CompTIA Cloud+ CV0-003 – Domain 1.0 Configuration and Deployment Part 4
Demo- Uptime Calculator So if you want an easy way to figure out how much downtime comes with an SLA, then this is a good tool. It’s a very simple, rudimentary tool, but it works pretty well. So, for example, let’s go over to AWS and type it in. See? Two service level agreements Just give me a second here. Okay, there it is. So, let’s go over here, where it says Amazon Web Services (AWS) compute service level agreement. Okay. So if you scroll down, you can see that…
So if you want an easy way to figure out how much downtime comes with an SLA, then this is a good tool. It’s a very simple, rudimentary tool, but it works pretty well. So, for example, let’s go over to AWS and type it in. See? Two service level agreements Just give me a second here. Okay, there it is. So, let’s go over here, where it says Amazon Web Services (AWS) compute service level agreement. Okay. So if you scroll down, you can see that this is the SLA. The monthly uptime percentage has been updated as of December 1, 2017. Now, what I wanted to point out, too, is the service provider. When you use their services, This is especially true with the public cloud providers: even if they’re down for the whole month, let’s say, which hasn’t happened, it could be that they’re down for two weeks out of the month. Let’s say something catastrophic happened.
From a legal perspective, they don’t actually have to give you back your full subscription costs. A lot of people don’t know that. And the other thing that people don’t realize is that, for example, with the Amazon S3 outage in Northern Virginia a few months ago, those customers who were affected, even though Amazon pretty much knew who was affected, right, that’s pretty easy for them to track. They didn’t have to give credit automatically. You have to actually request that. And again, you have to go through this process to get a credit request. So, again, people don’t know that. But what I want to point out is that you can see that it’s less than 99.99% to 99%. So let’s go back here, and you can see, if I put in 99949, that the amount of time in a year is only 52 minutes per month; it’s four minutes, and weekly is a minute, and then a day is less than 10 seconds or 9 seconds.
Now, if I change that to three nines, you can see that that jumps up to 8 hours and 45 minutes per year. So that could be substantial, especially if it happens at the wrong time of the day. So if your outage occurs during your business hours and you have a transactional business, this could be a big deal. You could lose customers. So what about if the provider doesn’t give you that and just wants to give you 99% uptime? Well, that could be three days of downtime. That could be a big deal. Another common SLA measurement I see that’s referenced is 99.5%. So that’s about a day per year and 20 minutes. So that could be substantial as well. So you want to at least be cautious when you’re looking at your SLA agreements, making sure that you understand what those thresholds are. So with that said, uptime is great. There is no need to sign up for this simple, quick, and efficient tool. Let’s carry on to the next module.
Testing techniques for the cloud Let’s go ahead and talk about different approaches and techniques that you use to test your cloud environment. Now, before we get started, just be aware that cloud testing generally takes on different focus areas of all. Before you do any testing, hopefully you have a baseline. So, for example, if you’re going to go ahead and validate network performance, then hopefully you have a baseline of the network performance. If you’re testing applications again after deploying the service, your developers most likely used a product or solution like SOASTA to do regression testing or something else, whatever it was. so many different areas that could be tested. We have functional, integration, security, and compliance requirements, as well as scalability and performance. These are the major areas.
There are certainly other areas, but for this particular exam, we want you to be aware of these functional areas. when it comes to DevOps. DevOps is essentially part of a lot of organizations. Now, whether or not your organisation uses DevOps or Agile, we definitely want you to know what DevOps is for the exam. This is essentially development and operations working together in continuous operations. Now, generally, the goal of this is to provide efficiencies and to also have the development team be more proactive in areas such as security, functionality, performance, et cetera. And then we have agility. This is a rapid development framework. If you’re not super familiar with rapid development frameworks, some of those could be considered scrum. Carbon is another example as well. Take some time just to take a quick look. You don’t need to know either of these for the exam, but you want to know that DevOps is essentially operations and development working together. Then there’s Agile, which is more about rapid development frameworks. when it comes to cloud testing. You want to determine your framework, develop an use case, and develop a testing plan, right? So before you do anything, you need a plan. That’s pretty much common sense, right? Develop the workflows and test them as well. So for example, in this slide here, basically you have development, DevOps, QA all doing their part to ensure that the application is rolled out in production in an appropriate manner. So you’re going to have a workflow.
Now a workflow is again, more or less, an orderly process. So it goes from the development team to the QA team, and the QA team sends it over to the development team or the Ops team to be deployed. So again, just at a high level, usually it’s more concise than this, but this is really all you need to know, and then you want to validate that everything works the way you would expect it to when it comes to cloud testing. There are some distinctions between cloud testing and in-house testing. There could definitely be some benefits to the right organization. Generally, most cloud testing is based on virtualization. So you’re going to be using a lot of containers and a lot of virtual machines to get the testing done. It’s generally easier to deploy, so you don’t have to worry about typically having to get your infrastructure set up. So, for example, if you’re going to run SOA in your house, you need to have the right hardware and software and the networking set up. On the other hand, you could use a cloud service, and you wouldn’t have to worry about all the infrastructure, networking, et cetera. It’s easier to deploy, right? It’s rapid as well.
Scalability and elasticity are great features as well. So, for example, it’s fairly seamless for you to scale your virtual machine if you need to, run these tests, or add additional storage. If you’re running big data query services or data warehouses, it generally reduces management costs, right? So again, there’s no overhead there. It’s all in the cloud. Not always, but generally, there should be much less overhead portability. So, for example, if you’re using virtualization, that’s a portable format. But if you’re running this on your work server and it’s on an HP, UX, or Solaris, say, it’s not going to be very portable. So just be aware of how portability falls in there as far as a testing strategy. A cloud test strategy refers to how your organisation will test the infrastructure and, again, the platform, software packages, and so on that will be provided as a service delivery model. Now just remember, you need to have a strategy. This strategy should enable you to have a successful cloud project. So proper planning, proper development, and operations involvement should enable your organisation to be more successful. Here’s a chart that compares traditional computing to cloud computing. What I want you to get from this—I’ve had this in a couple of modules—is that sometimes traditional computing is not as flexible as cloud computing. It’s not as agile.
You have a different cost model when it comes to service models. Again, just be aware that the way you test software as a service can be very different from the way you test infrastructure as a service. For example, if you’re testing software as a service, you’re going to be testing more from the application standpoint. You could be experimenting with how quickly a page refreshes the user experience, for example. whereas with infrastructure as a service, you may be more concerned about how quick that DNS query happens or perhaps how that Hadoop cluster scales efficiently. When you’re testing environments, you really want to test and understand the appropriate workloads. That could be a peak workload, a median workload, or whatever you need to consider. So remember, from the cloud plus perspective, just be aware that when you’re testing, you want to determine the right peak thresholds of workloads, etcetera, and you need to look at whatever variations that can come up as well. So, for example, if you have an application that is more transactional on specific days, you may need to scale that test to appropriately handle those variations.
You want to generate the proper workloads compared to baselines as well. Some of the advantages of cloud testing could be that it is more efficient. You don’t typically need to have dedicated resources. So if you spin up a VM on Amazon, well, you could spin it down when you don’t need it, right? You could adapt to the software frameworks. So if you use an agile waterfall—whatever you’re looking at—generally you could adapt it to the appropriate frameworks. For example, even if you’re using ISO standards, you could adapt it to that as well when it comes to functional and non-functional. Now again, functional testing may test specific capabilities. Non-functional could be more around areas of usability or different areas around non-specific performance. Perhaps what I’ve generally found in the development community could be a little bit varied, but just be aware that testing typically will be based on specific results in a lot of cases. So just be aware of that if you need to. Cloud testing can eliminate the need to share environments. Absolutely. So, for example, before the cloud, typically if you had to test anything, you needed to have some kind of server to do that. And, in general, most organizations’ spare servers weren’t exactly lying around, at least none that I worked in. So having the ability to not have to share that resource could be a benefit.
So there are definitely some good use cases there. As far as some of the frameworks that you could use, there are plenty of them out there. Appium is a popular open-source testing framework (similar to Calabash if you use a lot of Microsoft capabilities). Now, if you’re into mobile, like Android, I’ve seen Espresso quite a bit, and then you have Zanium. Zamarian. I mean, I never say that correctly, but that’s another Microsoft tool as well, and there’s plenty more out there, but you don’t need to know those specifically for the exam when it comes to cloud testing. Just know that you should follow a framework and use the framework’s best practices. Here’s an exam tip. A cloud test strategy refers to how your organisation is testing the cloud infrastructures, platforms, and software packages that are provided through an as-a-service delivery model. So in the next area, the next demo after this, I go through a product called Solasta just as a use case. So take a look at that. Just be aware that you could use as-a-service solutions as part of your cloud testing strategy.
Let’s talk about testing success factors. It is critical that you have an idea of what the project’s output should be before beginning any kind of project or developing any kind of software or cloud service. So, let’s talk about what constitutes a success factor in project management in general. Good project management is going to entail several aspects. So the first thing is that you want to accomplish everything as a project. So that includes planning, communication, and teamwork skills and tool sets. Do you have the right people? Do you have the right resources? Did you provide the vendor with the right information so that they could get you the proper licences so that you could migrate, test, or do whatever you’re essentially doing?
You have the right processes and management set up as well. When it comes to critical success factors, it’s important to be able to identify what they are. Now, generally, when I’m on a project, especially around the cloud, I like to have discussions with the stakeholders because, even though I’m not your employee, I’m here to help. And one of the challenges that I typically find in a lot of organisations is that they generally don’t have a good, I guess, target sort of set up to ensure that they get to that target as efficiently as possible. So for example, if user acceptance is important to your organization, it’s pretty important to define what kind of acceptance needs to be accomplished. So, for example, if it’s a cloud app, a cloud service, does the user need to go through and say, “Hey, this works the way I expect it?” Does the search box work the way they expect it to? Does the interface flow well?
So that could be an issue. Does it provide cost reductions in other areas? Does it provide time to meet marketing goals? Also, are you able to identify the SLA terms? Are they meeting or exceeding any performance improvements? Integration could be a big challenge as well. Typically, what it comes down to is whether the developers are able to integrate the service effectively and efficiently. Generally, a lot of cloud projects can go over budget, especially if integration doesn’t work out the way you would expect. Does it meet the corporate cloud vision? In other words, does it actually accomplish what the organisation desires that this cloud service should accomplish? So analysing your cloud success factors as a project is, of course, a big deal. So make sure you take time to do that. So here’s an exam tip. Make sure when you’re taking this exam that you understand what constitutes project success. So generally, there are different factors. My advice is to go back over here; I meant to point this out, but just go back and make sure you know what defines a project’s success. It could be anything from management planning to communication. That’s the end of the module. Let’s proceed.
When discussing cloud configurations, it is critical to understand the network configurations and configurations with which you are dealing. For example, are you setting up VPNs? Are you setting up a virtual private cloud? What about other routing capabilities? What about load balancing? There are a lot of areas around networking that really need to be addressed when it comes to designing your cloud. So when we talk about network configurations, it’s really important to plan appropriately, right? We won’t spend a lot of time on that because I think that’s pretty straightforward. I think the one thing I want to point out here is that when you induce, for example, a hybrid cloud, that’s where you typically take your private cloud and extend it out to the public cloud. In general, there should be some kind of orchestration and integration of federation and other services. And that can certainly add to the complexity. For example, LDAP is used in Active Directory. Whatever you’re setting up Also, you may be using protocols like SAML or opening up whatever is set up in your enterprise organization, for example. So you want to look at the network configurationally, make sure you understand how you’re connecting to the network, and also look at other facets of where other folks are going to be connecting as well. So the complexity really scales up, especially when your organisations is more dispersed, which, I guess, is a good way to look at it.
So if you have folks overseas—over in Brazil or over in Europe, whatever—things can get pretty complex. When it comes to tool sets, you want to find the right ones. Every vendor and operating system has different tool sets that you may need to use to not only identify the network configurations you’ll be dealing with, but also possibly troubleshoot. So when it comes to networking tests, there are some basic commands you’re definitely going to want to know for this exam. So here is my thought: My whole take on the exam is that if you pass the Network Plus, you will pretty much accomplish 40% of this exam. Again, excuse me. I said this because what I really wanted to say was that passing a Network Plus exam is extremely beneficial for this exam. Much of the content is really derived from Network Plus, especially around networking. So, if you’re a good networker, you’ll have a 40% or higher on this exam. That was just my thought.
So, you’re familiar with IP configuration and Netstat, right? If you do a Netstat versus a Netstat N. Right? You want to identify these areas. When we go into the troubleshooting section, we’re going to go more into this. But in the meantime, I just want you to start thinking of commands that you could use to identify connectivity and identify the route. So, for example, using trace route could be very useful to identify the route that you use to reach your destination in the cloud. For example, it’s very easy to use these commands, and my whole thought is that with this exam, you will see pretty much every one of them. You’ll need to identify what command you would use to map a packet from its route to a destination, or what you would use to identify the round-trip time or the latency. Again, these are simplistic commands, but if you’re not into the networking side, it could be a difficult exam to pass. So my thought is, let’s carry on. Make certain you are familiar with these DNS. Okay? NS. Lookup dig. These are the ARP commands you need to know. ARP, right. If you get a question, and oddly enough, I remember a couple of questions about Mac addresses and local tables on this exam. Again, I can’t tell you exactly how the question was worded, but I can tell you that you may want to know this command.
Okay. Virtual private clouds What’s a VPC? Amazon has really defined what a VPC is. So a virtual private cloud is where you’re going to have your organisation access an on-demand pool of resources in their cloud. So therefore, you’re going to get a separate container of resources on the public cloud. It is not physically private, however; it’s virtually private. And that could be a good use case for a lot of organizations. For example, do you need to set up a DR instance? Do you want to set up some kind of transactional website? Do you want to have a mobile network set up? Whatever that situation is, VPC can be an amazing fit for your organization. VPCs definitely have specific networking limitations. When I go into the VPC demo with AWS for you, be aware that there are limitations and review the documentation, because, again, if you don’t, you could definitely ruin a good weekend. That’s just my experience. Okay, let’s see. So, ping you want to use for testing networkconnectivity to determine round trip time and latency. So what command do you use to determine RTT? It is pinging. That’s one of the commands. Exam tip: use ARP to correlate a Mac address based on an IP address.
Let’s proceed and talk about cloud networking basics. Now, hopefully, by this point in your IT career, you’re more than familiar with IT networking basics. However, for the purpose of this exam, I want to clarify some of the terminology and basic principles that you need to be aware of to pass this exam successfully. So let’s proceed and talk about some of these. When it comes to networking, it’s pretty important to have a basic understanding of how the cloud and networking essentially correlate. And the reality is that the cloud is nothing but a metaphor for the Internet. Well, what does that mean? Essentially, you’re using a network to access your cloud resources, very simply put. And, in reality, most businesses have been using networks for quite some time, so this should be nothing new to your organization. However, the reality is that networking hasn’t changed significantly. It’s really the ownership of the resources.
So instead of you accessing storage in your own data centre or accessing virtual machines in your own data center, now you’re essentially using someone else’s data center. And not only that, those resources aren’t even owned by your organization. So essentially, your data and your main corporate assets are being handled and controlled in someone else’s data center. However, from a networking perspective, just be aware that there’s new technology, such as software-defined networking. We’ll go over software-defined networking in greater detail later. And again, that’s a fun area to talk about. I’m a big fan of VMware NSX. For example, when it comes to software-defined networking, I want to make sure that you are aware that this is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable. This makes it ideal for the high-bandwidth, dynamic nature of today’s applications. From an architecture standpoint, just be aware that the difference between this and your traditional network is that it’s directly programmable. Now, in the good old days of IT networking, you needed a CCIE to go in and basically set up routing or set up BGP or some other service. Those days are pretty much gone, at least to some degree. When it comes to SDI architecture, it’s directly programmable. What does that mean? This allows you to essentially create policies and allow the architecture to behave in the manner that you tell it to. Now again, this is a little bit more simplistic than what I would go into if I wanted to talk more about Sdn. But for this exam, you need to know only some of the benefits of SDN.
We don’t want you to be an expert in SDN; just be aware of that. Some of the other benefits is that it’s agile. You have the ability to move your virtual machines from, say, one rack to another or another data center. What’s the benefit of it? Generally, if you need to move a VM, for example, you have to go in and reconfigure that network, which can be time-consuming and risky as well. With SDN, you could simply move that VM, and the networking will essentially directly correlate to some metadata in the background, making that VM addressable the same way it has been, even though you may have moved it a lot closer to it in the back end. But just be aware that it’s agile and centrally managed. One of the common problems with traditional networks was that you had to login to each of the switches individually to configure them.
Now I will say some vendors did a better job than others, while others had some kind of central management that actually worked. But, once again, some tasks required you to log in directly to the switches, and you might configure one switch one way and another switch another. This is a manual process programmatically configured. Of course, this allowed you to direct and tie policies to specific types of configurations. It enabled you, for example, to determine behaviors. Again, with SDM, open standards, and vendor neutrality, you have a pretty powerful tool set. Again, that’s more of a wish list, but in reality, the goal of SDN is to be vendor neutral. When it comes to networking terminology, be aware that these are some of the main terms you’re going to want to know for this exam. We’re going to COVID each of these. But VPN. I’m sure most of us know what a VPN is. as well as routing DMZ, VLAN, VX, land, and CIDR. So, let’s make sure you know what you want to know for this exam and how to define it.
A VPN is a technology that creates a safe and encrypted connection over a less secure network, such as the Internet. VPNs are, essentially, tunnelling protocols. Routing—what is routing? Well, routing is the process of moving a packet of data from a source to a destination. Routing is usually performed by a dedicated device called a router. Essentially, routing is traffic management at a high level. The goal is to ensure that when a host attempts to communicate with a target, or when the source attempts to communicate with the target, those packets that you’re sending, that information that you’re requesting, are directed to the correct resource. Routing is what accomplishes that requesting needs to Okay, DMZ, I won’t read it all to you, but a DMZ is essentially, more or less, a logical subnetwork in most organizations; it could also be physical. The goal is to separate the production network from the internet. A DMZ could also have several other capabilities built in from a security standpoint. It could be anything from an ID to a honeypot; it could also be a part of a DMZ.
But for this exam, just be aware that it is a physical or logical subnetwork that separates the internal network from other untrusted networks. This would be the Internet, another term you’ll want to know. VLAN is a logical group of workstations, servers, and network devices that appear to be on the same land despite their geographic distribution. Please excuse my ignorance of their geographical distribution. Another term you should be familiar with—and this may cause confusion—is “VLAN” and “VX land.” So what is the real difference? This is essentially a network virtualization technology that helps address scalability problems with larger cloud computing deployments. So VXLAN again is going to allow you to perform a lot of different processes and techniques, such as, for example, creating a VPN or a virtual private cloud, which in a lot of cases allows you to scale your networking address space. For example, a lot of typical benefits come with a VXLAN setup, and the main goal of that is to virtualize, of course, CIDR. This is called “super netting.” Once again, CIDR is super netting. Just be aware of that. This allows for that flexible allocation of IP addresses and allows you to scale that cloud network.
What is a VPC? Again? Some vendors do support a VPC. You need to understand what the vendor supports. Amazon is an example of a vendor that does support a VPC. This enables you to create a logically separate instance of your environment. Other than using logically segmented resources, this does not imply that you have separate physical resources. Typically again, you’re still on a sharedservice, you’re still on a shared cloud, but you have some logical segmentation. VPCs, in general, have unique networking constraints, features, and scalability. For example, with AWS, you’re limited to, of course, so many IP addresses, so many VPCs, and so many connections as well. So just be aware of what those limitations are when it comes to IDs and IPS. Intrusion detection and intrusion prevention systems are pretty commonly implemented. Hopefully you have some kind of tool set in your cloud environment, especially if you have what I would call a fair amount of resources that you need to protect and that you have compliance requirements, for example.
Once again, you don’t want to just have a firewall nowadays. Other resources that protect against anomalies or are not anomaly-based are also required. So look for tool sets that can help with micro-segmentation. So micro-segmentation generally does decrease the risk and increase the security posture of the modern data center. It’s policy-driven; it’s centralised and ubiquitous policy control of those distributed services, as well as network overlay-based isolation and segmentation. Now this is an example of micro-segmentation with VMware NSX. And NSX is essentially VMware’s solution for the software-defined network. Let’s go ahead and just remind you that VXLANs are used to address cloud network scaling issues. You may want to understand that a VXLAN is probably a better solution than a VLAN. Once again, I can’t tell you exactly how the question was worded, but you may want to know that. Okay, here’s an exam tip. What’s the difference between a VPN and a VPC?
When it comes to sizing resources in the cloud, it’s important to understand that there are specific resources and specific techniques and approaches to consider with those resources to scale them appropriately, especially based on different workloads. Let’s talk about CPU size specifically. When it comes to CPUs, these are, of course, the central processing units. You want to be aware that when you do size your VM resources, you want to focus on three main areas: your CPUs, your memory, and attached storage. In this module, we’re going to talk specifically about CPU scaling. Now, there are several options for processor selection within the cloud provider. You could choose between a CPU, a GPU, or an ASIC for processing power. Now, a CPU is your typical workload processor. A GPU is typically used for video-intensive tasks, though we may see GPUs used for blockchain mining as well, and then a six or more for specialised tests. Now most of the public cloud providers have these options available. When it comes to other CPU options, there are ways to choose the image that is now available on Amazon, specifically for Amazon, and you could choose what is known as an AMI. That’s the Amazon machine image. So if you select that in this case, you could select what’s called “accelerated computing.” This is a P2 instance that is intended for GPU compute applications, and again, it tells you the different configurations. Based on what I’ve seen, these are going to cost significantly more in most cases, like three times as much as a typical machine image.
But again, if you have a requirement, if you’re going to try to use this for Aetherium development or something, then perhaps this is a good option. So just realise that CPUs are the core processing units in a server. GPUs are generally used for graphics. GPUs and CPUs can be used in tandem to help enhance that application processing. So you can certainly utilize it. For example, here you could see that they have GPUs for this configuration as one and then four vCPUs as well as memory, and again, you have memory that’s attached to the GPU as well. You want to be aware of the config. So the main point of this slide is to just be aware that when you select a machine image, there are many different configurations and variables you can look at, some of which may be adjustable and some of which may not. So just be very cautious when you select these configs. This is a great way for you to double your cloud costs in a moment if you’re not careful and waste some precious company opex funds in the meantime.
So be judicious, I guess, when it comes to scaling, just be aware. Remember that there are three different ways to scale. In general, when we scale, say, vertically, we increase the number of CPUs, add RAM, or whatever we’re doing to make the machine bigger and more resourced. Here’s an example of an Amazon machine-readable menu. You would select the AMI here, and it would tell you essentially which operating system you would choose. The Unix or Windows version informs you of the different types of storage that are available. For example, it also tells you the specific type of disk, like SSD, for example, if that’s what you’re choosing, and so on and so forth. And then what you would do is select that specific image. To learn more about the configuration, click here. When it comes to CPU technologies, just remember that some processes do support enhancements. Some of these enhancements could be known as “hyperthreading,” “VT,” “X,” or “overcommitting.” Let’s talk about each of these. When it comes to hyperthreading, this is an intelligent scheduling of a single-threaded workload using CPE cycles. Be aware that on this exam, you may actually see a question asking you, “What is the technology that does intelligent scheduling of those CPE cycles?” And if you know what this is, this will be an easy question, hopefully for you.
Now, just be aware that I won’t read it all to you, but one of the things I wanted to point out to make sure that you’re paying attention to is that this is only supported on Intel, HT, and AMD FX technology. So not every processor is going to support this. You need to be judicious about which vendors support what capabilities. VTX technology. This is known as Vanderbilt. Vtxx is an X86 Intel technology. It’s been around a while, but it’s still used, especially on the older types of platforms. It’s still a popular option. Overcommitted Ratio: Again, this is where you basically assign more resources than are actually available. This is useful, especially if you plan to increase your host-to-VM ratio (hint, hint). For example, you may have 100 virtual machines, but in reality, if you utilise all those 100 VMs, you may only have enough to support 80 of those virtual machines. But you know that when you overprovision, the chances are that all those resources won’t be called at the same time. Hyperthreading is the intelligent scheduling of a single-threaded workload using CPU cycles. So once again, just be aware that intelligence scheduling is something that I’m definitely asking you to remember. Here’s an exam tip. Understand when you need to enable VTX technologies, multi-threading, and use over-committed ratios. On this exam, you could expect a question or two around these technologies.
SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.