Networking in Public Cloud Deployments - Spring 2020

This section describes:

• How you should progress through the course;
• Self-study materials and live sessions;
• Hands-on exercises;
• Detailed course contents

In his presentation Joep Piscaer focused on high-level implications of public cloud services, why organizations think that public cloud is THE answer to their IT challenges, and the ways that introduction of public cloud into your environment will impact your work and your organization. He concluded with a few recommendations on what you should be doing to adapt to the new reality.

In summer 2019 we migrated most of the ipSpace.net infrastructure into AWS, using a combination of VPC, EC2 and S3 to run a content web server and a static main web site.

The section also describes our integration with CloudFlare, and use of CloudFlare access to provide 2-factor authentication for management access and SSH sessions.

Ned Bellavance described cloud deployment automation using infrastructure-as-code tools. His presentation included:

• Infrastructure-as-code concepts and tools;
• Terraform basics;
• Using Terraform with Azure;
• Terraform and server configuration management;
• Automating Terraform

Provisioning scale-out VM sets, or virtual machines without outside SSH access, is one of the more interesting public cloud deployment challenges.

This section describes potential solutions, the tools you could use to generate VM images, and a few hints on using Ansible for cloud VM provisioning.

Deploying redundant network virtual appliances in a public cloud virtual network is one of the hardest challenges you'll have to tackle in your public cloud networking journey.

Most network services appliances rely on tricks like layer-2 forwarding, IP address sharing, or static routing toward floating next-hop address to implement seamless failover. None of those tricks work in a typical public cloud environment... but don't despair; this section will outline most of the challenges you'll be facing, and give you a few design alternatives.

In this section, Howard Marks introduced the three types of cloud storage (object store, block storage, and file systems) and explained how the three major cloud providers (AWS, Azure, GCP) implemented them.

In the second part of his presentation, Howard focused on on-premises gateways, data mover solutions, and on-ramps, concluding with a few cautionary tales.

In this section Matthias Luft reviewed the public cloud security groundwork detailed in Cloud Security webinar, and then dived into details needed to develop cloud security, establish zero-trust model, and interact with a cloud-native security team.

Justin Warren started his Resilient Cloud Design presentation with the differences between hardware- and software resiliency, explained how to prepare for inevitable failure (including the consequences of CAP theorem), and concluded with a number of resiliency patterns you could use when designing your public cloud deployment.