AWS Advanced Networking Course | FREE AWS Full Course | AWS Networking Training | AWS BGP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] welcome back everyone welcome to day four of the go cloud architects free aws advanced networking course and this is a free aws full course and this is some aws networking training and i'm excited to be here with you for our fourth day as a reminder we've been here for approximately four days we've been having a lot of fun we've been working on cloud networking for those of you i've been working in this tech industry for over 25 years i've been helping others get their first tech job or get promoted in tech now for more than two decades and it's really really fun now when we're talking about tech you know there's all kinds of tech and it's all exciting to me because tech can transform businesses tech can enable communications tech can enable collaboration tech can make such a difference in all of our lives and that's why i've been in this tech world for decades and i love every last minute of it absolutely but we're talking about tech it all has a foundation and the foundation for everything that we do in tech is the network if the network isn't built right nothing will work if the network isn't built right it'll be too slow if the network isn't built right we will have a tremendous amount of problems that's why i'm always excited to talk about networking so in our aws advanced networking course we're going to talk about some networking as you recall yesterday we talked about and ended on some network performance optimizations we started talking about things like cluster placement groups and spread placement groups and partition placement groups we talked a lot about jitter and delay and all kinds of things going on today we're going to talk a little bit more about some network performance tuning optimizations and the good news is we should have a fair amount of time today to be able to answer a lot of questions if you guys have them work through some architectural situations or case studies if you desire towards the end so we have a fair amount of time left over today so i'm going to make this the best experience for you so if you're here and you're ready to get started type cloud hiring and i'll know you're ready to get hired hit the like button and if you've got some friends that you think would benefit from this please spread the word invite them the more the merrier we love to help as many people as we possibly can so welcome everyone let's get cloud hired so wonderful now i know who's here i like to see who's here make sure everybody's paying attention you know and if we do when we do these things via zoom you know we get to talk and here i can only know that you're here by messages in there and i want to know we're helping you all so cloud hired fantastic everyone makes me proud makes me happy to know that we're all here participating on a single mission to help all of you guys get cloud hired otherwise what's the point of training is to make you better at your job or get you the job in the first place certifications are great the whole point is getting cloud hired though so let's use what we can as tools and then let's do what we really can to go out there and get cloud hired so without further ado let's talk about tuning some network performance in the aws environment so when you're dealing with servers and you're dealing with networking the faster access we get to the network the better so we want everything fast now yesterday in the evening i did a virtualization demo and when i did a virtualization demo you know we built these machines we dealt with virtual network cards versional virtual graphics cards virtual hard drives virtual everything virtual meaning logical not physical now when you're dealing with technology when you're dealing with a video card or a gpu on that gpu itself you've got physical devices if it's nvidia you've got cuda cores for example and those cuda cores are doing the computing it is physical hardware that's designed to do a physical task and it does it real well now when we're dealing with the cloud or we're dealing with virtualization we use fake network cards and fake gpus they're logical now these fake gpus and these fake network cards don't perform at the speed of a real network card how could they it's software versus hardware so when we need hardware performance the only way around it is to get hardware performance so prior to talking about network performance virtualization because i want to make it really clear if any of you have ever worked with the technology pci passthrough that's what we're going to be talking about so what is pci passthrough so if we were going to take a virtual machine like the kind i showed you yesterday and we wanted the virtual machine to have access to a physical card we could push that physical card into the virtual machine and that's called pci passthrough so when you're on aws and you need a gpu optimized instance to do some machine learning what they're doing on these servers is they're pushing through that gpu into the virtual machine and it's called pci passthrow so now we're going to take that same logic and we're going to apply that same logic that same technology and apologies i live in florida and there is always always always landscapers around everywhere so hopefully it's not coming across too loud in the background so when we're now let's talk about optimizing the network performance and optimizing the network card so when we're dealing with virtual machines we're typically dealing with a virtual network card virtual network card not physical hardware software is always slower than hardware so what if we wanted to push a physical network card into the virtual machine now we can and that's what aws calls enhanced networking enhanced networking is quite simply when you push an actual physical network card into the virtual machine now when you're dealing with this you're dealing with the technical term single root i o virtualization i didn't make up that vmware term single root i o virtualization i like the term pci pass-through why i'm putting a pci card into a virtual machine i know what it is and it makes it so pcie pass-through push a network card into the virtual machine and now you're dealing with high power high performance so this is what we're talking about now that will give you better faster networking than you would traditionally get so if you need it it's aws enhance networking now there's another networking option which is software but it's a specialty driver that aws just came up with and they call it a virtual fabric adapter now this virtual fabric adapter is pretty interesting it's a specialty driver adapter and it can offer some relatively high performance you know it's been designed to go up to 400 gigabits per second but you know no but the speeds that are offered currently are nowhere through that but the point is is you know aws is working on this network performance thing because they know the limitations with software-based devices they use to support you know pci passthrough otherwise known as single root i o virtualization or enhanced networking they also support the enhanced fabric adapter which is a high speed high performance driver a software driver but one that can deliver much better performance over the standard elastic network interface so let's talk a little about monitoring your systems so you've got to know what goes on the network and the reality is your applications are simple if it's user sitting on their phone and they're playing with their phone it either works or it doesn't work and if it doesn't work it's easy to identify but the network is hidden the network is the plumbing so you've got to monitor the network because it's not going to be obvious so quickly and when the network goes down it's not like your application goes down where you know exactly what the problem is when it goes down you got to figure it out is it an application is it a server is it a firewall causing the problem is it an access list do you not have a route on the routing table her message is getting in but being blocked so you see there's a lot of stuff that we got to look into especially when we're dealing with technology especially when we're dealing with the network because the network is hidden from the average user so because the plumbing is hidden in many cases you've got to be really careful with regards to what we're doing so we can use cloudwatch and when we use cloudwatch you know which is the standard aws logging we get a lot of things that we can actually do so for example we can monitor our vpns or our direct connections with cloudwatch we can see how much traffic is being sent we can see if our connections are up meaning passing traffic or down meaning they're down so we can figure that out we can set up like an sns alert like a simple notification alert like a text message that says text mic if the network's down cloudwatch will also help us collect vpc flow logs which for those of us network people out there those of us that have worked with cisco netflow it'll give you really really really good information it almost gives you limited packets never protocol analyzer kind of kind of benefits cisco wireshark is a great free protocol analyzer you can use to look at your traffic on the network but realistically speaking we're actually talking about here um you know right now so that's what we're kind of talking about now with regards to network troubleshooting no matter how good your designs are things are going to break they're going to break and even when you have the most simple elegant solution just a direct connection which is the easiest thing in the world you're still gonna have problems you're gonna have problems with your router problems with your router at the direct connection location problems with the fiber that's under the ground it's going to happen there'll be a switch port that i'll break on the service provider switch there'll be a problem across the aws backbone whether it be an l2 problem whether it be an l3 or routing problem the problems are going to be there so it's not that we're going to ever be in a position to design around failures where no values occur but what's going to actually happen is as follows you'll be able to fix them when they occur so let's talk about how to troubleshoot and i'm going to give you my methodology there's a lot of methodologies but i've been in the networking world for a long time generally speaking unless you're looking at like a solar winds or you're looking at some form of network monitoring platform you're not going to know you're going to get a phone call somebody's gonna call you up and say i can't get to this server so that's typically speaking of the first thing now as architects we don't usually troubleshoot but you have to know how and as architects but it's very common that the tier 1 the tier 2 and the tier 3 of the technical support the tac the help desk can't solve it it's also common that after they can solve it it'll go to some of the cloud engineers and sometimes while the cloud engineers are much more technical than we caught architects for building things sometimes these things end up being big picture problems there it's going to need someone that can take a step back that can troubleshoot and that often becomes the actual architect you're involved in the troubleshooting now either involved in the troubleshooting because you're buying once for the customer and you're smoothing things over you could be involved in the troubleshooting because you're taking care of your cloud engineering team or you could be involved in the troubleshooting because the help desk or the technical support center didn't make it the engineers didn't make it and now this customer is critical they're upset and you the architect are going to have to get in there and troubleshoot as part of the team so let's talk about it when that first phone call comes in and says the server is not reachable what do you do the first thing you should do assuming to try and connect to the server officially is to ping the server to send an icmp echo message to the server if it comes back you know now personally i start with the ip address of the server not the dns name i always start with the server's ip address here's the thing if i can ping the server by its ip address and then i can i try and ping it with its dns name and it doesn't go through but i can reach it via its ip address and i can't reach it through its dns name can anybody right now tell me what the problem is tell me in the chat box if i can reach it with a ping but i can't reach it with a dns name could somebody tell me what the problem is most likely if not i'll tell you but i just want to see if it's obvious to you guys and why i always start with an ip address as opposed to a dns name david page yes if i can reach it by the ip address but i can't miss it but i can't reach it via the dns name chances are i have a dns problem so start with the name and then if that works great and if it doesn't work good at dns so i start with the name if i got a reply we know there's a problem with the dns start doing dns troubleshooting if we don't get a response to the uh the ping with the ip address there's no point in trying to do it via the dns because you know it's not going to work if you can't reach this ip address so now if you go to ping that server and you don't get a response guess where do you go next what do you do so the next thing that you should do is try to ping that server's gateway ip address so the gateway the router between the server and and the server that's not reachable it now everybody if you can reach the router or the gateway where the device is it means your network is good to the gateway or the router at the remote location okay so let's look at it this way you've got a server it's either it's in your data center if your starters in your data center the server has a default gateway the server's default gateway points to a router that gets the server off of the subnet if you can reach the default gateway but you can't reach the server you know the problem exists between the gateway and the server so then if you can reach the cir if you can reach the gateway and you can't reach this server can you reach any other servers on that same subnet and i'm wondering if whiteboarding this is going to make it better or make it worse so i'm looking at your question there nitro pen i don't know if it's going to make it better or make it worse we could try whiteboarding it out see what happens okay let's try that nitro pen so let's do this and go over here so let's try a different approach so let's look at it this way if you so let's say you're here you're hearing your data center or your on-premise environment they're over here you've got your cloud let's do this let's make sure there's no fill let's take our let's take our gateway let's take our every vpc as we went to has a virtual router which is where which is what does the routing so let's say this is the gateway gateway just means router let's say this server this server and this server had one more servers and this server let's create our direct connections between here and our aws environment okay so now this is what our connections look like and of course somewhere along the line is so let's try this so now if you're here and you get a phone call that says i can't reach the server what you should do is send an icmp echo which is a ping directly to the server and if the server is awake alert and alive guess what you'll get an icmp echo reply that'll say i'm here everyone i'm here everyone i'm here everyone so what should you do next you ping this server and if you can't reach this server well you don't know what the problem is is the server dead is the network bad do we have a problem so now the server in order to reach all these servers in order to get off of their local subnet or reach you they have to go through a router this gateway or the router that all these servers have has the routes in it that knows to go this way towards the on-premise environment for the traffic so if you try and send a message to the server and the server doesn't repo respond you don't know what happened so the next thing that you would do in your troubleshooting is you're going to send a ping or an icmp echo to the gateway because the gateway is the next hop to reaching you you leave your environment you go through your direct connections you hit the gateway and then you go to the server so you're going to ping the gateway the router that the server uses to communicate back with you now guess what if you can reach this gateway it means that you have a good network connection to the gateway so if you can ping the gateway but not the server you know you have one of three problems you have a gateway you have a server problem in a data center you could have a switch problem where the server is plugged in or you can have a server problem so can't reach this server try and reach the gateway can reach the gateway okay if you can reach the server and you can reach the gateway then send a ping to some other servers on the subnet and if the other servers respond guess what chances are you got a broken server why because if you can ping the gateway and you can ping all the other servers on the same subnet it's most likely a broken server now if you go to ping the server and the server is not there and then you go to ping the gateway and the gateway is not there you got to figure out where your messages got lost so loops didn't mean to do that where would potentially would your messages be getting lost well now you go to go find where your messages are going to be lost so if you get a response to here great but if you don't respond where your message is lost so now here what you need to do is you're going to issue a traceroute command what you're going to do is you're going to find your data you're going to see your data is going here here here hits this place hits this place and then gets lost somewhere along the line so then let's say along the way you find out this is where the data is lost and how do you find that it's what it's lost it's going to look like this and you're in your trace route you're going to you're going to see where you're going going going and then you're going to get star star star when you see that star star star that i'm actually talking about you'll see that's where it doesn't know so when you get to that star star star here's where you're going to go you're going to telnet well not anymore we use ssh now you're going to go to this router the router right before your messages got lost and you're going to look at the routing table there so you're going to hop on this router because you can reach this router because it's in your trace route and it's along the way so first let's walk through this first reach out to the server if the server's not there reach out to the gateway if the gateway is there then reach out to some other servers on the subnet if you can reach them you've got a problem with the server if you can't if you can reach the if you can't reach the gateway you have a network problem of some kind of a problem now what kind of problem that is we don't know yet if we issue a trace route and let's say there's some connections along the way but let's say along the way we stop here here's the last thing we see what we do is we go over to this router first and we're going to look at the router does that route have a route to the gateway and does it have a route back if so we understand the next thing we do is we're going to go to this next router along the way which we know is there how do we know it's there it's going to be in our network diagrams it's going to be in our architecture plan so we're going to go to this device or it'll show up as a cisco discovery protocol neighbor but that's neither here another we're going to go to this device and we're going to see if it has a route to the gateway and chances are it does not versus or or we're going to see it may have a route to the gateway but it may not have a route back to the on-premise so that's typically where one of these environments is going to break you either have a don't have a route to the destination in which case the router drops your traffic or you don't have a brought back from the destination so that's why we're doing what we're dealing and that's why we're doing a step by step-wise pros so once more if you can't reach something hang it if you can't ping it thing it's the gateway if you can't ping the default gateway look at where the pings get lost if the pings make it all the way to your vpc but they don't come back from the default gateway the default gateway might be the problem in which case you might need to change it so these are kind of the steps you're going to look for so these are your main steps now what else could be going wrong along the way i've just started with the basic routing which is realistically speaking going to be a lot of the majority of the problems a lot of the majority of the problems are going to be just your basic routing problems but what else could be making this complex access control lists firewall rules security groups all that kind of stuff can make this look a lot uglier too and be a lot harder to find so how how how are we going to do how are we going to look at these kind of things so what we need to do is get really good so let's go back to this environment over here one more time if you own the network and the problem exists in your environment you can put a protocol analyzer like wireshark or and actually look at the data that's going across the wire and feel where it's gone but in a lot of these cases i just want you to remember these are the steps so how could you look and see what's actually going on how would you get a good feel for for what's actually going on traffic wise this is where your vpc flow logs come from and your vpc's flow logs will show you and it will do a really excellent job in your vpc flow logs of showing you what kind of data has been gained what kind of data has been lost and everywhere in between so these are kind of some of the things we're talking about with regards to troubleshooting it's regarding finding where your data is and finding out where your data has been lost and then being able to look at it along the way so looks like there was a lot of questions that came in when we started to do this so if there's a lot of questions let me address some questions first and then uh go back to the content because it looked like there were some questions yeah so uh there's i got two questions that came in before we started going down that rabbit hole and then we'll we'll get the ones that came from the uh the uh that that session so these these two came in first question for the qa section which is faster aws enhanced networking or elastic fabric adapter long term i think it's going to be the elastic fabric adapter because that can go up to 400 gigabits per second but right now that driver is less this is not as fast i want to confirm this as a 100 gig net worth as a 100 gig network card so i'm pretty sure it's limited like 40 gigs but hold on one second i want to i don't actually want to be i don't want to get it wrong um because i know they've changed this a couple of times and they're very very very uh limited in terms of the performance that they actually say that it can do in fact going to their page right now they don't even give you any information on it whatsoever with regards to the speed it's more of one of the traditional aws trust me this is the right solution we've done it it's better it's faster so enhanced networking does go to 100 gigabit per second the last time i checked i think it was 30 or 40 gigabits per second that was achieved on the elastic fabric adapter but i don't have that one in front of me i believe it's the aws enhanced networking and because the way it was set up the way the aws elastic fabric adapter was we've reserved the ability to do this kind of performance at some point in the future i don't believe currently it equates to the hardware performance i think it's about half the speed of the hardware the last time i remember but that's going off of memory because if you look at the page right now it's not even shown question is the equivalent of network flow in the cloud um it's a net flow of the equivalent it's more like vpc flow logs aqua it's very similar to netflow to give you some information cloudwatch is to me i consider cloudwatch to be more like those syslogs files that we would get from the routers and vpc flow logs to me aqua feel just like netflow in many cases nearly identical to netflow great question they're aqua manish do you need to allow all ports for outbound to achieve ssh you shouldn't you should be able to just get away with the source port um with the specific source and then unlimited destination ports if you and generally speaking next question chris yeah so these came in while you were talking about the uh what's what's blocking the uh pings and so a couple of people were asking about firewalls it could always be a firewall or an access controller yeah so it could always be but if it stopped out of nowhere um it's probably not unless there was a some change that occurred mike on the cloud will the server file a health check well it'll fail a health check if there's a health check set up and if it's using a load balancer but there's not always health checks involved in your servers necessarily so it's quite possible that they're not going to file a health check they just won't be available well you know you're going to know your routers generally speaking most routers respond to trace routes and the reason they do is all of us network engineers and architects need to make them that way because otherwise we'll never be able to debug our networks now having said that once we get past the organization's firewall we typically hide it but if that's the case nagaraj rao you're still going to be fine because the people in the organization can go to the organization and do a trace route towards you and then you can do a trace route towards them and then hopefully you can find that stop where you can mix in the middle so remember we're i'm showing you one side but i'm going to be at the data center side where i'm going to the cloud but there's nothing to preclude me from going to the cloud through the management console and then initiating some ping or or command line or sshing into some other boxes in that network and then checking the other way around so that's how we're going to do it we're going to bypass both series of firewalls and two different protection places and that way we'll build ourselves a map checking both ways do you want to bring in the next one nitro pen are the architects responsible to ensure the neck diagram is always updated um no so nitro pen we architects design it so it might be that i consult with a bank and i design their systems and i design the network and document it the way it is but i go and i go to a new client and i go to a new client and i go to a new client somebody responsible has to maintain those network diagrams so that's typically going to be the network engineers the cloud engineers the people that are building it as they build it they update the diagram there should be a change process in fact it's impossible to achieve five nines or 99.999 availability without an extensive change management process change management is prior to making a change i raise a flag with everybody in the organization is anybody going to be using the computer systems on wednesday at four o'clock in the morning no okay is any batch jobs running at wednesday or four o'clock in the morning i plan to make this routing change that wednesday at 402 in the morning is this going to affect anybody okay no okay i'll be making this change i made this change at 402 in the morning everybody you've been notified please check your systems so that's typically what's done in a high availability environment constant updating of the documentation and constant change management unfiltered unscheduled uncareful change management will cause outages like you can't imagine so nitra man yes the uh our diagrams will always be updated but usually by the engineers that are on site and there needs to be an extensive change management process chris if you want to bring in the next one that's the last one okay great so we'll go back to content and we can do some debugging kind of things and whiteboard it out as a group and work through it together later and you guys can tell me what you like if you desire i'll find a couple of cool fun ways to do it as a group but we can do that today i just want to make sure that everybody understands let's talk a little bit about cloudwatch especially since the cloud watch versus vpc fallout questions just popped up so what is cloudwatch now for those of you that have been around aws you already know but for those of you that are not that usually this is your networking is your first place let's talk about it so cloudwatch is a monitoring service that monitors aws resources but you can also use it to monitor applications that uh what are you real estate talking about that you deploy on aws so cloudwatch is going to have some built-in metrics and you can use it to monitor performance troubleshoot issues modern applications and you've got your built-in metrics and your cloud on your and your custom metric by default cloudwatch has some built-in metrics that are really really limited cpu utilization disk read write in terms of iops or operation input output operations per second and network utilization that's it everybody gets this it's free it's standard cloudwatch is great but that's your basic monitoring and it is basic basic basic no well basic cloudwatch probably isn't enough aws lets you come up with these custom cloud watch metrics which are really good and you can look at things like memory utilization api performance of almost anything you'd ever need to know so cloudwatch gets really great built-in awfully basic custom metrics very good capabilities and cloudwatch is really great because it has this notification system and it'll notify you things are gone wrong and because of these cloudwatch note of events eventbridge something very similar in concept but you're getting these notifications you're getting these events and as these events occur we can automate the remediation of them so cloudwatch events notice is something trigger auto scaling cpu hit 85 percent auto skill somebody did this thing insecure set up a lambda function to secure a private s3 bucket so the point is is these actions that you can take you can create an event-driven environment based upon cloudwatch so not only is it providing monitoring but it can be the impetus to fix something for you automatically so these are why these things are really so great you can fix it so we'll talk about the two flavors of cloud watch you can choose you can choose the basic monitoring and the detail monitoring basic monitoring gives you data every five minutes now here's the thing every five minutes of data you would think would be great you would really think you're really great but here's the thing when you're looking at information every five minutes you might not get the information you need so for example i've debugged a lot of networks in my life and networks break when one of two things happen the cpu on the routers go to 100 or no traffic can get across the wire because your links are completely broken and uh and and and things you run into these kind of two challenges what happens is if for example the cpus are busy on the router for three seconds they cause a recalculation of the routes which which are a nightmare but if you're pulling your routers only every five minutes and the average your routers might be at three percent a hundred percent five percent a hundred percent twenty percent a hundred percent and if you're pulling every five minutes you're gonna get an average when you aggregate the data down you lose a lot of information and when you lose a lot of this kind of information what ultimately occurs you're not in a position to find the problem so basic monitoring data every five minutes probably not good enough to get what you need but cloudwatch gives you detailed monitoring which next you enables you to get data once a minute now you pay extra for once a minute detailed monitoring getting frequent access to information really really can help you debug things when they're broken so this detailed monitoring is going to be enabled at the ec2 instance level and it's going to give you a lot of capabilities so with anything else you know do you need that kind of monitoring if you're a big organization you've got lots of people and lots of systems you need these detailed monitoring for some of your critical systems so you're the architect build what the client needs build what helps people get better that's what you do it's all based upon the client's need there's nothing that drives your solution other than the transforming the customer's business how do you help your customer that's the tech you use the tech doesn't drive anything the business drives everything so let's talk a little bit more about cloud watch events this basically is going to be a stream literally speaking a stream of real-time events and you'll create a match event so something happens take an action something happens take an action now that we're we've talked about cloud watch let's discuss the cloud trail piece the auditing piece so cloudtrial is going to be a service that's going to help out with auditing and it's going to provide an audit log that's going to give you some assistance with risk management compliance and cloudtrail is going to track the changes that are made by everybody so logging so monitoring from cloudwatch auditing from cloudtrail now cloudtrail will give you an event history and pretty much it's going to show you everything that's occurred and all the changes that are made in the last 90 days which pretty great way to figure out what broke now there are times where you'd like to know more maybe you're part of a regulated industry maybe you want to do long-term trends maybe your organization measures everything you can actually set up the cloud trial to store your logs in s3 so you can keep these logs for long periods of time and organizations might want to analyze their logs and see what they can learn from the log so for these kinds of organizations that want to do some learning you know storing these logs is a great thing are these audit trails is a great thing now when you set up cloudtrail you kind of have a couple of environments you've got the concept of a trail that you put to one region and a trail that applies to all regions so when you create a trout you first the simplest thing is to create a trail for a single region cloudwatch will store all the logs in a single bucket and this is going to be the default option now if you need more comprehensiveness you can create a trail that applies to all regions and this is going to provide really comprehensive logging and auditing information it's going to record literally speaking all the events that occur inside of an organization's infrastructure it can help an organization correlate events that's why we're doing this the correlation this occurred this outage occurred this change occurred this problem occurred that's the point of the logs that's the point of auditing we want insight into fixing things so when stuff isn't working right part of your troubleshooting process is look at your logs logs logs more logs what are the logs telling you what's in here now take these logs mine these looks maybe use a grip set in a nook linux things to parse through it maybe you have another pre made more commercial tool parse through your logs you got an outage that occurs at 237. see what happened at 237. see what happened to 236. see what happened to 235 what changes could have occurred what one thing did you see what one thing here occurred in one part of the network that reverberated all over the network networks are dynamic you throw a stone in a pond it doesn't just go in it creates waves networks create waves so you gotta look around that's why we're looking logs when that stone gets thrown in look at the wave what did the effect of the wave had on the water have on all the surrounding areas that's why we're looking at logs that's how you troubleshoot you become methodical you look at the data data data and more data where do you get your data your logs let's talk about some of the more common network problems that you're going to have and some of the fixes most commonly routers get misconfigured i got to tell you in a long long long time working intact i've seen a whole lot of misconfigured routers simplest solution is knowing what you're doing when you're dealing with routers it's not it's almost never that you made a typo it's usually the person doesn't know what to type think um facebook think about their bgp outage someone made a misconfiguration for the most part the routers don't even let you type in a mistake they'll let you type in things that are wrong um that won't work in your situation and weren't working properly but it's not like you can make too many typos um you can't put an ip address of 1.1.1.1.1 it won't let you it knows it's 32 bits so you know a lot of these things are there but you know that's a perfect example of not knowing what to do an 8 billion dollar outage due to a misconfiguration i've seen more misconfiguration problems in the problem the configuration error is one of your big things a link goes down you buy a link between new york and london the link goes down you call the service provider they think they'll fix the link usually if you've got an outage and it worked yesterday and nobody made a configuration change something's down and chances are it's the link okay now routers the routers are computers sometimes these computers don't work the way they need to and you and i have a process that crashes hmm got a windows computer it crashes too now what do you do when your windows computer gets unreliable you reboot it you know what on a router we don't reboot them and yet if you call your favorite router vendor and you call them and you tell them to have a problem most likely they're going to find a bug id somewhere a bug id and they're going to tell you to reinstall a newer version of the operating system which is going to force a reboot and when it reboots the systems get better so was it the reboot and the bug i was it the bug id and new software that fixed the problem or the reboot i'm gonna tell you i hate doing it but if i try everything and i can't figure it out i do a system reboot before i even call tech why because if it's down it's down and very frequently you've got a process on a router and the process just needs to be restarted and you're not always in a position where it's what's it like on a linux machine where you do a system tcl something restart we've got a restarter process you can't always do that on a router so sometimes the easiest thing to do is just reboot it so there's that router process crashed now the next thing is common network problems you don't have a route to something which is why you got to look at the routing table because most of the time if you can't reach it you just don't have a route now when you're dealing with connections to the cloud your dedicated connection's going to go down your ipsec tunnel goes down usually it means your internet connection is down but it could be related to your security key and let's talk a little bit about some security problems now these are going to be problems you're going to see all the time you're going to misconfigure an access control list that's going to get you you're going to miss configure a security group you're going to have really good security appliances and your security appliance is going to look at your application i think your application is behaving like a hacking event and shut it down um so you know there's that and then uh you could put some software on your server that blocks ports to something else or you could have an incorrect iem policy so realistically speaking you know these are kind of these kind of the things that we're trying to talk about so i'm going to talk about hybrid cloud architectures next but you know i'm not sure if we need to address any questions before we talk about hybrid cloud architectures we typically uh have uh we have some time today chris is there anything i need to address yeah we've got uh one question so far i'm sure there'll be a couple more as we answer here we go how do you lose information when aggregating okay sure i seem so if you uh if you if you if you look for the average of what is something every five minutes what do you do you take everything combined and you average it out which means you're going to get an average so if you've got 12 slices of information per hour you've got 12 slices of information which means that each slice of information can only give you so much now let's see if instead of having a slice of information every five minutes you had a slice of information every minute you would have 12 times the information now you do it by getting 60 of them versus getting 12. so by having more and more frequent polling you're going to have much more information when you average things out you lose information so the best way i can describe it is if i give you five numbers 10 11 9 10 11 9 10 and 10 you could say the average is 10 or you could say you have three tens and nine and eleven that would be much more accurate and it would be much more informational or you could just say the average is ten so with seam hands that's what we're really talking about i'm not sure even how to answer that question but uh when you'd apply a cloud trail for all regions you can get pretty specific into what you're looking for so uh verbose is uh up to it can be a lot of different things so okay let's go to hybrid cloud architectures unless there is any more questions if there's any more questions let's talk about them no more questions so far okay then let's talk about hybrid cloud architectures and then we'll talk about some disaster recovery which is something that i think is really great with the cloud so what is hybrid cloud architecture and there's really two things and there's lots of reasons why organizations would do a hybrid cloud architecture a hybrid cloud is when you combine the data center and the cloud now there's two definitions of a hybrid cloud the first definition which is not necessarily my definition but some people would just say that anybody that has a data center that connects to the cloud has a hybrid cloud and the reality is the data center the cloud they're the same servers switches networks load balancers firewalls ids ips systems the only difference is the data center's physical and the cloud has been virtualized so let's talk about why organizations would do this concept of the hybrid cloud and let's talk about ways that we can make the hybrid cloud even cooler so why would an organization use a hybrid cloud why not just shut down the data center and put everything on the cloud let's talk about it well let's think about latency which has less latency 100 feet away from me or a thousand miles away from me 100 feet away from me so the data center if it's where your users are is going to have less latency and better performance than the cloud there's just that let's talk about what else about the data center in the data center we can promote the most extreme security because we can control everything if i want to hire navy seals sas commandos that are armed to guard my data center i can do that if i want to put every user in their own vlan so with a policy that says they can't talk to anybody i can do that if i want to use mac address authentication in my data center so that you can't plug in something that's not official i can do that if i need 10 million iops from a drive side hard drive speed i can do that in the data center i can't do any of this in my cloud but so realize that the data center gives us some benefits now also let's look at our data center maybe an organization has a hundred thousand servers already in their data center maybe the organization has a tremendous number of remote access employees coming into their data center maybe that data center needs to be connected to a lot of other organizations so there's lots of good reasons that organizations would want to keep their current data center so by keeping their current data center if an organization's invested a billion dollars in technology they can continue continue to use that technology leverage that billion dollars of technology and then offload to the cloud for what the cloud can do better or the organization can keep using their data center and use the cloud for disaster recovery or the organization can do what they do best in their data center and move it across their data center so realistically speaking what we're talking about really really really is going to be as follows we're talking about making sure that we have everything right so these are the things that we're talking about one second so these are the reasons why we're talking about it so what are your ways to create the hybrid clouds you're going to have two options option one is going to be this data center and cloud option two which i like better is this turn that data center into a cloud get from nutanix or openstack get yourselves a cloud software environment install the cloud on your data center connect your data center which is now a full cloud computing environment which has all the benefits of auto scaling all the benefits all the virtualization all the simplicity all the elegance connect your cloud to another cloud that's the magic of the hybrid cloud the ibm solution is the hybrid cloud the nutanix solution is the hybrid cloud the hybrid cloud is amazing it gives you the ability to get all the benefits of the data center which is the performance and all the scalability all the agility all the magic of the cloud and your data center it's the best of both worlds and cloud provider tries to raise your rates buy cloud provider i'll bring it back into my data center so it's the simplest and the most elegant and oh by the way when your cloud engineers configure things in your openstack cloud for example it will automatically provision other clouds as well so if you use the right software to provision it you can make sure your your content is in your cloud two three other clouds they're simple they're elegant and they meant together so realistically speaking that's kind of why we're doing these kind of things so now let's look for example of what it looks like from a hybrid cloud perspective it's going to look something like this it's going to be a you've got your system you can see in the data center you've got your environment to your direct your data center and that's why you've got two environments you've got your cloud environment and you've got your data center now that's typically speaking in a good environment and it makes a good quiz okay so that's just what i wanted so let's let's talk about you know ways that you can actually do your hybrid data center and why one of the things that you could do is a hybrid data center offload so think about it this way the company they maintained their current data center and they do what their data center does great they then set up a vpc and in their vpc they do something to replicate so let's say the web let's say an organization has their data center their data center is great but their data center gets busy and they need a little more capacity so maybe for example you set up your data center as is and then you set up a dns policy or if you're using aws a route 53 policy that says 75 of the data center 25 to the cloud and that way if it's like right after thanksgiving and big shopping weeks you can get people to the products they need at the aws site or the azure site or the google site while still maintaining their data center holiday events big promotions this is really great and oh wait what does it really help the customer do what do customers do in the data center we build for peak what do we do on the cloud that makes the cloud so good the cloud we can build for average and auto scale so we can do the same thing with our hybrid cloud we can build our data center for average and then we can send extra to the cloud so think about data center performance cloud agility married together hybrid cloud data center offload that's one great situation to use a hybrid cloud now let's talk about disaster recovery the cloud is honestly one of the best ways for disaster recovery i've ever seen in 25 years of technology when it comes to disaster recovery we've got four really really good options so hybrid cloud disaster recovery the cloud is by far the best disaster recovery i have ever seen in my entire life so let's talk about the four disaster recovery options for cloud computing and why the cloud is by far the best disaster recovery in the world so let's talk about the cheapest cheapest cloud disaster recovery center the cheapest disaster recovery in the world is we keep our happy data centers they're running around smooth serving content to the world doing everything the businesses need and we take a backup of every virtual machine we have and we stick it in the cloud we back up our database and we store it all in the cloud now in the cloud we have copies of the images of our virtual machines and our data and say once a day we back up our data to the cloud i want you to understand how elegant this is you make a copy of every virtual machine you have once a day you copy your data to the cloud or you keep it copied like once a day you update the data on the cloud and for basically nothing you have the ability to bring your systems up in about 12 hours and be refreshed with whatever the most current day's information is no more than 24 hours old for basically nothing for something that can be set up in almost instantly something that is extremely inexpensive within 12 hours you're up and running on the cloud for almost no money in terms of disaster recovery there is nothing else in the world that can do this at this speed so we love or this price that is the first option for disaster recovery now your next option for disaster recovery is still really cheap that's i'd say 10 faster and the data is more current but it's still really cheap really elegant but it's still going to take you eight 10 12 hours to come back up and here basically you do the same thing you keep your data center you make images of all your main servers which you store on the cloud and you keep a database synchronized and the database is synchronized in two places it's synchronized in your data center and it is synchronized in the cloud and by keeping your databases synchronized in both connections here's what you're finding you're finding that your data sync your data is updated on the cloud and of course if you needed to launch these things because you've got images of your data in the databases that are on the cloud all you need to do is launch your machines and your databases are synchronized so now you're dealing with about eight to twelve hours to come up so option one just a backup of everything option two backup of everything but keep your databases synchronized now next is where we get into the awesome awesome awesome level of of disaster recovery so this next version and i'm not going to use terms like hot or pilot or warm i want you to understand what they are not industry jargon the number three option which is my favorite is a medium cost option and it gives you the best and this is basically where you have your main data center up and running put capacity in your data center on the cloud you set up a replica of your environment use a bunch of small instances you put them in an auto scaling group you synchronize your databases and you make a low performance replica of your data center low performance and it sits there and it runs idle low performance copy so it's cheap then here's what happens something happens to your data center dns detects an outage the outage then redirects to the cloud the traffic gets to the cloud it overwhelms the cloud because you made a replica of what you have but that traffic overwhelms the cloud as the traffic overwhelms the cloud your auto scaling policy kicks in 45 minutes later your load balancers your servers they're all scaled out and 45 minutes later you've got a fully functioning data center in the cloud fully functioning data center in the cloud and with that your systems are up your systems are running in 45 minutes so wow think about this low cost option little mini data center you have running around real cheap to run sits there does pretty much nothing you get a failure in your main data center and proof within 45 minutes your business is up it's operational just think about that up and operational literally speaking in a matter of an hour with no manual intervention for a relatively low cost this is why cloud disaster recovery is the best in the world nothing nothing nothing can compete with them and then the last form of disaster recovery is the same kind of disaster recovery we've done in the data center environment forever there are organizations that have such requirements for performance and availability that if their main data center fails their backup data center needs to be up and running within say two minutes for these special customers here's how you set it up from a disaster recovery's perspective whatever you have in the data center you have in the cloud if you've got a thousand web servers in the data center with 128 cores and 4 terabytes around you have a thousand web servers in the cloud with 128 cores and 4 terabytes around if you have 80 application load balancers you're going to have 80 application load balancers you've got a 40 terabyte apache cassandra database in the data center you're gonna have that same 40 terabyte apache cassandra database in the cloud synchronized everything is identical that hot standby kind of thing where you've got one that's rolling full time and you've got another one the active active whatever kind of term you want to use it that works now that gets expensive so let's review the four again disaster recovery is awesome and the cloud makes disaster recovery so much better option one backup only back up your data back up your images of your servers stick them in the cloud option two a little better back up all your servers back up all your data but keep your databases synchronized option number three replica of what you have in your data center in the cloud with an auto scaling policy cloud fail your data center fails information gets shifted over to the cloud cloud scales up option four whatever you have active is whatever you have active okay everyone first and then i'm going to make you work through some problems so everybody let's talk about this let me know that you're still paying attention by typing cloud hired in the chat box and then i'm going to ask you some questions i want to see exactly whether you're truly grasping this data center versus cloud thing and their similarities in disaster recovery so let me know you're here by talking by an official cloud hire excellent so i can see here you're here you're paying attention and now that i know is that is i hope that's the georgette that i know that i haven't seen in a little while that's here um so wonderful to see you guys here um from all over the world i know your names and know where you're at at least a lot of you and i'm really happy to see so many people so let's go back and think about this so let's walk through this here's a here's a we caught a thought problem for you here's my data center here's the cloud your jet i am so happy to see you here i hope i hope i hope to see you tuesday morning at 9 00 a.m in class i'm so happy to see you okay so here's your data center and your cloud now let's go back to option three in option three here's what we have we have our full data center and we have small versions of everything in the cloud let's use aws dns for right now it doesn't matter who's dns we're at so let's call it route 53. so we've got aws dns here the dns runs its health checks are you there are you there are you there are you there the data center does not answer dns shifts the traffic to the cloud now because option three we have small instances auto scaling occurs and we've got servers they're working real hard they're coming up they're coming up they're coming up now we've got a big cloud our data center's gone and everything is redirected to the cloud okay everyone now we've just blown up our data center completely um the data center was in a building we need to knock down the data center to build some beautiful condos so we hired some people they uh they put some explosives in the building the building's been imploded we hired a construction crew we're building a new skyscraper building and it's going to be beautiful we've taken all of our servers everything we have it's all now sitting in aws everything's here in aws now everybody can i do the same version that i just did can i make small instances on azure of the virtual machines that i have in the data center but now my data center is aws can i come up with an auto scaling group policy in azure can i treat my aws environment identical to the data center and then fail over to azure by doing the same thing does anything change here is it the same thing whether it's aws backing up to azure or a data center backing up to azure or is there any difference at all and if so somebody tell me the difference or is it just identical that's identical okay you guys get it it is identical there's no difference by using a cloud to a cloud as opposed to a data center to the cloud it is identical why is it identical what are you going to stick in aws your cloud stuff what is your cloud stuff your servers your containers your firewalls your storage it's the same stuff so this happens to be called multi-cloud i don't know why but this is called hybrid cloud it's identical nothing has changed the reason people get themselves in trouble with the cloud is they're confusing what the cloud is it's just your data center so same things if i wanted to do a hot hot and i wanted aws and azure to be used can anybody 50 50 can anybody tell me the dns policy that i would use to use azure and aws 5050 we talked about it yesterday what is that dns policy that sends 50 of your traffic someplace and 50 somewhere else somebody tell me this is architecture this is fun exactly nitro pan only the performance change from the data center to the cloud the performance will be a little better in the data center the cloud will offer more scalability so aqua you got it waited genie waited yolanda waited nice yolanda i think you're part of the part of the uh what do you call it or the the were the were fun group if i if you're the same yolanda i think you are and i'm always thrilled to have you and everyone from that group here i love when you guys are here so waited exactly we're using a load that we're using weighted routing which is done via dns azure does do cross-reach and load balancing but not aws like i confused the other day i work with so many clouds it's pretty easy to do that but remember that weighted is exactly wonderful yolanda and you might even be in florida like me which if that's the case one day we should even meet but you know these are the things that we're actually talking about so now you got it now let's go back let's go to another situation now let's go to um let's go to option one so let's say here's aws and let's say azure let's say i'm looking for the cheapest cheapest cheapest backup in the entire world couldn't i just take an image of my virtual machines in aws convert them into an azure virtual machine image and then just keep a backup of my data on the cloud oh brussels makes sense so of course i can so everything that i can do from the aws environment i can do to the cloud everything that i can do in the data center i can do in the cloud and the cloud is just a data center so the cloud is somebody else's computer somebody else's network that's it so let's talk about some of the getting your data stuff to the cloud let's start talking a little bit about some of these storage gateway kind of things so if you're going to have two data centers now you get into this ugliness of keeping your data synchronized so this piece really critical and anytime you use a mac and a windows computer at the same time keep your data synchronized to data centers data synchronized all these are the challenges the data data data so let's talk about storage gateways so there's the concept of a storage gateway and basically all the storage gateway is in your data center you put a virtual machine that looks like a server and you map to that server like anything else and this basically your storage gateway when you map to that server you copy information to the server and it just copies it to aws for you and by doing this you can keep your data synchronized so let's talk about the kinds of ways that we're actually going to do some of these kinds of things we're going to talk about a couple of different storage gateways or ways to keep your data synchronized between aws and your your data center regardless of where it is so let's begin we'll talk about the storage the volume gate with the file gateway the volume gateway storage mode and the volume gateway cache mode so with regards to the storage gate we'll first talk about the file gateway and that's quite just simply it's just a server you stick the server in the data center and you mount the server if you're dealing with windows you mount it via the server message block if you're dealing with linux systems you mount it via nfs you put your information on the server and then it automatically gets copied via async asynchronously over to s3 and things are going to be encrypted with your server side encryption key or your sse key and it's going to look something like this this is how you're going to keep your data connected you've got your stuff your servers you connect them to your storage gateway and your storage gateway will just copy your stuff to aws and like anything else you can set up a life cycle policy if you want for example you might say that i need to use my data every day for 30 days after 30 days i occasionally use it for 90 days and after 90 days i don't ever use it but i'm keeping it around for my data lake for the future machine learning that we're going to be creating so you could not only aggregate it but you could create life cycle policies for archival purposes so storage gateways highly useful way to deal with these hybrid cloud environments now when we're dealing with storage gateways they're simple we also for these hybrid cloud environments have the ability to deal with a volume gateway and you know these are similar use cases these are when you're running hybrid clouds so we've got the opportunity to do a volume gateway in steward mode and a volume gateway in cash mode and we'll talk about the difference for organizations they keep the data in their data center their bigger challenge is copying data to the cloud so they're going to use a volume gateway in stored mode now there are other organizations that keep their information mostly on the cloud and they're going to use something called cache mode but we're going to talk first about volume gateways and storage mode remember this is for organizations that keep the majority of the data and the data center so the organization mounts one of these devices using the iscsi protocol and then they copy their data here and it gets copied over so let's look at this option so in this option you've got your users your servers they connect to the volume gateway in store mode and what happens is information is backed up in forms of snapshots to aws s3 so your information gets pushed to s3 now this is good if your users are predominantly in the data center because it's copying your information over but what if what if the majority of your information was stored on the cloud now you need something different now we've got these volume gateways in cash mode and what cache mode is is you keep your data there you put this storage gate with this volume gateway in your data center you mount the the volume gateway you request information from the vyam gateway and then it pulls it from aws and what's really cool about this is computers don't use object storage but by using a volume gateway in cache mode it's going to make the object storage the s3 sitting in aws feel usable to the computers so here in this viam gateway cache mode and i'm going to show you what it looks like it's pretty great idea it's genius aws did this you the user connect to this this uh biom gateway that's in cash mode the users over here request some information it gets pulled from aws put on the volume gateway and then sent to the user but now this volume gateway caches it kind of like a content delivery network it keeps my request there so when the next user the green user goes and requests it they get it here and then the next user over here in the orange chart request the information the user on the rn shirt gets it so by doing it this way we store all our information in the cloud in object storage which is cheap we pull the information from the cloud as needed and of course if we want to copy information to the cloud the biom gateway can still push information to the cloud but this mode of using it is designed to pull the information from the cloud so by doing it this way we can keep most of our data on the cloud and access it if it's local storage so this you know really exciting stuff for those of us that are out there now let's talk about extreme security information environments generally speaking when you're dealing with hybrid clouds if you've got a direct connection it's private why is it private there's nothing on the wire from yet a direct connection location and when you are going back to backhaul to aws you're on a different vlan so your information is secured completely secure now having said all of that what if you wanted a further degree of security you can run ipsec over your direct connections now reality is people don't normally do this but you could so if you encrypt your data and someone gets access to your encrypted data it's meaningless so realistically speaking just while you can create a vpn on public links just know you can do it on private links too so we'll talk a little about vpns just so you can see the concept i just want to show you that when you're dealing with these environments you've got your public and your private virtual interfaces and i know we talked about it a little bit so for example when we're using the vpn or any kind of connectivity for that matter just be careful that you understand that the public virtual interface is going to get us to the public services such as dynamodb or s3 to private which says public here but it should be saying private over here takes you to your vpc so kind of keep that in mind that we're going to have public and private so at this point let's do we want to talk about this so at this point let's uh let's talk about billing and i'm not mr belling because i'm more of an architect and there are people that are experts before we go to billing let's see if there's any questions before we go to the next section does anybody have any questions right now okay so nitro pen um would you avoid the cloud specific databases like aurora so nitro pan there's always the question that you need to think about with regards to database amazon aurora is a great great great database nitro pen that has features that are across between the freeways versions and the kind of fully robust kind of database you get like an oracle one so the aurora database is an excellent database excellent now nitrapan in my designs i never use things like aurora and the reason is i like things that work in a wide variety of environments so you know if i'm going to look at a nosql database i'd go to a database architect but i'd like to choose something more from the apache cassandra or the mongodb place if i'm going to use a database i'd like to use a relational database that would work on aws azure and google so from my perspective i don't use vendor proprietary anything when i worked at cisco and i love cisco i didn't use a lot of eigrp there were times that i used the eigrp routing protocol because what it did in certain use cases was so good it was the best in the world for that use case but 90 of the time i didn't i used things that were open standards so if the customer needed a cisco device a juniper device it would work together so nitro pen when i do my architectures i don't just think about whose product i'm working for right now or whose product i'm selling i always think what's in the best interest of the customer long term so these are the kind of things that i um that are really really really important to me focusing on the customer long term so for those reasons i don't use things like aurora because if you go on aurora and you want to leave aws it's going to be tough whereas if you do it on a database that you can synchronize across cloud providers you don't have the problem so could be done but imagine it this way oracle in both locations there's no synchronization problem that way dynamodb and trying to get that to integrate into google's cloudbeat table may maybe not be my my my my choice having said that mongodb in both places would be great mongodb in the data center the aws cloud the azure cloud and the gcp cloud all at the same time awesome so it's not that there's anything wrong with these things but you got to figure out what is in the best interest to your customer sometimes the server list is in the best interest in your customer and you should go that way sometimes flexibility isn't the best interest in your customer personally i always go with open standards whenever i can there's times where the open standard isn't as good as the vendor proprietary and go vendor proprietary but i try to give my customers the maximum flexibility i don't want to be a prisoner to somebody and once you go vendor proprietary you also some degree become a prisoner of that environment and i tend not to like that so chris if you want to bring in the next one here lincoln how do you implement ipsec when connecting a data center through direct connection so that here the way you configure ipsec is on the routers the way you turn them on it would be the same way i've personally never seen it done over a direct connection to the cloud but you know ipsec is ipsec you enable it on the routers the same way you would enable in any other environment which is something i haven't done in a long period of time but it's done via the command line chris there's others to run out how do you uh how do you implement a vpn connection um ipsec you know if for any of you guys that are not sure go to the cisco website on the cisco website you can just do configuring ipsec basically you create a tunnel interface you correct this hunt up endpoint and a tunnel thing you select the encryption keys and the encryption protocols and then you're done so this is just simple networking how do you enable ipsec and the good news is you know in a lot of cases the cloud providers actually spit out a configuration for you but it might actually not be your traditional ipsec because you know a lot of things are on a vlan so there's lots of places where you can create a tunnel between your environment and the cloud plus you can also create gre tunnels and you can encrypt those with ipsec 2. so there's a couple of different ways you might have to deal with these things when they get fairly complicated is ipsec overkill and a direct connection generally speaking yes that's why i've never done it i'm just saying it could be done but i've never encrypted private line before so it's more of a theoretical of doing it there's good reasons to do so i've just never needed to do so okay so now i'm going to talk about billing now i am not mr billing but i'm going to talk about mr billing when i discuss billing remember a lot of these things are there for the cloud providers when real network people that are traditional network people look at cloud provider billing we shutter a little bit now we have to understand that the cloud providers are doing a great service and they're providing a cost-effective service it just feels strange to we traditional networking people because we traditional networking people we pay a lot to build it and then the use of it's basically free where in the cloud doesn't cost as much to build it but the use of it is really expensive so let's talk about network services now aws builds for network services very differently than it is for traditionally networking aws bills for three components they built for basically a service or a port fee which is like a fee to have the switch port on the switch they bill you a data processing fee which is basically when you actually use or not gateways and your load balancers and they charge data transfers fees which is charging you for your data to traverse the network so got to keep these in mind now on vpn connections it is not like a traditional vpn typically speaking you pay for your internet service provider on both sides you create your ipsec tunnel on the routers and there is no charge ever other than your internet connection not so here so for every hour that you even have the tunnel up you're charged a fee just to have the tunnel and then you're actually charged to use the tunnel all outbound traffic leaving your vpc is built on the way in they don't charge they're not going to charge you to send your data to them they're going to charge you to take your data away so keep that in mind now the next version is your direct connection for every hour that you have a direct connection you're charged a fee and every time you use the direct connection outbound you're charged a fee so again this is not like you buy a private line you have it you use it and that's it you buy the line then you pay to have the line you're always going to pay to have the line but normally you just pay to have the line here you're going to pay to have the line you're going to pay a daily fee to have the line and then you're going to pay to use the line so keep this in mind remember aws has to make money somewhere so they charge you to use the networks that you buy from somebody else so just kind of keep that in mind it's not that they're doing anything wrong how else could they survive so this is the way they are now when we're dealing with direct connections versus vpn connections kind of important to remember it this way the billing rate of the direct connection per megabyte or per gigabyte is often cheaper than it actually is the vpn so while vpns are typically cheaper when you're sending a lot of data it's often cheaper to actually use a direct connection than a vpn because remember with a cloud you don't just pay to have it you pay to actually use it and that's the difference so just kind of keep that in mind now what other things you're going to pay for there's the concept and we talked a lot about private link you know where we're creating an elastic network interface and we're creating that private connection instead of epc peering and we're great and we talked about that before when you create a private link environment you're charging your charge for every hour that your interface endpoint exists so every hour and you're also going to be charged for data that gets used now the last thing that we'll talk about on on some of these service and port hour fees within that gateway now there's a not gateway um i mean how you connect to the internet for egress only coming back there's a charge for the net gateway as long as it exists there's a charge for the amount of traffic used by the nate way and that and then there's so charge for the traffic that's processed and the traffic that's sent through the net so you're going to pay three times you're going to pay for the traffic so you're going to pay for the net gateway and they're going to pay for the processing of the traffic let's talk about some other fees that are in the networking world with regards to load balancers you're charged every hour that the uh load balancer is in operation you're charged in terms of capacity units meaning how much it's used basically it's a combination of traffic flows bandwidth uses and the rules and the load balancers and then let's talk about some more data transfer charges so anytime the traffic goes to the internet your build anytime your traffic goes from one region to another it's built and that's why if you have got a static website s3 cross region replication keeping your data in two places as opposed to constant going back and forth where the traffic might be cheaper this is why cloudfront could be cheaper because it could limit the inter-regional traffic transfer charges and then of course if you're going to use cloudfront they're going to charge you every time outbound data goes to the edge locations to the customers so you're it's none like your normal network within normal network you pay to build the network and then use is free here you're paying a little to build the network because you still need the information but you're going to pay a whole lot to actually use it so when people say the cloud is opex and the data center is capex it doesn't mean that opex is cheaper if you use the cloud a lot it's going to be cheaper to have the data center so the key is you are the architect what is in the best interest of your customer what's more agile what's more flexible what helps your customers revenue what cuts your customers cost what gives your customers the agility they need i don't know what that is until i interact with the customer only they know what's critical to their business and only once you know what's critical to their business are you in the position to transform their businesses so gotta ask those questions because otherwise it's all conjecture it's all theory gotta go cloud gotta go cloud people ask me how do i convince people to the cloud i said i don't convince people to go anywhere i asked the customer where is your best place what are you trying to achieve and then i find the best solution for them and if it's cloud i'm taking them there and i love the cloud and if it's not the cloud i'm keeping them in their data center and if it's a data center that's a hybrid cloud it's whatever it is none of this is driven by the vendors all of this is driven by what benefits your customers solve customer problems you'll have the best architecture career in the world the world will knock down your door looking for you don't get married to a vendor get married to your customers so let's talk about some more charges if a public if you're using a public ip address realistically speaking then there's a data transfer charge if you're going in between availability zones there's a charge any data in between vpc pairing sessions is a charge so get it there's a charge for everything there's nothing on the cloud that's ready all those other things that would be free in the data center you're charged for so you have to analyze these charges as an architect how can you minimize these charges what can you do to minimize the transfers between the regions these are the kind of things that we need to do so let's talk a little bit about budgeting and then we'll talk about some high availability designs when you're planning things you kind of need to know so i i don't configure a lot of things on the cloud because i'm an architect but the first thing that i do when i go to the cloud is i set up a budget i set up a budget alert why do i do it it's real easy to forget what your systems are doing and you don't want to get a 10 million dollar bill at the end of the day or month for what your what your week for what you've spent so you set up a budget the budget will have customer alerts it'll give you billing and management information and you'll find out before you exceed it so organizations should set up a budget it's how they manage aws always wants to talk about trusted advisor and let's be fair all the vendors have tools like this the trusted advisor is an aws tool and this aws tool is designed to help you make better decisions and what it's going to do is it's going to scan your infrastructure and it'll compare your infrastructure to best practices and then it'll make recommendations on performance security improvements infrastructure costs it's automated we'll talk about that and with this you've got two versions of trust advisor you've got the basic and developer support plan which gives you six security checks and 50 service limit checks and for the customers that buy business support plans or enterprise support plans they get a lot they get 115 trusted advisor checks 14 cost optimization checks 17 for security 24 fault tolerance 10 performance 50 service limits here's the thing it is an automated service that's going to make recommendations it's automated so automated doesn't mean a lot it will give you information and you should evaluate it some of this information will be very valuable some of it will be worthless it's kind of like an e-prescribing application i go to write an e-prescription for a patient i get 50 alerts guess what the person's blood pressure is high yeah i know they have high blood pressure they have high blood pressure you sure you want to give this drug with high blood pressure yes i need to give this drug with high blood pressure how about this alert how about this alert how about this alert how about this alert how about this alert so now doctors write a prescription and they get the 50 alerts every day that they knew about anyway but that's necessary to do their job when you start using these tools you get a whole bunch of recommendations you got to look at the recommendations as an expert and say these 47 recommendations are all wrong these two are right wow this is great so tools help you but they don't replace thinking it's like a subnet calculator if you need to use it you shouldn't be doing ip addressing now i don't have a problem if somebody uses a subnet calculator it's just that you need to know the numbers and it can be a tool not a crutch same kind of thing here the trusted advisor is going to give you ideas and some of these ideas are going to be really great but but but they're automated and automated anything is never the same as properly designed and customized so just keep that in mind so are there any questions now and after this we'll talk about some high availability design marla so is this where you start quantifying the roi of the customer we design based upon their needs do we talk numbers or calculating was part of sales so marla most of the time if you're an architect you're going to meet with the client as part of the sales team the first thing you need to do is figure out the customer's challenges what's the customer trying to do and why if the customer wants a new website why is their current website working if so what's the current website doing how many billions of dollars in sales are they doing in the current website is it that the current website can't keep up with the demand and they're losing you know 10 of the customers and if they've done 37 billion dollars of e-commerce sales and they can't they're losing 10 percent of sales we can estimate that 3.7 billion dollars of sales were lost and then marla if we can design a solution that cost less than 3.7 billion dollars then the customer will buy that because that will give them increased sales the roi starts at the beginning you need to figure out what is the problem only once you know what the problem is can you even begin to quantify the problem you deal with a hospital that's got a thousand nurses that deals with an additional 70 million dollars of overtime for nurses per year you've got 70 million dollars of budget to play with can you cut down the nurse the nursing overtime so you got to start with quant with the client you got to start by knowing what's the client's goals once once once you actually know what the goals are then you can quantify those goals and then you can quantify the value of a solution that will do that long before you even think of the solution so first you need to know what the goals are then you need to know how you can solve those goals and only when you know what you can solve and you can determine what the expected value or the likelihood of success of your design working is and if you guys want maybe we'll do an expected value of return on investment capital today i think we can do it i think we'll have some time if you guys desire to do a little whiteboard session by the end of this if we have time i'm not sure if we have time but we might be able to do that if not i know that our students in our cloud architect career development program do this periodically in class so one of the ways we'll make sure we get should do that chris bring up the next one do companies mostly go with t-e-c-o i don't know what t-e-c-o is um so if you tell me i can definitely answer i popped up the second part of the question you just speak to recommend it to most companies go with the t-e-c-o recommendation of the architect is back and forth in negotiations with them asking if they go with the tech recommendation if they're going with their recommendations do you go back and forth with them as a negotiation oh yeah so oh definitely there's definitely a back and forth and a back and forth and this could go on for weeks months or even years depending upon how big a design is absolutely hence the reason architects need such expert communication skills and soft skills because it's going to be an iterative process going on for a long period of time do i use the official togaf methodology i definitely do not here's the thing there's about a million in one theoretical frameworks out there and they're all so far theoretical there's nothing that i could even use to ever try and explain that to a customer so i don't use togaf methodology at all i can tell you at one point there was part of a team and i like togaf and i think it's a good architect certifications i can tell you that there were some architects of the company i worked for they used the toegaf methodology they designed an architecture and they presented to customer after customer after customer after customer after customer and after six months of presenting this architecture with the togaf methodology not a single customer understood what they wanted and then i was hired to design an architecture for this customer and you know what i did i designed it in plain and simple terms i described what does what which components of the network do what which parts of the data center do what what parts of the campus do this how do you set up the remote access employees how do you deal with the voice how do you deal with the video how do you deal with the wireless it was plain it was simple it was prescriptive it actually mentioned the actual things that we were actually using and i'd say we're going to use a load balance so the load balancer that we're going to choose is going to be a network load balancer from f5 it was chris the customer knew what to do i was promoted three times in about two years from doing that document i had to travel 300 000 miles a year just talking about that document and closing massive deals and here's the thing it was real it was something the customer can put their hands on it was tangible so the key was give somebody something that's meaningful and then they're going to want it i have no problem with togaf none it's a good architecture sir but it's not prescriptive it's like the nist framework you look at in this framework you can read it 50 times and it's like okay where do i put my firewall where do i put my ids what kind of uh social engineering training do i need to do my security stuff it's not there you'll read what the world's best security minds in their lives put together and none of that information is contained in there so i stay away from things that are theoretical and academic the theory of how things work is critical architecture knowledge but you know all these little certification things i don't spend a lot of time on that kind of thing i focus on solving customer problems chris if there's any other no you you covered it okay okay well we'll talk a little bit about high availability system design maybe we'll whiteboard it out and we'll give you guys some fun we'll spend an hour with whiteboard stuff as necessary i really want to make sure that we kind of in some way shape or form really give you guys some extra depth things that are outside of the traditional certification because like i said certifications get you an interview but they don't get you hard it's this other stuff that gets you hired so high availability network design so availability means the service being ready for use when you want it so designing for availability can become very costly and going from four nines availability to five nines availability is a massive difference in cost and we can help you with that so massive mass of massive difference in cost so we're going to talk about availability is he beating 99 99.9 99.99 which most people not me but most people would consider to be highly available and 99.999 percent which is what i've worked with for the last 20 years very small number of people can do it but you can put together systems that are 99.999 available if you build the right team and that's what i've been test with forever so why is 99.99 good enough it means that the systems will be available for everything other than basically 50 minutes per year which means less than an hour is enough for most organizations now i want you to think about it this way if your internet service provider is down for an hour per year well if you're a home it's expected but if you're a business it's not okay if you're a hospital and your systems go down someone can die if you're a bank and you've just placed a trade for a million shares of the stock and the stock price went down ten dollars and you can't sell it it could be very expensive so banking healthcare service provider these organizations need real availability meaning 99.999 availability which means about five minutes of downtime per year so keep that in mind these are what those numbers look like metric wise as you can see 99 not real good 99.9 percent still 9 hours of downtime per year if you're lucky that's what you're going to get from your home internet service three nines four nines relatively highly available network five nines five minutes and 15 seconds of downtime per year look at that that's seriously high availability so how do you build a high availability system well no i mean no single points of failure so i want you to think about what that looks like what we've talked about over this last week redundant power that means redundant transformers coming into the building that means redundant uninterruptible power supplies it means redundant generators it means redundant cabling and it means redundant power distribution units it means two sets of cooling air conditioners in there not just one it means networking connections you need to be redundant one is none two is one and three is greater than two it means your router should have multiple control modules multiple power supplies and they should be redundant redundant routers it means you should have redundant switches and redundancy in your switches that mean your server should all have two power supplies and be designed for up time it means your load balancer should all be running and operationally full time and be redundant it means your dns needs to be set up right it means your storage needs to be redundant and it means your applications need to be redundant so here's the thing one is none two is one and three is greater than two so build some redundancy in there now i know i keep talking about this for this reason i keep talking about these high availability routers because aws will keep saying our routers are highly available don't worry about it don't worry about it don't worry about it they are highly available but the router that you can use to connect to the aws router isn't so you need two routers to connect to aws to a minimum of two because if the router fails on your end it doesn't matter that the aws end is high end so two routers so dual power supplies dual control modules and guess what if you're going to use a link aggregation group and i recommend you do bundle multiple direct connections together in a high performance thing make sure they're not on the same line card in the router so that way if you've got four links ideally they're on four cards if two cards fail you've still got two large cards linked so really really really and the last thing is make sure that you're running stable firmware when i log into my firewall i see this there's a little thing on the bottom this is the biggest joke i see this on my firewall when i log into my firewall your security appliance is running stable firmware to try some of the new features we've been developing l47 sd-wan device monitoring many not over autovpn please check to upgrade to the latest beta who puts beta code on their devices so the point is is you got to look at what you're doing don't use beta code so high availability redundancy and making sure that your things are there so what else goes into building a high availability system and why is it so much easier in many cases on the cloud why why why aws already has the redundant power aws has the redundant cooling aws has the redundant internet connections they've got redundant routers redundant switches so all their stuff is already done for you so with aws they've done two thirds of the work so it becomes a lot easier so let's talk about building high availability high performance on the cloud best practice multiple availability zones minimum minimum two availability zones gets you to 99.99 available which means four nines which means 50 basically 52 minutes i think it's 52 minutes a day on time per year or 50 minutes reasonable anything that needs to be high availability should be in two availability zones that means your computed instances or virtual machines your databases your load balancers all of it should be in multiple ac's because you want it to work now if you need nine 99.999 five nines you have two options option ones i don't recommend multi-az and multi-region that gets you to 99.99 available on the aws cloud why don't i recommend that well i'm a fan of building redundancy aws is incredible aws architects are incredible they're engineers that build their systems are incredible but everybody has outages and if you go multi-region multi-az and aws has an outage you're still out regardless of how good your systems are so i personally if i needed five nines would do two azs on aws and two availability zones on either azure or google or oracle and that way i've got two clouds that are each 99.99 together i've got five nines and i've got redundancy amongst cloud providers redundancy bugs internet providers redundancy everywhere so personally if i need more than four nines availability i'm using multi-clouds and two availability zones per cloud that's me because i don't look what's the simplest i look at what gives my customer the best long-term options so there's that now what else when we're dealing we want redundant network connections so for most clients it's going to be a direct connection on a vpn but not everybody so some people will have a primary direct connection and need a backup direct connection other people can get away like and some people will have a four 10 gig links and a link aggregation group if you've got four gigs four 10 gig links or 40 gigs as your primary link in the link aggregation group chances are you're not going to get away with a 1 gig or a 10 gig vpn backup if you need 40 gigs of direct connection to work a one gig vpn isn't going to work you might need a redundant link aggregation group so kind of keep these in mind now when you're getting your network connections don't get them on the same service provider two connections on a tnt is crazy because if 18t has a problem you're down on both a connection through a t and a connection to verizon or ntt or centurylink i don't care pick two service providers to connect you you're sensing something huh to data centers cloud providers to service providers to routers two of everything so you know sometimes when people are like mike do you not like the cloud is that why you want two clouds no i love the cloud that's why i want two clouds i wanna know that it's going to work everybody has outages azure got hacked last month pretty badly their databases their customers got attacked it wasn't good and azure's great they're smart they've got an incredible number of smart talented people facebook had a massive outage people have outages it's just going to happen look how many times linkedin goes down and it's great linkedin goes down facebook went down instagram went down whatsapp went down the reason i'm saying these are the best network operators in the world and they still go down and they're the best everybody else will go down too so plan around it and have redundancy multiple cloud providers now security if your systems get hacked your systems are not available so when you're building a high availability high performance environment you need security so let's talk about that principle of least privilege we talked about that the need to know don't give people access to more than they need to know we talked about on your servers making them secure we talked about patching the servers we talked about disabling unnecessary services for example like when we talked about the server for a linux server doesn't need a graphical interface shut every unnecessary service down use aws organizations so that you can limit it so that if something happens in this part of the organization it doesn't have to affect this part of the organization limit the blast radios keep unwanted traffic out of your subnets with network access control lists keep unwanted traffic out of your servers with security groups use a firewall an ids ips system use some ddos protection get good physical security the devices that are connecting to the clouds and the level of security you need is going to be based upon what you have to secure if and when you have to use passwords use strong passwords when you can use something stronger use it if you've got good configurations template them templin them with a thing like a claw formation template or better yet terraform template stuff that's good so you can do it right right and more right back up one of the biggest issues organizations have is data loss back up consistent backup strategies protect against data loss your backup should be stored in at least one secure location i back up i've got a set of backup drives and i have an off-site backup and i have a third cloud backup i have backups to my backups you should too create images of the production servers and that when a server goes down you get another one back up and store your router and firewall configurations high availability high performance now let's talk about ways we can do more auto scaling whoa auto scaling is the greatest auto scaling can help us auto scale out of the ddos attack if for some reason we got a lot of traffic patterns which could accidentally just ddos our own things just because more than our servers can handle auto scaling can let our systems grow and be self-healing decouple our applications whenever ever possible so use queuing use anything we can to decouple our applications and in the process of doing something we're going to boost our application performance use caching to offload our servers use redundancy in the dns use load balances that remove single points of failure by enabling us to use ten small servers instead of one big so we cannot eliminate single points of failure so realistically speaking this is what we're trying to talk about log your systems look at the logs monitor for system alerts constantly check out their search for security breaches look for usage and monitor for performance these realistically are the things that we're talking about now the last component of these high value-based systems is change management in fact when i interview people i ask them what goes into five nines and almost no one knows to mention change management which means i know they read a book but they've never worked in tech anybody that's worked in tech knows that change management is one of the most critical components of delivering a five nines available network meaning something that's going to be available when you need it all but 5 minutes and 15 seconds of downtime per year this means that if you're going to make a change you ask everyone ahead of time you make sure that your change won't affect anything anybody else is doing everybody agrees on the change everybody agrees on the time on the change everybody and after you make your change everybody that matters checks their systems to make sure there's nothing wrong and if there is you all work together to fix them so this is how you build a high availability high performance system on the cloud or off the cloud it's really the same thing or in a hybrid cloud or in a multi-cloud environment so let's do this so let's see if we've got some questions and after that maybe i'll whiteboard something with the group question well aws outpost be considered as a hybrid cloud enabler i want to make sure aws outpost is the service that i think it is because azure's got one that's just like it so aqua very interesting the aws outpost is very similar to a what do you call it an azure functionality that enables you to run some things on their infrastructure as well as your infrastructure and the concept of enabling people to run some of these workloads in their data center on the cloud providers is there now here's what i'm going to say now first you've got the openstack cloud and the nutanix cloud and when i look at what azure is trying to do with their edge computing and pushing it into the data center and i see that with aws outpost it looks like the event the cloud providers are starting to say wait a second we have to compete with the nutanix and the openstack solution the nutanix and the openstack solution allow the organizations to leverage their data centers and work and use the servers that they already paid for to handle their compute loads in a seamless environment so because of this because there's these great companies that are giving organizations the ability to do it the cloud providers like aws and the cloud providers like azure have to give the users to do it so aqua i think what's going on is the hybrid clouds are becoming so much more important that the cloud providers are saying we can't afford to lose it to open stack and we can't afford to lose it to nutanix so we're going to go out there and we're going to let you do some of it yourself with our stuff and it's going to look and feel like aws on your own environment and because of that you're going to be excited and call it all cloud computing so yes aqua i think it's exactly what's going on and to me that is another hybrid cloud enabler it's actually them trying to basically say we realize that the hybrid clouds exist we realize it's not all coming to us we realize we're not a single vendor solution so here we're going to work with you and give you some of what you need so you don't have to go to openstack or nutanix to do it that's the way i see it and i think by the way it's a very good thing i am very excited to see these kind of outposts and these ada and these azure environments without letting organizations do the computing in their data center or on the cloud pay for the workloads in the cloud not the data center it's going to make things seamless and i think if the cloud providers do it so beautifully and so elegantly they actually have the potential to take out the hybrid cloud people because then i think they're now orchestrating it very nicely so i think it's a great thing aqua you're exactly right aqua you're always on the bleeding edge of knowing where these trends are coming from and i think that's comes from your good networking background so absolutely aqua david page if you're using two routers to awns would you use two different router vendors no um i'm gonna pick the best router vendor i don't need two router vendors and the reason is routers don't go down like a vendor would so somebody else's network would go down so if i've got a phone line from a t the reason it's going to go down is somebody's going to dig in the ground and kind of cut fiber off the connection or somebody's going to make an error on a switch a router or an inanimate object that sits there that's going to work isn't going to just break um just because of it so no i wouldn't do that because if you do you're going to run into more problems related to vendor interoperability than you actually would get from benefits but i'd make sure my two links are up of different service providers every step of the way chris you want to bring in the next one they have a page if you're going to have four 10 gig links direct connections in the loot congregation group do they all have to be from the same vendor yes you should have to so david what you're going to do when you create a link aggregation group is you should have four from say a t and one link aggregation group and your backup should be say four from verizon when you're dealing with a link aggregation group you're dealing with bundling four links or two links or three links together and in the process these links must be equivalent latency and any variations in the latency between your links can be kind of ugly so realistically speaking you should have one link aggregation group with just one set of service provider links and another one with another set of service provider links so realistically speaking two sets of link aggregation groups a primary and a backup because if you need 40 gigs primary you need 40 gigs backup so i recommend you do two with different people so that's exactly how i would suggest it so i know i don't see any other questions here but i want to make sure that we get there so there's one question that i don't think we actually answer and i do want to answer it and it's related to the togap question it's from old time oh no um never mind i thought uh it's from tom worth the ortheus where it says so don't spend time on togaf chris do you see that yeah you ended the last question an intercessional took off oh okay didn't realize that but you can cover it again since you brought it up so i think the previous person asked if i used toe gap and i said no and for the reasons why i didn't and then this was the question which came right up after that which was from tom which was so don't spend time on togaf starts tom i want to make it really clear certifications don't get anybody hired certifications do make a resume look better and certifications can get someone an interview so i don't have the problem with the togaf per se the issue tom is what's going to be in your best interest what's going to be the best thing to build your long-term career and if you're an architect it's probably not togav so here's the thing the architects and we engineers are different we architects are about business transformation and while the togeth is a nice little certification and maybe the toe gap bumps up your salary about ten thousand dollars a year and it probably will that's all it's going to do so tom i'm about you know hitting the things that matter you know put eighty percent of your efforts into the things that deliver the maximum result and only leave twenty percent of your time for the things that leave minimal results 80 that most people spend their time on certification i'm going to make this really clear certification the statistics are really clear has on average the potential to raise your salary by about ten thousand dollars a year now the rest of it is where the levers are so when we're talking about building careers tom when we talk about soft skills training we're typically talking about a 33 boost in someone's salary and we talk about emotional intelligence training we're typically dealing with about a thirty thousand dollar difference in someone's salary so while you could spend the next six months of your life working on a toe gap certification to raise your salary by ten thousand and make your resume look a little better if that same person would focus heavily those same six months on soft skills and their emotional intelligence they can realistically speaking raise their salary on average about eighty thousand dollars a year every year for the rest of their life which is an additional 2.4 million dollars over a 30-year career so tom when i'm dealing with careers and i'm focusing on careers i want to make sure that we have rock solid technical competency because without rock solid technical competency we've got nothing and then once we've got that technical competency get out of the tech focus on the business acumen focus and the leadership focus and the soft skills the emotional intelligence focus on business acumen focus on industry expertise focus on something that makes you so good and so valuable to the organization that they can't live without you that they'll literally be willing to do or pay anything to have you on your team it's not that i have any issue against the togaf sir it's just that i like to spend my time where it's going to have the best return on this investment and toegaf just unfortunately just is not there so that's the reason why old time honey official one of the companies you work for wanted to use azure they said it was the fintech standard do i run into this when trying to plan an architecture for certain organizations i run into lots of reasons organizations don't want to use a certain cloud provider and it happens all the time i run into organizations that won't use a specific cloud provider because this cloud provider kicked the company out of their data center because they didn't agree with their mission and i deal with 20 of the customers that say i don't want to use that cloud provider i'm like but they're a great cloud provider and they're like i don't want to use it for this reason don't put me there i'm like okay i have other people that say i want to go to this one and it has to be this one because my brother works there okay so really the key for me is i know lots of fintech companies that work on aws i know lots of fintech companies that are on google and i know lots of fintech companies that are on azure i when i design my systems i design what's best for them and it usually involves two of these really great clouds one of them is usually aws because of their ubiquity and another one is going to typically be either azure or google or somebody else because i want a backup of the second cloud so i don't really have that problem i start with the customer i evaluate the customer's business and by the time i'm done evaluating the customer's business the people are far more concerned in my solution and they don't really care whether it's aws or azure or anybody else they care with what is the solution so i don't run into these stumbling blocks but then again i have to be fair i don't really play the role of the technical architect i'm an enterprise architect i start with the executives i start with the business i only address business issues and my vehicle to fix the business issues is tech the tech is not the tech is my tool it's not my goal secure most of the time the customer is going to come with a budget and request for high ability performance and how are we going to give the design with less customers with less components you're not um you know you've got availability and you've got a certain level of things to do availability if you're running into these real major cost issues is because the architect isn't doing a good job the architect is not quantifying the problem properly if you don't quantify the problem properly you can't sell the value of your solution if an organization has got a billion dollar problem and solving that problem generates a billion dollars then 30 million dollars is real cheap to do it having said that if you can't show that you can solve that problem fifty dollars might be more than the customers willing to spend so it's up to you to quantify the problem it's up to you to show the solution to the problem it's up to you to be able to do that roi modeling and show financially how the expected value of your solution will be much greater than the cost only then is it something the customer will buy you know if you sell something for a thousand dollars and the thousand dollars doesn't give your customer any value it's really expensive if you sell something for ten dollars and it provides no value for your customer it's really expensive if you sell something for a million dollars but the customer gets three million dollars interest then it was cheap the customer got paid to buy it so shakir be the person that solves the customer's problem don't be the person that sells them the tech the tech solves the problem the tech sells itself you solve the problem that's where the budget comes from otherwise you're going to be chasing your tail constantly dealing with money money and more money so does anybody want to design a high availability cloud right now map it out maybe one or two clouds a data center some high performance you guys want to do it if you want to build a high availability cloud solution type high availability cloud solution and the chat box and i'll do one with you in real time otherwise you know it's up to you try to give you guys a little bit of flexibility these are the main points that i wanted to cover for today um with regards to the content but if you guys want to do some high availability cloud situations i see one from pierre lincoln let me know if i see enough high availability cloud solutions we'll spend an hour and we'll architect a nice high availability i see shapur um i see shafiq i see pier i see marla i see uh um kristen christian rowell i'm so okay maybe i didn't see enough people there's 80 people on this call somebody give me some likes somebody uh if you're not there you know hit the hit the subscribe button tell others and then let's go do some high availability system design okay i'm starting to see some people so i'm starting to get the feeling that you guys are awake alert and oriented so let's do some high availability cloud solutions okay let's map it out okay we have mike's nice fancy fancy fancy white board and my great artistic drawing capabilities which involves squares triangles and blue and white colors and arrows and lines so let's do some fancy artwork over here everybody high availability so let's look at some high performance cloud computing networking so let's say we have a website and we want this website to be super high availability and we need super high security and let's say we're building a website that has to handle 50 000 web requests per second so we're going to need some robustness let's say we decided to go to the cloud and on this cloud we want to make sure that we know that it's going to work so all of you guys are going to have to help me i am a ceo i know absolutely zero about technology my name is mike the ceo i no longer i'm a solution architect i am not a cloud architect i am not an enterprise architect i am just mike the ceo so i'm non-technical so we're gonna together do a high availability architecture and you guys are gonna have to help me you guys are gonna have to google you guys are gonna have to think and it's gonna be fun so let's go do it let's say we're example we're designing i'm going to tell you that right now i have been funded i was lucky enough and i reached out to a multi-multi-billionaire friend and my multi-billionaire friends says to me mike i need you to build one of the best ecommerce sites in the world that's going to specialize in selling cat toys and i said why cat toys and they said because your cat cindy is a celebrity everybody knows him and you want to sell cat toys and i'm like okay cat toys it is and they told us that the way they want us to sell cat toys is to develop a website and on this website we're going to have the most dynamic content engaging content and videos accounts so we're going to have static content and dynamic content and it's going to drive everybody to our site and it's going to be global and apparently if we build this right people are going to be buying cats according to the to our sponsors they're going to be buying cat toys 24 hours a day seven days a week they're gonna be buying food and toys and it's expected that we're gonna do a hundred billion dollars a year on our first year because we've been given a 10 million a 10 billion dollar advertising budget by our super rich benefactor that wants us to sell cat toys why cat toys i don't know well i could think of right now my cat cindy's being energetic today so here's what we're gonna do now we know right now with what i've told you that we're going to have an incredible amount of hits what do we say 50 000 hits per second we expect a lot of letters so let's see what we need we're going to need high availability connections to the cloud right so let's say we're sitting here and let's say we've got our on-premise environment everybody we are here i need you to guide me so we have an environment we expect a hundred billion dollars a year of sale of cat toys does this look like something we're going to build a brand new data center or maybe we should go to the cloud do you think we've got a scalability problem here everybody do we need high performance should this go cloud or should this go data center tell me in the chat box aqua's first question is accurate excellent we cannot tolerate more than five minutes of downtime per year thank you aqua and we cannot be hacked aqua if we get hacked we are out of business so pierre lincoln you're saying cloud because of the scalability is that the reason kenya carl cloud due to scalability i like that derrick houston cloud due to scalability marla jeannie cloud yes this looks like we should go to the cloud well marek we need a lot of load balancers here like a lot a lot of load bouncers but yeah we're going to go to the cloud so we're going to go to the cloud so now nines availability so now five nines availability do i stick all our eggs in the aws basket or do we do half aws and half azure and work around any kind of concerns what would you guys suggest five nines availability we can't handle more than five minutes and 15 seconds of downtime per year and we expect alex wood excellent two cloud providers so we'll map out the whole thing we need scalability and we need to know that we're available so let's do this let's set up aws because it's a great cloud and let's set up azure because it's another great quote no let's make sure we really do this right okay so now we're on two clouds we're gonna put half and half marla excellent half and half great job marla so now what kind of connections do you think we should have to these clouds remember hundred billion dollars a year of cat toys we're going to sell what kind of what kind of connections are we going to be using vpn connections here are we going to be using high performance high availability connections because we want everything to work derek every day you impress me so kenya carl direct connection yeah i'm going to use direct connections so we probably if we're dealing with 50 000 web orders per second probably are going to need more than 10 gigs we're definitely not going to be using a vpn here we're dealing with high performance huge connections so we need private lines so we're going to buy a private line azure calls it express route aws calls it a direct connection so we are going to need multiple routers across multiple service providers so here's what we're going to do we're going to get two routers to aws and we're going to connect to two ha routers at aws we're going to do a primary and a backup direct connection because cost doesn't matter and we need it to work we're going to have two more of these little routers we're gonna do a primary and a backup direct connection location 100 billion dollars a year i don't care about a couple thousand dollars extra per month it is irrelevant for me um alibaba is a great cloud when you're dealing with stuff in china there's the great firewall at china and there's lots of complexities dealing with china unless i did a lot of business with china i would keep it to aws azure google dell palo alto or cisco clouds right now not that i have any aversion to alibaba they're an incredible company but you know for simplicity purposes i try to use the local clouds that we're dealing with now right now we've got direct connections to aws and azure we're pretty solid but personally i would create some connectivity between azure and aws and here's why i would do this by doing it this way if we lose at both of these routers we can still reach aws through azure if we lose the connections to azure we can still get to the connections between aws and this kind of puts us out of dealing with low performance vpn connect connections in between things and quite frankly what we probably would have in many of these cases is most likely a couple of link aggregation groups because if we're going to deal with an environment like this we're probably going to have redundancy on both lengths and we might need 410 gig links i mean this is relatively high performance networking to deal with something like this so that kind of is what each one of these environments is going to look like now let's let's architecturally look at what the web app would look like and we're going to design one and then we're going to do the same thing for azure guess what because i'm not a tech professional i'm just a ceo you guys are going to have to tell me the tech so let's go create our application and we're only going to show it in the concept of one availability zone because it's going to be the same in both but i want you guys to map it out we're going to have some fun over here so actually it's not going to do let's just map it out so we need to connect to the internet for our web servers does anybody remember what that device is that connects to the internet with regards to aws what's it called we talked about it on day one there's a device that it's a router that connects to the internet does anybody remember what that device is called somebody help me by tying it in the chat box it's called an internet gateway great job an internet gateway connects us is a router that connects us to the internet so behind the internet gateway we'll have a firewall which we'll put somewhere else and yes aqua aviatrix will happily connect excellent job aws and and azure totally totally totally um exactly so we've got an internet gateway that's connected to the internet and behind the internet gateway well after our firewalls there's going to be the device now what if i want to have more than one one web server what's that device i use if i want to use more than one web server what's that device called there's a technology that enables me to load share across multiple internet multiple devices that's right amaranth good job amaranth and genie we need a load balancer to load balance across these things so now we've got a website everybody the website itself has to deal with 50 000 requests per second 50 000 web requests per second so that look like an application load balancer that's intelligent and slow or a network load balancer that's fast we need a network load balancer because we need the speed exactly derek we need speed otherwise we use an alb so we've got a network load balancer now what's a virtual machine called an aws that we would use to put our web server on what's aws call excellent aws calls their virtual machines ec2 instances old-time honey official and amaranth and genie good job so we're going to have our ec2 instances okay good so ec2 instances let's say we've got 50 application servers or 5000 application servers not just one we're going to need a device to load share across application servers what do you think that device that load we need to load balance across application servers is going to be called somebody help me here with the how somebody help me here with what we need to use uh derrick exactly we're getting another load balancer network load balancer application load balancer depending upon the speed and performance we're going to need a load balancer so let's say we're going to use another network load balancer because we still need to perform it the point is is we need a load balancer whether it's an application load balance or a network load balance or application load balancer if we need the intelligence network load balancer if we need the performance we've got a website that's handling 50 000 requests per second we're not getting away with an application load balancer we need a network load balancer we need performance if we were getting a thousand web requests per minute we'd use an application load balancer so now we know what we need but we still know we need a load balancer now we're going to need a database we need a database that's going to scale and be capable of handling a huge number of transactions huge number of transactions plenty of read plenty of write and we're going to be on two clouds so somebody give me one of two one the kind of database that we can use that'll enable us to have unlimited scalability and then flexibility in our schema what kind of a database could we use considering we want to use two okay no sql is good cassandra is good yes cassandra is good any other opportunities we can't use dynamodb or cosmos because we won't be able to work across multiple cloud providers we obviously aren't going to use a sql database because we need a lot of performance so when we need something that gives us flexibility and schema and extreme performance and unlimited scalability we have to use a nosql database which means realistically speaking mongodb or apache cassandra these are one of those places that we're going to come from so we can't use things like aurora we can't use things like dynamodb or cosmos we have to use things that are standards and then we can work across cloud provider it has to be that way that's why we wouldn't use maya well my sql would work alex but it's not going to scale to our needs we need a no sql database but otherwise that would be good so let's say we have we let's say mongodb so dark oracle is a fantastic sql database but we probably need a nosql database for something like this so this is what we're going to do at aws now if we go to azure remember i'm not a tech professional with azure we don't have an internet gateway we put our stuff in the public subnet so let's just call it the public subnet so here's our azure architect azure still needs the internet they don't use the with azure we basically use the public subnet now we need do we need a load balancer with uh azure and if so is it going to be the same network load balancer that we need with aws does anything change with a load balancer architecture is it the same on azure um as aws everyone shafiq yes it's gonna be the same so everybody now here's what i want you guys to do so we can say that we've been solution architects for the day and not just cloud architects let's come up with the solution architect piece we'll come up with the name okay aws calls this an internet gateway aws calls their network load balancer an elastic load balancer aws calls their virtual machines in ec2 instance aws calls this an elastic load balancer mongodb where you putting it you're putting it on an ec2 instance okay now with aws we've got the i'm sorry azure we've got the public subnet what is azure call their load balance oh wait they call it an azure load balancer what do they call their ec2 instances they call them a virtual machine gotta have our app servers in here somewhere so let's call this an azure load balancer instead of an nlb because it's got we'll call it an azure load balancer now they don't call it an ec2 instance they call it a virtual machine and we're going to put the mongodb on a virtual machine now we're on two clouds okay so this is why when i tell people when they say which cloud i should i learn i say don't learn any cloud learn the cloud notice what we did first the architecture that we came up with we talked about the modules the load balancers the virtual machines the load balancers the virtual machines the databases it doesn't matter when we build our architecture this way guess what we'll go to google we can call it if it was google it would be a cloud load balancer it would be a compute engine instance a cloud load balance or a compute engine instance we'd install the same mongodb on a compute engine instance and guess what if we went to the oracle cloud we'd do the same if went to the cisco cloud we'd do the same if we went to the dell cloud we do the same the new town is called the openstack it's the same we're just changing the game it's like the rolling it's like the rowings no the the who song meet the new bus same as the old bus we won't get fooled again don't believe the cloud provider marketing speak it's all the same it's a virtual network in a virtual data center so the next component aqua aqua this is why i know you've been you're such a great architect he's already bringing it about the system can't get hacked so aqua what do we need to do how do we lock these systems down because now we've done the network piece but we have not done the security piece so we want to speed our content around the world as fast as possible so that everybody gets access to cindy cindy's photos in these videos and cat toys and cat food and cat treats because we want the cat loving community be coming to this website sorry my cat was really she slept on my feet last night and woke me up licking this morning so i'm in a cat mood so anyway so we're now dealing with the cats and we're having fun and we're building these great cat toys and cat toys environments so derek houston we're going to put ddos on great on the content delivery network excellent so derek we will have a cdn i love that derek we're going to put a cdn there and you said you're going to put some ddos protection on the cdn ddos excellent job there now um i see the ddos and the cdn but i don't see anything related to how to secure this yet so i'm gonna use some something to keep uh oh wait to keep bad guys out i see perez the dev has got a good answer there i see shafiq as actually in the right direction so the question becomes is is this mission critical security or is it basic security if it was basic security i would use aws web if this is mission critical security i am going to get a serious security appliance i am going to get it from the marketplace so i am going to get a firewall now what kind of availability did we talk about five nines so if i get a firewall from the marketplace where does everybody tell me in the marketplace fire well where does the marketplace firewall sit on is it do we go in there and we rack it or did the marketplace firewall sit on the virtual machine somebody let me know in the chat box remember you guys are the cloud architects i'm just the ceo because this is really important old time honey official pier lincoln tom who's got a name that might be greek like mine um derek houston it resides in a missional perez is mission critical means we've got to use something strong but it's on a virtual machine is a virtual machine a high availability device everybody or can a virtual machine crash the virtual machine is not a high availability device it can crash a firewall that you get from the store that you rack that runs a heartbeat back in between between the firewalls and they say firewall firewall firewall they can do that but the virtual machines can crash which means we need to use more than one virtual firewall we need to use more than one virtual computer how do we use more than one virtual computer what do we need to do if we need to use more than one server what's that magic device that we could use that magic device that improves performance and availability by helping us load share across various computers we use a load balancer kenya carl exactly we're going to use a network load balancer we need a load balancer for those so now what we need to do because our vms can crash is we need a load balancer so let's think about what our options are let's say we've got firewall remember this is not our data center we're not going buying the cisco router screwing it in love the cisco device but we can't do it so we need two firewalls and what are we going to use we're going to use a load balancer of some kind we need a high throughput high performance load balancer so we have two options we can use what everybody's used for the last couple of decades which is basic or the last period of time which is a network load balancer but what with the aws also has they have this concept of a gateway load balancer which is really like a network load balancer that's designed to load balance between firewalls and routers i'm gonna call it a network load balancer aws doesn't have a lot of information about their gateway load balancers they don't talk about their performance they don't talk about their specs can't even tell if it's anything different than a network load balancer with anything other than a different name but we can use a gateway load balancer for it it's a great option you can use a network load balancer i'm just going to use the network load balancer here because it's what i've done in a lot more environments than it's where my comfort zone exists but they're both good options so now that we've got our firewall ideally this is a next generation fireball but let's just pretend it isn't for right now so if it's not we're going to use an intrusion detection intrusion prevention system in fact aquo's answer that he just put there the f5 load balancer from the marketplace is definitely an alternative and guess what everyone when you need high features high functionality load balancers you know what you're going to do you're going to get an f5 load balancer here and you're going to get an f5 load balancer here and you're going to use an aws network load balancer it's a load balancer your f load balance your f5 firewalls so why do you do that these pretend these were these these load balancers these were f5 load balancers instead of firewalls any virtual appliance that you get from the marketplace is in an ec2 instance which is in high availability so in the cloud we use load balancers to load balance and our way out of limitations on the cloud so there you go cdn network load balancers firewalls ids ips now what so let's look at it let's work through everybody okay so the cdn doesn't let only forwards legitimate requests to the servers and and yes cm great job so the cdn blocks that the ddos protection stops even more the load then we go to the firewalls and and that blocks everything but if something passes the firewalls have got the ib ids ips system now we're going to protect the subnets with the network access control list and after we use the network access control lists we're going to protect our servers by using security groups what are we going to do after the servers we've got to protect your servers right well what if we put another firewall on the servers like a host-based firewall maybe we put some anti-malware protection here maybe we disable some unnecessary service maybe we do some patch management so that's what we're kind of trying to do over here to make it work so now we're going to really lock down our servers then is there i want me a second um conceivably derek i believe the answer to your question is the yes that you can actually put a network load balancer in front of firewalls and spin up additional ones i believe the answer is yes but i've not done that so i don't want to confirm that but i think so so now once somebody knocks on the door and bypasses all these things and they're on our systems we need to determine who they are what they're allowed to do and then track it what's that called peter lincoln um actually peer lincoln great question so pierre lincoln if we were in the data center um we would do the same thing we would still have a content delivery network we would still use the firewall we would still use an ids we would still use access control list here lincoln and we'd still do the same thing on the servers in the data center too okay yeah so determining who the users are and what they're allowed to do and paying a track to them is what's called identity and access management also known as aaa authentication authorization and accounting so we're going to put our triple a here or i am now are we going to be crazy and think we're going to go to the aws management console and add every single user as a user or group or we're going to do something like federate to microsoft active directory we're going to federate to an identity provider like active director like anybody else would and what else should we do with our stored data should our stored data be out there for everybody to read or should our stored data be encrypted somewhere along the line nitro pen exactly we're going to use microsoft ad we'd be crazy to try and do it otherwise and probably what else i think maybe we should be looking at logs and audit trails okay yeah we're definitely going to use some encryption okay so here's what i want us to do we're going to now because i my point is always learn the cloud and not a cloud provider we're all going to right now um do what we need to nitro pam we can't do vlans here unfortunately so everybody what is the age let's we're gonna we're gonna do two of these we're gonna do one of these for aws and one of these for azure you guys are gonna have to help me remember i'm not a tech professional what does aws call this content delivery network remember i'm a ceo today not a tech professional what is the aws content delivery network called somebody let me know in the chat box and also after that tell me the name of the aws ddos protection service so cloudfront is what we're using cloudflare shariq is another very good one but that is a different cdn so we're going to use cloudfront derrick houston exactly cloudfront and we're going to use advanced shield excellent job so we're on aws what is aws calling i'll call a network load balancer they've got some funny marketing speak term for it for our network load balancer what's that thing called they call it an elastic load balancer excellent okay so now we're doing some marketing speak okay for the firewalls we know we're going to the marketplace want an ids ips system everybody where we go and we're going to the marketplace network acl is called the network acl security groups called a security group because we use the aws terms initially okay how do we connect aw on aws to microsoft ad what's that thing called that we use that connects us to aws i mean ad microsoft ad that actor directory thing that causes a connection um we do use saml 2.0 as the language that we use but it's actually technically called ad connector great job david great job certified ethical but we are using saml or security association markup language 2.0 to do it yeah aqua that's a good point we probably could try and use guard duty as sort of like ids ips but i'm gonna try and get something from the marketplace but yes that does sort of function like an ids ips system it's a great point they're aqua okay so what is this logging auditing kind of functionality in aws called where you uh where what is that auditing thing called where we can look for an audit trail of what our of what our people have done cloud watch is logging cloud trail is auditing excellent cloud trail we're going to look at cloud watch and cloudtral okay now what do we have to do on aws to enable to turn on aes 256-bit encryption for our stored data single sign-on will definitely work rao as long as we're using microsoft ad connector we have to enable something the key management system excellent genie a reef david wilson excellent amaranth nice kenya carl wonderful so fantastic so we're going to enable the key management system oh wait we're using two clouds aren't we so let's do the uh okay which so let's now let's do the okay well it would have helped if i was actually on the same one so let's go over to here uh for the c now we're going to do azure what does anybody know what azure calls is their content delivery network and as well as somebody tell me the azure content delivery network and the azure ddos make sure we know the azure azure cdn network they've got a really great name for it it's going to be relatively easy to understand now that we're welding the azure network okay so pure lincoln is called the azure content delivery network exactly so they call it azure cdn but pure lincoln i actually think you're right i think they call it azure ddos protection okay so what does azure call a load balancer they're they're a little less than the marketing speak that with azure they're a lit you don't have to think too hard to figure out what their tech is it's one of the reasons i love working with azure help me out here remember i'm the ceo you guys are the architects they call it an azure load balancer excellent now with azure where are we going to the firewalls we're going back to the marketplace no different where are we getting our ids ips system back at the marketplace okay what is a network acl on azure because i was recalling that network security group but is there an azure acl it's called an azure network an azure network access control list and then after that there is a network security group we're going to do the same host-based firewall anti-malware sure now what does what is this what is this active directory thing on azure called what do you think azure would call active directory they call it azure a.d we have to do anything on azure to get 256-bit aes encryption or is it just standard and native like it should be how about the encryption piece everybody by the way if you're hearing you're having fun if you can hit the like if you can tell a friend we like any help that we can possibly have on these algorithms native great job tom it's a great job derek it's there genie exactly cloud hired okay so um the only thing that's missing now is uh azure log somebody tell me what azure logs are called oh what do they call them log analytics right there is a monitor logs as well i believe amaranth is as well so good so but that's really the key the key is over here right now what have we done we've designed the tech the tech changes so i want everybody to know that look if this was oracle i mean if this was google this would be a cloud load balancer and it would still be a marketplace solution and it would be the google variation of the network acl on the security group it would be the google saml 2.0 connection to microsoft ad it's not going to change anything it's the same because the cloud is a network and a data center that's been virtualized so if this was the data center we're still going to use a cdn like akamai and we're still going to use akamai's data protection we might still need to use a network load balancer to front end to palo alto firewalls are just will let the palo alto fire wells do their things and will either use the next generation capability on the palo alto firewall or guess what we'll get an ids ips system too we'll put access control lists on our routers we won't have the ability to do a security group at all in the cloud but we can do layer 2 acls 802.1x authentication private vlans we can rate limit on our things and we'll be able to do 10 times more security in the data center that we couldn't do the cloud we do these same things in the data center we deal with the same microsoft active directory we deal with the same encryption and we still are going to deal with the same log analytics it's just going to be a different package so all of this all of this 100 of this is the same if it's done in the network and the traditional data center if it's done in the cloud provider the location the geography is 100 irrelevant that's what i wanted you guys to really learn that the cloud doesn't matter if it's aws if it's azure if it's nutanix if it's it doesn't matter what only matters and there's only one thing that matters is solving the customer problems you solve the customer problems you do the business piece of the customer problems you create the technology solution and then after you create the solution only after you've designed the solution you even think about whether it's aws services and azure services and you're going to have your team evaluate the pricing on all and see which is cheaper you'll have your team help you because this is not a one-man band this is in every shape of the form a team sport so connect your two clouds connect year three clouds and you get high availability what are really the chances in your mind really seriously think about it what are the chances of two availability zones in aws really going down not much what are the chances of two availability zones and azure going down not much and what are the chances that simultaneously you will have a catastrophic outage at microsoft and amazon all at the same time not very much now the chances of having azure go down or amazon go down independently would be much greater than the chances of azure and aws simultaneously going down so that's why multi-cloud one is none two is one three is greater than two and a single cloud is quite that a single point of failure so pierre lincoln it looks like you've got a question do you want to bring up that question um chris so i can actually read the question so if you connect two clouds together you get much higher availability absolutely pure so the question you asked is that is is what we find out from the ceo to know okay so let me summarize peer's question peers asking me is what the company tells you what drives the solution absolutely so there's the incorrect way and there's the correct way my friend andrea said god gives us one mouth and two ears for a reason so we can listen twice as much as you speak so here's the thing we go to that executive or whoever that executive is could be the ceo could be somebody else we asked them what's going on in your business what are your goals only when we know what they're trying to achieve can we even think about the technology now i've got to tell you in my experience i've seen engineers try to solve problems before they've even identified the problem i can literally be i i and in the last 3 000 interviews i was i would literally give an interview extra i would give a situation and before people heard the situation they already told me which services they were using none could have been hired because none of them even were solving none of them even identified the problem that we're trying to solve so first is identify the problem if you've correctly identified the problem then there's the solution so people say mike why are you so soft skill success why are you so executive communication skills success well because if you don't define the problem correctly your solution will break your customer great example when i was growing up yes i'm admitting how old i am right now when i was growing up coca-cola was the market leader in soft drinks they had an iconic brand known throughout the world pepsi another soft drink maker had a very different strategy pepsi strategy went and hired the world's best athletes and the most competitive people in the world and turned them into their sales force so meanwhile coca-cola who's the market leader is doing their current thing and pepsi hires a bunch of hard-working never-quit athletes so here's what really happened pepsi people sold sold sold sold sold sold sold and the coke people kept doing their same things and stopped selling selling selling selling so here's what happened coke who was like 90 and pepsi which was like 10 all of a sudden it was like 50 pepsi 50 coke so the coke people and this decided here's the problem the problem is our soda's not sweet enough so coke changed the formula they released their new formula and they called it new coke to compete with pepsi now new coke didn't sell at all coca-cola's market share went from like 50 to like 30 like overnight and i don't know the exact numbers their market share sunk like a stone everybody stopped drinking coca-cola the new better sweeter coca-cola people didn't like so coca-cola brought the old coke back and then the old coke became the new coke and that give pepsi these really great sales reps these aggressive people even more fodder to go talk about coca-cola and then pepsi grow and then coca-cola figured out the problem coca-cola figured out it's not our product problem it's a promotion problem and then coca-cola solved the promotion problem and they became the darling they became the number one soft drink maker in the world again but what's there was solving the right problem not the wrong problem you can't get to the right problem without asking a lot of questions so the proper problem identification is the reason you need so much soft skills that's why the people that approach architecture careers purely from a technical perspective they end up solving the wrong problems and it doesn't matter how good they are technically if you can't get to the problem you can't design the solution so i hope i made that one clear and that's why we're so sob silves obsessed so there are other are there other questions chris yes they're on the screen what about the storage option and the security around it i don't know what you mean there with regards to storage options because they're the option there's a tremendous amount of storage on the cloud and how you would secure that would be based upon what you're trying to secure so is it just basic object storage for example um in which case you would uh do something else or is it how do you secure the data for an enterprise which again would be way outside of the scope of this i could turn it into a into an enterprise global security kind of boot camp but you know um storage option i don't know what you mean with regards to just storage options and answers perhaps if you make it clear i can answer it what connection would you use to both clouds either a direct connection or some vpns you'd want you'd use one of the two i would use direct connections definitely connect to connect to the clouds and better yet direct connections from cloud to cloud but you could actually from cloud to cloud probably get away with vpn connections might because both of the cloud providers are going to have some really really good vp really good bgp peering so if you're dealing with aws who's probably appeared to everybody and if you deal with azure who's appeared to everybody if you're going to do a vpn between them the vpn might actually be in the same building meaning one of their points of presence so your vpn connections between an azure and an aws would be pretty darn impressive in terms of performance so i might try that marla you had a real estate agent tell me you found the perfect house for before even asking you what you wanted to live exactly marla that's the perfect example the sales rep that already has your products sold without even meeting you or knowing what you want that's exactly the person we don't want to be alex exactly understanding the customer first is the solution the engineer might be given a stack of papers that looks like this that's got requirements and it's here you're the official smart person in the room go build this the architect is not the official smart engineer that's got all these technical things the architect is the person that's going to go gather those requirements obtain those requirements obtain those business challenges translate those business challenges into technologies it's a very different world and the thinking needs to be different what about an edr and an sim so shafiq this goes back to something that i always say never use acronyms because i have no idea what you're even talking about edr you talking about enhanced data rates um i just don't know so abbreviations there's literally hundreds of these things that all say the same thing so i actually don't know what you actually need pierre lincoln thanks mike you feel like a qualified solution architect after the session here that's my goal here i know who you are i've been working with you i love working with you each day you impress me jeannie uh thanks so much mike and chris for everything genie honestly every time we interact it's a it's a better day than the day before so thank you so much uh summit thank you mike and chris for a wonderful knowledge and cloud networking session you're more than welcome and thank you so much for participating marla thanks so much again mike for sharing your time and best knowledge another very enjoyable session marla i'm so grateful that you were here i love being able to interact with you it's been really a great week for us i know i love doing it i know chris loves doing it and i know my cat cindy comes in um she doesn't like to be picked up but you know she likes sitting on my lap when we do these one week sessions too although she's not here right now she's chasing lizards chris any more okay oh thanks mike really good session when can we do a ccna well you know i can shed some light on that one now i've got some team that's working on i've got a team that's working on that right now alex i have yet to see what the slides actually look like um chris has so i'm pretty excited i think we can probably assume that we're likely going to have a ccna coming soon and we may have an azure thing coming relatively soon too because i've cast one of my best people to produce some azure content as well marla i'm so happy to hear that and you're welcome and thank you so much for coming old-time honey official thanks so much for being recurring or buying our course for sure we look love to work with you and look forward to it david pages has been the best 12 hours you spent a long time thank you so much david we work really hard to try and make this and we're thrilled see you now you're welcome thank you so much aye oh wow thanks mike io i am super happy to have you here i actually have four students named io and i love the name io and i know where it comes from obviously as well um it is super nice to have you here wilson cloud hired wonderful you're more than welcome shafiq thank you both you've never been into a session like this before thank you we're going to produce many more sessions like this mike am i planning on a next boot camp the answer is yes tom and tom if you understand now um that would be kind of cool as well i'm not sure but your last name looks like you might so i'm thinking the next one is going to be within about 30 days so we are going to have another free lively boot camp can you carl you're learning more and more every day that is really great um sham you're more than welcome it was so nice to speak with you yesterday amaranth it's always always a pleasure every time i see you uh christian rowell um you're more than welcome derek houston as always mike and chris great boot camp derek you have come so far so fast from we first met um i love when you're around and uh you always impress me ari fully uh you're more than welcome i'm so thrilled you're here uh marlin cloud hired thank you aqua we love seeing you every time just your presence around here is really great um thank you for everything you do here thank you for helping my friend b and jacob doing what you do for those that don't know aqua he helps lead a group of people working together and getting aws certified it's a really great group that we're finding group i periodically get involved when i can what a wonderful thing you do aqua thank you for all you do to help others out there too and kerr thank you so much we really appreciate having you here in kerr and pure lincoln yeah time to start the labs yeah labs are really great pierre lincoln it's time for you to be vpninting into our servers and building your cloud um and i know you're gonna have a great time building that openstack cloud and then you can tell us all about the cloud um sureth kumar thank you quite useful session i'm so happy to hear that oh oh sorry about that it seemed i enjoyed the session thank you for taking the time and making it interactive um thank you for participating and thank you for noticing we worked really hard to make this interactive i said the crest last night i said i've never had so much fun and i've never been so tired i've said i feel like i've been running a marathon all week and i've been trying to be here with you know you guys early in the morning bringing in some special amazing guests like christine bringing in people in the evenings trying to do some bonus sessions so thank you for noticing we're trying real hard to give everybody the best experience we can caroline um always love seeing you around i love your background too it's a lot like chris's and it's i expect some pretty great things coming from that thank you so much leo evo and i know that's not your real name but i know you really well thank you so much i'm always thrilled when you're here um you always have the nicest messages and you always ask about my baby girl cindy and i appreciate that more than you know plus we're from the same place where we pretty much speak naturally the same language so that's always a great bonus thank you so much evo carlito away love that movie by the way and uh thank you so much and uh thank you so much we are very dedicated and we are thrilled to be here so thank you for noticing and thank you we appreciate your noticing cloud higher thank you for mike and chris i can't wait for more you know what out of curiosity if you guys want to tell us certain youtube videos of things that you're curious about while we have a bunch of you we'll try and take note of it i can't promise to make everyone but if i can and there's things that you're curious about if you want to let me know i'll do my best to at least mention it to my team so we can try and start thinking about getting them for you i just want to give you guys everything you need to give you guys the best cloud computing careers or networking careers and we'll make the next one lots of interac will make it more interactive too okay well you know i want to make sure you guys have a really great weekend so if you've got any last questions please let me know otherwise honestly this has been so much fun for me um we will do a subnetting workshop um thank you for reminding us that is terrific um i will make sure that we do that if there's any other kind of workshops that you find that you might want um let us know we'll we'll consider them so happy to hear that uh mr tawari evo thank you as always for beautiful words great skills in class see she always has uh the most wonderful things that they thank you and virginia i see your name there um we've cleared all your questions wonderful ccna will be great i think the ccna is going to be coming somewhat very soon any sessions on terraform you know it's very interesting um as it stands right now we've been exclusively focusing on architects and architects don't use tools like terraform there are more devops and more cloud engineering tools now having said that um soreth i've test a very good friend who's a very good cloud architect with also very solid cloud engineering skills and i test him with coming up with our cloud engineering program and when we do our cloud engineering program cloud engineers use terraform so we will have some content on terraform and we'll most likely have something related to the terraform world because now that we're branching out of just architects into engineering um we're going to be dealing with it a lot more so i think you can assume that something will be coming it's just a matter of when okay everyone i want to thank you so much i want you to have a wonderful weekend and yeah there will always be more networking evo and the reason we have to do more networking is the clouds foundation is the network without a network nothing is going to work and realistically speaking the people that are easiest to get hired are those that have the most networking so will you hear more networking things coming from us yes did i just hire my ccie lab partner who's working at a who was working at aws and he might be joining us in about six weeks to do more networking and then he and i have known each other for networking for 20 years the answer is yes so we'll do a lot more of that stuff too so make sure you all have a great time let you all have your great weekend thank you so much and i look forward to seeing you next week next week we will have some really great youtube videos coming out i see you've got some questions on cloudfront maybe i'll make a cloudfront video that sounds like a great idea probably not on waff although maybe i will on left because i've yet to use waff because i always use a marketplace solution for my customers because i need something a little more but having said that possibly waff but definitely definitely definitely we'll do something on cloudfront because i think it's a really good point sdn i'll take that under advisement we can potentially do something on software-defined networking i think that would be some very very good ideas and yes time to rest take care everyone have a nice weekend i'll see you all very soon

Info

Channel: Go Cloud Architects

Views: 2,667

Rating: undefined out of 5

Keywords: aws bgp, AWS Advanced Networking Course, what is bgp, networking for cloud computing, cloud network training, cloud networking overview, networking and cloud computing, cloud computing technical skills, networking skills training, cloud architect skills, cloud architect training, cloud architect career tips, cloud architect, cloud career tips, cloud career training, cloud as a career, cloud career, aws full course, free aws certification training, aws networking training

Id: YPnST7Cy0B0

Channel Id: undefined

Length: 188min 28sec (11308 seconds)

Published: Fri Nov 12 2021