Skip to main content

AWS Operating Optimal Hybrid Environments

Course

Intro Video

Photo of Miles Baker

Miles Baker

AWS Training Architect II

Miles currently resides in Tempe, Arizona. As a child of a military family and a United State Marine Corps veteran, Miles has had the opportunity to live all over the world. His favorite things are spending time with family, playing strategy games, and watching good science fiction or action movies. His ideal futuristic job is captain of a starship exploring space!

Length

07:43:00

Difficulty

Intermediate

Videos

45

Hands-on Labs

5

Course Details

Many enterprise organizations operate hybrid cloud infrastructure environments.

This course discusses how to design optimal hybrid environments in AWS to meet security, reliability, performance efficiency, cost optimization, and operational requirements.

Syllabus

Course Introduction

Getting Started

Course Introduction

00:02:27

Lesson Description:

Welcome to the Linux Academy AWS Operating Optimal Hybrid Environments course. Many enterprise organizations operate hybrid cloud infrastructure environments. This course discusses how to design optimal hybrid environments in AWS to meet security, reliability, performance efficiency, cost optimization, and operational requirements.

About the Training Architect

00:01:16

Lesson Description:

In this lesson you can learn a little about the author of this course - Miles Baker. Author Social MediaLinked In: https://www.linkedin.com/in/miles-baker/

Community and Social

00:00:54

Lesson Description:

In this brief video I will introduce you to a few Linux Academy resources. Many students find these useful in obtaining answers to questions and staying up to date on new Linux Academy courses, labs, and features. Key ResourcesLinux Academy Community Slack: http://slack.linuxacademy.com Linux Academy LinkedIn: https://www.linkedin.com/company/linuxacademy Linux Academy Twitter: https://twitter.com/linuxacademyCOM

Scenario Introduction

00:01:51

Lesson Description:

In this brief video I will introduce you to the scenario used throughout this course. Dexter Space Technologies Corporation (DSTC) is looking to improve the security, reliability, and elasticity of their technical network and infrastructure while minimizing costs by migrating to AWS.

Cloud Native Review

VPC Architecture

00:30:12

Lesson Description:

In this video we are going to dive deeper into the requirements for Phase 1 of the DSTC scenario. Next we will review core concepts related to Virtual Private Cloud (VPC) and Elastic Compute Cloud (EC2). Useful LinksAWS Infrastructure Global Interactive Diagram: https://www.infrastructure.aws/ Amazon VPC User Guide: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html Amazon EC2 User Guide for Linux Instances: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html Amazon EC2 User Guide for Windows Instances: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/concepts.html

VPC Security

00:13:47

Lesson Description:

In this video we will take a closer look at many of the security capabilities related to VPCs and AWS in general. This is a critical theoretical lesson designed to make you aware of many AWS tools and services available for implementing security best practices in your environment. Useful ReferencesAWS Shared Responsibility Model: https://aws.amazon.com/compliance/shared-responsibility-model/ AWS VPC Flow Logs: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html AWS Web Application Firewall: https://aws.amazon.com/waf/ AWS Shield: https://aws.amazon.com/shield/ AWS CloudTrail: https://aws.amazon.com/cloudtrail/ AWS Systems Manager: https://aws.amazon.com/systems-manager/ Amazon CloudWatch: https://aws.amazon.com/cloudwatch/

VPC Endpoints Part 1

00:14:48

Lesson Description:

In this video we will take a look at how you can connect privately from your VPC to supported AWS services and VPC Endpoint Services without requiring an Internet Gateway, NAT device, VPN connection, or Direct Connect connection. Useful ReferencesVPC Endpoints: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

VPC Endpoints Part 2

00:07:20

Lesson Description:

In this video we will continue to look at how you can connect privately from your VPC to supported AWS services and VPC Endpoint Services without requiring an Internet Gateway, NAT device, VPN connection, or Direct Connect connection. Useful ReferencesVPC Endpoint Services (AWS PrivateLink): https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html

VPC Peering

00:09:52

Lesson Description:

In this video we will take a look at how to set up VPC Peering connections to communicate between instances in two VPCs as if they were on the same network. Useful ReferencesVPC Peering: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

DNS in a VPC

00:14:21

Lesson Description:

In this video we will take a look at DNS within a VPC. We will discuss configuration options for public DNS names, DHCP option sets, public and private hosted zones in Amazon Route 53, routing policies, and frequently used Route 53 record types. Useful ReferencesUsing DNS with your VPC: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html What is Amazon Route 53: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html Choosing a Routing Policy: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hybrid Product Fundamentals

AWS Snowball, Snowball Edge, and Snowmobile

00:02:53

Lesson Description:

In this video we will take a look at several methods of transferring massive amounts of data to or from AWS through the use of shipping devices and containers. Useful ReferencesAWS Snowball: https://aws.amazon.com/snowball/ AWS Snowball Edge: https://aws.amazon.com/snowball-edge/?aws-snowball-edge.sort-by=item.additionalFields.postDateTime&aws-snowball-edge.sort-order=desc AWS Snowmobile: https://aws.amazon.com/snowmobile/

AWS Storage Gateway

00:04:11

Lesson Description:

In this video we will take a look at how we can use AWS Storage Gateway to seamlessly integrate on-premises enterprise applications with Amazon's block and object cloud storage services, while using industry standard storage protocols. Useful ReferencesAWS Storage Gateway: https://aws.amazon.com/storagegateway/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc AWS Storage Gateway FAQs: https://aws.amazon.com/storagegateway/faqs/

AWS IoT Greengrass

00:02:55

Lesson Description:

In this video we will take a look at how AWS IoT Greengrass can work with AWS IoT Core to develop Internet of Things (IOT) applications that are able to function through loss of internet connectivity. Useful ReferencesAWS IoT Core: https://aws.amazon.com/iot-core/ AWS IoT Greengrass: https://aws.amazon.com/greengrass/

AWS Outposts

00:02:29

Lesson Description:

In this video we will discuss how you can use AWS Outposts to bring supported AWS services, infrastructure, and operating models to your data center for low latency integration, with workloads remaining on-premises. Useful ReferencesAWS Outposts: https://aws.amazon.com/outposts/ AWS Outposts FAQ: https://aws.amazon.com/outposts/faqs/

Hybrid Networking

Hybrid Networking Fundamentals

Why Hybrid?

00:04:41

Lesson Description:

In this video we will discuss why many organizations choose hybrid environments.

Hybrid Networking Considerations

00:10:34

Lesson Description:

In this video we will talk about some key considerations when working with hybrid networks. Useful ReferencesAWS Cloud Adoption Readiness Tool (CART): https://cloudreadiness.amazonaws.com/#/cart/assessment AWS Migration Hub: https://us-west-2.console.aws.amazon.com/migrationhub/home?region=us-west-2#/welcome AWS Simple Monthly Calculator: https://calculator.s3.amazonaws.com/index.html AWS TCO Calculator: https://aws.amazon.com/tco-calculator/, https://awstcocalculator.com/# 6 Strategies for Migrating Applications to the Cloud: https://aws.amazon.com/blogs/enterprise-strategy/6-strategies-for-migrating-applications-to-the-cloud/

Virtual and Physical Connectivity Options

00:04:20

Lesson Description:

In this video we will discuss many different options for establishing virtual and physical hybrid network connectivity between on-premises data centers and AWS Virtual Private Cloud environments. Useful ReferencesAWS Virtual Private Network (VPN): https://aws.amazon.com/vpn/ AWS Direct Connect: https://aws.amazon.com/directconnect/ AWS VPN CloudHub: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-vpn-cloudhub-network-to-amazon.html AWS Transit Gateway: https://aws.amazon.com/transit-gateway/ AWS Outposts: https://aws.amazon.com/outposts/ VMWare Cloud on AWS: https://aws.amazon.com/vmware/

VPN-Based Network Extension

VPC VPN Architecture

00:08:37

Lesson Description:

In this video we will discuss the basic VPN Components, AWS VPN high availability best practices, an example of site-to-site VPN over Virtual Private Gateway (VGW) architecture, and an example of site-to-site VPN over Transit Gateway (TGW) architecture. Useful ReferencesWhat is AWS Site-to-Site VPN?: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html Customer Gateway Device: https://docs.aws.amazon.com/vpc/latest/adminguide/Introduction.html Customer Gateway Devices Tested with AWS VPCs: https://docs.aws.amazon.com/vpc/latest/adminguide/Introduction.html#DevicesTested AWS Transit Gateway: https://aws.amazon.com/transit-gateway/

Static vs. Dynamic Routing

00:03:49

Lesson Description:

In this video we will discuss the Static vs. Dynamic Routing with AWS Site-to-Site VPNs. Useful ReferencesRoute Tables: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#gateway-route-table Site-to-Site VPN Routing Options: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html#vpn-route-priority

Ensuring High Availability with a VPN

00:03:26

Lesson Description:

In this video we will discuss high-availability architecture options with AWS Site-to-Site VPNs. Useful ReferencesNetwork-to-Amazon VPC Connectivity Options: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/network-to-amazon-vpc-connectivity-options.html

The Pros and Cons of VPNs

00:01:49

Lesson Description:

In this video we will discuss the pros and cons of VPNs.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Direct Connect Physical Network Extension

Direct Connect Fundamentals and Physical Characteristics

00:07:19

Lesson Description:

In this video we will discuss the Direct Connect Fundamentals and Characteristics. This includes physical bandwidth options, networking requirements, pricing, the steps for requesting a direct connect connection, Link Aggregation Groups (LAGs), and routing priorities. Useful ReferencesAWS Direct Connect Documentation: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Virtual Interfaces (VIFs)

00:02:34

Lesson Description:

Welcome. In this video we will discuss three different types of Virtual Interfaces (VIFs) used with AWS Direct Connect to provide access to AWS public services and IP addresses, an Amazon VPC, or a Transit Gateway. Useful ReferencesAWS Direct Connect Documentation: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Encrypting Direct Connect

00:03:17

Lesson Description:

In this video, we will discuss a couple of alternatives for encrypting traffic over AWS Direct Connect using an Amazon Site-to-Site VPN connection. Useful ReferencesAWS Direct Connect Documentation: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html AWS Site-to-Site VPN Users Guide: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html AWS Transit Gateway Documentation: https://docs.aws.amazon.com/vpc/latest/tgw//what-is-transit-gateway.html

AWS Transit Gateway and Direct Connect Gateway

AWS Direct Connect Gateway

00:02:24

Lesson Description:

In this video we will discuss AWS Direct Connect Gateways and some of their key features. Useful ReferencesWorking with Direct Connect Gateways: https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html

Transit Gateway Architecture and Features

00:03:50

Lesson Description:

In this we will discuss the AWS Transit Gateway and how it is used. Useful ReferencesTransit Gateway Documentation: https://docs.aws.amazon.com/vpc/latest/tgw//what-is-transit-gateway.html

Transit and Direct Connect Gateway Scenarios

00:02:40

Lesson Description:

In this video we will compare the Direct Connect Gateway and Transit Gateway, and discuss when you may choose one over the other. Useful ReferencesWorking with Direct Connect Gateways: https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html Transit Gateway Documentation: https://docs.aws.amazon.com/vpc/latest/tgw//what-is-transit-gateway.html

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:45:00

Building a Resilient Hybrid Network

Implementing Resilient Architectures with Direct Connect

00:02:07

Lesson Description:

In this video we will discuss options for building Resilient Architectures with AWS Direct Connect. Useful ReferencesAWS Direct Connect Users Guide: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Implementing a Resilient Architecture with AWS Direct Connect and a VPN

00:02:26

Lesson Description:

In this video we will discuss several alternatives for implementing resilient architecture with AWS Direct Connect and AWS Site-to-Site VPN connections. Useful ReferencesAWS Direct Connect Users Guide: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html AWS Site-to-Site VPN User Guide: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html

Influencing Routing and Paths

00:06:49

Lesson Description:

In this video we will discuss Autonomous Systems, Border Gateway Protocol, and various methods of influencing routing and paths. Useful ReferencesRouting Policies and BGP Communities: https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html

Hybrid Identity

Identity Federation

00:08:34

Lesson Description:

In this video we will review the basic concepts of Identity Federation and AWS Identity and Access Management, and discuss several identity federation scenarios in AWS. Useful ReferencesIdentity Federation in AWS: https://aws.amazon.com/identity/federation/

Directory Services

00:03:40

Lesson Description:

In this video we will review Directory Service Basics. We will introduce the various methods of using the AWS Directory Service and when to use them. Useful ReferencesAWS Directory Service: https://aws.amazon.com/directoryservice/

Using Existing Identities to Log In to AWS

SAML 2.0 Federation for Console Access

00:05:51

Lesson Description:

In this video we will discuss SAML 2.0 Basics, discuss the steps required to setup SAML 2.0 federation to AWS, and review the steps for SAML Console Access. Useful ReferencesAbout SAML 2.0-based Federation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

SAML 2.0 Federation for CLI Access

00:02:26

Lesson Description:

In this video we will review the command used for SAML 2.0 Federation via the AWS Command Line Interface (CLI). Useful ReferencesAWS CLI Command Reference - assume-role-with-saml: https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role-with-saml.html

SAML 2.0 Scenario Examples

00:03:59

Lesson Description:

In this video we will discuss a couple of SAML 2.0 scenarios. Useful ReferencesAbout SAML 2.0-based Federation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Using an Identity Provider in AWS

Extending Your Directory Using AD Connector

00:03:16

Lesson Description:

In this video we will provide an overview of the benefits, prerequisites, and architecture for Active Directory Connector. Useful ReferencesAWS Directory Services Administration Guide - Active Directory Connector: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html

Extending AD Trusts into AWS

00:05:31

Lesson Description:

In this video we will discuss Use Cases for AWS Managed Microsoft AD, and how to extend trusts from your on-premises AD to AWS Managed Microsoft AD. Useful ReferencesAWS Directory Services Administration Guide - Active Directory Connector: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html

Hybrid DNS

Hybrid DNS Fundamentals

The Dual DNS Problem

00:03:31

Lesson Description:

In this video we will discuss the dual DNS problem of hybrid environments.

Hybrid DNS the Old Way

00:02:37

Lesson Description:

In this video we will discuss how many AWS customers implemented hybrid DNS solutions before Amazon Route 53 Resolver Endpoints were introduced.

Route 53 Resolver Endpoints

Route 53 Outbound Endpoint Architecture

00:02:49

Lesson Description:

In this video we will discuss Route 53 Resolver, Amazon DNS Server, Route 53 Resolver Forwarding Rules, and Route 53 Resolver Endpoints. Then we will take a look at the Route 53 Outbound Endpoint Architecture.

Route 53 Inbound Endpoint Architecture

00:00:39

Lesson Description:

In this video we will discuss Route 53 Inbound Endpoint Architecture. Useful ReferencesAmazon Route 53 Developer Guide: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html

Endpoints and AWS Resource Access Manager (RAM)

00:02:48

Lesson Description:

In this video we will discuss the AWS Resource Access Manager (RAM) Service and how it works, and look at an architecture where Route 53 Forwarding Rules are shared between accounts. Useful ReferencesAmazon Route 53 Developer Guide: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html

Endpoint Architecture Scenarios

00:04:25

Lesson Description:

In this video we will look at a couple of scenarios for implementing various Hybrid DNS Resolution, using Route 53 Endpoints. Useful ReferencesAmazon Route 53 Developer Guide: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Fixing an Existing Hybrid DNS Implementation

Migrating from Legacy Hybrid DNS to Route 53 Endpoints

00:04:22

Lesson Description:

In this video we will look at the Point of Departure (POD, also called starting) architecture for a Self-Managed Hybrid DNS. Next will look at a Point of Arrival (POA, also called destination) architecture using Route 53 Resolver Endpoints. Finally we will discuss the steps for migrating to the POA Architecture. Useful ReferencesAmazon Route 53 Developer Guide: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html

Conclusion

What's Next?

Recommended Courses and Content

00:02:34

Lesson Description:

In this brief video we will discuss core courses recommended for setting up hybrid environments, as well as additional courses and learning paths to consider. Miles Baker, AWS Training Architect LinkedIn: https://www.linkedin.com/in/miles-baker/

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial