Why study for a Cloud networking certification?
So, why study for a Cloud Networking certification?So, that was a wake-up call! Just taken my first attempt at the AWS Networking Specialty exam and it was an experience!
I've been saying to my team for some time that in order to really understand the networking within cloud environments, and to get the optimum experience for customers in those environments, you need to really appreciate how applications are deployed, and the elements in AWS and Azure you need to make those applications reliable and scalable,
And if ever I needed confirmation of that, I got it this morning. The exam has 60 questions for which you're given 3 hours to complete them. You shouldn't need that, but my goodness, it's tough and just illustrates how the paradigm shift to Cloud highlights what we have known for years - DC (and thus Cloud) networking is all about enabling application flows.
If you're planning on looking into this (and as a networker you should - whether you believe everything is going Cloud or not, hybrid is likely to be the default for most organisations in time) then it's time to really look into and appreciate best practice for app deployment, and the Cloud tooling to make that happen.
In AWS, there are obvious connectivity elements, such as:
- VPCs, AZs, routing tables, subnets, security groups, Network ACLs;
- VPN gateways for private connectivity over the Internet;
- Direct Connect and its associated VIFs for connectivity over private circuits;
- The transit VPC model with VPNs between VPCs;
- VPC peering;
- Internet gateways, NAT gateways and instances
and so on.
But these really mean little until you consider how they might need to be used by the applications being deployed and the interactions that make then happen. Unless you consider things like:
- the endpoints users will access applications from and the networks they're attached to;
- the availability requirements of the applications, and the level of failure you need to protect against;
- interactions between elements of apps and external services (identity, external data stores, APIs into other applications)
- how applications might need to be scaled;
- how mechanisms like DNS, content delivery networking and load balancing will be used to provide scale and availability;
- security requirements like ciphers, certificate management, protecting data both at rest and in motion;
- DDoS, IDS and simple security policy based on identity of users, workloads, IP addressing
then you are not going to fully appreciate which elements are required to make the most of the Cloud capabilities. In order to progress with this certification, you need to understand certain AWS capabilities inside and out including:
- EC2, ENIs, EIPs, Lambda;
- Regions, Availability zones and their limits;
- VPCs and subnets, routing tables;
- Placement Groups and Auto-Scaling;
- DirectConnect and VGWs;
- Classic, Network and Application Load Balancers;
- Security Groups, Network ACLs (similarities and differences);
- Route 53 and DNS principles;
- Web Application Firewall;
- AWS monitoring and telemetry (VPC Flow Logs, CloudWatch, CloudTrail, SNS,
- Automation (API, CloudFormation);
- Gateway and Interface Endpoints
and more! And that's before we start getting into containerisation and the joys that brings!
With being responsible for the underpinnings of all connectivity, network professionals have always had a responsibility to understand the broader IT landscape. Nowhere is that more true than in the Cloud. Get across all of these capabilities and how they are used to build available, secure and scalable apps and you will be ahead of the game when it comes to delivering the network to make it happen!
Yes, I just got my butt kicked by that exam - I'll come back and pass it next time, but as with anything, you need to make sure you learn along the way! Key thing here is to appreciate the broader context and ensure you take it into account in the network design, on-prem or off!