AWS Certified Solutions Architect Associate 2022 (Full Free AWS course!) | Part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone this is michael gibbs i'm the founder and ceo of go cloud architects and welcome to the aws certified solution architect associate 2022 free full aws course we're going to try and make this a really great experience for you um by the end of this course you'll be well prepared for the aws solution architect certification but we're also going to try and give you some more more information to help better prepare you for your career because we really want you to build the best computing career ever and that's the reason we're doing this free aws certification training in fact we make free aws courses for the following reasons i've been an architect now for over 25 years and let me tell you it is the absolute best job in the world and when we look around we see a lot of certification training that's focused on the name of the service and how to configure it but as an architect we're end-to-end system designers so i want to give you a lot more architectural knowledge throughout the certification training program so we can help you build the best cloud architect career we'll give you aws career tips we're going to provide some real cloud architect training while we're doing the certification training materials i'm really excited i'm going to be here with alonzo coleman alonzo coleman who you can see on the left side of the screen is a fantastic cloud architect and because this is a live training here's what we're going to do we're going to teach the course in the following matter because we want to get as close as possible to the actual live classroom so you can have the absolute best aws solution architect certification training experience so we're going to do as follows we'll present for approximately 40 minutes per hour chris will take maybe 20 minutes of the time and then we'll do approximately 20 minutes of questions so we can answer some of your questions we'll answer as many as we can what's going to happen is my team is going to go out there they're going to collect questions they're going to aggregate the questions and they're going to feed them to alanzo and i and we're going to answer them so we'll answer as many questions as we can now understand everyone when we're running this aws certified solution architect associate course we're doing it live and anything can happen with live we can run into an internet service connection service provider connection issue we could run into something that's not behaving the way we absolutely would desire it to but that's the nature of going live but we're doing this live for the following reasons good solution architect training when you would take a course of several thousand dollars for the class for the week we want you to get that classroom like experience i don't want anybody to just have the experience of watch some videos and be stuck so we're gonna have fun so if you guys are ready to have fun if you can put hashtag cloud hired in the chat box i'm gonna know that you're here it looks like i've got people coming from saudi arabia all over the u.s scotland spain i see some people in india i know a lot of people in africa all all ready to go uh that i see on here lots of folks in india pakistan asia what a great experience it is to have so many of you folks with us so please type hashtag cloud hired in the box if you're not one of our subscribers please subscribe to this channel we're going to do a free ccna class next week i've got executive recruiters from excel coming on friday to help you get cloud architect hired so we're going to have a lot of really good free things and initiatives for you tonight because facebook has recently had a bgp configuration issue and i've been teaching bgp for almost 25 years i'm gonna do an intro to bgp lecture at 5 30 eastern 2 30 pacific time and 10 30 uk time so if you can join us please do so bgp training is typically something i reserve for my inner students because it's so critical to build a cloud architect career but you know what there was a massive outage people are concerned and curious about you know what is bgp so we're going to give you a real experience with it tonight you need it to be a great cloud architect anyway so we're going to have fun with it bgp so let's get you guys cloud hired let you get you guys cloud architect certified let's help you build the best cloud competing career with that we're going to start the training now we we're going to do the training is as follows we are going to cover a service and we're going to cover it from an industrial perspective first see a real cloud architecture doesn't know that s3 is object storage they know object storage and we're going to give you the survival skills to survive in any cloud while we try and do this see here's the thing you learn to drive a car you don't learn to drive a mercedes and then go back to separate school to learn how to drive a bmw and then go to another school to learn how to drive a honda and another one to be able to drive a toyota you learn to drive so we're going to cover in most cases heavy emphasis of the technology prior to going into the technology so you'll be able to pick it out anywhere for example as a cloud architect or a solution architect or a cloud solution architect if you know you need a virtual machine it's not going to matter if you need an ec2 instance on aws something from google compute engine or something called the virtual machine and azure it's the same service so we'll always talk about the industry standard first and then after the industry standard first then we will go into the specific aws components so we'll do lectures we'll do labs and of course we'll do question and answer sessions so happy to see all you folks here wonderful wonderful wonderful so let's begin so when we're going to begin and talk about the aws cloud i first want to start out with the basics how is the cloud organized now when we do this we're going to get into a little bit of depth there's certain things that are covered on the associate and certain things that you need to know that are beyond that so one make sure you have beyond that but i'll let you know what's going to be on the exam versus those other things that you should know as well because i want you to be a great solution architect cloud solution architect or cloud architect so let's get you guys cloud hired and let's get you guys aws certified let's go right now so welcome everyone so let's begin with the layout of the cloud so before we even begin i want to just tell you what is a cloud a cloud is nothing more than a data center and a network that's just been virtualized literally speaking that's it so when people hear what is cloud computing and they give you all these complicated answers very simply it's the same network and the same data center we always did we just moved the data center from our own building to the aws cloud same thing doesn't matter so almost everything is going to be the same so if you want to be a great cloud architect or a solutions architect learn the data center in the cloud so we're going to cover some data center and cloud technologies but i want you to always understand how the cloud is structured so we're dealing with the cloud and i'll show you some visual frames of reference soon we're realistically speaking with a couple environments we're dealing with a region an availability zone a local zone and an edge location now for your exam you're going to do the reads and the availabilities on the edge locations but if you're going to do the certified solution architect professional or actually want to do some working as a cloud architect you're probably going to need to know the local zone so first way i'd like you to think of is let's think of a region think of a huge area let's say a continent or half of a continent that's what is considered a region to your cloud computing providers so region is this massive area a country or a continent that's typically a region now inside of regions there's data centers remember the cloud is just a virtual network and a data center a meaning virtual it's a physical data center and a physical network with some soft some software sitting on top of it called which is called the control plane that manages the cloud so aws is going to have thousands of data centers all over the world and a data center is called an availability zone and i'm actually going to walk you through each and every one things in much more doubt but i just want to introduce the concept first now when you're doing your computing work in your data center it's close to you i mean maybe it's 50 feet maybe it's 100 meters maybe it's 500 meters it's close to you so when you're dealing with internet performance and network performance and computing performance what are you really dealing with connectivity between you the user and the server so the closer the server is going to be to you the better your performance is gonna get so when you're dealing with cloud the cloud may be a thousand miles away from you and it may take you two milliseconds or three milliseconds to go from your business to the cloud that might be too much for some applications there are applications where a nanosecond is a competitive advantage and a millisecond which is a thousand times that is huge so for organizations that need better lower latency performance there's something called the local zone and i'll show you the graphics for this and that's basically a data center closer to you where you can access your systems so maybe for example you put a local zone in miami i store some of my servers there now the last part that we're going to talk about from a high level and i'll walk you through and show you more about them is something called an edge location so when we get to cloud front and we talk about content delivery networks we're going to talk about edge locations very heavily these are the ways that the aws cloud is organized so let's really try to uh architecturally and visually let's look at it so going back to our traditional environment here's what we've got for the cloud notice you've got this big giant area which is in in green that is the aws region now inside that region we've got a lot of data centers that's called an availability zone so where is your data where is your information when you connect to aws it's stored in availability zones it's stored in their data centers that's it so region large geographic area data center availability zone now you've got a general idea of the basics of the way the cloud is organized let's dive a little deeper so now let's talk about the local zone because the local zone is really great and it's relatively new so all this when we connect to the cloud the cloud's far away from us so because the cloud is far away it takes time the speed of light is 186 000 miles per second but it still takes time new york to london might be five milliseconds round trip time that's a lot imagine a financial trading application that's processing a hundred thousand trades a minute and if you can process a trade a millisecond faster than your competition it could equate to a few hundred million dollars of revenue per year over a millisecond well these organizations can either say no to cloud computing where they can place their their their stuff in an environment that's close to them and that's really called a local zone so local zone is edge computing so let's do this one more time let's talk about a local zone and we'll go over all these and things and summarize before we close this session a local zone is an extension of your region basically it's a new data center that's closer to your users so it enables you to put your servers your storage your access to your systems closer to the users so it's like anything else if i have to go from palm beach to philadelphia even on an airplane it takes me two hours for example two and a half hours that's a long time but if i could fly at 500 miles an hour or a thousand kilometer you know 600 miles an hour or a thousand kilometers an hour and i only had to go to two miles away it'd be super fast some minute so that's what this local zone is that it enables you to run computing power close to the user so this is where you'll see you'll create a local zone you'll put a subnet in your in your local zone we'll talk more about subnets and ip networking throughout the program calen krishna i'm so happy to have you here and then what we're going to do is we're going to put your computing there whether it be ec2 instances load balancers we'll put them all there now some environments and some local zones are really really really um capable for example in la la local zone you can run file system for windows we'll talk about elastic load balancers we'll talk about it map reduction functions for big data environments certain databases and even some caching so some of these local zones get very sophisticated so let's talk about architecturally what they look like and then we'll summarize all of these zones and environments and availability zones again so now let's look at it this way this is what a local zone would be you basically enable it which basically takes your virtual private cloud and we're going to talk a lot more about that i mean in real real real depth and we're going to take it from there and then you'll put your applications there so you'll connect to your local zone and it will be so close so that's what we do what we do so now let's architecturally look at the pieces again so remember i said a region is a very large geographic area it's a region an availability zone is a data center inside of that region now the local zone is just creating another data center that's close to you so you put one in say miami so that way instead of me going to us east one which i believe is in ohio i can just go to the one in miami it's much faster to get to miami when i live in palm beach than it is to get to ohio so that's what we're dealing with is low latency computing so hope that makes sense to you so now you know region large geographic area availability zone data center local zone small data center close to you that's it so now let's talk about edge locations so we're going to talk a lot more about content delivery networks but and i know this will be out of order i want to cover a little bit about edge locations now and the reason i want to do this for you is uh i want we're going to be discussing content delivery networks web scaling and caching so i figure now is a really good chance to just try and go over some of those introductory concepts real quickly so when we're dealing with an edge location an edge location is going to be where a user is going to access your web apps through the cloudfront content delivery network and i'll describe to you what they are edge locations are used to provide local access to web things in major cities edge locations and cloudfront content delivery networks are designed to increase performance reduce latency and help your organization scale and we'll show you why so realistically speaking let's show you architecturally what's going on in the cloud so you guys kind of get it so going back to the same thing huge large geographic region called a region in between each region you've got data centers called availability zones now we've got this you know cloud front edge location kind of thing going on so what's really happening what is a content delivery network so let's say i'm here i live around palm beach florida let's say i want to go to www.gocloudcareers.com our website let's say my website or our website is hosted in california so i'm in florida so what i do is i go to my browser i type www.gocloudcareers.com instantly dns resolves or dns which provides name to named ip address services we'll talk about it a lot more basically says okay mike here's the fastest hop onto the network jump onto the network in miami at this edge location so i go to miami and i hit that miami edge location now that is basically 16 miles from my home so how long do you think it takes at 186 000 miles a second to go 60 miles not long so i hit this place in miami with my rebel crest i go www.gocloudcareer.com i stop at this edge location if the edge location has it because someone earlier that day went to go request this information it's sent to me directly from miami my web servers never see it so i get lots of scalability because my web servers aren't being bothered for frequently accessed information now what also happens is if that's not the case i jumped onto this network in miami now i'm actually on the content delivery networks network and we'll talk about why later that is so much important as opposed to being on the public internet i hit the edge the cloud front edge location it's not there i immediately grow across the high performance aws backbone instead of the internet backbone i hit my availability zone the availability zones where the web server is it sends it to the regional cloud front um they call it cache it'll then send it to the edge location and then i'll be served the information now my wife decides to go to go cloudcareers.com also from palm beach she hits that edge location and the day's already sent to her because it's cash now my brother comes to florida and he wants to go to go cloudcareers.com and again it's cashed at the edge location so it never sees the web servers and it reduces latency so large geographic area region data center purge large geographic area availability zone edge location will access the content delivery network called cloudfront the aws branded one show you one more visual picture of this and we're gonna get to this a lot more later so let's say you've got a traditional website you've got some static assets say some video files and some dynamic access let's say you got user subscriptions awesome here's the way it works the user you can pick any of these users that you desire will go request a web page from the edge location if the edge location has it it will send it if not the user hits the edge location the ed location goes to the error basically your systems and it will pull the video for example out of s3 it will then be sent to the s edge location will be sent to you all subsequent requests until the cash times out are going to go to this edge location so we're going to deal with the virtual private cloud in about two minutes but before we do this does anybody have any quick questions on what is an availability zone what is a what is uh a region what is an edge location and what is a content delivery network if so ask your questions now otherwise we're gonna have fun and we're gonna go straight to what is the aws virtual private cloud we'll cover at a high level now and then we'll get real real real deep later any uh okay so chris from the team is bringing up sir cash to the edge location means that the go cloud was already stored there the first time okay what really happens is the first time what actually happens with the content delivery network is i make a request if it is there it sends it to me and the only way it will be there is if someone else requested the content previously to me if no one else requested the content i will go to the content delivery network and the request will go back to the to my original servers the servers will send it back to the content delivery network and then it will be sent back to me so let's walk through this one more time people have actually asked the questions that i do this so let's do it let's go through this one more time i am a user i would like to request a web page i want to go to www.aws.com so i'm the user i take www.aws i get return and the ip address for the cloud front distribution of the content delivery network because that's what dns tells me with the domain name services i then make a request for the web page going through that cloudfront edge location so if it's stored on there great if it's not stored on there me the user goes directly to the edge location that's not here my request gets sent straight to the web servers the web servers send it back to the regional cache which sends it back to the edge location which is now distributed to me so now if another user hits the same edge location they will be there this edge location is say palm beach or miami now this edge location might be london for example let's say someone here is in london they decide to go to the edge location and it's there they get it immediately the next person goes there it's immediately why would it be there immediately because um somebody else previously requested it now let's say we've got someone in legos and they've never requested the page so they go to let's say in nigeria somewhere in legos or someplace else there is a content delivery edge location so the user in legos goes to the edge location in nigeria the edge location of nigeria says i don't have it so it routes it across the aws network back to your environment it you you respond you send it to the edge location and the edge location sends it back to the user so what's going on is in a seamless environment your customers your users have no idea you're using a content delivery network all they know is their web page is really fast so think about this let's say you've got static content such as video like netflix you put your stuff in an environment and then you push it out through your content delivery network now imagine let's say there's a movie that everybody watches on netflix let's say it gets washed a hundred thousand times a day by people in miami because it probably is so they only have to go to the edge location once it gets requested that content is stored on that edge location and then it's the edge location that's constantly sending the data the videos to the people in their house to watch the tv shows so now you kind of understand how this kind of works edge locations are where the servers are where the caching environment is as part of the content delivery network we will cover content delivery network in a lot more depth and how they work and why they use them but i just wanted to introduce the content very very very briefly so some people have asked we're going to keep this video on youtube and we're going to keep it on youtube so you can watch it again and again because we understand it may take a few times to actually go through the material and truly master it so you can go back anytime you want so the question was asked if the cache data is on one edge it does not propagate it to the other edge locations it only happens as soon as a user actually requests it so what is the relationship by the way between a local zone and an edge location absolutely nothing an edge location is related to the content delivery network specifically for web app so it's related to get to a web page faster now when we're actually dealing with uh chris the question came down from the screen now when we're actually dealing with a local zone what we're dealing with is the users that want to run servers locally and they don't have to be web servers they can be application servers they can be database servers it could be any kind of server algorithmic servers that are running things literally anything so go through it again large geographic area region data center in a region is called an availability zone you want to put your servers at the edge of the network that's called a local zone and if you want to have a content delivery network to improve the speed and performance of your web apps you will be using cloudfront eds locations on the aws cloud there are lots and lots and lots of wonderful content delivery networks this is an aws certified solution architect associate course we're going to mention the aws one but cloudflare has a great content delivery network akamai has a great content delivery network lots of content delivery networks out there but we're specifically talking about the aws services so this is cloud fun so now let now that we've talked about you know the cloud front the edge locations the local zones the availability zones and regions let's address the virtual private cloud a little bit so and a cloud computing environment is really a network and a data center that's got a little bit of software on it to virtualize it all for you so that's what the btc is so that's the cloud now inside of the cloud provider's data center you need your own virtual private environment because otherwise you'd have your data mixed with everybody else's data on the same system guess what you are on the same systems as everybody else but you're logically separated you're logically separated by something called a virtual private cloud so a virtual private cloud is basically your network now i've heard people call the virtual private cloud a virtual private network i kind of hate that because to me as a network architect a virtual private network is basically when you create private network connectivity in a public network now in this particular case it's something that's a little bit different we're creating an environment they call a vpc or virtual private cloud that really lets you put your servers your storage all of it so it's basically like your own virtual private data center that's the way i like to view the virtual private cloud virtual private data center so architecturally let's look at what this actually looks like so for example here's your virtual private cloud environment note you've got the aws cloud big cloud the cloud provider and inside of that you carve out or you the cloud provider creates for you your own isolated environment inside of this big environment that's called the virtual private cloud or vpc so as you can see in this example and apologies i didn't realize that i have my my microphone not on me we should hopefully give you some better sound here hopefully that's a lot better um inside of the virtual private cloud we can see the blue customer the green customer the red customer the yellow customer this is really what we're talking about all logically separated inside of the same cloud can you guys hear me better now were you guys able to hear me before because nobody said anything if you can let me know if you could have always hear me like just let me know by typing cloud architect that you could hear me but now hopefully you should be able to hear you hopefully you guys can all hear so wonderful so nuts let's talk a little bit more okay so did this make it lower when i move my microphone here okay so this is not normal okay so let's try and play with this how about now mike it sounded better the second time you moved it how about now yes there you go okay excellent so apologies everyone for that so let's go back to our virtual private cloud inside of our cloud provider we've got logically isolated separate cloud computing environments so that's called the virtual private cloud so let's walk through this a little more and have a little fun with this vpc kind of concept so when we're dealing with a cloud basically it's a hosted network in a data center so let's talk about the kind of cloud environments we're going to be dealing with most cases we're going to be dealing with something called a hybrid cloud or a multi-cloud and we'll tell you why these things are going on so you guys can be prepared to get cloud architects hired so they're going to have basically we'll talk about some architectures and what they would be for example let's start with the hybrid cloud this is the most common environment you're going to see as a cloud architect or as a solutions architect or as a cloud solutions architect and what this is is you're going to have a company that's going to have their own data center because guess what companies that have been in existence have their own data centers so they're going to have their own data center now let's say you've got an organization and let's say this great organization has invested let's say for example 50 or 100 million dollars on servers networking switches firewalls somebody spent 100 million dollars on their architecture and their infrastructure and it's working just because the cloud can offer some new and better services does it mean we should give up on that 100 million dollar investment for most organizations the answer is no so what most organizations are doing is they're running their data centers and they're either offloading their data centers to the cloud or they're running some specialty services in the cloud that the cloud can do better than the data center and they're running their big compute in their data center because let's be fair the data center offers better performance than the cloud but the cloud is more agile and the cloud is generally cheaper so it's about choosing the best thing that you've got but if you've got an organization that's got a massive data center and 50 000 servers use them build them a hybrid cloud connect their data center to the cloud install an openstack ansible or nutanix software on the organization's data center and build them a cloud that way they can have all the auto scaling and all the great stuff that makes people love the cloud and still dynamically connect to gcp azure aws all at the same time and they can even configure their own things and i'll deploy them on every cloud provider so what you're going to see is a lot of what we do is hybrid clouds hybrid cloud is the traditional network in the data center blended with a cloud excellent excellent excellent if an organization's got a lot of tech this may be the optimal solution if an organization wants to go completely to the cloud and they want to try it halfway they can keep their data center move some things to a cloud and they get a good experience hybrid cloud your own data center and a cloud so this is what we're talking about this is real architecture this is realistically what exists now after this let's talk about a pure cloud now this is not common a pure cloud environment a pure cloud environment is where basically you take a brand new business and they say everyone that i want to do we're going to go to the cloud awesome so what you do in a pr cloud is nothing's been there you just figure out how to design your systems to run best on the cloud what are your servers look like what your containers look like your firewalls literally all about your internet connection strategies your networking strategies identical things in every way to the data center but now on an outsourced managed data center that's it the cloud is just an outsourced managed virtualized data center that is it take all the mysticism out of it i've been working on cloud since 1998 it's no big deal it's not new technology it's just a hosted network and data center so realistically speaking predominantly hybrid clouds but a pure cloud is when you put everything on the cloud now let's think of the pure cloud and the risks of it if you put all your eggs in aws and aws goes down you're down if you put all your eggs in the azure basket and it's down you're down so practicality i want you to think of the pure cloud is not optimal for 90 of the organizations but there are alternatives that are better so a single pure cloud very risky it's like the cable company could you imagine putting all your investments in all your assets in the cable company and then six months later the cable company raises your rates you are in trouble so that's why organizations do that often don't do a single pure cloud but a pure cloud is great because it's good for a startup you don't have anything to buy nothing to buy just pay for what you use it's incredibly scalable the speed and the agility of deployments in these pure cloud environments is second to none and realistically speaking it's very simple because all the work we do in the data center the racking the stacking the patching all of it is all gone well the racking the stacking installing the operating systems you know hypervisor all that stuff is done for you from the cloud provider so hybrid data center plus cloud pure cloud all in a single cloud so here's what a single cloud looks like single pure cloud environment let me show you what it looks like you basically have your organization connections to the cloud and it's it everything is in the cloud and this is what they typically talk about in certification courses everything's on the cloud but look at facebook yesterday they had an outage they have some of the best network architects in the world and network engineers and they still made a bgpms configuration issue it happens so if a pure cloud is when an organization connects to the cloud and it's all hosted in one cloud provider that's a little risky so when it comes to networking you know let's say we wanted to connect to two environments two data centers in the u.s i might use a tnt as a one one service provider and i might also use verizon i could use vodafone or orange i could use ntt data and center link it doesn't matter but i never never never ever buy my connections across the same service provider between two facilities why if i buy all my connections through verizon and verizon's down i have no network so organizations always use two providers three providers a t and verizon for the networking connections guess what you know what the new cloud is multi-cloud connect to azure connect to aws connect to gcp this is the way we caught architecture designing systems you can't put all your eggs in one basket you can't have single points of failure anyone that thinks they're going to work on just aws as a cloud architect is mistaken it is always hybrid cloud and multi-cloud so we'll talk about that so we're now what you're going to see you're either going to see hybrid clouds like nutanix as a great cloud software that can be placed in the organization's data center connected to a single cloud or multi-clouds red hat ibm openstack ansible ubuntu has a version of this it is brilliant you can build your own cloud and this is what many organizations do i have coached so many organizations to build their own clouds and connect it to multiple cloud providers that is the world multi-cloud hybrid cloud look at it this way look at google right now look at the environment they have best biggest search engine in the world google second biggest search engine in the world youtube where we're all having fun right now and by the way since we're talking about youtube if you're enjoying the content please leave a like or a comment or type call it hard but that's neither here nor there so these the algorithms that are done by google which are so good realistically speaking they've got a great machine learning environment they've got libraries for everything two biggest search engines in the world so let's think about it connect to google for ai machine learning to connect to aws because their infrastructure is so good connect to azure as a backup seriously think about this you're giving your customers the best environment and the ultimate redundancy so this is why we talk about it hybrid cloud great data center to the con to the to the cloud um pr cloud connections to just the hosted data center multi-cloud today's environment cloud the cloud the cloud the cloud the cloud this is what we do as cloud architects we design whatever is in the best interest of our customers whatever solves the customer's problem gives them new routes to revenue increases their ability to offer services this is what architects do we solve business problems so we are very different doing this the way we solve business problems that so this is a business role so please understand that now if you're going to put all your tech on the cloud you've got to be able to reach it so there's two kinds of tech that an organization will have there's the external financing stuff the website www.gocloudcareers.com external facing website www.gocloudcareers.com so you know that's how that that is a website that can be accessed over the internet but what about my private servers what about all the video content we're doing our digital marketing strategies all the things i don't want people saying that that's internal stuff and normally we store that on internal servers but if we're using the cloud as our data center guess what the cloud becomes our internal servers so the cloud's now our servers so we're going to need a private secure connectivity to connect to the cloud and realistically speaking there's two ways we can do this we can either buy a wire or a pseudo wire or the equivalent of a wire between an organization's data center in a cloud or we can create a tunnel through the internet and both have their strengths and both have their weaknesses so we're going to begin by talking about how do we connect to the cloud because this is really important this is networking so let's talk about it that's not what i wanted to do so let's first talk about virtual private networks what is a virtual private network we will ask to answer these architectural questions that are coming in shortly actually you know what let's go answer some questions before we go to the virtual private networks i see a few questions came in so let's do the following um going back i think what's going on stephanie here is if you uh let's uh so how does a local zone work with a hybrid cloud are then your precedence rules that's based of stephanie upon the way you're going to set the routing and you're going to set the policy so it's up to you as the architect to design the flow and to design the routing chris you want to bring up the next one isn't it expensive connecting to all three clouds in a multi-cloud environment well yes but not necessarily but the cost of doing otherwise is not there yesterday's facebook outage cost them seven billion dollars how much do you think it would have cost them to have a disaster recovery in an environment in another cloud provider where they ran small instances of everything they needed and they needed auto scaling a couple million bucks a year to save seven billion dollars it's more expensive when you're dealing with people that are paying for cloud architects i mean really a cloud architect you're dealing with people that are willing to pay a 300 000 salary to a cloud architect because we cloud architects in the big environment you know these are expensive careers it's only the junior salaries that are in that 150 000 range a good cloud architect can earn double that or triple that based upon their business acumen emotional intelligence um executive presence communication skills that's realistically speaking what determines you know what these architects get paid and if an organization is willing to pay an architect a real architect the reason they're doing this is as follows the cost of downtime is so high to them that literally speaking you can lose a million dollars in some of these businesses within 60 seconds of downtime so you can lose 10 million dollars inside of 60 seconds of downtime with some of these organizations i work with health care organizations where the systems go down someone will die i work with banking organizations where a minute of downtime is 10 million dollars i work with organizations like this they can't afford not to use multi-cloud they just can't so in military they say one is none two is one and three is better than two it is the same thing an organization cannot exist without insurance now we'll probably talk about disaster recovery strategies and there's ways to do disaster recovery that are super cheap and there's ways to do disaster recovery that for that is extremely expensive and it's going to be based upon what the customer's needs are but in most cases a customer cannot afford to do this but also we'll talk more about building high availability systems give you a little bit of a leak of some information we're going to talk about later so let's say you needed to achieve 99.999 availability all kinds of customers need this that means less than five minutes of downtime per year with aws you have to do two availability zones in two separate regions so four availability zones just to get to five nines you could do two availability zones in azure and two availability zones in aws pay the same price and guess what now you're fully redundant so it's not whether someone can afford to do it it's whether they can afford not to do multi-cloud or hybrid clouds or more secure reliable environments most organizations can't tolerate that cost of downtime sure my website's down for a couple hours who cares but if netflix is down for a few hours there's there's a lot of problems going down so and if it's a business so now you know so now we're going to start talking about connecting to the cloud b3 collector and here's we're going to talk about vpns and direct connections so you beat me to it to let you guys know we will have labs throughout the program today in the beginning we're sending the fundamentals making sure that you guys know exactly where you need to be so this is great so before we touch direct connections if you're having fun could you type cloud architect in the chat box then i know you're having a good time and then after this we are going to go back we're going to start talking about direct connections and vpns and connections so let me go back to talking about these connections but please type cloud hired if you're having fun leave a like leave a comment share with a friend we want to provide as much free training to the community as we can so let's talk about connecting to the cloud when we're connecting to the cloud we have two options we can buy a wire to the cloud we can basically connect to the crowd cloud through a technology called the virtual private network and i want you guys to understand this we have these two options we can buy a wire to the cloud or we can tunnel to that cloud through the internet i want you to think about it logically we're going to talk about the advantages and disadvantages and we're probably going to start with vpns because they're much cheaper here's what a vpn is i connect to the internet and i tunnel my traffic through the internet so if we're going to transmit our data through the internet does anybody see any problems i mean does anybody see any problems when your data goes through the internet well the internet is not secure so let's talk about the type of vpns that we're typically using when we connect to the cloud provider over a vpn so if we were to just connect to the internet just over the internet um you know we'd be connecting over the internet which means that everybody could see our data the internet is not secure so yes you guys perfect you've got a security hole thanks for putting it in the chat window so we need a lot of security so internet is insecure now let's talk about routing information we're on the internet we can't use private ip addresses which means we can't have something in the rfc 1918 private address space you guys know that private address space that organizations use internally the 10.0.0.8 address space the 172 16 12 address space the 192.168.0.0.16 and if you guys don't know we'll cover it because that kind of networking knowledge or basic essentials of networking is just so critical so we can't go to the internet because it's not secure so we have to encrypt our traffic across the internet we can't use private id addresses across the internet because we need a public address so we have to tunnel those ip addresses now because we need to pass routing information and because we need to press private i p address we have to tunnel it through the internet so what are we going to do we're going to create a vpn and it's going to look like this to you the user it's going to be seamless we're basically going to have a data center on one side we're going to have our vpc on the other side we're going to connect to the internet on both sides and because we connect to the internet on both sides it's now reachable we are going to create a tunnel in between the two environments over the internet and we are going to encrypt that tunnel with something called ipsec or ipsecurity now ipsec or ip security is an incredible suite of protocols it's going to do the following it's going to make sure that the sender knows who the receiver is so we've got two cod architects on this call that are teaching the course and 324 of you right now 2 000 people have almost attended so far so this is a fun morning a fun afternoon so here let's say i want to speak to my cloud architect buddy alonso alonzo's in his data center i'm on the cloud i want to send data to alonzo i don't want to send data to somebody else pretending to be alonzo i want to send data to alonzo so ipsec does the following ipsec will determine who is the user and who is the recipient so what will happen is this i will establish a connection with alonso the first thing that's going to happen is i'm going to verify that alonzo is in fact alonso we do this with the key association and the key exchange that occurs when we set up a vpn so first thing i'm going to use ipsec for is to verify that alonzo was alonso because if alonzo is not alonzo and i give alonzo information i could be dealing with a spy which could hurt me so ipsec does endpoint verification so endpoint verification verifies the authenticity of the user so first thing we achieve via ipsec is that i can connect to alonso alonzo is connected to me and alonzo is really alonzo so that's the basis of a good conversation i know alonzo's alonzo now the next thing that ipsec is going to do it's going to use what's called the hashing algorithm here's what a hash is you take a piece of data you take that data you run a mathematical calculation on it and you get some kind of a number that number is always going to be the same if you hash the letter a you're always going to get the same hash if you hash the letter b you'll always get the same hash but you can't go from b and that the hash back to b or the hash back to a so it's kind of cool that way so i saw some message some people joined don't worry we're happy to have you here just throw the habit it doesn't matter when you get here you can always watch some of the replay tonight so just good that you're here so realistically speaking so what have we done i verified that alonzo was alonzo and i verify that the medicine hasn't been changed now think about this if i wanted to send alonzo a thousand dollars and some attacker on the internet added six zeros that could be financially problematic for me i want to send a thousand it gets turned into a million or a billion so not good so ipsec enables you to verify the endpoints that it also enables you to make sure your messages hasn't been changed now ipsec does one more thing it's called non-repudiation so if i send alonzo a message and then afterwards i realize this message is not too professional i can't say that i didn't send it to alonzo because ipsec provides this so why are we using ipsec what is a vpn a vpn is basically we connect to the internet on both sides we create a tunnel and inside of the tunnel we send out our data we use private iap addresses we use an encryption algorithm so nobody can view the data we use the hathing algorithm to make sure it can't be changed and we make sure because we keep sequence numbers that messages were sent and received hope everybody understands that's what an ipsec vpn we're creating ipsec vpns so would an organization choose to use a vpn to connect to the cloud well internet access is pretty abundant and it's cheap so what do i need to do to set up a vpn i connect to the internet on both sides all i need to do is create an ip6 tunnel push my routing information and it's done it works perfectly so simple so that's why we like it guess what i can do this in minutes so much in minutes literally that fast that easy so what else can i do with the vpn i can create a connection to the internet and i can create multiple connections to multiple places say i'm in new york i want to connect to lagos johannesburg delhi bangalore london miami san jose i can do this completely simply by just creating a new vpn over my same internet connections so this is really what i'm trying to convey to you is that uh that's why organizations use vpns now that's great right it's cheap already have the internet connections it's fast you can do it in seconds you want to get a private line or a link between two organizations that could take you four to six weeks i can set up a vpn in 10 seconds pretty awesome now can anybody think of problems with the vpns because there's a lot of them well it is not exactly what you'd consider the most reliable when we buy a private line and we're going to talk about it if you buy a 100 gig link it's always a hard decline if the link to new york and london is 2 milliseconds today it's going to be two milliseconds tomorrow two milliseconds next week two milliseconds next year i can plan and guarantee you on the internet guess what there are no guarantees the internet's what's called best effort meaning i get my traffic to the internet and hopefully it gets to my destination so do you guys think critical information should be sent on a network with we hope it gets there seriously think about this you're going to have a video call with your doctor you're going to be doing eye surgery with the robotic arm can you afford to have your data lost along the way and cut out the wrong eye no or cut off the wrong limb no so with the internet you get best effort delivery which means you you could have 100 gig connection you might get one meg you may get nothing or 100 100 gigs the latency can be one millisecond or 100 milliseconds or not get there at all so the internet is best effort so if you ever do a trace route on your computer or a trace rt on a windows system from the command prompt and you type trace www.cisco.com you'll get to see the number of internet service providers you go with so now you kind of get that that's why that's the downside of vpns good fast good cheap good fast you can do it in minutes create multi-sites real easy but the downside is as follows the downside is no guarantees that your data gets anywhere no guarantees of performance no guarantees of anything so with the benefits there's a whole lot of detractors so let's talk a little bit about vpns on aws um and then we'll get into the direct connection and really what you guys are going to be doing as architects a lot more of the time um so when you connect to just one site it's going to be called a site to site vpn the site to site vpn is me setting up a tunnel to my good friend and great cloud architect alonzo coleman that's a site-to-site vpn what is a multi-site vpn on this call there is a christopher johnson my chief operating officer who's an amazing amazing amazing operations excellent excellent keep me in line every single day i can create a link to chris johnson who's on this call i can create a link to alonzo coleman all through my same internet connection that's a multi-site vpn so realistically speaking when you connect aws you're going to be using their virtual router you're going to be using your own router and when you're dealing with these kind of things basically you're going to have your packet it's going to be encapsulated into another packet which is basically the ipsec tunnel and it's going to be sent across the internet so now you kind of know what that works so you'll set up the tunnel it'll do its internet key exchange and association well she'll determine the internet the encryption type the algorithm and of course you can run static routes by manually configuring every route on your system and then where you can use dynamic routing like bgp and this way when you get cable cuts your environment can be self healing so of course you're going to use bgp and of course on our channel there are lots of videos on introductions to bgp chris from my team can do some if you're a cloud architect or a solutions architect you must know bgp lots and lots of bgp information on my channel chris from my team will pop some bgp things in there but tonight remember because of what happened with facebook we're gonna do a live bgp session so please join us and we'll keep that session in case you guys are somewhere in asia or it's too late for you guys you can watch the replay in the morning so we'll be talking about what is bgp the routing protocol tonight anybody that desires a career in the cloud should learn this i've been teaching bgp for almost two and a half decades so please attend so when you're dealing with an aws vpn they want to call it highly available and i have some mixed feelings about this strategy so let's talk about where it works and where it does not work so when you connect to aws and you create a tunnel to them one good thing that aws does is they actually create multiple tunnels for you to multiple availability zones so if i connect to us east one it'll connect me to us east-west too and that way by default i've got some redundancy which i love and when you set up your vpns you can do them in two ways you can have vpns that are say active to us east-west u.s east and us west you can do that or you can have an active and a backup and realistically speaking now for most users most users active and backup is probably going to be good but if you know something about networking and you're capable of networking organizations are not going to want to have an active backup they're going to use all their connections so let's look realistically speaking of why aws calls this a high availability environment and why those of us that are experts in high availability networking would say this is not but here's the good news so typically speaking in aws which is really great this is your customer router in your data center and you typically set up a vpn and one of the endpoints it goes to is in say one availability zone and the next uh what do you call it um tunnel is created to another availability zone now this is great aws automatically gives you two virtual routers and two different availability zones so on the aws side it's high availability but now is this really okay no here's why it's not okay what happens if this router fails in the organization's data center all the connections are down so just because aws is redundant doesn't mean this is an acceptable environment for high availability computing this is the aws recommendation if you see this on an exam this is a high availability connection why because it's a logical router on the aws side and you know what they've done the redundancy on them for you but if you're serious you need a minimum of two routers on the customer side and you need a minimum of two different internet connections across separate internet service providers because if all your links are in verizon a verizon goes down you've got no connections so you need redundant routers on your end and you need redundant connections so this environment that aws would demonstrate just like this isn't really high availability i mean it's better than nothing but you really need two routers on your environment across two internet service providers and two vpn connections so this is a good start but not good enough so that's what you would do if you really wanted to do this if you really really wanted to build a good high availability environment you're going to have two routers on your end two connections and you're going to connect them to two different aws environments so military world one is none two is one and three is better than two so what i mean by that is never have one always have two three is better so hope that makes sense to you now how would you set up a vpn in the club and this would be something we would do with you but realistically speaking we would need a public ip address and some other things that make it infeasible to kind of demonstrate it for this class so what we do is fairly simple process the first thing we do is you know as a as a customer we determine which virtual gateway we're going to connect to on the aws side that's it and then we pick you know when do we set up a static route redistribute it in or do we set up a dynamic route easy easy peasy no big deal after that we just configure our tunnels so who are you going to connect static or dynamic routing and here you go we configure the tunnels now there's two ways to do it if you're me and you're a cisco certified internet expert a network architect with 25 years experience you're going to create your own ipsec configs and you're going to do your own traffic engineering this is what you should do now if you are not a network architect and you're not really really experienced on this find network architect but if you don't have that option here's what you want to do the aws will automatically give you a configuration that you can cut and paste into your router and that's going to be for generic use cases and generic people it'll be highly useful and highly helpful for you so you can either create your own config to give you lots of control or you can let the aws wizard or however that works where they spit out a config for you give you something that will work it will work there's nothing wrong with it so very simple you basically determine your endpoint you choose your mounting method and then you just set up your configuration and that is it and it's up and it's running so now if that is how you would set up a vpn let's talk about when you actually need good performance so vpn simple fast shoot simple fast cheap remember that easy minutes multiple connections minutes cheap you already have the internet so now you know now let's look at a better environment for organizations that have a little more money it's much much much cheaper to use a vpn under most circumstances but it's much much much higher performance under normal circumstances to buy a wire between point a and point b a wire between new york and london always takes the same amount of time a wire between palm beach and san jose always takes the same amount of time a wire between cameroon and belgium is always going to take the same amount of time see that's the thing that we're really talking about it's time and bandwidth so if we need something good we're going to buy a wire to the cloud or a private line to the cloud now when we're dealing with aws of course their marketing geniuses came up with a term and they call it a direct connection the reality is that's a really good name for it because it's directly connected now with azure they call it something silly like expressroute to me and every networking person in the world this is a private line and that's it buy a wire to the point locations camera room by birthplace fantastic we actually have a lot of wonderful camaraderie and students that's why i always think of the cameroon we've got students on the east side on the english side and the french side um which is pretty cool so if we're going to buy a wire or a pseudo wire that's called a direct connection so with this direct connection we're going to get guaranteed bandwidth we're going to get consistent latency and we're going to get the most reliability in the internet your data could traverse a whole lot of routers but not here it's a wire and when we deal with direct connections we can do some really cool things we can buy them in one gig 10 gig and now 100 gig there used to be something called ether channel that for those people in the networking world where you could bundle a bunch of links together and guess what you can do it on the cloud you can take four links and bundle them together as a single link so four wires from eighteen t all blended together together four ten gig links bundled together looks like one 40 gig logical link and it is really really really cool so now you kind of know why we're dealing with something like this because we're getting guaranteed down with consistent lacing and reliability and now you know what it could work so think of this direct connection as a wire if your organization cloud well it's not it's going to be a single mode fiber optic connection between you and the direct connection location we'll talk about that in a minute and then basically it's going to be back hold there's several stops but logically logically logically for you to look at it and think about it you're seeing this you're seeing your data center who gets a direct connect to you directly all over wire now that's not what happens but that's what it looks like logically and i'll give you the real depth i'll give you that certified solution architect professional level depth on this because you need it you need to know it so we'll get deeper deeper deeper than they even do on the solutions architect professional for this direct connection piece because it's critical to being a successful cloud architect so you want to be a cloud academic solution architect i want you guys to understand this wide area networking connectivity so now let's talk about what's really going on when you're getting a wire or your fiber optic connection you're going to be using long distance fiber so long distance fiber is something called single mode fiber so when you're going to get a connection to the cloud remember this could be a test question the fiber optic connection is going to be a single mode fiber 1000 base lx for gigabit ethernet or 10g base dash lr that's going to be used for 10 gig ethernet now if any of you guys have worked with long distance fiber the connections you're going to know that there's a send link and there's a receive link you send them one link you receive on one link you send on this link receive on another now it isn't completely possible for one of these links to go down and the other to be up and the routers and systems won't sense them so if you've got redundant links and one of them goes down but you don't know that it's down you won't take up the backup link so the good news is many years ago about 18 20 years ago we came up with something called bi-directional forwarding detection and what would happen is if you've got your lasers are up and you've got a send link and a receive link if this link goes away for example this link knows to go down and therefore you can take a backup path so this is really kind of great so let's realistically speak and walk through this really cool direct connection environment this is what it's going to look like you're going to take your on-premises environment and you're going to buy a wan connection to something called the direct connection location and we're going to use two because we're going to have a primary backup here we've got our router we hit the direct connection location we buy a wire from our service provider to this direct connection location now that's to get to it after we get to this that only gets us to our router in the direct connection location now we've got to connect to the aws router or switch so what happens is we do the following we buy a connection to our device in the direct connection locator here is the aws hardware here is our hardware so we have to get a wire run from our router to their wire this wire here or fiber optic connection whichever we're going to use is called a cross connect because it connects this switch to this switch so we get a router we buy a wire we hit our routers that goes to the aws environment and this is typically speaking something called backhold basically rides the aws network back to your account so you buy a wan link to the direct connection location you have to connect to the direct connect to the aws device the aws device is theirs and you need a cross connect and then it's back hold so how does this cross connect work you need to be allowed to plug your device into the direct connect router otherwise you just can't plug into it these are secure environments so what you actually have to do to get that cross connect is you actually need to get authorization from aws so in order to create a direct connection here's what you're going to do the first thing you need to do is you actually have to get a letter of authorization from aws and the letter from authorization you can request it via the cli the api or the management console and what happens is you fill out an application and the application will configure the switch ports on your devices and their devices and what'll happen is they'll configure the switch port with their policy and they'll send you a letter of authorization that says request to connect to aws is approved and then they will run this wire between your systems and their systems and there you go you will be on the cloud so that's it that's how you directly connect to the cloud it is a fantastic environment so we'll cover a few more things on connections i realize we've gotten way too heavy in networking why did i go a little extra above and beyond our networking the cloud is a virtual network in a data center when the network goes down everything goes down do you know where the majority of all outages occur at the network level do you know what the majority of things that people don't know networking so we're adding a little extra networking to make sure that you guys get it so when we're dealing with these direct connections we basically have public and private interfaces and why if we get a public so when we connect to aws we can use both public and private interfaces public interfaces enable access to all the aws public services through the direct connection think like dynamodb sqs public endpoints so basically speaking you're going to need a publicly globally routable ip on both sides of your connections so what happens is you set up one of these information you do some bgp routing between yourself and basically the environment and that's where you can share your routing information and that will connect you to the aws public services now what about your own vpc you get this great direct connection you connect it to the direct connection location as it goes through direct connection location everything is up everything is running and this is now going to you're going to create a private wire back to your database back to your availability zones your data center so that's what the public and private interfaces are public connects you to the public services like dynamodb private connects you to the private services now you should have a good idea how these things work now remember when you connect to aws and you give them routes view bgp and you must use bgp or border gateway protocol when you're using a direct connection you have minimal routing that the cloud provider will accept for you they take about 100 routes so if the cloud provider takes 100 routes i want you to think about how seriously limited it is it takes about three quarters of a million routes to get to connect to a single internet service provider if you're taking a full routing table so you've got that so now let's say i've got an enterprise that's got 50 000 subnets and now you can only do 100 routes you're going to have to have the best best best ip addressing scheme to use this environment you have to be able to route summarize and do a lot of cool things so if you're not a network architect learn if you don't know how to subnet on supernet learn chris from my team can put a link to the subnetting video that we created we did like a four hour subnetting session and it's really important to know this so chris from my team will pop a link to this video inside of the chat box for you it may take him a minute or two to find it i want you to go back and do that homework if you're my students you do it a lot like guess what we'll be talking a lot about bbp tonight and lots of networking things but gotta understand ipad dressing so please see that so now let's talk about link aggregation groups and then we were gonna get out of this networking thing and after the networking thing we're going to get into storage which is one of my favorite things to talk about so but i love networking so you're with a networking person you're going to be there so let me see something um chris from my team says there is a question so maybe we'll do a quick question before we cover the link aggregation group okay let's see the question could not understand direct connection between a customer and an aws router okay so let's walk through this one more time before we talk about the vpns let's look at it this way in this particular environment here's what you see what you see is this is our data center we've got a router or multiple routers the router we purchase a wan link to the direct connection location this is like an ethernet over mpls or an ethernet wire immediately that connects us to our router inside of a building in that same building the direct connection location aws has their routers so basically i buy a one gig link to this location to my own router aws has their network which goes all the way back to their environments and all we're really doing is we connect to the our location a wire is run in the same building from our router to the aws router that's called the cross connect and then aws has network connections that go all the way back home so that's what's going on so i hope i answered your question there so your options are direct connections or vpn connections direct connections you're going to use when you need high performance consistent bandwidth and consistent latency otherwise you can do things now there are other connectivity options that we can use kind of with direct connections look like direct connections like software defined networking and mpls type connections and ethernet over mpls but for you the user they're going to feel mostly the same and once we start getting into that kind of stuff we're dealing with ccies with 20 years of experience to truly understand how it works so understand networking gets pretty complicated chris was there any more direct connection questions before we go aside con is it something that is normally required in most use cases in most environments that are going to need good network performance they're going to have a direct connection and a vpn backup so the answer is yes adam say would the organization have to set up direct connect to every availability zones or wants to connect to the cloud provider so realistically speaking you can connect to the cloud provider and you can over that over that you can create some virtual private connections to different environments great question that i'm saying excellent question does direct connection impact cause yes often and typically speaking direct connections cost more than in vpns but not always see when you're dealing with connections to the cloud cloud provider connections are different than most connections typically speaking at least in the us if i buy a 10 gigabit connection between me and alonso i pay for all 10 gigs or i pay for the 10 gigabit connection let's say it's 10 grand a month for me to talk to alonzo over the direct connection over our 10 gig link now this is normal environment normal networking now let's so i pay 10 000 a month for alonzo and our houses to be connected via direct connection because he's a great cloud architect and i need to talk to him and consult with them about everything so now everything's great now i only pay the ten thousand dollars a month for the connection now let's now look at this what happens to the cloud provider i pay 10 000 bucks a month for the connection i then pay a port fee every day because i have the connection and then i actually pay to use my connection wow pay for it pay to have it and then pay to actually use it okay so i mean now we got something that gets pretty pretty expensive so same thing with a vpn we don't pay to get the connection but we pay a port fee and we pay to use it so on certain cloud providers and certain use cases if you use your data a lot a direct connection not only can give you better performance but it can be cheaper than the vpn so low use direct vpn high use direct connections a direct connection can make it more expensive or cheaper based upon the use and the use case so i hope i answered your question there being a victor high use often cheaper direct connection low use cheaper with the vpn okay so understand so aside khan great question so when we are dealing with a direct connection location that's what you're doing you're cr you're connecting to a building that's got amazon's equipment in it that's why it's a direct connection location so they've got lots of routers lots of switches firewalls all kinds of cool stuff you buy a connection to that building and then you get a letter of within a letter of authorization to connect your stuff in that building to that building so assad khan if you've ever heard of a point of presence on the internet where basically all the internet service providers bring connect into a single building and they run cables between their organizations that's what we're talking about here exactly exactly exactly that so i hope i made sense with that one so can you just connect the direct connect to a transit vpc well a transit vpc robin is when you're going to connect a whole bunch of epcs for transit that's not going to really give you direct connections to the cloud so if you had to do something you could do it but this is more of a connected data center to a cloud where a transit vpc is you've got multiple vpcs or multiple remote users and you want to connect them to a specific service this is for full connections to the cloud this is going to enable you to manage your systems because you're never going to do something crazy like a bastion host to actually manage your systems if you're smart you're going to use something like a vpn and we'll talk about why we don't do bastion hosts later why you might want to need to know for the exam by why it's the worst possible reason in the world to manage your systems and why we would never do it in actual production at least in environments that are secure and that actually matter so chris was there any more of the specific connectivity ones before i go with the vpns and before we get into the storage environment raj you've got two options direct connect and vpn you're going to be using direct connections anytime that matters so they're the only two kinds of networking event when's that you really can exist so you're going to be using a direct connection they're pretty easy they just take a little bit of time four to six weeks to set them up but that's the basis of all investment working well victor in every case when you're using a direct connection it's always going to be a virtual connection because it's logical but i'll give you um business cases where you would use it as opposed to a vpn if if it's important to get access to your data meaning it has to work you have to use a direct connection because the vpn chances are won't be available 24 hours a day seven days wait 365 days a year so if it matters taking out the cloud you're going to be using a direct connection not a vpn if you're running any video voice applications or data sensitive of latency applications you'll be using a direct connection by the vpn if you're charging transferring large amounts of data you will usually be using a direct connection over a vpn for 90 of environments that are high availability a vpn is nothing more than a backup because it's just too slow and the performance is bad think of a vpn as something you put in starbucks starbucks where the user is with the cash register where the barista is if internet connections go down for 10 minutes 30 minutes an hour somebody doesn't get their coffee nobody dies if you're connect if you're a bank and you're putting your information on the cloud and the internet's down millions of dollars are lost per minute can't work if you're a hospital and you want to make sure that your patients medical records are on the cloud and the and the internet's not guaranteed somebody goes down someone will die so now you know direct connections anytime you're sending large amounts of data anytime the cloud actually matters to you anytime you actually need of latency sensitive services that's when you're going to use a direct connection so pretty much every real environment that's not a micro tiny small business is going to use a direct connection okay so i'm going to try and be mr youtube for a minute if you're enjoying this please leave a like and please do a like if you're enjoying this content push cloud hired in the chat box and that way i know you're there we like to know that people are there we like to know that you hear us we like to know that way that we're we're making an impact so please let us know we'll do everything we can to try and help you in your cloud computing careers thank you so much emanuel the reality was this i actually bought all the paid trainings for a person and i was so upset with what they were that we decided we're going to do free aws certification training free cisco training and any kind of training we can do to help the community so let's get you guys cloud hired realize most of what we do is basically we build cloud architects we train them we teach them business acumen communication skills presentation skills architectural design skills that's our world not certification but we've seen the certification courses out there and we figured it would be better for us to make an aws full course tutorial or a free aws training and that's why we're doing this aws certified solution architect associate 2022 boot camp completely free so i see lots of cloud hires which means you guys are happy which means i am happy because i want to give you the best experience free paid it doesn't matter we want you guys to have a lot of fun and learn so much i've been an architect for decades and let me tell you it's the best thing i've ever done and because of that i want you guys to all share in the same experience that i've had so let me go find my presentation because i'm because it went hidden and let's go back to to going to the content so let's talk a little bit more of the concept of link aggregation groups so here's the thing if i buy two connections to the cloud i can load share across both through complicated bgp information and tonight if any of you guys want to take my intro to bgp class we'll talk about load sharing across links without getting out of order packets and it'll be cool i promise you i've spent 10 000 hours working on bgp long before i started teaching it and i've been teaching it for decades so bgp is cool we'll play with lots of this um so right now we're going to talk about a link aggregation group i've seen some of the questions that are coming in as i mentioned previous in the beginning we're going to go for three hours per day every day we'll go today we'll go tomorrow we'll go the next day the next day and if we have to go through the weekend we'll do it because i'm going to give you guys the best cloud computing aws certified solution architect associate course even though it's free and that's why we're doing it free we want you the best experience so let's talk about link aggregation groups what if i could take four links and run like four fingers and bundle them together as the single link instead of this little one this little one this little one i can bundle it together to look something like my forearm bigger and stronger and more powerful so that's called a link aggregation group link aggregation group basically put a bunch of things together and make them look as one one link aggregation group one route in the rallying table one path so so so so so easy i mean this is exceptionally good one route one path super super easy so now let's talk about this a link aggregation work group bundles multiple things so if you're going to put four links together they must be the same bandwidth and the same latency because if i've got two links this one is 10 milliseconds to the destination this one's one millisecond you see a problem our data is going to get there at different times and it can't do that so we need the same thing so when you're using a link aggregation group you're going to buy four connections or as many as four across the same service provider so for sir this is like port aggregation protocol exactly ether channel same kind of concept so when you put four links together in a single thing chances are they're going to be from one service provider so if you need redundancy and you're using link aggregation groups you're going to have to do some certain things so let's talk about you know what kind of redundancy you get with a link aggregation group so let's walk through this because i really want you guys to understand so let's say here we've taken two 10 gig connections and we've have two direct connections so the top direct connection we have is across a t and t across two two two paths and the bottom connection we have as you can see is across verizon so we've got two sets of environments literally two speaking two sets of these environments and because we've got two sets of these environments um realistically speaking we've got backup now why did we make the top link directly specifically specifically specifically on the top link bundled together and why are they all on verizon because we have to have the same speed and latency so the bottom would be across another service provider so this is the benefit of a link aggregation group you've got multiple links and multiple sets of bandwidth now if we only had a single link aggregation group let's say the top one note that there's two two direct connections so if any one of the connections connections goes down in the link aggregation group the connection will still oh stay up so you could conceivably do four links from aws to aws to verizon four links through 18 t for a total of eight links you could load sure across them with a good bgp policy and then after that you've got backup so this is really a high availability setup so that's a link aggregation group so okay folks we've covered the networking section at least the connecting to the cloud so now we're going to talk about some really cool some really fun stuff storage so prior to getting to storage alonzo are you here alonzo you're here because in the storage section we're going to do a couple of cloud labs would you like to teach everybody that's here how to set up a budget in aws so if they want to do some of the follow along labs with you nobody's going to get surprised by a big budget so definitely i'm able to do that so alonzo is going to cover this alonzo is a fantastic cloud architect as we architects we typically don't configure but alonso's got some exceptionally good i mean exceptionally good cloud engineering skills in addition to him being a great cloud architect so we're gonna have alonzo demonstrate this so alonzo i'd like you to teach everybody how to set up a budget and then after that we're going to go talk about object storage block storage file storage all kinds of cool stuff so take it away alonzo okay mike thank you so much and again thank you everyone for joining us awesome opportunity it's awesome boot camp and uh let me take you on a little bit of a journey with aws budgets and how we can avoid having a very very possibly expensive uh aws service uh bill so one second while i switch over to our uh to my pages excellent thank you for those of you that don't know i've known alonzo for a while now alonso is a fantastic architect he's got lots of great project management skills lots of great leadership skills got an mba as well so his business acumen is really solid and he and i like to collaborate on a lot of things so thank you so much alonzo my pleasure mike okay so can everyone see my screen okay wonderful [Music] okay so what alonzo is going to do is going to set up a budget what he's going to do and i strongly recommend before you do labs is as follows set up a budget so that you get notified when you're pushing a certain dollar biome it's great doing things in the free tier set yourself a budget maybe 25 maybe 50 whatever you can easily afford in case you get over edges you want to be notified you don't want to get a 10 or 20 000 bill at the end of the month so just always give yourself a budget okay come on budget having low connectivity issues but it seems to be working itself out there you go that's why organizations use direct connections and not vpns definitely mike okay everyone so once you um initially create your own aws account the first thing you do is that you're going to be going into your root account and you're going to be moving over to your billing dashboard now right over here or rather you're going to be moving over to your um to your account i am sorry because what you initially want to do is that you want to uh enable the ability for your account through iam to access your billing and to be able to dictate what your budget is how you want to go about doing these things so you're going to scroll down all the way to the iam user enroll access to billing information you're going to uh edit that you're going to activate your iam access it's very very important otherwise if you go into your aws budgets into your um not into your root user account because you never use that account for anything else other than setting up your account but once you create admin user account you're going to be able to create any information with aws budgets and you'll be able to do that from that perspective in that account excellent so let me stop you there for one second for those of you that are new to tech identity and access management is about determining who the user is what the loser is allowed to do and then tracking the information they did we used to call it aaa authentication authorization accounting so when when uh alonso is setting up the i am for this to be able to make sure i am is basically about determining who you are what you can do and then tracking it so back to you alonso absolutely mike and once we activate the iam access you're going to just press update just so that we can do the housekeeping we're going to move over um into our uh our aws budget and billing so what we're going to do is we're coming we're going to scroll down to budgets okay okay and then we're going to be able to create um although i'm actually activated into an actual budget you're going to be able to have an initial budget screen where you want to be asked to create a budget yourself and you're going to move over and scroll over to different variations that various drop downs into these areas so that you might be able to create your own budgets and set them accordingly to you're going to put your own information down your personal information your payment information the time and the allotment of that monthly budget that you want to have and how much money you want to spend there with so in this instance i have one already pre-made alonzo coleman vpc budget and as you can see i um you have your details i have the name of my budget i have the budget amount that i allocated which is ten dollars um the the budget type which is it which is a cost budget the expected amount of money that i want to spend on a period which is a monthly basis so as you can see um during this time frame i have spent over the course of time uh this is the type of of allocation that i've spent um creating uh various resources spinning up various instances so forth um over this time frame so as of october i've budgeted for ten dollars the budget variance is six uh nine dollars and sixty-five cents and i've only spent an actual 35 cents out of my ten dollar budget so the reason this is important to set this up is when you're doing things like for example my cat cindy has turned on ec2 instances with her paws by walking over the keyboard and doing things like that and you want to know that your cat isn't turning on 128 core server with four terabytes dram costing you eight bucks an hour and find out about it six months later so you know my recommendation is always set up a budget whether it's a lab environment or a real environment because things can get really expensive on the cloud really fast you know you get paid to use your systems you're paid to transfer your data you're paid as you go through regions so no surprises absolutely meg and also as as uh as which is really helpful um creating your aws budgets that you can also set up an alert for yourself either via uh email which it'll get to 80 you can set your your tolerances for say for instance you create this budget you have your budget and you only want to you want to be notified if there's a certain percentage before you get to your budget and be able to be notified via a simple notification which is um a texting service or prompt yourself with an alert um to let you know that your budget is coming to a limit or if there's any issues there with based on the parameters that you set thank you alonzo my pleasure you have anywhere to demonstrate on the budget piece no i do not at this time if anyone else has any questions please feel free so if you guys have any questions on the budget that we're talking about please ask them now otherwise we're going to get into storage and we're going to have some cool labs when we hit storage after we describe what is the storage how does the storage work why do organizations use the storage so those kinds of things okay you guys got that fantastic i don't see any questions popping up in the chat box so if you guys can leave a like it helps all the algorithms do things if you guys are enjoying this please feel free to share the link to this with somebody else sharing is caring so you know make sure you share it so other people they'll be able to watch the uh be able to watch the replay at any time they actually desire so let's start talking about storage on the cloud so what is storage storage is where the organization keeps their data and guess what all this compute we do we're gaining information from all over the world so this is really really really important that we store this information not just storing the information can we analyze the data can we use the data can the data help us make better decisions so prior to even thinking about storage just think about this if we can take in real-time data and make it just make decisions better guess what we are in a position to make better decisions better decisions equal better business better business equals higher revenue higher revenue equals higher stock prices higher stock prices means more investment and growth of the company so good good news so storage is important so we're going to take this information we're going to store it we're going to aggregate it and we're going to do lots of things we can talk about things that you can do architecturally with the storage when you guys went you guys can ask questions and we'll answer them now remember this is an aws certified solution architecture socio course obviously we're going to give you some more information we'll give you some of that certified solution architect professional information and certified solution architect associate information at the same time because you need more than just the associate so we're going to give it to you but you know we're going to keep it as simple as possible because this is still our associate course but so let's do this let's talk about storage so when you're in the cloud you're relatively dealing with volatile storage and non-via total storage so let's talk about the difference volatile storage is this if you set up at compute instance and we'll talk about it and you reboot it all of your data is 100 gone overnight instantly guess what that's volatile storage what if everything you did you just stored it in memory you rebooted the system was all lost might perform really really great right now but not really over the long term um so obviously not a situation so there's non-volatile storage which is data that you store that's going to be stored for a long period of time so boys so sorry to hear that jesse four hundred dollars for playing with the computer instance horrible so that's why you set up the budget so volatile storage things that go away with reboot it's all often called ephemeral storage non-volatile storage storage that stays after a reboot f pawn instance termination so let's look at it this way realize storage is a very very very critical component of your build so when we talk about storage we're going to be talking about a couple kinds of storage we're going to talk about block storage we're going to talk about object storage and we're going to talk about file storage when we talk about file storage we'll talk about things that are local to the computer we'll talk about network file systems we'll talk about windows file systems to really make sure you really get the concept of storage so let's begin and we're going to begin with block storage now what is block storage so block storage is a type of storage area network let me see it's clear it's a storage area network this is not local storage in a computer so what's going to look like you're going to have these giant raid arrays and they're going to be filled with so many hard drives and basically speaking you're going to have these highly redundant fault tolerant servers if you will they're not servers where you just they're full of hard drives hundreds and hundreds of hard drives all in a storage environment and a rated capacity let's talk a little bit about what raid actually is even though that's more of the professional level but it's critical knowledge so you're gonna have buildings or that are full of storage now what's unique about block storage is it takes the data and it breaks it down into the blocks so data here then a block now each block is going to have its own unique block identifier something that helps you identify the blocks so block storage is network storage so what do you think the throughput limitation is of block storage the network interface speed so if you've got a 10 gigabit ethernet connection the fastest block storage you're going to get access to is a thousand megabit a second which isn't that fast but it's network storage it's not local storage so remember with block storage the network is your performance limitation so if you buy an nvme drive at best buy a gen 4 for 100 bucks it's going to give you about 5 000 megabit per second the fastest ebs volume can't get above a thousand megabits per second why it's not something that aws did wrong it's because it's limited by that 10 gig link now when we talk about block storage we're also going to talk about lower performance than stars in the data center why is it lower performance is this network performance and when we're dealing with latency and speed we'll talk about it but block storage on the cloud is much much much slower than instant storage and much much much slower from the cloud but block storage is going to be our fastest highest performance storage that we can actually use on the cloud so we're going to be using it so you got your data it gets broken down into blocks now why cloud providers love block storage is as follows the blocks or the data can be placed wherever it's the most efficient anywhere in your environment so block storage realistically speaking decouples your storage from your compute environment i'm going to say that again block storage decouples your storage from your computer environment so why is this so cool you can put your servers anywhere anywhere you can keep your storage anywhere so it's fast it's efficient and it scales it's not like you need to put all your hard drives in the server you can do it anywhere anywhere in your environment so i hope that makes sense for you that's why cloud providers love block storage now let's talk about block storage and you know and why it's so unique block storage is excellent for files that change frequently so think of an environment you've got a server server has a swap file which is basically virtual memory server has got all these little mini caches and little files that are going through constantly making new versions block storage is really great for data that changes frequently so block storage is perfect perfect literally 100 percent perfect for an organization to use to store their data so in the cloud environment you're going to be using block storage you're going to mount it to a server and it's going to look and feel exactly what like real storage so block storage remember this very important takes your data breaks it down into blocks each block's got its own identifier it can be placed anywhere in the environment where it works block storage decouples your user data from your compute environment and scales very well now the next type of computing storage that we're going to use in the cloud is object storage don't worry we'll get to the aws specifics why am i teaching you so much about block storage and object storage first if you want to be a cloud architect you're going to have to talk to the customer about their storage they're not going to care about the term or word s3 they want to know about their storage so i want you to understand the storage guess what if you're working with another cloud provider other than aws i still want you to know what to do i'm not going to train you to drive a mercedes i'm going to teach you to drive a car so you can drive a mercedes a bmw a porsche alexis afford a chevy and everywhere in between so now you know about block storage now the next kind of storage that's used all over the cloud is something called object storage object storage is really cool storage object storage takes data and it breaks down the data and puts them into objects so break your data convert it to an object now why object storage is so cool and why it's used everywhere is when your data is broken down into objects it's got its own object id and each object actually has some metadata or data about the data referencing it so think about it this way you've got your data and a whole lot of information about what is the data again i want to make really think about this you've got your data and an incredible amount of information about your data so object storage is cool you want to find information search for it with object storage you want to look at part of an object instead of all the data you can because you've got an identifier and metadata you want to create a large data environment an organization can use for machine learning object storage has metadata because it has metadata you can create things like a data lake object storage is really really good for static files object storage is not regular storage it is used for static files every time with object storage you touch or modify a file it creates new version now there's a difference between aws versioning and native object storage but object storage by default creates a new version anything sometimes is modified even one percent or a half a percent or an eighth of a percent so object storage is terrible for files that change frequently because they'll create too many objects fill up your standards cost you a fortune so object storage is used for write once read many time data so object storage data broken down to objects objects have their own identifiers and objects of metadata or data about the data so because of this object storage is great for big data environments and we'll talk about the aws specific ones don't worry now let's talk about file storage so what is file storage you got a hard drive on your computer it's file storage when you're where can you map to a shared drive on windows on the server file storage if you're on the unix and linux system and you're all sharing narrow network storage on ntfs guess what file storage so file storage is where you store files object storage your data is broken down in objects and block storage your data is broken into the box and that's it so now you know the basic three types of storage block storage file storage and object storage so prior to getting into s3 which we're going to do next which is object storage does anybody have any quick questions on storage let me know if you guys have any quick storage questions and if you do um i uh realistically speaking would uh would like to hear them before we go on so babito what is the difference between a database and storage great question storage is where you store everything so on your computer you take your pictures for example your videos your word documents that is storage stuff you're going to store in storage a database is a little different a database is basically an application that enables you with relational databases to share objects that are related to each other a database is a structured way to basically have like names email addresses prices one person used so realistically speaking a database is to store specific stuff and they searchable and be queryable where storage is where you store everything so for example let's take it out of the computers bubita let's say in your house you've got a closet that's storage you just throw stuff in there now let's say you had an organizer and the organizer you had columns and rows and you just pop things in an organized matter like the top shelf has all spices the next shelf was all sweeteners the next shelf was all something that's more like a day-to-day structured ordered environments and things so storage where you throw everything about a closet think about a database as a structured ledger when you go to your checkbook and you actually see the writing down you know who you wrote a check to and what it was and the date and the time that's like a database no the bank account that you have where the money actually exists that's actually about storage so you know hopefully answered your question there bobedo i think there may be a few questions um i know they're coming in so the next question one of the questions that i actually saw was when to use file storage dan dtm and when to use object storage so dan for files that change frequently use block storage for housing and operating system use block storage if it needs to be utilized by a computer you use block storage if by comparison perez the dev you want to create a video and distribute that video to a lot of people that is object storage if you want to create a software artifact and distribute that to many people that is object storage if you've got photos videos that you write once and you share many that is object storage so if it's mounted by a server it's going to be file storage or block storage if it's for software distribution all you need to do for example is uh use object storage so that's typically when you're using them chris if you want to bring up the next question object storage is not exactly like an unstructured database but realize that object storage has data or metadata about data and it's typically the it's a flat storage environment where basically what happens it's very much like a database we've got a pointer to the actual data and realistically speaking in many cases you can actually run sql queries on data stored in object storage so in a lot of ways it's unstructured like a database but if you need a real database for unstructured that's loosely flexible in scales you're going to use a nosql database such as mongodb apache cassandra that kind of thing just so you guys know chris if you want to bring in the next question okay well mario millen can you explain rate after consistency for new objects versus eventual consistency yes mara we're going to talk a lot about this when we get into the database section but here's the thing immediate consistently means if i store it right now somewhere and then tenth of a second later you decide to look at it it's gonna be there eventual consistency mario is as follows i put something there three seconds later you might still see the old version five seconds later the new version is there that is when you call i'm eventually consistent eventually consistent scale is much much much more than immediately consistent but yes so that's how it works so uh what is the difference between the professional and the associate exam here's the answer the associate exam is relatively basic although the questions they ask can be tricky because the questions are worded trickly the professional exam the questions are much deeper and they are very convoluted the associated exam is very straightforward they ask you a question there's pretty much an obvious answer the professional exam they ask you a question that's four paragraphs long the hardest part of the professional exam is really reading those questions because reading those questions the way they're written is a huge challenge so on the professional exam i'd say the hardest part of it is actually reading the question and understanding the question once you do that there's four answers and the answers are much more complex so associated is definitely easier the way we're running this course right now is a hybrid between an associate and a professional because there are certain things that are not covered in the associate which you'd never be able to work without and because of that we're covering it here in our version of an aws certified solution architect associate so we're going to give you about 25 to 30 or 40 more than you would need because we want you to be hireable we want you to be great not just certified getting certified is different than getting cloud hired we're about getting cloud hired so we're gonna have a slightly different take on certain things that we do so you know we're architects so because i've been a cloud architect a network architect and enterprise architect and our team's full of architects we want to focus on those things so we'll give you a little extra any other questions before we go back okay rizwana if you need to mount storage to multiple servers you're using network file system or windows file search you're using file storage for that generally speaking because you're not going to mount object storage or s3 to a server it's for backup and archival purposes so i'm going to do as many real questions as we can in real time um can't do everyone because we can keep you on track but i will try and do as many as we can and guess what i've got lots of questions and answer sessions going on and again just a reminder everybody this weekend we are on friday we have the we have it excel one of the best technology recruiting firms in the country they're going to bring in their executives they're going to answer your questions and of course you'll have the opportunity to send them your resume and they're going to be coming back every other week with us last week we had a vp of nvidia a couple weeks before that we had an executive over at bursa networks and you know what we're going to make sure we bring you somebody else that's really special very very soon but this week lots lots and lots of executive recruiters coming in and tonight also some free bgp training we'll get there we'll do a little bit more about aws bgp than you guys would probably want to know but it's great skill to have so let's go back to storage everyone now i'm having fun with storage i hope you guys are having fun if you're having fun if you can type cloud hired in the chat box and or leave a like keep the algorithms happy everyone so where are my slides that i was looking at i know they're here somewhere one of these days i'm actually going to learn how to use a windows computer okay bear with me a second okay well maybe my powerpoint window when open okay bear with me while we deal with the live technology problems associated with windows okay bear with me while i do this so please uh type the words cloud hired in the short time and why can't i open powerpoint bear with me one minute we'll be back while you guys are typing cloud hired um where is powerpoint bear with me gotta love tech issues when they when they get to what you need okay so let's maybe end this and let's kind of launch it again okay why don't i have any powerpoint here like none well this is really fun okay bear with me guys i don't know why i can't seem to access my slides at all or my obs environment okay so we've got this we're now halfway here okay just a little bit of tech and we need to be good to go my tech is 100 crashing right now so guys um you know i was using a mac for e for years and it uh did not work with my systems so alonso could you stu start with the next lab and actually set up an s3 bucket and then i'll talk about an s3 bucket as soon as i do a system reboot that sounds wonderful mike i can definitely take that okay so i'm going to do a system reboot you do the first aws s3 um lab and i will be right back okay sounds good okay everyone i hope that you can see my screen or that it will there i guess that means i get some screen time now that's what it seems like chris okay does everyone see my hopefully everyone sees my aws management console we're going to start here focusing on s3 so we're going to click into that s3 management console now right here i've already illustrated we've mike has already discussed um what object storage is which is which s3 is so right here you can see my account snapshot you can see the buckets that i've already created but i'm going to go through a quick walkthrough with everyone so that you can see for yourself the steps that it takes to get to a certain point so initially um buckets um they're kind of like folders um where you can put all your content in you can put your object storage into these buckets uh one thing about buckets is that you have to understand is that when you create them it has to have a universal uh naming convention which means there's no other name like this on the planet and i believe if i'm if i'm not mistaken i'm pretty sure about it that you have up to 63 characters you create these naming conventions and it can only use uh use dashes or dots no other type of special characters so i'm going to create a create bucket for you right now and we're going to call it um google cloud careers and it and i am in the east 2 area in the good great state of texas so where we are right now is that when it when it asks you to prom if you want to block public asset access settings for your bucket you have to do this otherwise everyone that you ever thought possible the entire world can ask access all of your content within your bucket so you want to make sure that this particular uh check mark is uh checked so that you can ensure your security bucket version so this is a real fun piece that i really like so say for instance as um as a former marketing creative uh we always did varying uh versions of creative pieces um um if you create a certain file and you have to adjust that file and it's going to be different you're not going to be writing over the same file over and over and over again based on those iterations so when you enable versioning you can create a certain file and then you can create the same file but with a different look and you can upload it into s3 and it will still provide the same naming convention but a different version of that so that you can always keep incremental track of what you upload into the bucket so you can also disable or enable encryption which we might we'll get into that later on about the different encryption practices that s3 has available uh whether it's server of server side customer side encryption and how we can create that there with so now we're at a point where we can create the bucket so now i've created uh gc's google cloud clockworks oh my goodness um um gcc boot camp um which would you know which is the actual uh boot camp that i've made um bucket that i've created so we can go inside the actual objects now we have an opportunity to upload um certain uh content here so what i'll do is that i'll add um some creative pieces that i've done previously or some files that i've made go cloud careers bucket and so we have the actual logo right here in both jpeg and png form so we're going to take those two pieces and we're going to add it into the drop box so now i just clicked and dragged these two items right here into the folder and now i can upload them so now we have upload succeeded complete and so we have these two files for google cloud career um jpeg that we can um access at any point in time um for any other examples or anything else so now i can add um the same item because i i added versioning and i can go and upload something else so let's go back into the google um we'll keep saying the same thing uh the go cloud careers uh bucket and we can upload some more content so now i can add files and go to back to this particular bucket and let's go and upload the same thing so now right here you can look and you can see all the information about where your where your s3 bucket is or where your content is within this particular bucket you can focus on the region which is where i i put it you have your s3 uri which you can use for pre-signed urls um you have your um your amazon resource naming convention and you have your object url again right here and so we can click on this so now you notice that once i clicked on it to try to access it because we blocked it off to the entire world we have access denied so it has that real solid encryption um so that you can keep make sure that all your content within your buckets are secure so let's go back to our go cloud careers bucket so right again we have our properties we can enable or we can suspend um you know the options for s3 based on what your you know if you want to write over things or if you can't and then you can also add another layer of security with multi-factor authentication now using this you can modify these settings using command line or you can use software development kits or s um uh or apis to do so now keep in mind um an mfa is very similar to what you would use when you initially have a aws account you set that up as another means of uh not only accounting and authority but to create that layer to ensure that no one else can get into your account and you have different variations of using mfa such as authy or google authenticator or you can actually use microsoft authenticator authenticator rather all right i am going to add mike back in real fast okay wonderful hey mike yes i am back i'm operating in two different systems right now so it's going to be a neat experience until i reinstall my operating system for those of you that don't know i've been a mac user forever and what ultimately happened is when we started shooting 6k video for you then mac my 16 core 192 gig around mac couldn't handle the load so we switched over to a windows thing and now i'm learning all the fun about windows so um we're up we're here and i'll go back and let's talk about s3 did you want me to try sending you the google slides or do you just want to go the google slides and i will use them and i'll be excited to use them in the meantime i'm just going to work off of my notes all right so we've got a couple of questions if you want to look through the chat box while i was looking for the google slides you gotta let me answer some questions i will answer some questions and then after that we will have a party because i love teaching and you know part of life is things happen adapt improvise and overcome so let's look some of the questions that we're actually here um and the reason so so realistically speaking so sm7 you know one of the scariest things that is in general when things are designed out of the box they can either design to be clothed out of the box or open out of the box so what i mean by that is a system that is closed out of the box will be locked out and secure if you go buy a firewall from cisco it's going to default to block everything by until true and otherwise but some things are configured open until you lock them down so that's up to you the architect and up to the vendor to determine how they do their policy so um the next question um [Music] um i can't really see who was asking all the questions because i was off doing system reboots um but you have i see b3 collectors several buckets that's great that's pretty normal um yeah we typically don't uh plan for brakes on these things because of the amount of length i love doing brakes but what i found out when we do brakes on live stream people just don't come back plus it's also really hard for people to watch the live streams at the break after the fact so um you need to disappear for a few minutes pause the video come back and watch it we're thrilled still thrilled to have you here it should be great um so um somebody said they're currently a devops developer that is fantastic we love hearing that that is terrific um not an architect very different career um chris i just requested access to that thing you just sent me let's go to the next question while we're waiting for that um who has the next question you are devops and okay so s3 is great for backups that's why people typically use object storage because it's cheap um and it's very good for object storage justin lee yes i s3 does provide you know relatively high availability i wouldn't call it high availability because it's 99.99 available which is somewhat lehigh availability but i would consider five nines available or greater to be high availability because four nines availability means your storage is not going to be there for almost an hour per year i don't consider that high availability i consider that moderate availability high availability means five nines availability means you'll have five minutes of downtime a year where you can't access your storage so aws calls it high availability i consider moderate availability but the durability of the aws data is fantastic so let's try and see if i have access to these slides if i can share them otherwise i will just go ahead and do them off of my notes been doing them that way for years and years and years um and it works typically well but we're trying new tech we're going from microsoft office to google slides and hoping that it works along the way so what is aws s3 aws s3 or simple storage is object storage that's available on the aws platform so object storage remember what we talked about with regards to object storage we said that object storage is great for environments where you write once and read many times now aws would tell you that their object storage is high availability by calling it 99.99 available that means that your data may have upwards of 52 minutes of downtime per year so if you consider that to be high availability then yes you can consider that to be high availability but aws s3 does which is really awesome is their service is super super high durability meaning it's nine nine 99.999999999 percent durable which means 99 plus to take 99 to 11 places total now that is some pretty good durability what does that mean if you're the architect it means that once you store your data on aws it may not be available exactly when you need it because you're going to have 52 minutes of downtime per year but it's not going to be lost your data is really really safe and this is extremely extremely exciting to be able to do these kind of things so you know when we're talking about it i think this kind of environment is really really kind of cool so let's see how we kind of do these kind of things chris what do i knew to be able to share slides from another window in obs do i do a screen capture or something um you will do a window at click the go on sources hit plus and window okay so i've got some slides that we can share with you guys plus window capture we'll click window caption and somewhere along the line it's okay excellent now just move it around light and get it get it to look pretty around and get it to look pretty we can do that i have that capability so if i make it a little bigger hopefully do we make can we can we expand the size of it for everybody does that improve it okay so we will okay we're going to work with this to the best of our abilities as google slides for the rest of the day okay we've got we've got something we can work on okay fantastic so aws object storage object storage that we're talking about and are also talking about um being 99.999 available how do i go back to this i don't okay we're going to get rid of this window capture and we're going to go back to where we were at see when you're an executive you need a team of really great engineers and architects around you to help you with these things so let's talk about why an organization would use s3 backing up for example the organization's data would be a good use case for something like this um for example static website hosting distribution of content media software disaster recovery planning or big data analytics so let's think of it back up right once read several times sure totally makes sense static website same content never going to change short comes out of object storage you want to distribute a video or a movie or new software use the cheap storage i write it once it gets read many times i want to take my entire data center and back it up object storage is cheap great disaster recovery planning make copies of the images of all my servers simple storage s3 fantastic so now you know why organizations are using s3 because it's really cool and it offers a tremendous amount of benefits to the customer so now let's talk about the way it works when you're dealing with aws s3 your data is going to be organized into buckets now realistically speaking when you're dealing with a bucket it's not exactly a bucket that you're actually dealing with what you're actually dealing with is that is uh you know what looks like a bucket which is basically a pointer pointing to your data now what's pretty cool in the way this stuff works is as follows um when you're dealing with this kind of stuff you're you're finding yourself in a situation where your bucket has a dns name so you can reach the content in your in your bucket by just putting the fully qualified domain name so realistically speaking your your data is just a pointer it's really just a pointer to the data that you're actually receiving so now you know a little bit more about the way s3 works and it's realistically speaking pointers to the data so let's talk about you know some options that you have with regards to aws to make object storage work for you you put your data in a bucket and you're going to need to secure your data if an organization has mission critical data and if the mission critical data gets breached you got a problem so you only want people that have a need to know the data to actually get the data so you're going to secure your data in the cloud you're going to secure it in one of the following options you can create a bucket policy which is the preferred method you're going to create a bucket policy and it's going to use the identity and access management functions of the cloud and by creating the bucket policy on the cloud you can be very granular alonso can access this chris can access this jesse can access this emit can access this jeremy can access this abigail connects us this and we love that and that's a bucket policy the alternative if you wanted something a little simpler is you could just create something called an access control list now realistically speaking this is not the kind of access control list like you would be using to keep traffic out of a subnet this is a totally different kind of access control list this kind of access control list that we're talking about is basically read write or full control now can you guys hear a giant fan or jet engine sound because i'm working on my backup workstation right now which has got some pretty bad fans so apologies hopefully the the sound isn't that allowed so let's talk about tiers of data on the cloud so when you're dealing with organizations and data you're going to deal with the following things most data is is dynamic for a period of time so let's look at it this way organizations may have fresh data and if i get fresh data i may use that data every single day of the week literally every day for a month and then i might not touch it at all so we can actually get different tiers of data storage inside the cloud we're going to talk about multiple options in multiple speeds and qualities and ways to access your information so we're going to talk about s3 standard which is traditional object storage the standard way that it works we'll talk about amazon s3 and frequent access and yes you need to know this this will be all over the exam we will talk about s3 in frequent access one zone we will talk about s3 intelligent sharing and we will talk about aws s3 glacier all matter and you need to do these all for the exam so let's now talk about the standard s3 standard s3 is high availability high durability high performance storage this is standard so you're going to use this for any kind of data that you frequently access i've got data i want to access every day i'm going to put it in s3 standard best performance highest availability highest durability and that's what we're going to use highest price but you can access your data as often as you need to so now we know those kind of things so after that we've got another kind of storage and that's going to be called s3 one zone all right let's go to s3 in frequent access before we do s3 and frequent access one zone what is s3 and frequent access it's basically the same s3 that you had before but it's designed if you're not going to use your data very frequently so what is as follows so s3 is your normal bucket but what if you could put your data into a separate bucket for data that you don't use a lot so s3 and frequent access does just that it gives an organization the following high performance high availability data just like before same durability just as before but now you pay reduced prices almost half of traditional fees but you actually have to pay to access your data so before you had your data and you paid and you paid nothing but you paid twice as much for the data with s3 and frequent access you may basically pay half of the data but you pay to retrieve your data so normal s3 frequently accessed content but s3 infrequent access is have your data and you pay to receive it but you have to keep it there so infrequent access is really great for files that you need to use occasionally store your data it's effectively almost half price pay a retrieval fee so look at it this way if you have your data you're going to access all the time keep it in standard s3 when you're not going to access that frequently move it over to s3 infrequent access this is called lifecycle management we'll explain it in much much much more depth so next let's talk about the storage tiers so we're going to do the next storage tier which is infrequent access one zone so for organizations that want low cost the low cost of infrequent access they can have it but what if an organization is saying hey we don't need high availability storage we can tolerate reduced availability that's what this s31 zone is it's you pay for data to access that you don't need that much that's less critical because it becomes less available so if it's lower available your data is only stored in one availability zone you get a cheaper price but it's only there if you don't need it so don't put information in s3 in frequent access one zone if you might need the information in your business day it doesn't have sufficient availability but it's cheap so s3 standard data frequently accessed s3 infrequent access data that you're not going to frequently access so um one zone uh is used for data that you're not going to frequently access that if you can't access it when you need it nobody cares so now you kind of know so realistically speaking that's where you that's what you really want to go for so with regards to storage tiers aws has something called intelligent tiering you probably will see it on the exam here's what intelligent tearing is you put your data on aws and they automatically move it to wherever it's cheapest based upon a machine learning algorithm so in life in architecture here's kind of the thing here's what you do you basically stu you manually intervene whenever possible because you get the best results but if you don't know your data patterns and i suggest a good architect should learn those data patterns but if you don't know your data patterns or it's you know random and hard to figure out we are dealing with some really cool stuff with this s3 intelligent tiering because realistically speaking that's the way you can deal with this so it'll do it automatically for you automatically those kind of things so now let's talk about some other tears let's talk about glacier so pretend that you use standard s3 for data you need all the time and you use infrequent access for data that you need that often now what if you wanted even cheaper data storage even cheaper data storage but this data that you're going to store for a much cheaper option is as follows you don't need to access it and you can wait eight hours for it so organizations do this all the time they'll have their data go straight from s3 and they'll keep it there for a month or two months or however long they're going to use the data then they'll migrate that data to infrequent access and then after like say 90 days or 180 days or whatever it is in their business when they know they're not going to use the data but they want to store it for archival purposes or auditing purposes or future machine learning purposes they can migrate that data to glacier glacier is another form of s3 it is the lowest cost you pop your data in here and it is locked down that's what glacier is for so realistically speaking and then i'll go back and answer some of these questions in the chat box realistically speaking because i see some misconceptions especially going on with regards to stewards realistically speaking once it's in glacier you pay to retrieve it and but it's the lowest cost so life cycle policy s3 and infrequent access than the glacier now there are some environments and some businesses that are really really really regulated such as banking such as healthcare realistically speaking so um if you're in one of these environments that's regulated you may be forced to save information in an unmodifiable way so if i take care of one of my patients in the hospital let's say i'm not pretending to be a cloud architect today and i'm pretending to be a medical professional today i'm equally comfortable practicing internal medicine designing cloud architectures network architectures it doesn't matter so let's look at it this way um let's say that we wanted to do it this way um i forget actually what we're talking about here so but look at your data in your tears so let's say you've got this bank and they can't modify their files they need something um and we and we have they need something that's going to realistically be unmodifiable immutable if you will chat transcripts at a bank medic patients medical records you've got to store this stuff for three years or seven years you can use something called glacier deep archival purposes it creates a fault and you can guarantee that no files have been modified along the way so in those kind of interesting things we're making sure that you understand this so lots of options standard s3 standard frequently accessed information two infrequent access for files you don't need that frequently glacier for things that you almost never need and for files that you need to stay unmodified for a long period of time what you are going to use is as follows you're going to use glacier deep archives so now you know the types of things that are available so let's go back into that lifecycle management component one more time what is lifecycle management it's about putting your data where it's most efficient at the best price at the best time we'll have slides for you again tomorrow so what does this mean send your data to s3 go to infrequent access and then go to glacier so realistically speaking that's what we're talking about now i want you to think about a couple concepts remember what i told you about object storage every time you modify a file it creates a new version every single time so if for example you had a swap file of an operating system and you could use a swap file on the cloud do you know what it's going to do it's going to create a new version every millisecond so if you had a 64 gig swap file and it creates a new version every millisecond you would have 64 gigs a thousand times per second in your object storage so guess what object storage is only good for files that are static so realistically speaking but now let's say that you want a lot of redundancy sometimes object storage can be your friend so for example let's say i was writing a word document with 30 people on it each person made a modification but i want each one to overwrite the original no i'd want a new version so object storage every time you touch or modify a file it's going to create a new version of that right new version so guess what because of this s3 has something called versioning which is the default nature of object storage it enables you to keep multiple copies so there's that so s3 versioning enables you to basically create multiple versions which is the default functionality of object storage although aws gives it to you as a additional feature that you can enable so now let's talk about multi-factor authentication something you have and something you know so if for example what you're trying to do this what you're trying to do is as follows you want to delete data imagine what happens when you delete data do you think it's really safe deleting data like you know let's say i'm on my computer and i just drag a folder to the track by accident it was all gone that would be problematic what if it's an organization's mission critical data mission critical data and i accidentally deleted it's a problem what if a hacker gets into my systems and wants to delete data maliciously not really good right so let's look at it this way versioning can protect us against these things and mold by keeping multiple versions and multi-factor authentication delete saves us so here's what multi-factor authentication delete is i go to delete alonso's powerpoint slides i then get a text message that or that says did you authorize this enter your one-time password i enter a one-time password and i'm authenticated now whether i'm using a google authenticator app or whether i'm using a text message it's really irrelevant multi-factor authentication does as follows i go to delete something i receive a challenge for a one-time password i provide that password and it's deleted so think about this multi-factor authentication delete and all the cool stuff that it does let's look at it holistically cool factor one is as follows hacker breaks in they try to delete it and poof guess what it goes to me i don't delete it my data is not deleted so really cool factor of multiple founder authentication lead i go to accidentally delete my files it's no big deal an angry employee wants to leave the company wants to delete everything they try and do it it sends me the message and guess what they're denied so multi-factor authentication delete can really really really really help you there so now you know so let's talk a little bit about more and then we're going to do a little more questions than usual to excuse me today because we don't have any slides and i realistically won't like to give you more slides um so we'll figure that out on our end we'll make sure our slides are back for tomorrow we'll have cool slides back for our bgp session tonight absolutely in every way shape or form so let's work with you here so now you know about multi-factor authentication delete so let's do this let's talk about one more thing and then we're going to go to some questions so remember object storage is not traditional file storage it is flat it is basically almost a database like structure you've got your data and you have a pointer to your data so that's there so it's not really files and folders so if you guys are going to create a delimiter to make it look and feel like a folder remember it's not a folder it's in any way stretch the imagination it just looks and feels that way so if i created a mica bucket that said mike slash 2021 slash aws video slash storage slash s3 dot mp4 it's not going to be hierarchical i mean map to that location like i would on a regular computer but it is not hierarchical because it's just a pointer so realize your data in object storage is flat it is not hierarchical it is flat so kind of work with that kind of understand um apologies you know we're working off of slides on a backup notebook workstation trying to stream off of something else things happen in tech and you know what that's what you adapt improvise and overcome said chris why don't we aggregate and take some questions and then after we take the questions we will figure out exactly the next thing to do we can talk about encrypting s3 but chris if you want to bring up some questions i'm going to bring up one question that seemed to spur a lot of conversation in the chat box which i think you referenced earlier about maybe being some questionable stuff in there so i just i'm gonna pop on the original question that spread that conversation excellent it's very simple surprisingly excellent memory inseph what is the difference between block and object storage okay well one of my more favorite things to talk about we talked a lot a little bit but let's talk about it again so object storage takes data breaks it down into objects now each object has metadata or data about the data so object storage being a type of storage error network technology takes data breaks it down into objects now each object has metadata so it's that metadata which is really the data about the data that makes object storage so useful and so cool so take your data break it down into objects now object storage is useful in memory for data that does not change static data website data is perfect for object storage object storage does not get mounted or used by computers it's not real storage at all so it's not like you're going to have your computer mapped to it over iscsi as a rule and use it as now you can do something called the gateway which is going to make object storage feel like real storage but it's not object storage is that type of storage area network so performance limitations the speed of the storage area network scalability limitations the number of hard drives you can put in your storage array guess what you can take multiple storage arrays and glue them together so object storage scales well block scourge scales equally well so object storage static files takes your data breaks down into objects each objects got metadata think write once read many think about software distribution photo distribution video distribution all that cool stuff now block storage by comparison is a different type of storage our network block storage takes your data and breaks it down into blocks now what's so cool about the block storage environment is block storage works really well with environments first the f the object the files change frequently so with with object storage every time you create a new file or modifier file creates a version not so with block shortage so the answer is as follows block storage looks and feels like a regular sorting area network environment object storage does not computers can use block storage because it feels like a local hard drive even though it's not block storage often has better performance than object storage by the way it's structured but not necessarily block storage is typically more expensive from a cloud provider because it's much much more useful than object storage object storage is only good for stuff you're distributing block storage is used by a system so block storage used as basically a logical pseudo hard drive in your computer whereas object storage is basically a bucket where you're going to dump and store your data in your backups so that's the difference between block storage and object storage and realistically speaking how they work chris would you like to bring in the next question uh can you hear me yes so what i'm going to do is i'm going to bring in the responses that people had to that question so that you can maybe briefly comment about that response again only because it took up so much of the chat conversation i want to make sure we we have that that sounds good and for the folks that are saying why don't we have slides our systems went down we're in a backup system we will have slides back up and running tomorrow we had them for the first two thirds and we have a little technical questions so these i'm gonna bring these up and just like i said just you know 15 20 second uh follow through on what this person said just all of them were good good good meaning i'm sure so i just want to make sure where i'll just get the right answers across so here's yeah there's lots of things like block storage is also non-volatile just like object storage is non-volatile yeah so we'll just go through them there's several of them block storage is used anytime you have files that need to change or needs to be mounted locally by a server um so block storage is used for everything not just databases if you've got a server that's sitting in your computer on the cloud you're going to be using block storage because it's the only thing that's not going to go away with reboot so box storage is used for everything that's going to be mounted to a server if you need a local hard drive if you need multiple servers to be using the same data at a time you're going to be using file storage so there that's your that's exactly when you would use it okay chris you want to bring up the next one object storage is for is for objects that are typically writ read once uh write once read many times you're typically using it for software distribution photos videos and backups object storage is also used in data-like environments because of the metadata or the data about the data okay great now bring up the next one um it really has nothing to do with granularity um object storage has a tremendous amount of data that metadata about it lock storage does not have it but uh so you can do more cool things with that extra metadata nathan but it's not that it's necessarily more granular it's you could look at that metadata and do something cool about it jawad kind of perfect jawad is one of my students block storage is used for constant reads and writes objects your storage is used for static content that doesn't have a lot of rights exactly duad chris is there another one i don't think it's that one storage environment is more scalable than the other nathan rivers nathan um they're both they're both storage area network technologies meaning they're both environments a bunch of hard drives and rate arrays it's not that one scale is better now object storage is uh for static and is typically cheap block storage is super scalable some of the most scalable in the world and why the block storage is so scalable is that you can store your data any any any of your data wherever it needs to be in the storage environment so because that decoupling of the storage environment block storage is super scalable but so is object storage exactly josh block storage can be attached and it feels like a local hard drive object storage is accessed basically via a website or via storage gateway or something because computers can't directly access object storage aws charges you when you retrieve your data but also when you send your data across reasons and everything else if so okay so no michael when you're using object storage or s3 you pay for every megabit or gigabit that you actually store so the price that you pay for infrequent access is basically half of what you would store it regularly so traditional s3 you pay a fee to serve your data but you don't pay to retrieve your data locally inside now if you're retrieving it in between regions there's data transfer charges the answer is yes but to retrieve your data locally you are actually not charged now if it's egressing your systems you're going to pay to pull it off so the answer is yes but if you're using infrequent access you'll pay to get it out of infrequent access and then you'll again you'll pay to actually get it off of the aws network so this is paying once michael versus paying the twice within frequent access block storage is typically costlier and the cloud environment block storage and object storage in the data center are typically at the same price it's marketing and the way they choose to charge you okay so here's what's going on mohit you have the opportunity and the cloud to basically pay for performance of your block storage realize this regardless of what everybody says block storage is relatively low performance really low performance and we'll talk about the performance of black storage in terms of throughput and in terms of iops i want you all to know that for a hundred dollars at the local retailer store you can buy a samsung 980 pro like a half a terabyte that will give you five thousand six thousand seven thousand megabit per second read write speed and a half a million iops so on the cloud a high performance ebs volume a provision iops volume is 64 000 iops so realistically speaking you can get 10 times the speed in the performance for 100 one time at best buy or amazon or fry's or any computing stores so black storage what we'll talk about in the cloud being high context of high performance realize it is really slow compared to what we would actually do in the data center so what's going on with the cloud is basically you can provision your services ahead of time and by provisioning you can say i need a certain number of input and output operations per second as well as a certain amount of throughput megabit per second is traversing through the storage environment and realistically speaking i wish it wasn't the case but you pay for the throughput that you actually use and you pay for the volume so when you pay to buy a provisioned iops via inside of the cloud you can't just get the speed you need there's a limitation of the speed related to the actual size of your biome so we'll talk about this more later if there's a 30 or a 50 times ratio depending upon the year and the cloud provider of how much you can actually do with regards to iops so you might need you know a million iops and you can't do that on 128 gig biome in the cloud you might need a 30 terabit provision iops volume in the cloud to do that are multiple big ones that are going to actually be strung together in a raid so yes completely agree with you on block storage if you pay for provision and you have to pay for a bigger storage than you actually need because you need a certain amount of input output operations per second you're going to pay more so i hope that kind of made sense for you chris if you'd like to bring up the next question yeah doreen what is the recommended life cycle management pattern okay doreen it's 100 based upon your customers data use pattern i know in amazon they always give you these silly examples we access our data frequently for 30 days infrequently for 30 days and by 90 days we don't use them anymore but this is really really dependent upon the industry there are industries that are going to use the same data every day for 10 years straight they can't come up with a life cycle apology because it would be bad for them there are other organizations that use their data actively for three days and then that data is old and expired so they could go from straight from three days and s3 directly over to infrequent access and they may never need it again after 10 days and they can send it all to glacier so realistically the architect is not like an engineer that architect is really going to have to go meet with that client and really figure out the client's business really learn what the client's needs are really look at what the client's business is how the business operates their business challenges their pain plans their growth desires and it's up to you the architect to look at all the technology solutions you have to come up with an end-to-end system designed to do this for them so that's for you the architect is a cloud architect remember as cloud architects we don't configure we don't code we design these big end-to-end systems as cloud engineers we build them so really depends on where you're actually going to be along the way i am oh very cool did you find uh slides from me yes so if you want we can you can tell me a section and just tell me when to show a slide and i can manually do that i'm loving this this is awesome this is teamwork across the cloud so let me love it let me look through these questions real fast before we see if there's any more questions um thank you for burying us with our technology challenges everybody's got them avery p can you think of those pointers like hard links and soft links in linux exactly after ep you know in linux you've got a pointer to data when you're dealing with object storage you've got a point for the data it's pretty much the same thing exactly exactly exactly um all right how about efs we'll talk about efs when we talk about network file storage efs or elastic file system is the amazon branded name of sun microsystems oracle's network file systems so we'll talk about efs which is what multiple servers would use to mount user data and that would be efs now if we're dealing with windows computers windows computers don't actually map to nfs drives they map to server message block protocol which is realistically speaking going to be efsx on amazon and we'll talk about that now ebs is what you're going to use which is block storage which is what you're going to use as a local hard drive for a server we'll talk much more about that under computing and now that you know what that is s3 is object storage which is where you're going to store your software things that are going to read once right money so we'll get in much more details when we start talking about how the pieces of parts fit together so realistically speaking let's melt yes chris do you want to tell me what slide number you're going to start on i know you're working off your notebook um so yeah so for right now i am on slide 66 don't share it yet i'll tell you when to share it and just tell me what's not what slide number to share when you're ready okay so let's talk about encrypting your data on s3 i want you to think of what is encryption encryption takes what you have and it makes it unusable to everyone else who does not have a decryption key so let's look at it this way i wanted to speak to my wife typical encryption i spoke to her in greek people that did not speak greek or have the greek decryption key could not understand this so in his essence in early cryptography it's just speaking another language look at cool languages that were designed that people didn't know patois for example in the caribbean it was to be a language that no one was not no kind of encryption yiddish was another language again something that people weren't supposed to know so it's a form of encryption but here when we're talking about storage we're talking about protecting sensitive data and there's two ways we can do it we can encrypt the data before we send it to storage or we can take the data that's stored and we can encrypt it when it's stored or on the way to storage so we're going to talk about client-side encryption and customer side encryption so chris if you could share slide 67 for me so in this particular environment the first type of encryption we're going to talk about is the sse-kms this is if the customer wants to manage their keys and they want to use an automated key management system so this is a really special environment you're going to have complete control over the keys you manage your master key with this key management system and the key management system from aws will manage the data key and it's really elegant you just manage your key they manage all the data keys and the key management system will provide an audit trail of how who and when your data was accessed so i love this you manage the key and the key management system takes care of all the work for you so this is really a simple and elegant solution chris if you'd like to move on to slide 68. now in this particular environment we have the sse-s3 so this is where aws is going to manage the keys for you all of it so basically use them as a key management solution aws is going to manage your keys they're going to rotate your keys and every time you encrypt an object guess what it's going to have a unique encryption key so i want you to really think about this if you are able to in your organization and trust aws or someone else if you're able to do that to manage the keys of your environment and automatically rotate them and encrypt every object with a new encryption key you've got incredible security but here is the question can you and the question is can you and in most cases you cannot can you actually allow the customer meaning or the service provider aws to manage your encryption keys in many environments that are high secure the customer must maintain integrity of their own encryption keys and manage it so we talked about the customer management keys with the aws system first now we're talking about sse-s3 which is where aws has a complete complete component of the key management system so now and we're going to have a lot more s3 labs coming up in this section obviously because this is something that's pretty important to what a cloud engineer would do is to really get their hands dirty with s s3 so we're going to have some more s3 labs and object storage labs and storage labs and now let's look at an environment that's really secure let's say you're dealing with the military let's say you're dealing with the munitions manufacturer let's say you're dealing within a bank for example and they say we need the strongest most robust security solution we can do this is where the customer maintains autonomy over everything so basically realistically speaking the customer has complete autonomy over their encryption keys they manage all the keys but they're using the ssc.d custom provided keys complete management system the customer maintains it all now you know there's other environments as well so basically that's realistically speaking you know how we're doing this these are your encryption forms so let's talk about s3 and optimizing performance chris you can put me front and center screen again so let's talk about things that we can do to improve the performance of the object storage on aws now there's a couple things we're going to talk about we're going to talk about something called pre-sign urls and why they're beneficial we'll talk about multi-part uploads and boy they're cool and very beneficial then we'll talk about range guests and i think that's one of the coolest things of object storage and then we'll talk about cross-region replication and why organizations might want to do this so let's begin first with pre-signed urls when you stick your data into aws and s3 it's private meaning others can't access it this is a good thing you don't want your data accessed by the world automatically so if you want people to access your data you have to enable access so there's lots of ways you can do it you create an im user and a policy and give them authentic ability to authenticate or authorize to exit your data but you could do other cool stuff too so what if i could basically take my object and i can pre-sign sign it send you a pre-signed link to that and all you had to do was click the link and see the file for as long as i wanted you to have it and then after that you couldn't do it again pretty cool huh i use my encryption key i sign the object and then i send it to you and i just give you a look click here to download and it works and you know what happens a week later it's not there anymore you won awesome awesome awesome so now you kind of get the concept so you can create a pre-signed url which will basically do this now chris if you would share slide 62 please 72 72 please so when you create a pre-signed url basically what's happening is you're signing it with your keys and then someone else will just be able to use it so the method that you use to sign the uh url will determine its expiration so if i sign it with an im instance profile that expiration time can't last longer than six hours so why it's not considered the most secure environment now by comparison if i use the aws security token service which is basically a one-time password and that's pretty cool our things can last up to 36 hours because it's deemed more secure now if i use an iem user and create a link to another im user this is strong because it's a strong encryption the user is already authorized so they get up to seven days to access this content and you know realistically speaking after that if we if we use a temporary token it's realistically speaking basically when the token expires so you could almost think of a yield a pre-signed url is how long you can access a video on netflix [Music] this netflix is predominantly served from s3 if you're authenticated so now chris if you want to bring me front and center again so let's talk about s3 and object storage so i want you to think about what happens when you transfer a file when you're transferring files reliably you're going to use tcp which basically means it's going to be like this i'm going to send a file to alonzo alonzo is going to say yep mike i got it i'm going to send along to the two five or two pieces of data lonzo is going to say i got it i'm going to send a lot of four pieces of data he's gonna say i got it i'm gonna send an eight and then when alonzo doesn't say i got it mike i'm gonna start retransmitting from the beginning and ending tcp this is called the sliding window it's enables flow control over a network now what happens if i want to send a 5 gig file to alonso and 4.8 gigs get through and the last part is dropped off alonzo effectively has nothing he can't reconstitute the data that i gave him so obviously this is not a good environment so i have the opportunity to break the file that i send to alonso into a bunch of little files then let's say instead of five gigs i have something that are 30 megs each or 100 bags each and i sent alonso a bunch of file parts in order i said alonzo part one part two part three part four port five port 99 part 5000 alonso receives them and says yes i've got all the parts puts back together in a single file and it's good that's called a multi-part upload so chris if you'll bring up slide 74 in a multi-part upload what you're going to do when chris brings up slide 75 is you're going to take a file you're going to split it into multiple pieces and then it'll be reconstituted there so think about this logically if one part of that file is lost you don't send the whole file again you send out one part that was lost so this is really cool so it increases your speed because you can thread it in multiple threads it increases your scalability because you don't have to worry about sending most of your data and losing some along the way it enables you to reliable you send large amounts of data to large customers here to an environment all across the environment so let's do this let's talk about cross region replication chris if you want to bring up the next slide so with aws when you're dealing with aws they charge you every time you send your data to different reasons so let's say i want to keep my data in the us and i want to keep data in greece or somewhere in europe i start a website it's in greek i speak greek at home i think in greek so i can basically set up my website here and i've got something else coming out of europe and another aws region great i've got to get my data from port from point p so i can use cross region replication and it will copy the bucket i have the data that i have in one region to another why would i do this a couple of reasons full redundancy everything i have in new york is copied in san francisco and new york goes down i'm covered but why else aws charges you for transferring your data every time you transfer between regions they charge you so let's say i've got a website that gets a million hits a day out of europe and it's all hosted out of ohio every time somebody hits my static website hosted in s3 they're going to be charged inter-reach and transfer charges if i get a million hits a day i'm going to be charged a million times per day for someone accessing my web page from the u.s by comparison if i just copied my bucket and served my website locally out of europe and copied it there i would only have to pay for the replication of my data as opposed to every single million web hit that i get per day i hope that makes sense to everyone the cross region replication does the following enables you to take your data from one place and copy it to another location to keep your data synchronized in real time that is the region of cost reason replication takes your data synchronizes it in real time across another region saves interdepartmental regional transfer charges gives you a backup copy in another environment in case anything were to go wrong so let's do this before we get into instant storage on all the other cool storage platforms which we will cover tomorrow and alonzo will do some really cool storage labs with you tomorrow there's three minutes left of the allocated time so if anybody has any last-minute questions let me answer them i will say this if you're enjoying the content please leave a like and type cloud architect in the window so we know that you're here and paying attention so on a kit your there's uh if you're using aws organizations which is way above the certified solution architect associate that's one of the bigger contents on the certified solution architect professional you can do lots of hierarchy um in organizations you can also do the following you can also create lots of epc pairing and things like that so lots of different ways you can do that and i can't but generally speaking um there's some good hierarchy you can put in even if you have to manually do it in the back door via many other ways chris if you'd like to bring up the next question yeah yeah there's lots of cloud architects in the way so give me a second i love when i see a million and one cloud architects there give you some time to find it they keep moving on me i see one question is does cross-regional replication save money cross-regional replication could cost money a lot of money for example if there's if you don't have any other department wages and enter regional charges but it can save a tremendous amount of money if there's a tremendous amount of inter-region transfers so like anything else on the cloud or at the data center it's based upon exactly how your systems are used the data center could be half the cost of the cloud the cloud could be half the custom of the data center it's all based upon your use cases so does cross region replication save money often it does if your use case is lots of intervention transfers for small amounts of data that you could just replicate the bucket it can save a lot of money but it can also cost money if an organization doesn't use additional reefs it doesn't do a lot of interregion transfer so it's really dependent upon that if there's any other questions so when you would use crosstalk over cloud front and caching so you've got to do a you do a real um question and answer to figure out what makes sense if i had a website that only did greece and another one that only did florida you'd probably be cheaper to have 2s3 buckets now if for example i had an international website across all parts of the world it would probably cheaper to use cloudform so it's a matter of using the right thing at the right time for the right purpose for as the dev is cross cross-region replication appropriate for disaster recovery it is one of the ways an organization can replicate their data and part of a good disaster recovery strategy yes but only part of it we'll talk more about disaster recovery menash aguero there are tons of reading materials available on aws please can you guide me on some quick content start with reading in terms of the material well i don't know what you want to do in your career and what i would guide you to read is completely different if you want to be a cloud architect versus a cloud engineer a sysups person needs a very different skill set than an architect a devops person needs a completely different skill set than an architect a cloud engineer needs a different skills than an architect so if you tell me what your goal career is i'm happy to answer that but you know i want to make sure i point you to the right materials ninety percent of the problems cloud architects have when they get hired or one of the three things they either know everybody else's job other than their own that's most common okay you said to be an architect so to be an architect really what you need to know monash it's not the aws stuff it's the network and the data center so i very frequently take people that have passed the certified solutions architect professional people have taken these multi-thousand dollar cloud computing training programs and i teach them how to be an architect here's what you need to know managed to be an architect you need to know the network and the data center everything you do as an architect is take the systems from the network and the data center and move them to the cloud so if you don't know what they are you'll never be able to do the job so none of that's covered in certification trends that's called that's why we have a cloud hired and a cloud icon took over development programs and the network and the data center this means bgp vlans 802.1q tagging nat ospf an intermediate systems intermediate system qos private vlans traffic engineering routing protocols firewalls load balancers just to name a few deep knowledge of black storage object storage as a cloud architect we can have a five-day conversation with someone on their object storage needs so we've got to have some depth there we've got to have knowledge of firewalls ids ips systems knowledge of all kinds of servers knowledge of all kinds of containers container orchestration knowledge of of you know leading large teams we need a tremendous amount of business acumen a tremendous amount of emotional intelligence a tremendous amount of executive presence communication skills roi modeling these mega menace are called architect skills so far more important to them than just the aws services the aws services are part of it but really we're talking about end-to-end systems design so there's really that the next question you're a developer but not good at coding can you be a cloud architect cloud architects do not code cloud architects do not configure alonzo is a cloud architect but he's got great cloud engineering skills and that's why i'm using them to configure things we cloud architects are designed design designed designed designed some more at an executive level and that's all we do we do not code we do not configure we do not build if we've got a proof of concept we have cloud engineers that are doing it if we've got a bunch of containers to be deployed we've got a development engineer here's the process i'm a cloud architect i meet with the client i ask the right questions i baseline their systems i come up with a design i present that design to the customer i convince that customer they need it after i designed it i hand it to cloud engineers they go build it and when it's completely built they hand it to the maintenance people or the sysup people that maintain it that's our process and it's always that way so if you want to be a cloud architect you want to get a great cloud architect job don't learn to code don't learn to script don't learn sysups don't learn devops learn cloud architecture you want to be a dev professional learn devops engineering you want to be a doctor study medicine you want to be veterinarian study veterinary medicine study and be an expert at your job the one you went and you will always get hired so i hope i answered your question there okay uh addie um um and uh so nice to have you here i know exactly where you're from i actually have four adi students over the years and about five ios which is really really cool so here's what i strongly recommend for the exam we this course are relatively comprehensive but we are focusing more on the skills to get you higher than just pure certification we also but you know we cover the certification materials pretty deeply here in addition to actual real-life materials so next we have a completely free aws certified solution architect associate book 25 000 plus people have read that book i get letters every day that someone's passed or exam for free so addition to this free course and that free book we also have another free aws certified solution architect associate course here link is in the description below you can watch that that is a very fast efficient course and then do you know who i recommend for certification exams andrew brown from exam pro andrew brown's free training is a million times better than those other paid certification courses we've had out there mine is about how to get cloud hired this is about how to get cloud certified combine the two mix it with my book and for free you have absolutely everything you need i then recommend you get a practice exam there's a gentleman named haman sharma he's a ceo he's a friend of mine he owns he's the ceo of reviewing prep he's got some exceptionally good practice exams for the aws certified solution architect associate so those are what i recommend that you do to pass the exam my training here will actually teach you cloud architecture we've got a blog that has everything you'd ever want to know we've got a tremendous amount of videos that you can use for your professional development and if you really want to get a cloud architect job you can look to our cloud architect career development program which is a week 250 hour program to create crowd architects assuming you've worked in tech before and if you haven't worked in tech it's a 500 hour deep training program you can see what we've covered in two and a half hours you can imagine what we do in 500 plus hours so but give you that kind of concept so we're really about being great at it so i hope i answered your question there addie you know what on wednesday morning at nine o'clock eastern time 2 p.m uk time i am gonna do a completely free three hour session you can ask me any questions or two hour sessions and after that we'll have class on thursday i'm going to hold our at 9am how to get your first cloud architectural webinar and i will tell you everything you need to know so i want you to know it and on friday i'm going to bring in two of the best recruiters that i've met in 20 years they placed me on two of the five jobs i've interviewed for in my life and i've been hired by all five that i interview for they've placed more students of mine over the last two decades in great jobs on wall street at big tech companies that i can count so you know super important and that's going to be friday at 9 00 a.m so hope does anybody have any more questions i know i'll be ramming my system after this before the five o'clock meeting at 5 30 tonight we are going to discuss bgp bgp is my favorite thing in the entire world i have designed bgp architectures for almost every major service provider in the world and every global you know person that's using bgp which is thousands of places i've spent bgp alonzo and i have had four hour bgp discussions at 10 o'clock at night often because alonzo is such a great cloud architect and he knows how important it is my students are even getting us bgp questions on cloud architecture interviews and they're passing them so you need to know bgp so you know what i'm doing tonight 5 30 we're discussing bgp now i've got lots of bgp videos out there facebook had a meltdown a custom seven billion dollars because they didn't know bgp somebody there made a configuration error now think about this seven billion dollars because of a beach team error now how many 300 000 cci's could you pay for that thousands thousands and thousands no big deal so organizations do not mind paying handsomely for a great cloud architect they can't afford the downtime so be great we're coming to talk about bgp tomorrow my systems will be up we will have no technical challenges sharing slides alonzo is going to do some more demos so thank you for attending alonzo would you have anything to say to the group uh definitely um i just want to say again it's so wonderful to be able to perform and be able to um share a lot of the knowledge and a lot of the screenings that i've done so far and i will definitely be sharing a lot more over the next coming days so thank you so much for attending our class today alonzo thank you so much i really appreciate it you know we cloud architects don't configure we design so i know you had to pull back on your cloud engineering skills to do the basic engineering for the folks on this call to help people so thank you alonzo coleman for helping others let's give a round of applause for alonzo coming in to volunteer to help coach rio he's not part of our company like he's not an employee so he's not doing this for work he's doing this as a favor to help you out there alonzo coleman thank you fantastic cloud architect if you guys can leave a like a comment share this with others and if you've had a good time type hashtag cloud hired we know it's going to be a great time again tonight 5 30 p.m we're going to cover bgp and it's real timely after this so tomorrow at 9 00 a.m what are we doing 9 a.m we're doing question and answers for your career tomorrow love to see you all here and after that we're going to do more cloud training and thursday we're going to get your first cloud architect job webinar and yes absolutely um for people that are looking for cloud architect training you can reach our office at this number it's a totally dangerous thing to do but i'm going to do it anyway we truly care so much about people having the best cloud architect careers i've literally put our company phone number in a youtube window so you know and i will actually own that phone for the next week next week it'll go to my chief operating officer chris the week after that it will go to another one of my executives so you know i'll have it today and i'm not going to be saying i'm great at returning phone calls today because i'll be reimagining a computer but if anybody calls me this week they will get a call back within the next few days so thank you all for attending alonzo i'm really grateful for your help for those of you that are all over the world right now i am so thankful to have you here i mean wow i'm looking at some of these names and i know where some of you guys are i'm just so happy i know the countries that i've seen people from i mean i'm just so thrilled that we can reach out to so many wonderful people thank you so much for everyone for wherever you are i really appreciate the time that you took to come here spend your time good night your days that we can help anything we can do to help you we're going to do we will be back tomorrow i will be having a party anytime i can connect with the cloud architect community where do you download our ebook you download our ebook and the description of every single video we have there'll be a link to our free book you can get the book here's what happens you'll fill in the form you'll get an email it will include a link to it it may take upwards of 15 minutes to get the email though just so you know finland that's kind of a cool one i think ian's in sweden the uk i know we've got lots of people i've seen a tremendous number of people that we know that are in cameroon which is really awesome lots of people in nigeria south african names that i've seen on this call i've seen a lot of indian names that i know from people in india lots of people in pakistan ethiopia you can call me mikey as well for the remainder of this i'm so happy to have you there um wonderful i'm chintins over in india i believe i remember my heir so welcome leo you're in south america thank you so nice to have you all here so wonderful it's also awesome this is such a global community coming here together so that we can go just stay here and enjoy and just take on the the experience of learning together globally now zima's from ethiopia as well you know what i need some keftu um and some spiced lentils i actually have a fair amount of sparrow and burberry downstairs if i have the time i'm actually going to cook some great ethiopian foods uruguay wow wonderful isn't this so wonderful spain virginia i mean this is just it it's a blessing that we can get a nigerian based in scotland i mean this is just great greetings from spain 20 years in telecom you know 20 years until come is fantastic we will have so much more see you all at 5 30. um we love you samir um samir is a good friend and a student a great cloud architect in australia heidi from germany wow this is just it's just so wonderful um evo's in hungary oh wow m you're in kenya this is really just awesome derek see you at 5 30. indonesia wow so happy to see you all can't wait to see you all tomorrow alonzo and i will be back and i actually do find myself a lot in the ethiopian community so i would love to meet you uh down there i spend a tremendous amount of time with some very close ethiopian friends um you mag you know also wonderful also in india um kieran wonderful having you here jesse see you at 5 30. awesome thank you for your kind words about alonso thank you so much greg have a great night everybody i will see you all tomorrow and i look forward to seeing you actually i'll see you all tonight on bgp if you want and guess what uh 5 30 is eastern standard time so 5 30 eastern standard time is 10 30 uk time 2 30 pacific time and uh 11 30 central european time so i think in south africa and nigeria it'll be 10 30 and i'm pretty sure um in uh like the central european areas like cameroon i think that's when it becomes uh central european time 6 30 but i could be wrong because i talk to more people in more countries in a day than i can imagine which is really the coolest thing ever and i never even know which times i want them in so thank you for subscribing please subscribe please share with friends and others thank you all see you all tomorrow take care everybody later

Info

Channel: Go Cloud Architects

Views: 11,912

Rating: undefined out of 5

Keywords: aws certified solutions architect associate 2022, aws solution architect certification, aws solution architect interview questions, aws full course tutorial, free aws certification training, aws certification course online, aws certification course free, free aws course, cloud architect career, aws career tips, cloud architect training, cloud computing architect, cloud architect, go cloud architects, saa-c02, aws cloud computing full course, cloud computing complete course

Id: hSgdrH6TEvU

Channel Id: undefined

Length: 194min 26sec (11666 seconds)

Published: Tue Oct 05 2021