       Cloud computing essentials for managers / software engineers 培訓

1. Virtualization Details
a. Operating System Concepts Overview
i. CPU, Memory, Network, Storage
b. Hypervisor
i. Supervisor of Supervisors
ii. “Host” machine and “guest” OS
iii. Type-1 Hypervisor & Type-2 Hypervisor
iv. Citrix XEN, VMware ESX/ESXi, MS Hyper-V, IBM LPAR.
c. Network Virtualization
i. Brief introduction to 7-Layer OSI Model
1. Focus on Network layer
ii. TCP/IP Model or Internet Protocol
1. Focus on a single vertical
a. Application Layer: SSL
b. Network Layer: TCP
c. Internet Layer: IPv4/IPv6
d. Link Layer: Ethernet
2. Packet structure
iii. Addressing: IP Address and Domain Names
iv. Firewall, Load Balancer, Router, Adapter
v. Virtualized Network
1. Higher-order abstractions: Subnets, Zones.

d. Hands-on Exercise:
i. Familiarize with ESXi cluster and vSphere client.
ii. Create/update networks in ESXi Cluster, deploys guests from VMDK
packages, enable inter-connectivity between guests in an ESXi cluster.
iii. Make modifications to a running VM instance and capture snapshot.
iv. Update firewall rules in ESXi using vSphere client.

2. Cloud Computing: A paradigm shift
a. A fast, inexpensive runway to make product/solution available to the world
b. Resource sharing
i. Virtualization of virtualized environment
c. Key benefits:
i. Resource elasticity on-demand
1. Ideate->Code- >Deploy without requiring infrastructure
2. Rapid CI/CD pipelines

ii. Environment isolation and vertical autonomy
iii. Security through layering
iv. Expense optimization
d. On-premise Cloud and Cloud Providers
e. Cloud as an effective conceptual abstraction for distributed computing

3. Introduction to Cloud Solution Layers:
a. IaaS (Infrastructure as a Service)
i. AWS, Azure, Google
ii. Choose one Provider to continue later. AWS is recommended.
1. Introduction to AWS VPC, AWS EC2 etc.

b. PaaS (Platform as a Service)
i. AWS, Azure, Google, CloudFoundry, Heroku
1. Introduction to AWS DynamoDB, AWS Kinesis etc.

c. SaaS (Software as a Service)
i. Very brief overview
ii. Microsoft Office, Confluence, SalesForce, Slack
d. SaaS builds on PaaS that builds on IaaS that builds on Virtualization

4. IaaS Cloud Hands-on Project
a. The project uses AWS as the IaaS Cloud Provider
b. Use CentOS/RHEL the operating system for the rest of the exercise
i. Alternatively, Ubuntu will also do, but RHEL/CentOS are prefered
c. Obtain individual AWS IAM accounts from your cloud admin
d. Each student must do these steps independently
i. The ability to carve your own entire infrastructure on-demand is the best demonstration of the power of cloud computing
ii. Use AWS Wizards -- AWS online consoles -- to accomplish these tasks unless otherwise mentioned
e. Create a public VPC in us-east- 1 Region
i. Two Subnets (Subnet-1 and Subnet-2) in two different Availability Zones

1. See https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenarios.html for reference.
ii. Create three separate Security Groups
1. SG-Internet
a. Allows incoming traffic from Internet on https 443 and http 80
b. No other incoming connections allowed
2. SG-Service
a. Allows incoming traffic only from security group SG-Internet on https 443 and http 80
b. Allows ICMP only from SG-Internet
c. No other incoming connections allowed
3. SG-SSH:

a. Allows SSH:22 incoming connection only from a single IP that matches with the public IP of the student’s lab machine. In case the lab machine is behind a proxy then the public IP of the proxy.

f. Deploy an instance of an AMI pertaining to your chosen OS -- preferably latest RHEL/CentOS versions available in AMIs -- and host the instance on Subnet-1. Attach the instance to SG-Service and SG-SSH groups.
g. Access the instance using SSH from your lab machine.

i. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

h. Install NGINX server on this instance
i. https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
i. Put static contents of your choice -- html pages, images -- to be served by
NGINX (on port 80 0ver HTTP) and define URLs for them.
i. See https://www.nginx.com/resources/admin-guide/serving-static-content/
j. Test the URL from that machine itself.
k. Create an AMI image from this running instance.
i. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html .

l. Deploy that new AMI and host the instance on Subnet-2. Attach the instance to SG-Service and SG-SSH groups.
m. Run the NGINX server and validate that the access URL for the static content as created in step (i) works.
n. Create a new “classic” Elastic Load Balancer and attach it to SG-Internet.
i. See https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-getting-started.html
ii. Note the difference from Application Load Balancer and Network Load Balancer.

o. Create routing rule forwarding all http 80 and https 443 traffic to an instance group comprising the two instances create above.
p. Using any certificate management tool -- java keytool etc. -- create a key-pair and self-signed certificate and import the certificate to AWS Certificate Manager (ACM)
i. See https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
ii. Alternatively, ACM itself can be used as a certificate management and signing authority and a new certificate can be requested to ACM. But in that case a valid domain name must be used, corresponding domain admins must be available to validate the request, and an AWS Route53 entry then subsequently needs to be created to map onto ELB IP. These are more advanced steps and hence p.(i) is better recommended.
q. Use this certificate for the ELB’s TLS/SSL connection to support https

i. See https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ssl-server-cert.html

r. From your browser go to http:://<elb-public-access-name>/<static-content-url>
s. You should see the static content on your browser.
t. Stop each of the instances one at a time and submit the URLs.
u. Stop both instances and submit the URLs.

5. Cloud Monitoring: Introduction &amp; Hands-on Project
a. AWS CloudWatch metrics
b. Go to AWS CloudWatch dashboard for the instances
i. Retrieve the relevant metrics and explain the variability with time
1.https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html
c. Go to AWS CloudWatch dashboard for the ELB
i. Observe the ELB metrics and explain their variability with time
1.https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html
6. Advanced Concepts for Further Learning:
a. Hybrid Cloud -- on-premise and public cloud
b. Migration: On-premise to public cloud
i. Application code migration
ii. Database migration
c. DevOps
i. Infrastructure as a code
ii. AWS Cloud Formation Template
d. Auto-scaling
i. AWS CloudWatch metrics to determine health