31. Other Common Cloud Services and Tech Module Introduction
Well, when you look at the exam objectives for Cloud+ and you realize it’s like a Stephen King novel, it’s very-very long, it’s very-very broad, the number of topics that we’ve been covering together. One of the things that you know I’m gonna have to do is have a module where I just talk about some cool cloud services in tech, some topics that might not have necessarily fit perfectly in the other modules. So, let’s have some fun right now. Kick back, relax, and just take a look at some really, really unique and exciting cloud offerings.
32. Subscription Services
Now, I don’t want you to be confused by this topic of subscription services. What this is talking about is something you already instinctively, intuitively know at this point, and that is that most cloud services are based on a subscription. But I also wanna impress upon you that this is referring to the fact that you can turn around and offer subscription services with cloud tech as well. Let’s take a look at this and let’s use Microsoft Azure. A perfect example of something that is surrounded by subscriptions.
It can actually come across as a little bit of a complaint about Microsoft Azure. And that is everything is all about subscriptions. Notice one of the key services they highlight is an Azure subscription service. And you can see here’s my little demo Azure subscription and subscription ID. So, this is and, oh, look at that. My current cost is $2.21. All right? This is definitely something I can afford. Now notice here that this subscription is for Azure itself but understand that as far as Azure itself goes what I’m going to be consuming inside of Azure is all gonna be influencing the cost of this subscription. And remember, this goes for all of our major public cloud vendors when it comes to all of their services.
Oh my goodness, look at this. I mean, look at this. And of course, you know, AWS is the same way. And Google Cloud platform is not this obnoxious with the number of services, but they’re close. I mean, this is not a joke. Look at this. And again, these services are available within my subscription to a point. Now let me demonstrate how this would work in Azure. This tends never to happen in AWS, but let’s just say that I want to go in and let’s do something cool in here. Let’s say that… Actually, you know what, just raw security would be really great. So, let’s go just to the security section and I’m sure they have an area dedicated just to security in here. Let’s see, there’s identity. Okay, here, this is the security section.
So, let’s say I wanted to take advantage of an advanced security feature. I don’t even know what this is. This will be fun. We can learn this one together. It’s called Microsoft Sentinel. And notice Microsoft Sentinel is their own seam or siem and that is event management. So, they’re gonna be looking at events that are gonna be occurring. And notice if I create Microsoft Sentinel, it says, aha, look at this. A 31-day free trial. So, notice this is another subscription within my overall Azure Cloud subscription. Now this would be another subscription that I could start right now. And what does this cost? Well, let’s check it out.
Under the Microsoft Sentinel pricing, it says, okay, for central US, if we were to do 100 gigabits per day it would be $123 per day. Okay, and what is this? What is this service doing for us once again? Well, it’s gonna give us analytics against our log files that are potentially coming into Azure. So, my goodness, if you didn’t have that much logging information coming in this would be very affordable, wouldn’t it? It would be $2.46 per gig ingested. And you know, a lot of times log files are very small in physical size.
So, notice that whenever you go to do something in the cloud you are going to want to investigate the pricing and how the pricing is done, just like we did on this Microsoft Sentinel product, because again this would be above and beyond the pricing that we have for our regular subscription.
Now, this brings me to another idea I wanted to talk to you about in this video, and that is how there are calculators. Okay? For these various cloud services. And so this is going to be something that is going to be very beneficial as you are planning and designing solutions. So, you might come in and you might realize that, ‘Oh my gosh these folks are really gonna be needing a bunch of EC2 resources,’ right? So we go to the EC2 cost estimator and we say, ‘Alright I just want a quick estimate for US East Region.’ And let’s say we’re gonna be spinning up Linux boxes and we are going to be spinning up, oh, let’s do one virtual CPU type devices and four gig of RAM type devices. And let’s say we’re gonna need 10 of these devices and they’re gonna be utilized to about 40%. Oh no, actually it’s the cloud. We’ll do better than that, 70% utilization per month. So if we go ahead and just do the regular on-demand pricing, what’s going to be the estimate for this? Oh, and by the way, we don’t need that much storage. So let’s say per instance each device is gonna have an eight gig disk. There we go. And yes, we’ll do the general purpose SSD. So, what will our cost be? There it is, $180 per month. All right, $180 per month. So we would have 10 Linux boxes, two virtual CPUs, four gigs of memory, each of them utilized to 70%. And this fleet of Linux servers would cost us about $200 a month. So, notice how these calculators are going to be absolutely critical for you planning your life around subscription services in the cloud. Thanks so much for watching.
33. Provisioning Resources and Applications
I actually hope that you’ve had this concern as you’ve been watching these videos regarding Cloud+ Technologies. I hope you have the concern of what about controlling the environment? I mean, isn’t it easy to spin way out of control with your employees trying things and experimenting with all that great flexibility and on-demand services? Yeah, can’t things get out of hand with your cloud implementations? Well, they really can. And I’m here to talk to you about clever approaches you should really be considering when it comes to provisioning your new resources and applications in the cloud.
So, one of the key topics that we need to understand here is that when it comes to cloud implementations, remember we want careful measured service. And so the good news about this is there is a careful monitoring of absolutely everything that you are doing in a public cloud environment, for sure. So, think about this. We want to control the provisioning of resources. We need things like resource groups, and everybody has those now, where you can go ahead and organize the resources that you are building in the cloud. So, this is great. Azure was the first person I saw really, or first person, first organization I saw to really take advantage of resource groups. Yeah, right away they were everything you were creating. They were like, ‘What resource group do you want this to be in?’ So, this was great because if you’re working on something like Cloud+, you would put all of your resources in a Cloud+ resource group and they would be really easy to manage like that.
And there’s all kinds of inventory type of tools now associated with the cloud. So, this is always great where you can go in and you can say, ‘I don’t want any more than 50 virtual machines in my entire account,’ right? So you can say things like, ‘I want resource usage caps on these accounts.’
Now, something else that all of the vendors are starting to do finally for us when it comes to really managing and controlling costs and provisioning our resources beautifully in the cloud, is they’re all starting to do something along the lines of AWS organizations. Now, this is the first time I saw something like this done. It may be that Google Cloud beat AWS to this, I don’t know. But the first time I saw this was with the AWS organizations service. And what is so great about this is that this can manage many accounts under one umbrella. And this is so great, right? Think about it. You may have an organization and you may have somebody in your organization maybe they’re with the R&D department and they have their Amazon account that they’re using for stuff in your business. And then there’s the head of marketing and marketing is using AWS for a whole bunch of stuff, and they have their AWS account. Well, clearly you want to be able to manage all of those accounts under one umbrella, and of course do your resource limits and things of that nature to those accounts holistically, and that’s what AWS organizations brings you. And I want to emphasize to you that all of our public clouds are gonna be starting to offer tools like this if they don’t already. Because organizations need a way to control and meter all this resource consumption so that they don’t have that really-really unfortunate circumstance of getting a massive bill from their cloud provider, and they can make no sense of even the resources that have been spun up. So it’s great that we’re getting more resources like this to help us provision and appropriate those cloud resources and not ruin business models and business budgets. Thanks so much for watching.
34. Interaction of Cloud Components
What do we do with a complex system like our IT infrastructure? Well, we modularize it. We modularize it and compartmentalize components of a complex infrastructure to make it more understandable, to ease our troubleshooting, to ease design. So, let’s talk about how that would work with cloud components, because the same exact thing happens when we’re talking about our cloud infrastructures.
So, here’s a look at one way we could categorize the components of a cloud infrastructure. We could say there are network components, application components, storage, compute, and security. Now, realize that this one layout I’m showing you of the categorization of components is just one approach to this. For example, in your organization, you may say, ‘All right, well we’re gonna separate out database components,’ where another company might include this, oh let’s say, in the application components. It’s important for you to compartmentalize the database components of your infrastructure. So this is going to be very flexible, and it might include artificial intelligence. Where do we put this if this is big in our organization? Is this a separate component, or is this part of application components or compute components? There’s plenty of migration components that would be involved with cloud. And, maybe, that has its own category or, again, we consider database migration in that bucket, storage migration in that bucket. So, you get the idea, and boy, you get the idea, we should be flexible with this. And there isn’t gonna be one-size-fits-all. What is going to be a central component though that we want to think about is how are these different buckets of services and resources, how are they going to interact? It’s very important for you to not just think of what do we need to create in a particular area of our cloud but, how is that going to interact with other components?
So, I almost definitely wanted to give you some tips on these service interactions in any clouds you might be working with. Of course, one of those clouds might be AWS. One of the tips that I have for you is really start noting, and you may even want to record information like this in a separate maybe spreadsheet. But notice here I’m looking at my instances and notice that these EC2 instances are known by an instance ID. And notice that that is something that you are not going to have memorized, this is randomly generated. And notice, that they give you a nice copy to clipboard feature. So, you might want to start really paying attention to things like instance IDs and things because, as you might guess, this is often the way in which you are going to tie services together.
Look at our default VPC. The default virtual private cloud is known by a VPC ID. And sure enough, I can copy that VPC ID to the clipboard.
When you are working with things like S3 buckets, you’ll notice that S3 buckets are gonna have their globally unique name. Sure, like you can see my asequeira-12345678 bucket. But sure enough, this bucket can be given access points. So, you can create an access point into this bucket. And as you might guess, this is going to be a special address that you are going to want to copy so that you can use it as folks are going to be interacting with that bucket resource. And when I say folks, I should really say things like EC2 instances. Now, we will get into more detail about this in another video, but it is an excellent point for me to remind you that all of the three major cloud vendors all follow a similar strategy, similar but different, when it comes to allowing services to access other services. You see, they’ll all give you some type of an object that will help you to control that access. And in AWS, how you control this access from one service to another is with what’s called a role.
So, notice these built-in roles they gave us. It makes sense. AWSServiceRoleForBackup.
Look at this, so this is a role that will allow for things to be backed up. And this is an example of how one service might be able to access another service. Notice this AWSServiceRoleForBackup goes by an Amazon resource name, and the Amazon resource name is now on my clipboard. So look at this resource name that we would need to reference if we were going to be needing to reference this role maybe in some kind of security policy or something like that.
So, once again, here we see where these automatically assigned names by the cloud provider end up being very, very important for this functionality. But notice the roles capability is so neat. And if they did not have a role that you needed, you could, of course, create it yourself. Maybe, we want a role that’s gonna be used to allow a virtual machine to do certain things. It’s gonna be very easy for you to go in and give a role that allows the access that you need in the cloud environment.
Again, I’m giving you an example in AWS. But trust me, there’s gonna be similar mechanisms in your other clouds that are gonna enable control and precision when it comes to one service accessing another service, which, as we’ve discussed, is key to the cloud. Think about it, you have all of these services. Look at all these services, A to Z in AWS. Obviously to get a full-fledged solution, you’re gonna have a lot of these services interacting with many other services inside of your cloud vendor. Thank you so much for watching.
35. Interaction of Non-Cloud Components
One of the challenges with cloud technologies that we need to be ready for is the fact that not all of the resources that we’re gonna need are going to exist in the cloud. Let’s take a look at the interaction of our cloud components with our non-cloud components.
Perhaps, the most obvious example of what would be non-cloud components or resources would be those of the network. Think about it, when it comes to a public cloud implementation, we might have an Amazon Web Service region, for example, and we’re gonna be using multiple availability zones, typically within that region, and Amazon provides high-speed connectivity between those different availability zones in the region. So if we have a resource X in this availability zone and it needs to communicate with a resource Y in that availability zone, we don’t have to worry about things like bandwidth. But when it comes to us connecting into the public cloud for management, this bandwidth can be a real concern. Do we have plenty for the many authentication requests, queries, application-related notifications, and API calls that are going on? And the big one is there sufficient data bandwidth available for us for the potentially massive data transfers that we’re gonna do into and out of the cloud. In some cases, initial cloud migrations can’t even occur over the typical connection we would use to enter the cloud. We’ll do something like a dedicated connection for a temporary time period into the cloud, or in the case of Amazon Web Services, we might even do something like snowball. Snowball is a really massive external hard drive, it’s the size of a suitcase, that they will send you, allowing you to load up your data. If that’s not enough, they might even roll out a snowmobile to you, and the snowmobile is a large tractor trailer truck that’s going to be coming to your facility, loading up all of your data from your own data warehouse, and then transporting it to Amazon Web Services. I would love to see the cost on that. It’s obviously not going to be cheap. So, network resources that we’re going to have that need to interact with our cloud components are going to need the appropriate bandwidth. And that can be a real challenge, can’t it?
It’s also effective life that your security resources, many times, will be located outside of your cloud implementation, and not only do they need to be utilized but they need to be altered potentially in order to accommodate the cloud. So, we may need to make key configurations on firewalls, proxy. We may need to work with encryption and antivirus software so that we can seamlessly communicate in and out of a public cloud infrastructure successfully. And I’ve used public cloud as examples here but it may even be a private cloud that we have located off-premises. So, this would be maybe our HQ facility and then we have a private cloud that we’re doing in another geographical region of the country or even the world.
Not all of our compute or storage resources are gonna be in the cloud most likely, so we need to consider these interactions. We might have stored on-prem information like inventory data that needs to be checked from the cloud. Once again, bandwidth, in order to accommodate this, is a major concern. We also need to make sure we have in place an authentication system that will work great and a series of application programming interfaces or APIs that we can use in order to seamlessly interact between our cloud and non-cloud resources.
And when you really start thinking about it, the list can really expand. I mean, we may have key monitoring tools that are on-premises that need to be able to reach into the cloud in order to give us the reporting capabilities that we might need. We might have special software that we’re running, or a partner organization is running, that will ensure we are in compliance with local laws and regulations. Maybe, we’re interested in keeping logging information on-prem for our cloud. And finally, something that we really need to consider is user interface elements for those that need to interact with our cloud. Maybe, they’re on Windows workstations, maybe, they’re on Linux boxes, maybe, they’re on a Mac, maybe, they’re on an iOS device, and that’s little iOS, maybe, they’re on Android devices, and we need to accommodate all of these end client systems when it comes to interacting with the cloud. We would consider these user interfaces that are outside of the cloud as yet more non-cloud resources that require interaction.
So, why do we get paid the big bucks as cloud architects? Well, we get paid the big bucks because there’s so much that we need to comprehend and accommodate in our designs. We not only need to consider what’s going on inside of the cloud and internal cloud component interactions, but we also have to accommodate those resources that are non-cloud.
