# Cloud Computingm

## NIST Cloud Computing Definition

- Definition
    - Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. 
- Cloud Model
    - 5 essential characteristics
        - On-demand self-service
        - Broad network access
        - Resource pooling
        - Rapid elasticity
        - Measured service
    - 3 service models
        - SaaS
        - PaaS
        - IaaS
        - On-Premise
        - IT Stack
            - Application
            - Data
            - Runtime
            - Middleware
            - OS
            - Virtualization
            - Compute
            - Storage
            - Networking
            - Facility
    - 4 deployment models
      - Priavte Cloud
          - Single Tenant Implementation
      - Community Cloud
      - Hybrid Cloud
      - Public Cloud 
          - Multi-Tenant Implementation
          - Ownership: Service Provider
          - Access: Via Internet

## Overview

- User Case/Benifits of Cloud Computing
  - Cost
  - Business Agile
  - Reliability
  - Security
  
- Features/Functions
  - Elasticity
  - Scalability
    - Scale Out
    - Scale Up
  - Agility
  - Availability
    - HA
    - FT
    - DR
  - Security
  - Manageability
- Cloud Economics
  - Economies of Scale
  - CAPEX vs OPEX
    - Cost Effectiveness
  - Consumption Based Model

# AWS

## Overview

### Online Resources

- [AWS Cloud Architecture Center](https://aws.amazon.com/architecture/)
- [AWS Whitepapers](https://aws.amazon.com/whitepapers/)
- [AWS Documentation](https://docs.aws.amazon.com/)

### AWS Services Overview

- [check aws website](https://aws.amazon.com/)

### AWS Solutions Overview

- [check aws website](https://aws.amazon.com/)

## AWS Cloud Adoption Framework

## AWS Cloud Architecture Framework

## AWS Cloud Security Framework

## AWS Cloud DevOps Framework

### SDKs

### Tools

- [Amplify Framework](https://aws-amplify.github.io/)

### AWS CLI

#### Install and Config

- Please refer to: [Howto Install, Config and Run AWS CLI for Lightsail Management](L2-CS/FastHowto/Howto-AWSCLI4Lightsail.md)

#### Query JSON Syntax

- [JMESPath](http://jmespath.org/)

#### AWS CLI Resources

- [AWS re:Invent 2016: The Effective AWS CLI User](https://www.youtube.com/watch?v=Xc1dHtWa9-Q)


## AWS Best Practices

# Azure

## Core Services Overview

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/94214iF8738A37E3E44F77" width="800" height="600">

## Architecture

- [Azure Architecture Center](https://docs.microsoft.com/en-us/azure/architecture/)

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-ResourceView.png" width="750" height="600">

### Compute/Storage/Networking

#### Compute

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-ComputeView.png" width="750" height="600">

- Computing Types
    - VMs
    - VMs Scale Set
    - Container
    - App Service
        - Service Plan
            - Free/Shared/Basic/Standard/Premium/Isolated
    - Serverless Computing
        - Azure Functions
        - Azure Logic Apps
        - Azure Event Grid


#### Storage

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-StorageView.png" width="750" height="600">

- Storage Account
    - GPv1 Account
    - Blob Account
    - GPv2 Account
- General Storage
    - Blob Storage
      - Storage Account
      - Container
      - Blob
        - Blob Snapshot
        - Metadata
    - File Storage
    - Table Storage
    - Queue Storage
- Disk Storage
    - Standard HDD
    - Standard SSD
    - Premium SSD
    - Ultra SSD
    
- VM Storage View
    - Image .VHD stored in page blob
    - OS Disk stored in page blob
    - temporary os disk soted in local Physical Machine
    - Data Disk 
      - HDD
      - SDD
        
- Replication
    - LRS: Local Replicated Storage
    - ZRS: Zone Replicated Storage
    - GRS: Geographially Replicated Storage
    - RA-GRS: Read-Only Geographially Replicated Storage
- Access Tiers
    - Premium
    - Hot
    - Cold
    - Archive
- Data Transfer 
  - Azure File Sync
  - Azure Import/Export
  - RoboCopy
  - AzCopy
  

#### Networking

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-NetworkingView.png" width="750" height="600">

- VNet: 
  - Capability
    - Isolated
      - Open for Traffic by default
      - IP Segementation
      - DNS Management
    - Internet Access
      - VPN connection
    - Chainable
      - VNet Peering
    - Traffic Routing
    - Traffic Filtering
    - Security Policy Management
  
- Subnet
  - Capability
    - NSG config
    - Route Table config

- NSG: Network Security Group
  - Capability
    - In-bound Rule
    - Out-bound Rule
    - NIC config
    - Subnet Attach

- Router
  - Azure Router Table

- VPN
  - S2S: Site-to-Site
    - IPSec VPN with VPN Gateway
    - M2S: Multisites-to-Site
  - ExpressRoute
    - CloudExchange Colocation
    - P2P EthernetConnection
    - A2A IP VPN Connection
  - P2S: Point-to-Site
    - Personal/Workstation VPN
    
- FW
  - Azure Firewall
  - Storage Firewall

- LB
  - Azure Load Balancer
    - L4 LB
      - IP:Port Hash
      - IP Affinity
      - Port
  - Application Gateway
    - L7
    - WAF
  - Traffic Manager

- CDN
  - Dynamic site acceleration
  - HTTPS support
  - Query string caching
  - Geo-filtering
  - Azure diagonostics logs

- HA Architecture Design
  - Components
    - Azure Availability Set
    - Traffic Manager
    - LBs(L4)
    - Application Gateway(L7)

#### App Service

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-AppView.png" width="750" height="600">

- App Service Plan
  - Free
  - Shared
  - Dedicated
  - Isolated
  - Consumption
  
- Dev Platforms
  - ASP
  - Nodejs
  - Python
  - PHP

### Topology

- Physical Hierarchy
  - Geography
    - Groups of Region
  - Region
    - Groups of DCs
    - Low Latency Networking
    - Multi-Regions
      - Active-Passive
      - Active-Active
  - AZ: Availability Zone
    - one or more DCs
    - Multi-AZs
      - HA design for some Services
  - AS:  Availability Set
    - Isolation Boundary
  - FD: Fault Domain
    - Physical Boundary
  - UD: Update Domain
    - Logical Boundary

- Resources Hierarchy
  - Management Group
    - Azure Enterprise
    - Departments
    - Accounts
  - Azure Subscriptions
  - Resources Groups
    - share same lifecycle
    - share same administrative boundary
      - Metering and Billing
      - Monitoring and Alarm
      - Apply Polices
        - Quota
        - ACL
    - can across regions
  - Resources

- ARM: Azure Resource Manager
  - Deployment and Management 
    - CRUD: Create, Read, Update, Delete
    - Access Control, Tagging, Auditing
    - Declarative Template Deployment
 

### Availability

- Redundancies
  - Data Center Level
  - Availability Zone Level
  - Region Level
- HA Design
- FT Design
- DR Design
- SLA Management

### Security

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-SecurityView.png" width="750" height="600">

#### Security Management

- Networking Security
    - Azure Network Security Group
    - Azure Firewall
    - Azure DDoS Protection
    
- Data Security
    - Storage Security
      - manage plane security
        - RBAC with Azure AD
      - data plane security
      - encryption in transit
      - encryption at rest
      - CORS: Cross Origin Resource Sharing
    - Database Service Encryption, Auditing
    - Regulation/Laws
      - GDPR
      - ISO 27001
      - NIST

- Information Security
    - AIP Azure Information Protection

- IAM
  - Azure AD
  - Azure MFA
  
- System Security
    - ATP Azure Advanced Thread Protection
    
- General Security Management
    - Azure Key Vault
        - Secrets Management
        - Key Management
        - Certificate Management
    - Azure Security Center
    
- Azure Service Trust Portal
- Azure Trust Center
- Microsoft Compliance Manager

#### Identity Management

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-Security-AD.png" width="750" height="600">

- Account Hierarchy
  - Azure Enterprise
  - Departments
  - Accounts
  - Subscriptions
  - Resources Groups
  - Resources
- Authentication and Authorization
  - Authentication: Who you are
      - Security Token
  - Authorization: What you can do
      - Token with Claim
  - Azure Identity and Access Management
    - Azure AD
        - can be sync with on-premises AD DS
        - Identity Types in AD
          - User
          - Device
          - Group
          - Managed Identity
            - assigned by User
            - assigned by System
    - Azure MFA
        - You Are
        - You Know
        - You Have
    - Azure AD DS
        - managed domain service
    - AD Features
        - Enterprise Identity Management
        - SSO
        - MFA
        - Self-service
    - AD DS
        - on-premises


##### RBAC: Role Based Access Control

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-Security-RBAC.png" width="750" height="600">

  - Building Blocks
    - Security Principle
      - User
      - Group
      - Managed identity
      - Service Principle
        - A security identity used by applications or services to access specific Azure resources
    - Scope
      - the set of resources that the access applies to
    - Role Definition
      - lists the operations that can be performed, such as read, write, and delete
  - Mapping relationships
    - role-permissions
    - user-role  
    - role-role 
  - Authorization
    - Role Assignment
    - Role Authorization
    - Transaction Authorization
  - coarse-grained access control
  - [RBAC for Azure resources](https://docs.microsoft.com/en-us/azure/role-based-access-control/overview)

##### PBAC: Policy Based Access Control

#### Governance and Compliance

- Azure Policies
  - Definition
  - Assignment
- Azure Initiative
  - Group of Policies
  
- Azure Resource Manager
  
- ABAC: Attribute Based Access Control
  - User attributes
  - Environmental attributes
  - Resource attributes
  - Boolean Operation
- PBAC: Policy Base Access Control
    - Azure Policy
      - workflow
        - Create
        - Assign
        - Evaluate
        - Remediate

##### Azure Security Center

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-Security-SecurityCenter.png" width="750" height="600">

## DevOps

### DevOps Tools

- Azure Management Tools
  - Azure Portal
    - Azure Cloud Shell
    - Azure Quickstart Template
  - Azure CLI
  - Azure PowerShell
  - Azure Advisor



### Design

- Microservice
  - Functional Decomposition
  - Horizontal Scaling
  - Data Decoupling
  - Containerization
- Serverless Computing
  - Azure Functions
  - Logic Apps
    - Trigger-Action Paradigm

## Data Science

### Data Services

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-DS-DataView.png" width="750" height="600">

### Big Data

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-DS-BigDataView.png" width="750" height="600">

#### Flow

- Data Explore
  - Ingestion
    - Data Pull
    - Batching
    - Validation
    - Data Manipulation
    - Committing
  - Analysis
    - Filtering
    - Modeling
    - Testing
    - Updating
- Data Store
- Data Prepare and Training
- Data Modeling and Serve
- Data Visualization and Present

### IoT

<img style="-webkit-user-select: none;margin: auto;cursor: zoom-in;" src="Azure-DS-IOTView.png" width="750" height="600">

## Management

### Charging

- Azure Cost Management
    - Account
    - Cost Factors
    - Billing Zone
    - TCO Calculator

## Terms

- Availability
  - Region
    - Region Pair
  - Zone
  - Set
  - Fault Domain
  - Update Domain
- Resource Group
- SKU: Stock Keeping Unit
  - Represents a purchasable Stock Keeping Unit (SKU) under a product. These represent the different shapes of the product.
- DTU: Database Transaction Unit
  - DTUs provide a way to describe the relative capacity of a performance level of Basic, Standard, and Premium databases. DTUs are based on a blended measure of CPU, memory, reads, and writes
- TDS

# VMware