Cloud and Datacenters

Question 1

Whats the difference between metered & measured pricing?

Answer 1

Metered: Works like paying for your water, you pay exactly for what you consumed.

Measured: More like a phone Plan, where you have a monthly/yearly contingent and pay a fixed fee each month

Most cloud services use metered payment plans.

Question 2

What are factors to watch out for when choosing a hosting/cloud provider?

Answer 2

1. Are there secure authentication and authorization mechanisms
2. Are the redundancy and fault tolerance measures sufficient for your usecase
3. Where is the data stored? Is it compliant with laws and regulations?

Question 3

What are reasons to still choose on-premise hosting over cloud solutions?

Answer 3

• High security concerns (with on-premise the data stays in house)
• Data sovereignity & compliance regulations (like GDPR etc.)
• Latency
• The need for integration of legacy or customized hardware

Question 4

For the exam: When should you consider something SaaS, PaaS or IaaS?

Answer 4

IaaS: All the hardware and requirements to run a server + virtualization and sometimes OS
PaaS: Iaas, OS, Infrastructure software like Web Server, Database, Proramming Languages
SaaS: Much closer to the enduser, enduser software being hosted on top of IaaS & PaaS.

Question 5

What are the 4 cloud privacy categories?

Answer 5

Public Cloud: User interact with devices on a public network like the internet.
Private Cloud: Users only have access with devices inside the same cloud/system
Hybrid Cloud: A combination of the other two.
Community Cloud: Collaborative approach were infrastructure is shared between several different organizations that have common service needs

Question 6

Whats the difference between Multi-/Single-Tenancy?

Answer 6

Multi-Tenancy: Multiple customers share a ressource like a physical server or a hosted instance of a software. This comes with some implications for security and reliabilty.

Single-Tenancy: A particular ressource like a server or software instance is dedicated to a single customer/organization.

Question 7

Whats are the benefits of Private-Direct Connection vs VPNs to access the cloud?

Answer 7

VPN:
- Slower
- Only one VPC
- But way cheaper

Private-Direct:
- Faster Speeds
- Multiple VPCs
- Better redundancy
- But 3-4x the price of VPN

Question 8

What are the two main security barriers in VPCs?

Answer 8

Network Access Control Lists (ACLs): Similar to traditional firewalls, they operate on the subnet level within the VPC. It works with a set of Inbound and a set of Outbound traffic rules.

Security Groups: Also a type of firewall, they function on the instance level within the VPC. They act like stateful firewalls, meaning if an outbound rule allows a type of traffic, the inbound traffic coming as answer will automatically be allowed, even if there is no rule for that. Same with blocking traffic.

Question 9

What is VPC Peering?

Answer 9

VPC Peering is a way to route traffic between two VPC directly and privately.

Question 10

What are VPC Endpoints?

Answer 10

VPC Endpoints allow private connectivity to services hosted in AWS from withing the VPC without using an Internet Gateway, VPN or AWS Direct Connect.

Question 11

What is an Internet Gateway?

Answer 11

A horizontally scalable, redundant and highly available VPC component that allows VPC instances to communicate with the internet and vice versa.

Question 12

What is a NAT Gateway?

Answer 12

Its used to allow instances in a private subnet to connect to the internet or other cloud services, without traffic from the internet being able to connect to them.

Question 13

What is NFV and what are its three main components?

Answer 13

Network Function Virtualization (NFV) is a way to switch a big portion of network functionality away from dedicated hardware to software known as VNFs, it can for example do routing, firewalling and a lot more. The main components are:
- NFV Infrastructure
- Management and Network Orchestration (MANO)
- Virtual Network Functions (VNFs)

Question 14

What is IaC?

Answer 14

Infrastructure as Code (IaC) is the process of replacing hardware infrastructure like servers, routers etc. with software like APIs that handle the tasks of this hardware virtual.

Question 15

What are SDNs?

Answer 15

Software Defined Networks (SDNs): As the name says, SDNs are networks that are virtually made using software like APIs, those APIs replicate all the needed network functionality that would normally be done by specialized hardware.

Question 16

What are the 3 components of an SDN?

Answer 16

1. Control Plane: Decides where the data goes
2. Data Plane: Moves the data according to the decisions
3. Management Plane: Administers the routers/switches inside the network and monitors traffic and network status

Question 17

What are the 3 types of SDNs?

Answer 17

Open SDN: SDN using open source technology
Hybrid SDN: Allows the use of traditional SDN protocols and open source technology
SDN overlay: SDN abstraction layers that can be created on top of a physical network.

Question 18

What are VXLANs?

Answer 18

Virtual Extensible LANs encapsulate Layer2 ethernet frames within Layer3 UDP packets. They offer:
- Scalability (up to 16M virtual networks)
- Flexibility
- Improved efficient usage of bandwith
Cons:
- Complexity
- Latency
- Configuration

Question 19

What is SASE?

Answer 19

Secure Access Secure Edge (SASE) combines networking and security functions into a single cloud native service to allow secure and easy access for end-users.

Question 20

What is SSE?

Answer 20

Security Service Edge (SSE) is a subset of SASE that focuses on security services to protect access between users, devices and the cloud.