7 hours 31 minutes

Video Transcription

Welcome back. Cloud heads to the AWS Claude Management Consul Dashboard demo number three. So from our console home page, we're gonna dig just a little bit deeper into the amazing A. W s service is that are available via this cloud platform.
So we're gonna go over here and quick service is, And so in this demonstration, I want to spend a little time on what I call demo drive byes just to show you, via some various panes of glass within the management console, some of the really cool things you likely never thought of that could be done for this amazing cloud engine. So over here on the right,
we're going to start moving over here to this thing called a W s robo maker. So let's check out what this thing is.
So from this screen, we can see that if, for example, were a manufacturer who maintains an assembly line or health care provider like a regional hospital, and we use robotics to help us a similar products on the assembly line, or we use robots to use, uh, better patient care. So, like a mobile robot pharmacy
that works over the 802.11
network on wheels. And so we can wirelessly transport medicines, toe our patients and increase our patient health care and patient well being across the hospital. Well, this A W s robo maker, we can develop and test our own robot applications and from application Indians, two platforms
for robot application development and robot application testing
all here via the AWS robo maker so we can get started or weaken work on developing our application to a whole host of robots. It's in our robot fleet or down here in the lifecycle portion of this. We can do our homework and figure out how we can write at really intelligent app that minimizes
battery life,
minimizes the use of memory and so we can create a really smart app and a really great app for our robots.
Really cool stuff. So do you remember thing one and thing too, from Dr Seuss's cat in the Hat if you don't? They were troublesome things that created havoc in the world of Dr Seuss. Something real troublemakers.
Well, with millions of new Internet connecting devices from refrigerators and home monitoring devices, cameras and intelligent trash cans that let the garbage man know that Can is full,
and it's time to pick it up and empty it out. Well, the cloud is here to help you manage your Internet of things so that your things don't create havoc like the cat in the hat's thing. Number one and thing number two.
So from our service is Window, we're gonna go over here to the Internet of things, and we're gonna click on Internet of Things core.
So I have a customer who's a city, and they're remodeling their entire community park. This new community park is gonna have amazing rides and Ferris wheels for the kids. There's a skating rink there, says Skateboard Park.
Um, there's an ice cake rink when it's wintertime Ah, and gondola's that
fly across the sky all powered over the Internet. So I have trash cans that with the Internet, left the Waste facility group. No, it's time to come empty the trashcan to lights that
with the Internet and with management over the Internet, I can control how much lighting to use and when to turn the lights on and to monitor my lighting. So when
a light when a light bulb is no longer working and functional. It alerts me so that I can timely go and replace that light. So that's the Internet of things and how some of our
organizations out there are using these intelligent devices thes things that connect to the Internet, all that we call the eye ot or Internet of things.
So in our network area, device uses interpreter so that we can agree on how to read the binary zeroes and ones like asking the American Standard Code for information interchange.
Or we agree on how to interpret our zeros and ones. And we get the American keyboard from the alphabet to special characters like the ampersand. So here in a W S I o. T. Is this really cool service called a message broker? If are things out there are using the Internet connect to connect to the AWS cloud?
Well, then the aws I ot message broker will bridge the gap between all of the different
Internet of things out there. Each class of device using their own interpreted protocols that speak their own version of the Internet of things. So for our city park are trashcan speak a language are lighting system, speaks a language
or gondolas speak a language are Ferris will speak a language because they're all created by individual manufacturers and vendors.
And they're all created with their own software on their own applications. And they all speak their own version of a computer language and their own ways to connect to the Internet. So with the aid of U. S. I. O. T. Service, what here we could do is we can turn on this thing called a message broker service. So what that
does is if our roads are far Internet of thing, devices
can talk to the cloud and talk to this A W s cloud engine. Now we can at least be talking clouds speak. And if everybody can talk, cloud speak and we understand the same language than with this Coyote message broker service, we can ensure that all R I O T. Devices air talking, same language and thus can talk to each other.
And now that they all can talk and listen to the same language, we can group them into various management groups.
We could manage them is either individuals were, as groups do group policy, and we can see them point to them, manage them, report on them and audit them from the AWS Internet of things management console Very slick and let's take a look.
So here we click on on board for when it configure Internet of Thing device and have it connected, the cloud will go through wizards. And if the Wizards aren't working exactly what we want to cause we might be missing a protocol or two well through software development kits, we can create our own interconnection hook so that we can,
uh, create a unique tied at the AWS
i o t engine and talk to our Internet of things device we can manage so we can register a thing so we can create a thing and then we can bulk register and then we can click on here and give our thing a name. We can give it a type we can put it in a group. We can create
attributes which are descriptions. So the only one with search
all are hundreds of Internet of things out. There are attributes will say trash can or whatever character value we want to associate with it, et cetera.
So really cool.
So we can group are things into groups. We can create building cycles around our groups. Ah, we can create security policies and do things around things like pushing machine sort of certificates out to our devices. Um, and then we can create security policies like recon
conduct ongoing on its audit security audits. And then we can monitor from a security perspective
our devices and making sure by perhaps putting an agent out there on our trashcans, we can make sure that from a security that we're not getting hacked. There were not having viruses and malware put on her devices, etcetera. So really, really cool stuff on even things like we can put
software Ah, and and middleware on our Internet of things all via this aws coyote
really slick stuff.
So in a network, whether it be premise based or in the cloud, we need triple A authentication, authorization and accounting, and we need to utilize the security management architecture that we call identity access management or I am, and we could have an entire class and identity access management, so I don't want to get lost in it. But it's important to know for the purposes of this discussion,
the security control and security governance in our network.
The things that we want to focus on specifically are andthe indication and authorization Well, with that within her I am architecture. Well, that service is controlled and managed by this thing called directory service. And the most popular directory service on the planet is Microsoft's active Directory or a D.
So what I want to talk about now is really around this part of this diagram. This is complex diagram. There's a lot to active directory on how we use it, but I only want to focus on what's in the circle. So what here we're talking about is that
our network is gonna have an instance of Microsoft Directory on premise
or in the cloud or both, and then we're gonna integrate them via what we call connectors through a process called Federation.
An active directory is our corporate directory. It's a phone book of all our users and all our network devices and all the resource is in our network and through directory service is and protocols like radius remote access dialing user service. We authenticate toe active directory.
The 80 service has a record of who we are Ah, hashed version of our law again or user name and password has a record of what service is in the network. We can authenticate two and have privileges for. So this way we can log into a network and we can access sales information. But the I T administrator can control and
and, uh, and police what we have access to so that we
do not have access to confidential customer financial information in the network. All of these things are controlled through radius talking to, authorized by authenticated to an authorized by Microsoft Active Directory all controlled within active directory through individual and group user policy.
Pretty neat stuff. And so what, we're going to show you next is how we can stand a perversion of Microsoft Active directory in the AWS platform.
So now we're going to go into the AWS service's cloud and we're going to create our own instance of Microsoft Active directory. So we're gonna have service, is there? We're gonna scroll down here and we're gonna click directory service,
and then we're gonna set up our directory. So we have a few different connectors here so we can click Ah a W s man is Microsoft Active Directory. Or we can create a simple instance of active directory. Or we can create a connector
thio, connect us in a premise based version of Active Directory or our new cloud instance of active directory. Maybe we want to connect it to a juror. We want to connect it to G C. P. So Well, if we want to do that, then we go down the connect
her path. We're gonna go ahead and hit a W s managed Microsoft active director gonna hit next, and you can see here there's a couple of different additions that we can choose from. So the standard edition allows us at one gig of storage and we can create a PTA 30,000
network controlled objects, user's devices, et cetera. All of those objects
Ah, that we can control in our global catalog in active directory or this Enterprise edition with up to 500,000 objects and 17 gigs of data. And if the Standard edition or the Enterprise edition, we get to domain controllers and then there's a fee for each additional domain controller or D C
primary or secondary D. C and our network depending on how we build out the architecture.
And then what we're gonna do is once we choose our version,
we're gonna give it a full decoy qualified domain name or f que tiene so that we can reach our instance of active directory from the Internet and our D. N s queries and our Dina servers out there. Which route globally the www dot my instance of active directory in the a w est
cloud dot com we confined that reach it and see it from the Internet.
Ah, then we'll go in here and give it a directory description. Ah, and then for things like network management so that we can manage and report from our directory Instance on. Then we can give it some admin level passwords and confirmed the password and be done with it. So, uh, pretty good stuff.
And then we're going to create this going on here to the next step,
and we'll create our virtual private cloud sub nets and our virtual network to ah to tie in and connect our version of active directory in the clown to the rest of our either cloud based network or route at via direct connect or other types of service is down to our premise based network
and connected up on dhe Federated. Um ah. And then we'll create our instance of active directory and push it out and turn it up and enter it into our production network.
Good stuff.
That's it for our AWS dashboard demos. On behalf of all of us. A cyber security an I t learning team. We want to wish you and all of the users on your network
Good day. Thanks so much for joining us. Take care and happy packets.

Cloud Architecture Foundations

In this Cloud Architecture training, students learn the basics of cloud computing across three platforms – Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. This class provides students with hands-on training and excellent instruction.

Instructed By

Instructor Profile Image
Kevin Mayo
Director of Cybersecurity