Hybrid Cloud for Architects电子书

Title Page

Copyright and Credits

Hybrid Cloud for Architects

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Introducing Hybrid Cloud

The cloud's demographics

Based on abstraction

Service down clouds

Infrastructure up clouds

Differentiating service down and infrastructure up clouds

Based on services offered

Based on consumers of the services

Choosing different cloud combinations

Summary

Hybrid Cloud – Why Does It Matter?

What does the world say?

Pure-play public cloud strategy

Public cloud benefits

Need for agility

Ability to experiment without upfront cost

Reducing operational overheads

Ability to consume enhanced services

Shortcomings of a public cloud

Cost

Control/customizability

Compliance

Fear of lock-in

Hybrid cloud case study

Summary – maximizing benefits

Hybrid Cloud Building Blocks

The story of a web application

Transport level

Case 1 – without a proxy

Case 2 – with a proxy

Application level

Web tier

Application tier

Database tier

Putting it all together

Use cases of a hybrid cloud

Isolated use case

Distributed use case

Co-Existent use case

Cloud bursting

Using cognitive services

Supporting application use cases

Backup and disaster recovery in the cloud

Decoupling the tiers

Case in point – architecture of OpenStack

Services to enable a hybrid cloud

Network connectivity

DNS service

Public cloud services for hybrid deployment

Amazon Web Services (AWS)

Storage gateway

Direct connect

Route 53

Amazon EC2 run command

VMware cloud on AWS

Microsoft Azure

Azure Stack

Azure Site Recovery (ASR)

Azure Traffic Manager

Summary – setting up hybrid cloud

Architecting the Underpinning Services

Networking

Underlay network

LAN architecture

WAN architecture

Overlay networking

GRE

VXLAN

Virtual Private Network (VPN)

Encrypting data using IPSec and SSL – concepts

IPSec VPN

SSL VPN

MPLS connectivity – direct connect

Routing table

Domain Name System (DNS)

How does DNS work?

Global load balancing

Identity and Access Management (IAM)

Identity Federation

Multi-Factor Authentication (MFA)

Application components

Global databases

Using Cockroach DB in a hybrid cloud environment

Database log shipping

Choosing the right components

Network connectivity

DNS services

IAM and Active Directory

Conclusion

Hybrid Cloud Deployment – Architecture and Preparation

Getting started with the public cloud – AWS

AWS terminology

Account

Region

Availability zones (AZ)

Virtual private cloud (VPC)

AWS services

Architecting the AWS environment

AWS account design

VPC design

Designing an AWS environment

Connectivity to the private cloud

Setting up a public cloud – AWS

Creating an account in AWS

Creating a VPC and subnets

Creating the IGW and VGW

Setting up AWS API access

Setting up the private cloud

Basics of designing an OpenStack environment

Choosing an OpenStack distribution

Choosing the deployment method

Installing DevStack

Configuring DevStack to enable Heat

Summary

Building a Traditional CMP-Based Hybrid Cloud

Supporting applications use case

Traditional operations

Modern outlook

Using the AWS storage gateway

File gateway

Volume gateways

Tape gateway

Isolated/distributed application use case

General architecture of CMP

ManageIQ

Installing ManageIQ

Preparing the host environment

Containerization basics

Understanding and installing Docker

Installing a ManageIQ container

Configuring ManageIQ to connect to AWS and OpenStack

Adding a new AWS EC2 provider

Adding our OpenStack endpoint

Provisioning virtual machines using ManageIQ

Creating a catalog

Creating a Service Dialog

Creating a catalog item and catalog

Testing the catalog

Policies and user authentication

Creating cloud images

In conclusion – architecting with a CMP

Summary

Building a Containerized Hybrid Cloud

Evolving to containers

Container networking

None – no networking

Bridge networking

Host networking

Overlay networking

Underlay networking

Container orchestration engine

Kubernetes architecture

Basic concepts in Kubernetes

Pod

Controllers

Service

Volumes

Namespaces

Kubernetes deployment

Introduction to Juju

Installing the Juju client and bootstrapping clouds

Bootstrapping an AWS Cloud

Bootstrapping an OpenStack Cloud

Accessing the Juju controller using a GUI

Deploying Kubernetes with Juju

Deploying a second instance of Kubernetes

Connecting to the Kubernetes clusters

Federation using Kubernetes

Reasons for consideration

Application migration – avoiding vendor lock-in

Enforce policies

High availability and application upgrades

Cloud bursting

Federation challenges

Implementing a Kubernetes federation

Step 1 – setting up the federation controller

Step 2 – combining the Kubernetes configuration (optional)

Step 3 – creating the federation

Creating the DNS provider

Initializing the federation

Summary

Using PreBuilt Hybrid Cloud Solutions

Azure Stack

Getting the Azure Stack

OpenStack Omni

Installing OpenStack Omni on DevStack

Removing the DevStack instance

Modifying the local.conf file

Running DevStack

vCloud Air

Using the different hybrid cloud solutions

Summary

DevOps in the Hybrid Cloud

The development cycle and DevOps

The traditional development stages

Merging the different teams

Creating the infrastructure

Configuring the infrastructure

Templatize

DevOps or NoOps

IaaC with Terraform

Installing Terraform

Configuring and using Terraform

Configuration management using Ansible

Installing Ansible

Configuring Ansible and a sample playbook

Summary

Monitoring the Hybrid Cloud

The traditional concepts in monitoring

Availability monitoring

ICMP monitoring

TCP/UDP monitoring

Enhanced monitoring

SNMP-based availability monitoring

Performance monitoring

SNMP monitoring

WMI monitoring and custom agent monitoring

Monitoring the hybrid cloud

Prometheus

The implementation architecture of Prometheus

Installing Prometheus

Downloading Prometheus

Setting up directories

Setting up startup script

Setting up node exporter

Configuring Prometheus

Grafana

Installing Grafana

Configuring Grafana to use Prometheus

Summary

Security in a Hybrid Cloud

Components of security

The CIA triad

Confidentiality

Integrity

Availability

Tools to protect against the breaches

IAM systems

Data encryption in rest and in motion

Network perimeter security

Firewalls

IDS/IPS

Proxies

Host controls

High availability and disaster recovery

Detection and analytics mechanism

Minimizing shared infrastructure

Compliance standards and controls

HIPAA compliance standards

Administrative controls

Physical controls

Technical controls

Security controls consideration in hybrid cloud

Common controls

Implementing the controls on AWS – public cloud

Security – shared responsibility model

Implementing the controls in private cloud

Security – best practices

Implementing a CMDB/asset list

User accounts and authentication

Provisioning and postprovisioning controls

Networks

Other practices

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think