AWS Basic Services
AWS Administration Services
AWS Deployment Services
With the AWS Solutions Architect Professional level certification, Amazon sought to identify individual administrators who are truly platform experts. Unless you've got some significant experience with AWS deployments and good familiarity with the full range of Amazon services, you probably won't have a chance at passing.
However, with this series of Cloud Academy courses, cloud expert Kevin Felichko is committed to making your learning process as smooth and productive as possible. Once complete, Kevin's guide to the Solutions Architect Professional level exam will lead you through the theoretical and practical skills you'll need to master this material.
This first course covers the key conceptual terminology and services that form the base for Amazon cloud architecting. The second course will guide you through fully-realized practical deployments, from start to finish. And the final course (late August, 2015) will focus on exam preparation and, in particular, strategies for confronting the particularly complicated style of question you'll face.
Do you have questions on this course? Contact our cloud experts in our community forum.
In this lesson we will go over the terminology you're expected to know when taking the AWS Certified Solutions Architect Professional Exam.
This terminology is commonplace in the world of information technology. Some of it takes on new meaning in the world of cloud computing. You will do better in understanding the questions and potential solutions with a uniform vocabulary. That is the hopeful outcome of this lesson.
That said, let's get started.
The Recovery Time Objective is the maximum acceptable time before a system must be functional after an incident. This objective is part of the overall business continuity plan. The RTO for one system in an infrastructure may be different from another system within the same infrastructure it just depends on how vital the system is to the business.
When considering solutions with the Recovery Time Objective you need to factor in the speed of AWS Services. An often used example is Glacier. If the business has an RTO requirement of one hour, any solutions suggesting Glacier should be ruled out since data retrieval time for Glacier can take several hours.
The Recovery Point Objective, another key factor of a business continuity plan represents the maximum period of allowable data-loss as a result of an outage. Let's say your company defines an RPO of five minutes, your solution will need to be built to never lose more than the last five minutes of data while striving for zero data-loss. An RPO can define how an infrastructure is designed and the what, when, where, and how of data backups.
Maybe you can use the Managed Service built-in backup functionality. Maybe your Recovery Point Objective rules those solutions out completely. You must, absolutely must, understand the RPO requirements to architect the most appropriate solution.
Your data is at rest when it is being stored in some sort of storage medium such as an EBS Volume, an S3 Bucket or database. You will most likely hear this in reference to encryption. Your data is in Flight when it is being transferred from one machine to another. HTTP traffic is a classic example of data in this state. Just like when the data is at rest, you will hear this term used mostly in discussions on how to secure it during transport.
You will often hear Vertical Scaling referred to as Scaling-Up. Scaling-Up means to increase capacity on a single resource. For example, adding additional memory to a server to increase the number of processes the server can run is Vertical Scaling. In the realm of AWS this could take the form of upgrading to a new Instance type.
Horizontal Scaling also known as Scaling-Out involves adding more physical or virtual resources.
Scaling Horizontally in AWS is exactly what a service like Auto Scaling does. It will add additional servers based on resource utilization maybe a time of day or a major event.
A Multi-Tier Architecture consists of application tiers that are physically separated sometimes along the logical layers of an application such as the presentation, logic, and data base layers. Multiple physical tiers allow more flexibility in scaling based on resource utilization at a particular tier; we’re upgrading a tier without impacting any other tier.
The goal of any great design is a Loosely Coupled Architecture. Individual parts up the infrastructure have no knowledge of how the other parts work. They communicate through well-defined publish services or be a Message Bus like a workflow or Queuing System. Ideally you can replace a system that provides a service with another system that provides a similar service.
A Stateless Systems is exactly what it sounds like. It means a system that is not storing any state. The output of this system will depend solely on the inputs into it. Protocols like UDP are stateless, meaning you can push packets that stand on their own and don't require the results of a previous packet in order to succeed.
Content Delivery Networks usually referred to as CDNs replicate your content to servers all around the world with the goal of improved performance and availability based on the end user's location.
AWS offers a CDN Service called CloudFront with "edge locations" currently in multiple locations on five continents.
A Network Perimeter is a boundary between two or more portions of a network. It can refer to the boundary between your VPC and your network. It could refer to the boundary between what you manage versus what AWS manages. The important part is to understand where these boundaries are located and who has responsibility over each segment.
Synchronous Processing refers to processes that wait for a response after making a request. A Synchronous Process will block itself from other activities until either the response is received or a predefined timeout occurs.
An Asynchronous Process does the opposite of the Synchronous Process. It will make the request and immediately begin processing other requests. When a response is finally made available the process will handle it. This is how long-running activities are handled. AWS offers services such as SQS and SNS that can help in the overall implementation of Async processing.
Fault Tolerance is what enables the system to continue running despite a failure. This can be a failure of one or more component to the system or maybe a third-party service. In the realm of AWS this could mean operating a system in Multiple Availability Zones. If an AZ outage occurs, the system continues operating in the other AZs.
The goal of Fault Tolerance is to be completely transparent to the users with no loss of data and or functionality. High Availability means having little to no downtime of your systems. The gold standard is 99.999 percent or the five-nines, which means less than five and a half minutes of downtime per year. Not every system has to be built with the gold standard. The availability goals depend on the purpose of the system as well as the operating budget. AWS makes High Availability easy and fairly inexpensive to implement especially when compared to a traditional environment.
Self Healing Systems are capable of recovering gracefully from faults without the need of manual intervention. You can think of Self Healing at both the infrastructure and application levels. Simple Queue Service can be used for reliable delivery of messages between application components. AWS offers tools such as Auto Scaling Groups that can be used to ensure a system is always running. Self Healing is vital to meeting High Availability and Fault Tolerance goals.
The OSI Model stands for Open Systems Interconnection Model. It is a standard that defines the layers of a communication system. There are seven layers in the model; Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, and Application Layer. Each layer has its own set of responsibilities. Traffic starting at an upper layer such as L7 or the Application Layer will use the L6 or Presentation Layer to communicate. This continues all the way down to the L1 layer. In AWS you have some level of control from L2 and up. Most the control is performed through AWS Managed Services. You should understand how each service corresponds to the OSI Model and what you have control over versus what Amazon controls.
Network Address Translation, NAT for short, is a method of placing all systems on a network behind a single IP address. Each system on the network has its own private IP address. Externally, traffic originating from any of those systems appears as the same IP address. This is how a network that is assigned an IP address from an Internet Service Provider can have multiple systems connected to the Internet resources without each needing to be assigned its own public IP address.
NAT is a very common service and is fully available to VPCs and AWS. Routing Tables are a collection of rules that specify how Internet Protocol traffic should be guided to region endpoint. A common route in a Routing Table will direct all traffic headed outside of your network through a router. This is how a system can reach web sites. Another route might direct all traffic in a certain range to another network over a Virtual Private Network connection. AWS lets you manage your own Routing Tables for your VPC.
An Access Control List, commonly referred to as an ACL, defines permissions that are attached to an object. In the world of AWS you can attach network ACLs to Subnets which will grant or deny protocols to and from various endpoints. ACLs can be attached to S3 Buckets to control access to the objects it contains. ACLs are crucial to understanding how to properly secure your environment. Firewalls are systems, either software or hardware, that control the incoming and outgoing network traffic. You manage a set of rules to permit or block traffic based on endpoints and protocols. AWS implements this via Security Groups that can be attached to one or more EC2 Instances, to Elastic Load Balancers and more.
Security Groups are part of the first line of defense in securing your environment. A Load Balancer works to distribute traffic across a number of servers. It can be a physical or virtual resource. Traffic is directed to registered servers based on algorithms that typically seek and even load or round-robin styled distribution. A client may be directed to different servers on each request.
Sticky Sessions allow clients to stay with a single server during its Session Lifetime. Features such as "server health checks" ensure traffic stops being sent to servers that do not respond within defined thresholds.
DNS stands for Domain Name System; it is a naming-system for accessing resources. It can be used to locate systems in both public and private networks by translating easy to remember names into numerical IP addresses. DNS is an essential tool in any infrastructure. Route 53 is Amazon's DNS Service.
Eventual Consistency is exactly what it sounds like. It is a Consistency Model that states, data will eventually be consistent across a distributed service. Eventual Consistency is a major factor in ensuring distributed computing works properly. An example of this model is the Simple Storage Service. Across all regions you may update an object in a S3 Bucket but a follow-up call to access the same object, could show the previous version prior to the update. This is due to Eventual Consistency which guarantees the update will be made but the timing depends on other factors outside of your control. You should know what this means for the design of your systems otherwise this could mean confusion and frustration among your users.
Relational Databases are one of the most common types of data storage used in applications today. A Relational Database consists of one or more tables each representing an entity. A table has columns that are considered properties available to describe the entity. Rows in the table represent instances of that entity type. Tables can be linked to each other, for example, an Order Table would link to an Order Items Table. AWS offers a service called RDS. It is a managed Relational Database for different database vendors.
Non-Relational Databases can be easily explained as data sources that are not relational. Common within this group are NoSQL Databases that include document databases, Key-Value databases, graph databases, and more. DynamoDB, an AWS offering is a Key-Value Database. RESTful Web Services are HTTP and HTTP/S-based application programming interfaces that interact with other applications through a standard HTTP method such as GET, HOST, PUT or DELETE. The client makes a request to be an URI with any applicable input parameters. The server will process the request and return a response that is consumed by the client. RESTful Web Services have gained popularity because they are considered simpler than their alternatives.
Security Policies are just one of the many AWS services that are written in JSON format. Without understanding it, you would run the risk of leaving systems exposed.
Remote Access can mean something different based on what tools are being used. In all situations, it means accessing systems or data from a location not physically connected to another location.
Virtual Private Networks allow Remote Access between two networks.
SSH allows access to a server from a remote client.
Microsoft Remote Desktop allows a client to connect and control another windows-based computer. Remote Access almost always requires some form of authentication before it is allowed.
Access Credentials consist of information that is used for the purpose of authentication to systems and authorization of actions that can be performed within a system. Username Password Credentials are the most common type of Access Credentials used today. Another form is Certificate Credentials. AWS uses a combination of credentials ranging from the standard Username Password to Multi-Factor Authentication to Access Keys.
Public Key Encryption is a method of encrypting communications and ensuring that messages contained within the communications, originated from the proper source and were not tampered with on the way to the destination. There are different techniques used in encrypting with Public Keys, each requiring the proper technology support from both the source of the message and the destination.
When two computers wish to communicate using an Asymmetric Key Encryption Scheme, they each share their Public Key with the other. The message originating from the first computer will encrypt the message using the Public Key of the second computer. The second computer would decrypt the message with its Private Key. In fact the only way to decrypt the message is with the Private Key. It is important to protect a Private Key and never share it, otherwise communication can be "spoofed" or intercepted by others.
We have now covered terminology that is important for the AWS Certified Solutions Architect Professional Exam.
The remaining lessons in Part 1, we are going to dive into each AWS Service, explaining what it is, share some use-cases, and look at pricing. They are invaluable lessons designed to help us determine the best solutions when presented a set of requirements.
First up are the AWS Compute Services.
Kevin is a seasoned technologist with 15+ years experience mostly in software development.Recently, he has led several migrations from traditional data centers to AWS resulting in over $100K a year in savings. His new projects take advantage of cloud computing from the start which enables a faster time to market.
He enjoys sharing his experience and knowledge with others while constantly learning new things. He has been building elegant, high-performing software across many industries since high school. He currently writes apps in node.js and iOS apps in Objective C and designs complex architectures for AWS deployments.
Kevin currently serves as Chief Technology Officer for PropertyRoom.com, where he leads a small, agile team.