5.1 Cloud Networking Architecture

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

7 hours 31 minutes
Video Transcription
Hello and welcome to Module 5.1 of Cyber is cloud architecture foundations. That's his cloud networking architecture. We're going to talk a little old school networking, but mostly how the cloud has disrupted our concept of on premise networking architecture. So hold onto your fedora. That's a hat for you younger people because we're gonna go for a ride on the Cloud Network.
So are wired and Wired Network has looked real similar for the last 20 years.
The A six, The chipset, the firmware and software has all changed a lot, but the overall design of the network and underlying land infrastructure is pretty much stayed the same. The network has gotten a whole bunch faster, as we are now seeing in the enterprise network designs that were crawling at 10 based T 10 megabits per second half duplex
2 100 gigabits per second in the network or and backbone.
That's 10,000 times faster for you out there that love your mathematics and statistics.
Our wireless signal to down 11 technologies have been not only getting faster, but tremendous advancements have been made and how networking over radio signals actually works.
Initially, wireless networking was limited to 11 megabits per second. Client density was low with the ever increasing demands of wireless networking. Huge technological advancements in wireless transmission speeds, the number of radios per wireless access point
features like being forming and multi user memo have grown our wireless capacity to multi gigabit speeds and the wireless access point, with client density levels supporting hundreds of simultaneously authenticated users per access point.
The wireless architecture has also changed for managing each wireless access point autonomously, or stand alone, where every access point is its own point of network management
to being controller based with lightweight access points. That tunnel, their management in control trafficked through an appliance. The wireless controller, they create a single management point and a single pane of glass demand its thousands of access points. Really cool stuff.
Extending the network between buildings across campus across town and then across the globe. Well, the overall way wide area networks were wins or design has changed over time as well. Private fiber connections became cheaper, rounded, shared connections over shared Internet service providers that served numerous customers, not just your organization
to Internet VP and technologies were privacy and encryption technologies, air tunnel between your site A and your site B
using VP and encryption. There is now, thanks to the requirements of always needing to connect to the cloud when technologies such as SD win software to find when an Iowa an intelligent win where redundant connections, air supported and when intelligence between you and the cloud can determine the shortest and most successful path to the cloud at this point in time,
Lois Lane and see
Lois jitter and most consistent speed of connection.
So the best way to connect to the cloud is via what is called a direct connection to the cloud provider. Direct connections are expensive but very reliable and have the advantage of controlling and honoring traffic prioritization. And in between you and the clown provider, if there are 15 Internet hops between you and the cloud, you cannot, for example, control what happens hot by hop on the Internet.
All of the traffic on the Internet has treated his best effort and as discard eligible.
But you'll recall that in clouds, strategies like Hot D are between your data center in the cloud where you were can't require a recovery time objective of less than five minutes. You can't afford delays due to traffic slowdowns and due to traffic retransmissions because you dropped traffic between routing ops. So each cloud provider uses a different name for these connections.
AWS calls her private cloud connections Direct Connect
is your calls them express routes and G. C P uses the term carrier interconnect. The bottom line is that with these connections you can get sick service level agreements that are manageable, undeliverable, and thus we can design our cloud service is to be whatever you want. Cloud backup, warm D R or hot D. R.
There are three types of latent CIA network transmission serialization, delay, propagation, delay and processing delay. Serialization delay is the delay in taking our data reading it and then breaking it down into zeroes and ones so that we can re transmit it if the data was not destined for us
propagation. Delay is the delay that is incurred, made up of the time it takes to transmit the zeros and ones to the next top and processing delay is the delay incurred when the zeros and ones were read by the device. The source and destination information is interpreted, and the data. Graham is processed either internally,
you for the destination or putting down the road to the next top
into in delays the total accumulated delay of all three types of late and see how, by hop and in between us and the cloud, this delay can be substantial substantial enough that you might not be successful. For example, building out warm d r in the cloud or because of the volume of data you are backing up. You might have too big a backup windows to the cloud
for your corporate data to be successful.
This is where controlling the clouds Leighton's he comes into play Mr Dave CA Practice our Cyber Cloud Architecture Foundations Lab Proctor shows you in his cloud demonstration videos that are included in this Klores that when you're setting up your initial cloud platform, your virtual machine or your story just re target,
you can select which of the cloud providers data center locations you wish to stand up
The new service. Typically the close of the Cloud Providers Data Center, is to your geographic location the lower leighton. See unless overall delay that you will incur
so the easy button and connecting to your cloud service is for your organization is through VP and technologies or cloud VPN. This means that your office creates a site to site VPN Tunnel to the cloud Provider for the purpose of extending your office to the cloud just like you would do over VP. And if you're extending your office to our branch office or to a host of data center
site to save e peons, air typically terminated on each end with a firewall,
either a physical appliance or a virtual a firewall, a virtual machine appliance that runs on a hyper visor like VM, where hyper V or K v m the site to say VP ends. Connect your organization and your data center to the cloud and then, once connected, always stay up and act in a lot of ways, like a direct connection to the cloud
but a lot cheaper, while not being able to control her honor traffic priority tagging. Because the Internet
is all the hops between you and the cloud provider, all the VPN is doing. Once the Ike tunnel has turned up, you are encrypted into end private, meaning that if someone were to inspect the traffic, say a man in the middle traffic sniffing attack because the attacker would not have the VPN decryption key, the attacker might be able to capture the traffic,
but it would be unreadable and thus unusable.
Remote desktop protocol is protocol developed by Microsoft that enables a connection to remote host or mo computer, such as a cloud server via graphical user interface. Using this simple but powerful tool, you can use your cloud server, for example, as if it were right in front of you with your mouse and keyboard of your rdp. Client
Already view protocol is native to Windows, but there are many other RTB
clients for all of the various operating system, such as Lennox or Mac OS. There even already P clients for mobile devices such as Android or your iPhone To connect to the cloud server or platform from a Windows operating system, you can use the remote desktop connection and select start all programs accessories, remote desktop connection.
Once you start in our DPD connection, you'll be prompted for the connection data,
which is the public i p address associated with the individual Cloud Server. The administrator, user name of the Cloud server on the Cloud server password. Once you've gained access, a window will open, which will display exactly like just like the cloud server dust up to which you have just connected as if it were physically right in front of you.
Really cool stuff.
My last talking point about cloud networking is that when used, the cloud is your secondary Data Center for Business continuity and Disaster Recovery. You'll be designing to the lowest common denominator bandwith, DeLay and Leighton. See in your aversion or you're willing. Nestea either accept or immediate risk. Active, active, inactive Standby service's across your data. Centers in the cloud
each have different delay and available pairing band with requirements
databases. For example, When building your clusters across data centers are vory leighton, see a verse and bandwith intensive. If you have too much delay between database members and not enough bandwidth between members, your databases will no longer synchronize and will crash and possibly even become corrupted. I e. It's time for a rebuild designed right.
The service is using. The cloud is a participant works great
designed stretcher cloud and disaster will surely follow. Oh no, There's a scary funnel Cloud ahead turned on your windshield wipers and buckle up because it may be time for a learning check.
What are a couple of advantages of a direct connection to your clown provider?
What names do the Big three public cloud providers called our customer Direct Connection service is
what are three types of late and seeing delay in the network.
And what are three ways to connect your network to your cloud provider? So go find the tornado chasers so they can get some good pictures of the soon to be touching land funnel cloud and then come back and we will check our answers together now that you found the storm chaser and he's getting a very good close up of our cloud. I'm kind of thinking about disaster recovery right now. He's getting pretty close to that thing.
What is that? The two advantages of direct customer connections to the cloud will. First,
a direct connection can help you manage and deliver on your cloud S L. A. Because the direct connection is dependable and guaranteed, and another great feature of a direct connection that's that supports how your organization prioritizes and markets traffic so it can deliver on your quality of service requirements. There is the AWS Direct Connect
Is Your Express Round and the Jeezy P Carrier Interconnect Service.
There are three types of late and CNN network serialization delaying the time it takes to convert or dated two zeros and ones. Propagation delay the time it takes for a data to diverse hot by hop into end across the network and then processing delay the time it takes to read the data and determine what to do with it. And among the many ways to connect to the cloud, we can choose, for example, direct connections to our cloud provider
Cloud, Internet VPN and remote desktop protocol clients like Windows Rdp.
So today we learned about how the Khan has changed for me to find how we think in designer networks. We learned about propagation delay, serial delay in processing delay, just some of the things we need to consider when designing our cloud service is in our cloud connections, and we learn about directly connecting to a cloud provider, cloud VPN and remote desktop protocol.
And the next video, we will focus on how we round to the cloud and this magic box we call the Cloud gateway.
So thanks for joining us today. The Cloud architecture foundations On behalf of all of us at the cyber Security and I t Learning Team, you are no issue. And all of you users on your network good day happy packets and take care.
Up Next