Showing posts with label Cloud. Show all posts
Showing posts with label Cloud. Show all posts

Comparing AWS, Azure and Redhat exams

In last couple of years I’ve given certification exams of multiple cloud providers. While AWS and Azure exams are more theoretical and based on multiple choice questions. Redhat Openstack is practical lab exam. In this article I’ll be discussing the pros and cons of the different exam patterns.
AWS
Passed AWS CSA – Associate and Professional
Pros:-
  • You can refer to any question any time you want during the exam.
  • Exam tests you on a wide range of topic.
  • Even if you have made mistakes in the beginning you can recover by reviewing the questions later.
  • No datasheet type questions like “How much RAM does C3.Xlarge offers?”
  • You get 1 Year free tier which is great to learn about AWS.
Cons:-
  • Exams are expensive in comparison to Microsoft Azure (at least in India)
  • In many question it just tests your reading speed.
  • No version, so you don’t know if you should answer as per recent announcement or old method available.
Azure
Passed Architecting Microsoft Azure Solutions.
Pros:-
  • Azure exams are not very expensive in comparison to AWS or Red Hat.
  • Exam tests you on a wide range of topic.
  • Even if you have made mistakes in the beginning you can recover by solving correctly other answers in later sections.
Cons:-
  • No version, so you don’t know if you should answer as per recent announcement or old method available.
  • It’s a race against time.
  • The most insane thing I found in the exam is that with each case study you get 5 to 6 questions. But, for about 2 to 3 questions in that case study you can’t refer back to case study. I don’t understand why Microsoft expects you to remember the whole 2 page case study.
  • 30 days free tier is too less to know about azure.
Update:- Azure is now(Oct-17) offering 12 months free trial.
Redhat Openstack
Passed  RHCSA in Redhat Openstack
Pros:-
  • The difficulty level of the exam is medium.
  • You generally get questions on tasks which you will be doing in real life.
  • You get only 15-20 questions (tasks) and even if someone knows those questions beforehand he will have to do the tasks practically to pass the exam. So even if anyone has dumps, they are useless.
  • It has versioning so you know you have to answer as per Redhat Openstack version 6 or 8.
  • Can play with Redhat Openstack by installing it in your desktop or laptop. Good Learning!
Cons:-
  • Exams are expensive in comparison to Microsoft Azure.
  • If you have made a mistake at the beginning or in the middle of exam chances are you will mess up the whole exam or waste lot of time correcting it.
  • If your machine doesn’t work properly you may lose time. But generally examiners take care of this.
In the end, I’d like to say that professional exams should not be like your college entrance exams where they mostly test your reading speeds and cramming abilities. But it’s OK for them as the undergrad and grad have limited practical experience.
Professional exams should be more practical, that makes you sure that if a person has cleared the exam, he definitely know how to do that stuff in real life.
If you want to know how to prepare for these exams refer my post for AWS , Azure and Redhat Openstack .

What is MFA and Why its important? - Security in Cloud

When you talk about cloud you may have heard about MFA.
Why MFA is important? Before I go into that let me tell you a couple of true incidents.
You may have heard about a company called Code Spaces. But for those who don’t know Code Spaces “was” a code repository company like GitHub.
One day a hacker got control  of the AWS Management Console of Code Space.
Hacker sent a mail to company asking for huge ransom to be paid in 12 hours or he will delete all the data in their AWS account. Many of the Code Spaces engineers tried to get access of their company’s AWS account but failed as the hacker created many backdoor users in account. At the end of time limit hacker deleted everything which was in company’s AWS account which includes all servers, databases and even backups. And within a day company almost get wiped out. You can read the full story here .
Now you must be thinking that I am just a developer or sysops guy and not much of value is in my personal AWS account so i can live without MFA. Unfortunately you are wrong my friend.
We have seen many incidents when developers put their Access key ID and Secret Access Key in code so that they don’t have to authenticate manually.  But these developers may want to work with their friend on the code and they upload it on GitHub. Now the problem is that there are hackers who just search the GitHub to get these keys. And, once they get the key they can easily login to your AWS account.  You  may not have anything valuable in your AWS account, but what the hackers do is they spin up huge instances in your account . They use this computing power for Bit Mining. Once they are done with mining they get the money and you get the bill from AWS. (At times we have seen that AWS may waive off your bill in this situation as one time exception but if you are not so lucky, you may have to pay the huge bill in hundreds or thousands of dollars.) You can check Joe’s detailed story here .
In both the cases the hacking could have been avoided if MFA was activated on account.
So what is MFA?
MFA is Multi Factor Authentication. This is like second level of security for your account.




MFA can be activated through multiple ways including SMS(Text message) or an Application like Google Authenticator in you mobile phone.  By enabling this you add an additional authentication to your account. So once you enable MFA you will enter an additional changing code with your normal login ID and password.
For my account I use Google Authenticator. It’s a free App available on iOS and Android app stores.
How can you enable MFA?
It’s simple, Amazon has given clear steps about how to do it. But if you are not sure follow this post  How to enable MFA in AWS for free?
MFA is easiest and quickest way of defense against hackers. You should also follow other security hardening measures to keep yourself safe in cloud. I’ll discuss about them in next post.
For now it’s recommended you should enable MFA in your account ASAP. Even if you are using Azure or any other Cloud you should enable MFA. Remember security in Cloud is shared responsibility.
Be Safe!

AWS Crash Course - EBS

In the last section we discussed about VPC. In this section we will discuss about EBS.
What is EBS?
  • EBS is Elastic Block Storage.
  • EBS volume is a durable, block-level storage. It’s similar to the hard disk that you have in your laptop or desktop.
  • EBS volumes can be used as primary storage for data that requires frequent updates.
  • EBS volume in an Availability Zone is automatically replicated within that zone to prevent data loss due to failure.
  • You can create encrypted EBS volumes with the Amazon EBS encryption feature or use 3rd party software for encryption.
  • To improve performance use RAID Groups e.g. RAID 0, RAID 1, RAID 10
What are the different types of EBS volumes?
  • General Purpose SSD (gp2) – It provides you upto 10,000 IOPS(Input/output operations per second)  and it can be of size from 1GB to 16TB . This is used for for normal loads. And should be enough for your you Dev or UAT setups.
  • Provisioned IOPS SSD (io1) – It provides you upto 20000 IOPS  and it can be of size from 4GB to 16TB . These are generally used for Large SQL/NoSQL Databases.
  • Throughput Optimized HDD (st1) – These provide you upto 500 IOPS  and can range in size from 500GB to 16TB. These are mostly useful for Big Data/ Data warehouses.
  • Cold HDD (sc1) – These are the cheapest kind of disks.  They provide upto 250 IOPS -and can range in size from 500GB to 16TB. These are commonly used fro data archiving as they provide low IOPS but are cheap for storing data which is not used frequently.
You can take snapshots of EBS volumes.
So what is a snapshot?
  • You can back up the data on your EBS volumes to Amazon S3 by taking point-in-time snapshots
  • Snapshots are incremental backups – Saves time and storage costs
  • Snapshots support encryption
  • Snapshots exclude data that has been cached by any applications or the OS
  • You can share your unencrypted snapshots with others
  • You can use a copy of a snapshot for Migrations, DR, Data retention etc.
You can try handson with EBS by using this exercise .

Azure Crash Course - Web Apps

Azure is quickly adding services in it’s portfolio.
Three of the Azure services “Web Apps”, “Cloud Services” and “API Apps” provide services which are equivalent to AWS Elastic Benastalk.
In this article we will be discussing about Web Apps.
  • Web Apps is a PaaS offering of Azure.
  • Web Apps allows developers to quickly build, deploy and manage websites easily.
  • It provides you shared or dedicated virtual machines.
  • These are managed VMs so you don’t have to worry about hardware or patching.
  • Languages supported are ASP.NET, Node.js, Java, PHP, or Python. These are basically the languages which are supported by Azure App Service.
  • It supports Scaling up or Scaling out both.
  • It supports High Availability.
  • You can select application templates from Azure marketplace and deploy using Web Apps.  Some examples of supported templates are WordPress, Joomla and Drupal.
Web Apps can be deployed in three ways:-
  1. Azure CLI
  2. Azure ARM Portal
  3. Visual Studio
For DevOps you can easily integrate Web Apps with GitHub, Bitbucket, or Visual Studio Team Services.
Web Apps has a great feature of Deployment Slots. So what is Deployment slots?
It allows you to validate the change first in Dev or UAT before pushing it in Production. By deploying a web app to a slot first and swapping it into production ensures that all instances of the slot are warmed up before being swapped into production. This eliminates cold start for your application.
It gives you flexibility to roll back.
You can also configure auto swap. When a deployment slot is configured for Auto Swap into production, every time you push your code update to that slot, App Service will automatically swap the app into production after it has already warmed up in the slot.
Pricing Plans:-
Web Apps supports different pricing plans.
  1. Free
  2. Shared
  3. Basic
  4. Standard
  5. Premium
Free and Shared Plans don’t have SLAs associated with them.  While the remaining three provide 99.95% SLA.
You can also buy custom domains and SSL certificate through Web Apps.
This article was written to give you quick snapshot of Web Apps.  You can follow this Azure Doc to check how to quickly deploy apps with Web Apps.
This series is created to give you quick snapshot of Azure services. You can check other services in this series over here .

AWS Crash Course – Route 53

Route 53 is a DNS service that route user requests.
  • Amazon Route 53 (Route 53) is a scalable and highly available Domain Name System (DNS).
  • The name route 53 is reference to UDP port 53 which is generally used for DNS.
  • Route 53 with its DNS service that allows administrators to direct traffic by simply updating DNS records in the hosted zone.
  • TTL(Time to Live) can be adjusted for resource records to be shorter which allow record changes to propagate faster to clients.
  • One of the key features of Route 53 is programmatic access to the service that allows customers to modify DNS records via web service calls.
Three Main functions of Route 53 are:-
Domain registration:- It allows you to register domain names from your AWS accounts.
DNS service:- This service is used for mapping your website IP to a name. e.g.54.168.4.10 to example.com. It also supports many other formats which we will discuss below.
Health Monitoring:- It can monitor the health of your servers/VMs/instances and can route traffic as per the routing policy. It can also work as a load balancer for region level traffic management.
Route 53 supports different routing policies and you can use the one which is most suitable for your applications.
Routing Policies :-
  • Simple:- In this Route 53 will respond to DNS queries that are only in the record set.
  • Weighted:- This policy let you split the traffic based on different weights assigned. for e.g. 10% traffic goes to us-east-1 and 90% goes to eu-west-1
  • Latency:- Allows to route your traffic based on lowest network latency for your end user.(ie which region will give end user the fastest response time)
  • Failover:- This policy is used when you create an active/passive setup. Route 53 will monitor the health of your primary site using a health check.
  • Geolocation:- This routing lets you choose where your traffic will go based on geographic location of end users. So the user requesting from France will be served from server which is nearest to France.
Route 53 supports many DNS record formats:-
  • A Format :- Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host.
  • AAAA Format:-  Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
  • CNAME Format:- Alias of one name to another. So with CNAME you can set example.com and www.example.com as alias of each other.
  • MX Format :- Maps a domain name to a list of message transfer agents for that domain
  • NS Format:- Delegates a DNS zone to use the given authoritative name servers.
  • PTR Format :- Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
  • SOA Format:- Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
  • SRV Format:- Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
  • TXT Format :- Originally for arbitrary human-readable text in a DNS record.
Tip:- For the exam understanding A format and CNAME should be enough.
If you want to try some handson try this exercise .
This series is created to give you a quick snapshot of AWS technologies.  You can check about other AWS services in this series over here .

AWS Crash Course – VPC

In the last section we discussed about EC2.  In case you missed it you can check it here AWS Crash Course – EC2 .
In this section we will discuss about VPC.
What is VPC?
  • VPC is Virtual Private Cloud.
  • VPC is like your own private cloud inside the AWS public cloud.
  • You can decide the network range.
  • Your VPC is not shared with others.
  • You can launch instances in VPC and restrict inbound/outbound access to them.
  • You can leverage multiple layers of security, including security groups and network access control lists.
  • You can create a Virtual Private Network (VPN) connection between your corporate datacenter and your VPC.
Components of Amazon VPC:-
  • Subnet: A segment of a VPC’s IP address range this is basically the network range of IPs which you assign to your resource e.g. EC2.
  • Internet Gateway: If you want your instance in VPC to be able to access Public Internet, you create an internet gateway.
  • NAT Gateway: You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances.
  • Hardware VPN Connection: A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
  • Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection..
  • Customer Gateway: A customer gateway is a physical device or software application on your side of the VPN connection.
  • Router: Routers acts like a mediator for your sunets in VPC. It interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.
  • Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs. Peering connection is used to do VPC Peering by which you can establish connections/tunnel between two different VPCs.
VPC has few more components but to avoid confusion we will discuss about them in later sections.
This series is created to give you a quick snapshot of AWS technologies.  You can check about other AWS services in this series over here .

Solved: How to calculate number of available IPs in a Subnet

Many people are confused about how many usable IPs you can get in a subnet and how to calculate it.
So here I am giving you a simple way to calculate it.
Here is the formula.
Maximum Number of IPs = 2**(32 - netmask_length)
Let’s say you have subnet mask  /28 then the maximum number of IPs you can have is
Maximum Number of IPs= 2**(32-28) = 2**(4) = 2*2*2*2 = 16
So you can have max 16 IPs in a  /28 subnet.
First and last IP of subnet is reserved for Network Address and Broadcast Address. So you are left with only 14 IPs in normal networks.
But, generally cloud providers like AWS, Azure etc. reserve 5 IPs instead of 2 IPs in each subnet . Thus, the the usable IPs available for you in AWS or Azure for /28 subnet will be 11.
Similarly, you can calculate the usable IPs in each subnet when working on cloud .
Be Sociable. Share It. Happy Learning!