10818.42 -> You can see you've got your systems. And the
systems basically have a public IP address.
10826.649 -> That's
10829.21 -> Chris, how long have I been talking?
10839.85 -> Not sure, actually, I just assumed you're
going to be finishing out but it's been about
10844.16 -> 20, maybe 25 minutes, maybe.
10849.71 -> What I'm going to do is I'm going to cover
endpoints. And then after endpoints, I'm going
10858.2 -> to stop it, I'll take some questions. And
I think we probably should finish from there,
10861.66 -> unless people want a little more. So let's
discuss endpoints. And planes are a way to
10869.54 -> connect things to each other. That's why it's
called then. And we're going to be dealing
10875.88 -> with two kinds of VPC endpoints. And endpoints
are used to allow your V PC to connect to
10881.96 -> another AWS service, or an another network.
We use endpoints because their performance
10888.2 -> is better, the latency is lower, and the security
and cost is better than going to the end and
10893.42 -> going to the internet. Here's an example of
an endpoint and its action. Let's say you've
10898.77 -> got your VPC, your servers there want to communicate
with object storage, otherwise known as AWS
10905.88 -> s3, there's two ways you could do it, you
could send your traffic out to the internet,
10911.88 -> and back into s3. Now, the internet's not
secure. So you'd have to encrypt your traffic.
10918.67 -> And here's the scary part, you have to pay
to send your traffic to the internet, the
10922.172 -> internet performance is slow, and not guaranteed.
And then it would come back to AWS. Or you
10929.79 -> could do the other option, which is you could
just send your traffic across the AWS network.
10934.3 -> And that's the point of the implant communication.
You have no control over the AWS network.
10940.83 -> But you, you have no control over the internet,
and you have no control over the AWS network.
10947.561 -> But AWS can control the performance of their
network, but they can't control the internet.
10952.03 -> So endpoints are gonna have lower latency
but our communications etc.
10960.17 -> So endpoints are really virtual devices that
are because they're virtual, they don't go
10963.59 -> down there. High Availability is something
the cloud doesn't go down. We're going to
10967.12 -> talk about two kinds of endpoints gateway
endpoints and interface endpoints. Gateway
10973.96 -> endpoints provide high speed access to AWS
services, like s3. And the way it works is
10983.08 -> it prints a route to the service and puts
the route on the routing table and allows
10988.59 -> private access from, say object storage to
your VPC and vice versa. When you create an
10995.189 -> endpoint for s3, what happens the prefix list
and a VPC endpoint or created the prefix list
11001.569 -> will adhere to the naming convention of a
PRI, and it's going to look like polyoma P
11007.42 -> O dash, and then you're gonna have a bunch
of whatever it needs to be things coming after
11012.109 -> that like, extra, extra, extra, extra, extra,
extra, etc placed in the routing table. And
11017.19 -> that way your routers and the VPC, the virtual
routers will know if you want to reach us
11020.5 -> three, go that way.
11027.78 -> So let's talk a little bit about securing
an endpoint, you're going to set up an endpoint
11033.01 -> policy that's going to limit resources that
are available to the endpoint. Remember, if
11038.35 -> you don't have a route to it, you can't reach
it. So only limit limit your routing information
11043.2 -> to the subnets that need it. Because if you
don't have a route, you can't reach it. So
11046.83 -> that's a great way to start with some security
right then in there quickly, cheaply and easily.
11053.569 -> Next, we'll discuss interface endpoints. Now
interface endpoints are a way to connect to
11062.08 -> different AWS services or other organizations.
So let's say EC to Systems Manager, Kinesis
11068.77 -> load balancers. Maybe you're a car manufacturer
and you make a car but you got a tire manufacturer
11075.109 -> and a batting mat, battery manufacturer, and
a steel manufacturer all on AWS, you want
11081.48 -> to connect to them directly across the AWS
cloud. That's why you're using an interface
11087.75 -> endpoint. Interface endpoints work a little
bit differently than the gateway endpoints.
11091.899 -> We describe what happens when you create an
interface endpoint and effectively creates
11096.97 -> a network interface on your VPC that's local
to your VPC and use that interface to connect
11105.689 -> to the third provider. AWS will automatically
generated DNS names. You don't have to remember
11111.27 -> the IP address and you can connect to it via
the name. Interface endpoints actually use
11117.72 -> the AWS private link service, which is a one
way like pseudo wire or virtual wire to connect
11123.041 -> to things across the AWS network. It's like
a virtual private line. And the private line
11128.859 -> creates these network interfaces that you
use, and it restricts all traffic going across
11134.55 -> the endpoint between your VPC and that service
with a customer partner. What does it look
11142.729 -> like architecturally speaking, let's say you've
got your your VPC and you want to reach a
11150.53 -> service provider VPC and the service provider
VPC is VPC to what happens you create a VPC
11158.55 -> endpoint and you can reach the system inside
of EPC Joe
11163.92 -> I'm going to stop there. Because VPC peering
is another concept and I think I've been speaking
11175.62 -> a long time and I don't want to confuse people.
Chris, are there any questions for me? I'm
11182.931 -> sure there are.
11185.75 -> All right, let's see if there are questions
11195.59 -> I'm worried we covered so much and people
are getting tired
11207 -> Oh, yeah, comments on cat.
11215.26 -> We love my cat Cindy. She came into our house
like a storm. I bought her from my wife, because
11224.59 -> my wife loves cats. And the next thing I realize
the cat sleeping with me following me from
11231.17 -> room to room special. How do you recognize
an ipv4 versus ipv6 address? Leo for my team
11238.51 -> did a great thing. And ipv4 address is going
to look something like what 10.0 dot 1.1 28.
11247.97 -> Whereas an ipv6 address is going to be in
hexadecimal. And it's going to look like 2002.
11257.71 -> And it's going to look like zero delta echo
seven, for example. And you'll see another
11261.88 -> call in it'll be Alpha Bravo, Charlie, Delta,
colon. And then you'll see like a 001 thing,
11267.03 -> and it'll go on for 120 minutes. Great way
to great example.
11281.88 -> Does endpoints use patch cables? Now these
are virtual things. So between every server
11292.18 -> they're going to be plugged into switches,
typically two that are going to be plugged
11295.13 -> into the routers. The routers are gonna have
cables in between each router. But the endpoints
11302.88 -> are virtual, they're gonna use the IP network
that's already been established. Good question
11306.529 -> that's.
11315.12 -> For the endpoint, they must have IP connectivity,
everything is plugged into the network, which
11319.38 -> means you may need a network
11320.38 -> just to concern, you can access your s3 bucket
from new Seatoun instance. And a private some
11333.83 -> was via a gateway endpoint. That is correct.
You could also go out and reach it through
11337.33 -> the internet if you wanted to. But that wouldn't
be efficient.
11343.36 -> Are there any implications using any IP? No,
not at all. That's your only option. When
11352.439 -> it's recycled back? Well, the implications
are, if you wanted to use a different one,
11358.01 -> you'd have to update your DNS mappings and
things like that. Kind of like when you go
11361.96 -> from one service provider or another, but
everything else would be okay. You just have
11364.45 -> to change your IP addresses and your routing.
Well, you don't really have to do so much
11368.46 -> with routing on the cloud. It's much easier
and your DNS Good question.
11374.6 -> Are there cases when you would prefer an interface?
Gateway or an interface? Yeah, you have to
11382.84 -> use it based upon when you're using. If you're
connecting external clients, it's an interface
11386.979 -> endpoint. If you're connecting to s3 or DynamoDB,
I think it's s3 Definitely think DynamoDB
11393.109 -> also uses a gateway on point everything else
uses an interface on point
11409.649 -> Okay, so I do want you to at least I want
to make sure you read the book as well. You
11420.3 -> know, in the book, we have the ability in
the time to provide even more content. And
11425.59 -> there's a relationship between the content
that we're discussing here and in the book.
11429.1 -> In the book, we're giving you much more focused
AWS content for the exams. And I'm giving
11435.09 -> you as much non AWS content as a candidate
time permitted. But I'm still making this
11441.21 -> bootcamp focus. So I want you to read the
I want you to read the book, I want you to
11445.3 -> practice the loves. And I also want you to
watch all these because I want the best for
11452.04 -> you. To end points of playing ipv6, it's kind
of a weird route that they're putting in the
11457.17 -> routing table. Remember that as a prefix less
common xx xx, so it's something slightly different.
11464.729 -> Does AWS generate the DNS? Yes, absolutely.
Free on points? Do you secure BGP routing
11476.359 -> information and prevent unauthorized changes
to the routing table? Well, you can do certain
11484.81 -> things like you can set up MD five message
authentication, which is not the greatest
11489.55 -> crisis in the world, you manually assign your
BGP peers, which is something but what you
11496.051 -> typically want to do is you typically want
to set up your BGP policy with either a distributed
11502.68 -> list, for example, or a route map, that you're
only accessing routes that the come from the
11507.47 -> subnets that you're supposed to. And that
way, you're generally there. There's some
11511.51 -> very good guidance on acceptable ways to use
BGP. But there and I actually have an article
11517.34 -> that I wrote on for hacker noon on how to
secure your BGP as well, and BGP hacking and
11522.75 -> hijacking. But kind of keep that in the back
of your mind. Yes, those are the kind of main
11526.84 -> things that you can do, it's not a lot. But
the message dot the message authentic the
11531.47 -> BGP peer authentication, the fact that you
manually define the peers. And if I know that,
11537.21 -> I'm going to receive the 172, once one, six,
dot 0.0, slash 19. I'm only going to take
11550.75 -> one route from that and not allow any other
routes to be injected into my systems. And
11554.96 -> the cloud provider would do the same question.
What is the AWS backbone, it's their high
11563.561 -> performance, high speed network.
11572.63 -> Strong questionnaire.
11581.02 -> Please download those. And most importantly,
tomorrow. There's a lot of questions on careers.
11587.38 -> And there is a massive difference between
certifications and getting hired in today's
11593.25 -> world. I want you to get hired, I want you
to earn a lot more than you dreamed possible.
11600.05 -> And that's very easy to do if you know exactly
what to learn. And most of those things are
11605.29 -> not in certifications. And all of you can
do it, regardless of your background. So please
11609.439 -> join us tomorrow on the become the ultimate
Cloud Architect webinar, not only will be
11615.5 -> present for about 30 minutes, but we will
spend an additional 90 minutes answering your
11619.75 -> questions live live. to kind of keep that
in the back of your mind. And we can do it
11629.82 -> face to face. And if you had a good time and
you're learning please hit the like button,
11635.51 -> please subscribe to our Youtube channel and
hit the notification bell so you'll be notified
11639.63 -> when we do these things. And, you know, I
it costs as much as buying a new car to put
11645.84 -> on one of these productions. And we do it
to help those that can afford training. Because
11650.979 -> I really want to help the entire world build
their best career. Please share this, tell
11657.96 -> your friends to take this course we're keeping
it live on YouTube completely free. So please
11662.88 -> send an email a tweet, make a LinkedIn post.
We put a lot of time, effort and money on
11669.649 -> this. There's about seven members of my team
working on this right now. Let alone the hundreds
11675.74 -> and hundreds of hours behind the scenes to
put something like this together. Please share
11679.96 -> this so we can help as many people as possible.
BGP will be have to be configured on both
11688.449 -> sides. BGP is only configured on routers,
not switches unless it is a layer three switch,
11695.819 -> which is really a switch router combined.
So thrilled that you're there. Sara, thank
11700.621 -> you so much
11711.17 -> I don't know what you mean by that. But anybody
can follow this course I don't care whether
11714.6 -> you take the certification or not, I care
that you get the knowledge. I've got people
11721.62 -> getting hardest caught architects every single
day. And some of them never even took a certification
11727 -> exam, but they're trained for the job. And
they don't need any fancy education. They
11732.68 -> don't need any experience. They needed to
read the book and watch this course again
11737.12 -> and again, each time I promise you will pick
up other things. CMS, thank you so much. I
11742.41 -> really owe me thank you so much. Lonzo another
awesome way to live and go code bootcamp,
11750.359 -> I think so Alonzo, I hope so. I want to thank
you so much.
11760.04 -> Chris, thank you. The Go Cloud Architect with
him is thrilled to help David. We're thrilled
11766.77 -> to be here for you. Karen, thank you and team
Mike and team. Thank you so much. Thank you
11772.479 -> all having a great time. Allows you to remember
that song y'all having a good time. And so
11776.851 -> put in the chat box because it's driving me
nuts. Not the pitbull version. But the original
11781.07 -> version. I like the purple version. Thanks,
Jason. Thanks. Which webinars that for tomorrow,
11788.319 -> that is the how to get your first cloud architect
job. And not only will tell you how to get
11793.26 -> your first cloud architect job, but how to
be great at it so you can have a great career.
11798.07 -> Thanks, Lady Godiva. Thanks, Jim. Thank you.
Great. Thank you. And we appreciate it so
11808 -> much. We love the cloud community. And I'm
thrilled you're here. AJ, thanks so much.
11812.56 -> Please hit the Like button. Come back. We
have to thank AJ for a service in the Marine
11816.41 -> Corps. He is a great guy. We're thrilled that
you're here. blocked out learned a ton. I'm
11822.96 -> so happy that makes me happy you. And Tom.
Well, thanks so much. We're thrilled you're
11828.46 -> here. Thanks, Kristen. We're happy to help.
Thank you, Collins. Peter, thank you so much.
11839.109 -> And Emanuel. We're thrilled you're here. And
some from my team. Thanks so much. Thank you,
11848.38 -> Samira, and thank you, Lady Godiva. Ajay,
we're thrilled to see her. You feel certified
11854.279 -> already. Wonderful. Here. We that's our point.
And our goal. You're more than welcome, Victor.
11864.92 -> Sure. You're so welcome.
11865.92 -> Omar, we're so happy to keep providing content.
We love doing this. Great job. And back to
11873.171 -> you and your guests. Thank you. I really do
love my cats. Actually, Chris has a beautiful
11876.689 -> cat to another educating still learning things
with ease. I'm so thrilled to hear that. And
11881.82 -> Igor, we're so happy to help.
11893.74 -> As a current student like has helped me land
a career and I'm I'm so thrilled that and
11897.81 -> your continual learning more, I'm thrilled
to know that Dino? Thrilled That's our whole
11905.84 -> point. Change lives and get people higher.
Would you suggest taking a Solution Architect
11912.75 -> first and the CCNA? I don't know what your
goals are. Please join us on the how to get
11918.46 -> your first cloud job webinar tomorrow night.
Because your goals determine what you should
11923.96 -> learn and how to do it. Sandeep, thank you.
So Sanjay, thank you so much. Please join
11933.42 -> us in that webinar tomorrow. It will be a
life changing event.
11939.75 -> So thank you all so much. I'll see you all
tomorrow in class. And please make sure you
11948.61 -> join that webinar. It is really valuable information
that I want to order. No. Have a wonderful,
11953.52 -> wonderful night.
Source: https://www.youtube.com/watch?v=vSpuS2HDgww