44. Cloud Networking Services Module Introduction
Well, as I’m sure you will recall, this is not our first module that’s gonna deal with this subject of networking; one that I’m very passionate about, by the way. No, this isn’t the first module. This is the module though, where we’re gonna focus on really cloud-based networking services and technologies. So, let’s really dig in to what kind of advantages the cloud can bring in the area of networking for us.
45. VPNs and Virtual Routing
One of the reasons that we can ensure that our work between our on-prem resources and those in the Cloud are secure is thanks to VPNs. And when you think about it, even your traffic internal in a Cloud could be protected within a VPN just as it can be when you are in an on-prem data center environment. So, VPNs are a thing of wonder. We’re gonna talk about those conceptually and we’ll look at them as well in this video. And we’re also gonna talk about virtual routing and see it in action in this video as well. So it’s gonna be action packed. Let’s have some fun.
So remember, the idea with VPN technology is going to be that maybe our headquarters is here and maybe it is a private Cloud. We haven’t talked much about that. We need to emphasize that this is a model that is heavily used and this private Cloud, notice, is not located at headquarters. That could be quite common. And it is a VPN connection that is going to be used. And what we typically do is a site-to-site VPN in a case like this. And this is going to be what we call Always-On. Now, if a user is traveling and they need to get to the private Cloud, they can do their remote access VPN and that type of VPN of course is going to be beautiful for them just to do temporarily as they need to gain access to some of their private Cloud resources. So, notice VPNs are absolutely critical. And in other videos we’ve already discussed with you IPsec which is that beautiful suite of IP protocols that can be used with the VPN technology in in order to create the VPN, IPsec is used, in reality, it is IPsec that is handling the creation and security and all the goodness of the VPN connection. And, of course, all your private Clouds these days are designed to support IPsec. Your public Clouds have to be designed to support IPsec because it is so commonly used.
You see there’s the current version of IP, we’ll still call it current right? IP version four, where the addresses look like this 192.168.1.100, for example. That’s a typical IPv4 IP address. But we know we are transitioning to IP version six. And it’s interesting. IPsec support in IPv4 is optional. It was always an optional part of the standards. But if you are touting IPv6 support you must, that’s right, you must support IPv6 in… You must support IPsec in full. Isn’t that interesting? So, not all IPv4 speaking devices are guaranteed to offer IPsec support, but if you have an IPv6 speaking device it is guaranteed to offer IPsec support. So, that just shows you how incredibly important that protocol suite is. Notice, it’s not just one protocol IPsec but it’s a whole bunch of protocols working together in order to give a good strong VPN type of connection.
Now, what’s amazing is we have this VPN connection which is a virtual private network. This can be done over the internet and the stuff is still secure, and that’s wonderful. And that’s all virtual private networking going on. And then when it gets to the private cloud we can engage in virtual routing. That’s right. We’re gonna have all of these virtual routers inside of the private cloud with the virtual networks behind them and routing will occur in that cloud environment. All of this virtualized. Isn’t it amazing? Isn’t that just remarkable when you think about it? How virtualization took over everything that is occurring and virtualization has its kind of thumbprint on everything now inside of our cloud environment, really is remarkable. Well, let’s turn to the AWS interface now and see some of this implemented inside of a public cloud.
So, I’m going to be getting into this in more detail in the next video but I cannot talk about networking services and virtual private networking and things of that nature without discussing the virtual private cloud with you of AWS and Google Cloud platform and Azure use a similar concept. This virtual private cloud is my portion of the AWS infrastructure, my own private portion to do with what I wish. This is my virtual network. So, notice inside of the VPC is where we’re gonna find things like route tables. So notice there’s route tables here. And these route tables can be attached and associated to subnets in order to do routing. So look at this one. Here’s a route table I have for my FMC, my Fire Power Management Center, Cisco Fire Power Management Center in AWS. So, you can see I built this route table in order to accommodate some routing design that I needed to do. You can see I was routing everything to an internet gateway except the 10/16, which I was keeping local. So, notice how the routing works. Now we are just coming in to the cloud interface and we’re just pointing and clicking and assigning virtualized routing tables. And we could use templates here to help us build virtual infrastructures in the cloud. It’s absolutely amazing.
If we need an internet gateway, no problem. Our internet gateways are right here and we can build one of these and that’s gonna allow our virtual private cloud to communicate out to the internet and allow return traffic back in. So, it’s just amazing what is available to us now virtualized and point and click type of creation in the cloud. By the way, how about those VPNs?
Well, of course these solutions are going to support all kinds of VPN connections. So, notice Customer Gateways so we can set up a special VPN for the customer to come in. Just totally flexible Virtual Private Gateways, Site-to-Site VPN connections. Okay? Like just what we were describing where we might want to have headquarters making a site-to-site VPN connection with AWS, Client VPN Endpoint for the remote access. So, everything at our fingertips for a fully functional, very distributed, very accessible, secure cloud solution. It’s really remarkable. And again, almost all of it virtualized. Thanks so much for watching.
46. Network Appliances and Virtual Private Cloud
As you heard me mention in many other videos, one of the exciting things about the cloud, is its flexibility and the variety that we’re gonna get when it comes to implementing virtualized appliances. Let’s talk about that right now, with network appliances and virtual private cloud.
And, you know, what I really should have said? I’m going to show you that right now. That’s right, because we don’t have to describe it, when I can show it to you. So, notice I’m gonna go to the AWS marketplace, and the marketplace of AWS is where you are going to find an incredible, incredible variety of appliances. And yes, not just networking appliances, but networking appliances is certainly the emphasis here. So, I’ll go into this networking category, and let me tell you something, there’s going to be so much here, that you’re gonna wanna be you know, sorting, and you’re gonna be wanting to refine your results using the selections on the left. Look at this. I’m a big Cisco guy, as far as certifications and understanding go. And, I just watch this list grow, and grow, and grow, and grow. I’m not kidding you. Not long ago, this list was about 13 objects long. And now, as you can see, it is well past doubling that, it’s gonna triple that. I mean, Cisco is just going to continue to adapt their various operating systems, their various devices, into virtualized versions, that are going to be available, right here in the cloud.
And, you should see how easy this is to do. So, I click on this link right here, and this gives me all kinds of information. It tells me how much this will cost. And then, when you are ready, once you’ve decided that this is for you. And notice, by the way, this is a bring your own license (BYOL) style of virtualized network appliance. And, this is really neat, because what this allows us to do is get an evaluation license from Cisco, and use that here. In fact, it’s built right in. When it boots up, you can say, ‘I want the evaluation license.’ And, then you can enjoy that evaluation period. And again, this is great for students, because all we need is, like, an evaluation period to use the device for free to study. It’s wonderful. I love it. And, the vendors love it too.
Like I said, they’ve always been cool about, ‘Alright students, do your eval copies when you’re learning this technology.’ So, you would click continue to subscribe. Notice it’s about 0.085 cents per hour. I could definitely afford this device, and by the way, I would shut it off when I was done using it. You accept some terms here, and then you are gonna be whisked off to AWS, in order to actually notice, deploy this thing. So, it is absolutely amazing. In fact, I’ll just hang out for another second, because it’s going to be any moment, when you’re gonna see the status change here, and then it’s going to allow me to continue to the configuration. So, takes a little bit of time, and that’s because of course, they are getting all the necessary resources together to bring me this device. Notice, I’m gonna be using one of the larger instances. Of course, this goes beyond the free tier images. Anyways, it looks like it’s gonna take a while. And really, there’s nothing else I wanted to show you here. You get the idea, once this is done. Oh, and look at that, right when I was about to give up, it worked. That’s beautiful timing. Thank you AWS.
So now, I would click continue to configuration, and look at this. I’m not actually gonna spin this resource up, by the way, because I do not want this image at all. This was just for demonstration purposes. But, notice what you would then do. You would say, ‘Okay, of course I want 64 bit, Thank you. Of course, I want the latest version. Thank you. And yes, the region closest to me is great.’ So, you would then continue and launch this software. It’s just amazing now, these incredible network appliances that are out there at our fingertips.
Now, if I were to launch this thing into my cloud, where would it go? Well, let’s jump back to AWS, and let’s go up to services, and let’s look at the network services that are available for us. And sure enough, we remember, ah yes, everything is based around the virtual private cloud, almost everything. And if we look at my VPC, this is where something like my subscription would go. In fact, you can see there is a subscription product that I did through the marketplace, that’s the Cisco Fire Power Management Center.
So, you can see that’s where these things would go. These network appliances, you would go ahead and subscribe to them, do the installation properly, following the appropriate installation steps, which are downloadable right from the marketplace page. Great stuff. Just follow the step by step, get it set up, and now you have that equipment in the cloud. Couldn’t be much easier. And, I wanna thank you so much for watching this video.
