This chapter expanded on hybrid networks, which were introduced in Chapter 6. We went into more detail about how on-premises data centers and networks connect to AWS cloud services.
You learned about site-to-site VPN connections that use the public Internet to connect into AWS. An important part of using a VPN is to provide a secure tunnel to secure in-flight traffic. You learned about the AWS security model and what AWS assumes responsibility for and the security that you must manage. AWS is responsible for security “of” the cloud, and you are responsible for security “in” the cloud. VPN security protects the data as it traverses the Internet, and you learned about many of the VPN encryption technologies used.
To accelerate and provide additional security, accelerated site-to-site VPNs use the AWS Global Accelerator to direct VPN traffic off the sometimes-congested Internet and onto the higher-speed and lower-latency private AWS backbone as close to your location as possible.
To bypass the Internet and achieve higher-speed connections and lower latency, direct connections are used. You learned about the physical requirements of making a direct connection.
It is assumed that you already have a basic to advanced knowledge of layer 2 and 3 networks including how switches and routers operate. A review was included in this chapter to serve as a refresher. Gateways were reviewed, and the differences between gateways and routers were demonstrated.
Since AWS can be viewed as a very large software-defined network, you learned about the architecture of software-defined networks, how they are deployed, and how the SDN building blocks interact with each other.
The AWS central routing hub, Transit Gateway, was discussed, and you then learned about what AWS PrivateLink is and how it is used.
To share AWS resources between accounts, the Resource Access Manager service can be deployed to simplify ease of management, reduce overhead, and increase security.
We finished the chapter by learning about how to test and validate network connectivity. AWS tools that are used include the Route Analyzer and Reachability Analyzer. Public utilities that are also commonly used for testing and troubleshooting include ping and traceroute. How and when to use these utilities was explained by using examples.
Understand the AWS security model and best practices. Read the AWS shared responsibility online documentation and understand the material before taking the exam.
Know the site-to-site VPN architecture and how to configure and operate site-to-site VPNs. VPNs are an important component of hybrid networks. Focus on VPN security and how tunnels are created. Again, review this chapter’s material and published AWS VPN documentation if you feel that you need additional knowledge of IPSec and the AWS implementation of VPNs. Know what AWS services make up the accelerated site-to-site VPN service and how it is implemented.
Understand the role of Direct Connect in hybrid networks. Direct Connect is the second interconnect option. For the exam, know the physical interconnect optical options, speeds, types of fiber cable required, and base configurations. Also, review the process used to establish a direct connection.
Understand the basics of software-defined networking. Have a good understanding of the software-defined networking architectural modes and their use of APIs. This conceptual understanding gives you a good high-level understanding of the AWS cloud and helps you see the “bigger picture” to help understand many of the exam questions.
Be familiar with the AWS Transit Gateway, PrivateLink, and Resource Access Manager. These services were introduced in this chapter and will very likely appear in at least a few exam questions. If you feel you do not have a thorough understanding of these services, review the sections in this chapter, the AWS online documentation pages, and the AWS web console before taking the exam.
Know the common network troubleshooting tools. You will receive a few troubleshooting questions on the exam. Have a good understanding of the AWS Route and Reachability Analyzers, what they are, and how and when they should be used. Also, know the client-side utilities of ping and traceroute and have the commands memorized for both the Windows and Linux implementations. Expect a question or two where you will be required to distinguish between all the test utilities and where each one should be used.