Time
7 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
8

Video Transcription

00:09
Hello again, fellow. Cloudy propeller heads and welcome to module 6.3 clown virtual ization where we're going to spend some time in the module in the AWS management console to show you what virtual ization is and how it is used in the cloud. All right, so we're in the happy packets A W s management console, home page. And so from this home page, we're gonna go appear to service is
00:29
and we're gonna find our compute section where we're going to go into the elastic compute cloud or E C to service.
00:36
So the easy to service is, whereas I, as a cloud administrator, can go in and manage my ah and create my virtual instances of my machines, I either on multi tenant hardware. So in hyper threaded environments where I want to turn on my virtual machine and
00:53
I don't care with my virtual machine is on hardware that other customers of AWS sir
00:59
running their virtual machines on I just care about my application running. Well, then I would go in there and create my own virtual instance by clicking this button here. But in case like the example we used earlier in module six, where I might need an application running on as a dedicated instance on a dedicated piece of hardware
01:18
where I can control the environment.
01:19
Maybe I've got payment card industry PC. I credit card information on my server, So I need to make sure that nobody else is on that hardware host except for me and my company. So in that particular case, I would go to a dedicated host and maybe carve up a dedicated instance. So we're going to talk a little bit about that now.
01:38
So now we're gonna go to the dedicated host
01:41
portion of the front end,
01:42
and this is where I can create my own physical server with my own easy to instance, dedicated strictly to me in my use.
01:49
And a couple of things I want to point out here is that there is a distinctive difference between dedicated instance and a dedicated host. So again, my example, maybe I'm running an application where hyper threat it's not supporting. So what I need to be able to do is put my instance on dedicated physical cores.
02:09
Well, I will,
02:12
but I don't care that the host itself might be shared in other words, there might be other customers running and that shared multi tenant environment. But what I do care about is that I'm carving out physical core instances. Dedicated resource is like memory and storage for my host so that I could be in compliance. So in that case,
02:30
I'm gonna cover up a dedicated instance.
02:32
Or if I want to control the whole machine and I am the only customer on that machine, I'm gonna carve out my own dedicated host. What's interesting about that is I'm going to be billed for the entire computing platform. So all of the cores, all the memory and Amazon doesn't care
02:50
how many virtual machines, whether it be one or 50 or 100 or whatever. I run on that machine because they're going to charge me the same.
02:57
It's all my cores on my proxy on my storage on that entire host, and I could do with it what I want. And that's what's called a dedicated host.
03:07
So I'm gonna go back into easy to now last to compute Cloud,
03:12
and now we're gonna go ahead and launch an instant. So this is where we're gonna launch a virtual machine in a multi tenant environment and what I want you to notice is look at all of these different virtual machines
03:23
that I can carve up. I can carve up Windows servers. I can carve up Windows desktop, second carbon hoop onto servers.
03:34
Red hat
03:36
Ah, version of Linux is called Amazon Lennox.
03:39
So the Amazon machine instance that I want to create, create am am I What happens is I Let's go ahead and scroll down here, toe. Let's go ahead and grab this one. The Windows 2019 with sequel Server 2017 Enterprise. So you can see here that
03:57
we have a hardware virtual machine so that the virtual ization type that air Amazon machine instance or am I is going to use And so we're gonna go ahead and hit, select. And so we've learned in module six that
04:11
well, we don't want over provisioning. We don't want to under provisions. We want to get it just right. So we're gonna do some best guess is we're gonna look at the specs of our application that we're gonna be running in this case, a server 2019
04:21
and we're gonna look at how many cores and how much memory and how much stores that box requires based on the size of users that we're going to support. So a a 1000 user instance of Server 2019 is gonna take a lot less compute and memory storage than an enterprise edition.
04:41
That's gonna have 30,000 users running active directory on it. So depending on what I'm going to d'oh,
04:46
I'm gonna choose the lot the size. So the nano, the extra small version or small, medium large, and over here you'll see that it's vey CPU. So how many Seep uses it going to carve out to turn up this instance so it could be as little as one could be as much as eight
05:03
memory. It does not support things like hyper threading, so it's one for one. So instead of one core turning it into two virtual cores. If I have a gig of memory, I get one gig of virtual memory.
05:15
And so what happens is the way I'm reading this is that in this particular case, this extra large instance of 2019 when I carved this up, it's going to use four v z p use. It's going to use 16 gig or virtual memory and this elastic black storage. What this CBS is, it's how it the Amazon
05:34
machine EMS image. Am I rights? It's blocks
05:39
to the storage. Ah, and so it uses CBS to do. That's what they call it.
05:44
And so what that basically means is is that it's gonna carve up some temporary storage for me for as long as my instances running. And then once they turned down that instance, a get rid of that instance, it's going to take that storage back and put it back in the storage pool for someone else to use. So that's what they mean by EBS.
06:02
Ah, and if I scroll down here, you can see that. Let's look at this great Big 2019 server. Look at this guy. So this looks at this
06:10
requires 96 CP USVI CPU. So 48 course
06:16
to run a single instant to 2019. I need 384 gig a memory, but we know we're obviously going to be running a raid five across four drives. So this is what we spend a little time on the hard drives and learn a little bit about some storage and how some of this technology works because, hey, when I carved this out,
06:34
I'm going to need to be using 4 900 gig solid state drives. That's flash drives.
06:41
So we're gonna have really fast, right? We're going really fast. Ability to read. So we call those psyops input output per second. We have really fast operations from a storage perspective in a raid. Five. So we're going to stripe across some disks, So if we lose anyone, we're going to be able to recover.
06:58
Um And so that's an enterprise version of this. All of that to carve up one virtual machine
07:04
pretty slick.
07:05
All right, I'm back into my easy to console, and I'm gonna go ahead and click launch instance.
07:13
And instead of carving up one of these virtual servers, what I'd like to do is I'm gonna go over here to the AWS marketplace, and it's within the AWS marketplace that I can start carving up any of the vendors virtual appliance. So instead of a router, for example, that's on a purpose built piece of hardware,
07:31
um, in a
07:32
box and sheet metal has got a motherboard in it in memory and a 6 April application. Specific integrated circuits and its own E prom's and so forth instead of that dedicated appliance. Now what happens is I can run that as a virtual machine,
07:47
and my hardware instead of this dedicated appliance that is carved up and looks like a router, is now on virtual si, pues and memory and storage on a server platform. So I'm running a virtual router virtual machine on a
08:03
compute platform, and so that's called a virtual appliance. And so you can see here I can carve up a barrack oot, a firewall, a Juniper firewall, F five big guy P load balancer,
08:16
or I can come over here and it was quick. Infrastructure is a service, and we're gonna come down here to network infrastructure. And you're going to see some of these things that I can carve out so I can carve out this. Cisco Cloud Service is Rounder. There's a service called B Y O B B Y O L. A. Bring your own license. If I have a flexible license
08:35
and a smart account from Cisco, I can take my license, maybe off of a prime based router and move that license for features and functionality
08:43
to now my cloud based Sysco CSR
08:48
Pretty cool on how I can move my premise based licensing to the cloud and perform cloud migrations.
08:54
I scroll down here, you can see Ford Annette create before didn't firewall. Um, Palo Alto firewall.
09:03
Cisco s A So I'm a security guy. Ah, tenable. Makes this great professional technical scanner called nexus nexus professional. So maybe when I'm performing technical scans for that school district. I don't want to do it for my data center anymore. Ah, And then over VPN
09:22
going to my customers network. Ah, and pull that network and perform technical scans and look for vulnerabilities. Now
09:28
I can carve up my version of 10 10 nobles Ness's professional scanner from the cloud. And so now I can carve up that it's a linen compute virtual appliance that runs the tenable nexus scanning software on it is a dedicated appliance.
09:46
Pretty slick stuff.
09:50
So that's it for module six. So next time in module seven will start taking a deep dive into everything. Aws It's on behalf of all of us in cybersecurity nightie learning team cloudy. Thank you's appreciation and gratitude Tag? You're it. So for now, we will be no issue. And all of the users on your network a very good day. Thank you so much for joining us. We want you to take care,
10:09
enjoy your network, have fun in it,
10:11
and happy packets.

Up Next

Cloud Architecture Foundations

In this Cloud Architecture training, students learn the basics of cloud computing across three platforms – Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. This class provides students with hands-on training and excellent instruction.

Instructed By

Instructor Profile Image
Kevin Mayo
Director of Cybersecurity
Instructor