cloud network (internet / intranet)

computing

IT services

IaaS SaaS
PaaS
(infra) (software)
(Platform)
---------------------------- ---------------------------
-------------------------------
virtual providing readymade s/w
source code deployment
servers
development
storage
management
networking
etc

+
physical servers
(bare metal)

service providers: google map

developers.google.com/maps
AWS(amazon web services) sap cloud
developers.facebook.com
ms azure facebook
AWS Beanstalk
google compute engine(gce) ...
herouku

Pivotal cloud Foundry(PCF)

Alibaba cloud
oracle cloud
ibm bluemix

rackspace
digital ocean
-----------------------------------------------------------------------------
--------------------------------

hypervisor : VMM - Virtual Machine Manager (creates and manages a

Virtual machine)
e.g.
KVM -Kernel Based VM
xen
vmware ESX
HyperV

types of clouds:

private cloud : service running with-in an

organization/home(intranet)
opensource:
eucalyptus (hp helion)
 opennebula
openstack
Cloudstack
licensed
vmware vcloud
Citrix XENCloud
MS HyperV+systemCenter

public cloud : a cloudservice , offered by a service

provider, for everyone, visible and accessible via internet.

hybrid cloud private cloud + public cloud

community cloud

who coined the jargon /term cloud computing : Ramnath Chellappa

-----------------------------------------------------------------------
---------------------------
9 APR
aws account creation
1. aws.amazon.com/free ==> choose create a new account
2. provide your emailid,password, a/c name
3. provide billing address etc
4. choose between personal/professional account ( personal)
5. choose the payment method ( cc/dc visa/master/amex)
INR 2 will be deducted and will be refunded once your card is validated
6. choose the suppport model

Basic devlopers
business enterprise
(free tier)
support types:
-------------------------------------------------------------------

billing /acccount yes yes

yes yes

limit increase yes yes

yes yes

technical support not applicable yes yes

yes

support SLA None 12-24 Hrs

1 Hrs 15 mins

support fee none $29/mon

$100/mon 10% of your monthly bill or

min $15,000
7. account activation :
Phone based activaton
 roles in the cloud:
-----------------------------------------------------------------------------------
----------------
1. sysops and devops
(infrastrcuture automation) (application deployment
automation)

2. developers (cloud based API developers)

3. architects : making cloud based solutions and day to day issue analysis

4. account managers (TAM) : client liasing and first point of contact for
tech issues
-------------------
5. support resources.
-----------------------------------------------------------------------------
------------------
9-APR

EC2 : Elastic Cloud Compute

IaaS , using Virtual servers can be launched

10-APR:
vpc : virtual private cloud ( virtual network)
cidr: classlesss inter domain routing notation
S3 : simple storage service
ebs : elastic block store
public ip : visible to internet

AMI is a template that contains the software configuration (operating system,

application server, and applications) required to launch your instance

A security group is a set of firewall rules that control the traffic for your
instance. On this page, you can add rules to allow specific traffic to reach your
instance. For example, if you want to set up a web server and allow Internet
traffic to reach your instance, add rules that allow unrestricted access to the
HTTP and HTTPS ports.

13-APR
User data:
as file : should base64 encoded
You can specify user data to configure an instance or run a
configuration script during launch. If you launch more than one instance at a time,
the user data is available to all the instances in that reservation.

Scripts entered as user data are executed as the root user, so do

not use the sudo command in the script. Remember that any files you create will be
owned by root; if you need non-root users to have file access, you should modify
the permissions accordingly in the script. Also, because the script is not run
interactively, you cannot include commands that require user feedback (such as yum
update without the -y flag).

The cloud-init output log file (/var/log/cloud-init-output.log)

captures console output so it is easy to debug your scripts following a launch if
the instance does not behave the way you intended.

When a user data script is processed, it is copied to and

executed from /var/lib/cloud/instances/instance-id/. The script is not deleted
after it is run. Be sure to delete the user data scripts from
/var/lib/cloud/instances/instance-id/ before you create an AMI from the instance.
Otherwise, the script will exist in this directory on any instance launched from
the AMI.

User Data and cloud-init Directives

The cloud-init package configures specific aspects of a new
Amazon Linux instance when it is launched; most notably, it configures the
.ssh/authorized_keys file for the ec2-user so you can log in with your own private
key

Metadata server ip:

Instance metadata is data about your instance that you can use to
configure or manage the running instance. Instance metadata is divided into
categories, for example, host name, events, and security groups.

Retrieving Instance Metadata

169.254.169.254- metadata ip
To view all categories of instance metadata from within a running
instance, use the following URI.
curl http://169.254.169.254/latest/meta-data/

linux permissions:
x --- 1
w ---- 2
x+w 1+2=3
r --- 4
r+w+x --- 4+3=7

rw --- 4+2=6

AWS free tier quota: (for 12 months)

750 CPU Running hours per month on a t2.micro Linux server

or
750 CPU Running hours per month on a t2.micro Windows server
+
30 GB volume (storage space)
+
1 GB snapshot(backup of a Volume)

14-APR:
Status Checks:

System Status Checks : verify aws side physical infrastructure

This check verifies that your instance is reachable. We

test that we are able to get network packets to your instance.
If this check fails, there may be an issue with the
infrastructure hosting your instance (such as AWS power, networking or software
systems). You may need to restart or replace the instance, wait for our systems to
resolve the issue, or seek technical support.
This check does not validate that your operating system and
applications are accepting traffic.

Instance Status Checks:

reachability check for the OS running inside the Virtual
machine (instance)

15-APR:
AMI creation
on sharing ami between accounts: provide,
Add "create volume" permissions to the following associated snapshots
when creating permissions: snap-0b944ca98ac18dc2d
so that shared ami can copied from one region to another region.

else you will get "You do not have permission to access the storage of
this ami" error

No-Reboot option:When enabled, Amazon EC2 does not shut down the instance
before creating the image.
When this option is used, file system integrity on the created image cannot
be guarantee

16-aPR
volumes-and snapshots

iops: inout-output operations per second

types of volume: refer:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html

size
IOPS storage
------------------
- fee per use-case
Min
Max (Max) (GB)
------------------
------ ------------------
------------------------------------------
1. magnetic (HDD) 1 gb 1 tb
$0.05 low profile job

2. general prupose SSD(GP2) 1 gb 16 tb

16,000 $0.10 dev/test and bootable drive
(Baseline of 3 IOPS per GiB with a minimum of 100
IOPS, burstable to 3000 IOPS)
(any size > 5333 will get a fixed 16,000 iops)

3. Provisioned IOPS SSD 4 gb 16 tb

64,000 $0.125+ IOPS CHARGES production requirements
[$0.065
per provisioned IOPS-month]
The requested number of I/O operations per second that the
volume can support. For Provisioned IOPS (SSD) volumes, you can provision up to 50
IOPS per GiB. For General Purpose (SSD) volumes, baseline performance is 3 IOPS per
GiB, with a minimum of 100 IOPS and a maximum of 10000 IOPS. General Purpose (SSD)
volumes under 1000 GiB can burst up to 3000 IOPS. Learn more about

4. Cold HDD 500 gb 16 tb

12 MB/s per TiB)$0.025 data archieval

5. Throughput opptimized HDD 500 gb 16 tb 40 MB/s per

TiB)$0.045 data-warehousing dev/testing

17-apr:

Data encryption:
IAM : IDENTITY and ACCCESS MANAGEMENT - Security service
KMS: Key Managmenet System
Key material origin

KMS

External

Custom key store (CloudHSM)

AES-256 Advanced Encryption Standard (AES)

SNAPSHOT SCHEDULER (LIFECYCLE MANAGER)

DR CONCEPTS:
The recovery point objective (RPO)
is the age of files that must be recovered from backup
storage for normal operations to resume if a computer, system, or network goes down
as a result of a hardware, program, or communications failure. ... It an important
consideration in disaster recovery planning (DRP)

The Recovery Time Objective (RTO)

is the targeted duration of time and a service level within
which a business process must be restored after a disaster (or disruption) in order
to avoid unacceptable consequences associated with a break in business continuity.

20-APR:
Public data set: there is no charge for using the data in a public
data set.however you will be charged for the size of the volume created.

revised syllabus point:

ebs optimized instance:
Indicates whether the instance type supports EBS optimization. An
EBS-optimized instance provides additional, dedicated throughput for Amazon EBS
I/O. This provides improved performance for your Amazon EBS volumes and enables
instances to use provisioned IOPs fully.
21-APr:
Elastic IP(EIP)
default quota of EIPs /Region : 5
if you need more than 5 EIPs, raise a support ticket for "Limit
increase"

You will be charged for the EIP if it is,

1. in the allocated mode (not associated with any EC2 instance)
2. associated with a Stopped instance
 when your ec2 instance has a single network interface,
when you associate an EIP with EC2 instance, dynamic public ip will be
released and EIP takes over.

and
Elastic Network interface(ENI)
If you attach another network interface to your instance, your current
public IP address is released when you restart your instance
when you disassociate an EIP from an instance with single network
interface, automatically a new Dynamic Public Ip will be associated.

Elastic Fabric Adapter:An Elastic Fabric Adapter is a network device that you
can attach to your instances to reduce latency and increase throughput for
distributed High Performance Computing (HPC) and Machine Learning (ML)
applications.

22-Apr:
Loadbalancers : by default comes with High Availability
(managed load balanacer)
classic loadbalancer:

When you create a load balancer in a VPC, you must choose whether to
make it an internal load balancer or an Internet-facing load balancer.

The nodes of an Internet-facing load balancer have public IP addresses.

The DNS name of an Internet-facing load balancer is publicly resolvable to the
public IP addresses of the nodes. Therefore, Internet-facing load balancers can
route requests from clients over the Internet. For more information, see Internet-
Facing Classic Load Balancers.

The nodes of an internal load balancer have only private IP addresses.

The DNS name of an internal load balancer is publicly resolvable to the private IP
addresses of the nodes. Therefore, internal load balancers can only route requests
from clients with access to the VPC for the load balancer.

to be seen:

Enable Cross-Zone Load Balancing

Enable Connection Draining
300
seconds