Amazon AWS Certified Advanced Networking Specialty – Networking & AWS Primer Part 6
16. Amazon WorkSpaces
Hey everyone, and welcome back. In today’s video, we will be discussing about the Amazon Workspaces. Now, one interesting thing is that I am not able to find my slides. Well, the reason is because I am logged into my workspace. So let me come out of it and I’ll go back to my main workstation and let’s do a full screen. Great. So even before we start our presentation, I’m sure that in a high level overview you got a glimpse about what Amazon Workspaces might be. So let’s go ahead and understand that with our PPT slides. Now, at a high level overview, amazon Workspaces is basically a managed secure cloud desktop service. So you need to remember these three words, which is cloud desktop service. Now, user can access the workspace from various clients like Chromebook, iPad, Mac, Windows and various others. Now, one really great thing, let’s say that you have an iPad and you need to work on a Windows workstation on a regular basis and you cannot really go around with a Windows workstation.
So what you do, you create a workspace of Windows Seven and you connect your iPad to those workspace and you will have a Windows Seven in your iPad that you will be able to use. Definitely, since it is in cloud, you need to have a WiFi connection or an Internet connection to connect to your remote workspaces. Now, this remote workspaces are something that we pay on a monthly or an hourly basis. So if I typically have to show you, if you see over here I have Amazon Workspaces which is up and running. Now, again, this is the workspaces client that I have in my Windows system. Now, this client is available for iPad and various other platforms.
So let me just click over here and you see I have a Windows system available over here and if I just maximize it and if you click on View and if I go to full screen, you should see I am having a perfectly working Windows system over here. So I’ll be able to do, say, ping on Google. com and I’m getting the reply. So basically, this is a Windows box and you will be able to do everything that the Windows box supports. So this is also referred as the Amazon Workspaces. Now, let’s assume that you have an iPad.
So you can download the Amazon Workspaces client in your iPad and you can connect to your workspace and it will look very similar to this. Same goes for Mac, same goes for Windows as well. I am connecting to Windows and all the platforms which are supported by the Amazon Workspaces. So let me come out of this. It’s very funny because I got a message from one of my colleagues. So once he logged into workspaces, he was not able to come out to his home operating system. So he tried various ways to come out of this workspace.
Because if you see this workspaces also acts as a full screen. So you’ll assume that this is Windows, which is installed in your laptop, but it is not. So this is a cloud based remote desktop here. So in order to come out of the workspace, you have to go on the top right. You have to hover your mouse on the top right here. And then you will get this screen. You just have to click on View and click on Exit full screen. Great. So now that you know what workspace is, what we’ll do is we’ll go ahead and we’ll create our own workspace.
Now, if I go into my Workspace Management console, you see I have one workspace which is available over here. Now, if I expand this workspace, it will give you various options like launch time, when was it last updated, et cetera. Now, one interesting part about the workspace is that you can even connect to your workspace via the web browser. Now, basically, if you go to clients, Amazonworkspaces. com, these are the supported clients which your workspace supports. You have Mac, you have iPad, you have Windows. You even have Android tablet. You have Chromebook Fat Tablet and the web access. So let me also show you how exactly the web access might look like.
So I’ll click here and I’ll select Launch. And the first thing that you need to do is you have to log in and it will ask you for the username and password. Let me quickly give the appropriate password for this workspace and I can do a sign in here and after signing, this is how the workspace might look like. Now, again, you should not expect the best in class GUI specifically if you are connecting to workspace from the web browser at least. So, in order to ensure that this is not a screenshot, you can just click over here and you see it works as expected. So if I open up the command prompt, this is working as expected. So this is the great feature of Amazon remote virtual Desktops is something that a lot of organizations they use very actively. Anyways. So let’s do one thing.
I’ll switch to a different region and we’ll create our own Amazon workspaces. Now, once you go to the workspace, basically you can go to workspace by just putting the workspace within the services list and you will be redirected to this console. Now, if you go to the workspace over here so now within the workspaces, you have an option for Get Started Now. So let’s click here and we’ll select Get started. Now. So now there are two options over here. One is the quick setup and second is the advanced setup. Advanced Setup will definitely give you advanced options related to the use cases where you have the On premise directory and various others. So, for the time being, we’ll select the Quick set up here. I’ll select Launch and you have various bundles which are available. You have standard with Amazon Linux Two, you have standard with Windows Seven with Windows Ten and if you go down you have various others which are also available.
You even have the Power Pro with Windows Ten and Office 2016. So in case you don’t want to purchase a license which basically might give you a full time payment that is required, you can just select this and you can run it for an hour or two and then you can just pay for that amount of time. So for the time being, let’s select the standard with Windows Ten. Now this is Free Tire and this is what we intend to do. Now this also has two vCPU, fourGB Ram and 50GB of storage. Now, once you have done that, you need to give the username first name, last name and email address. This is very important because this is where your password and various registration related details would come. We’ll see on how exactly that works. So for the username, I’ll give the username as Zeebora.
The first name is ZEEL, last name is Vora and email I’ll say instructors at Direct, Kplabs in and the bundle is standard with Windows Ten. I’ll go ahead and I’ll do a launch workspaces. Now let me click on View the workspace console and basically if you see it gives a message stating that a workspace may take up to 20 minutes to become available. So you need to have a good amount of patience because this is something that might take time now before a workspace actually gets created. And what Amazon will do is it will create a directory over here. So you see it has created the directory over here because whatever users that you might be creating, it internally connects to the directory service over here. So in case if you want to do a reset password, et cetera, this is the directory service that you need to look into. So this is the directory service. Once this is created and set up, then the workspace gets created and whatever workspace that you have it integrates with the directory that has been set up. So let’s quickly wait for some amount of time. It might be 15 to 20 minutes. I’ll pause the video till the workspace is created. So it has been close to around 20 minutes.
And if you see our workspace status has been changed to available. Now as soon as it changes to available, typically on the email address that you had configured while creating users, you would receive an email. Now in my case I already receive an email. So the subject name is your Amazon workspace and basically there are three steps over here. First is you need to complete your user profile. So when you click on link here you’ll have to set up your password associated with the user. Then is the registration code that you need to enter and the final phase is Login. Now let’s click on the first link here, let me click here and here it is basically asking me for the password. So let me quickly put the password over here. Great. So once the password has been put, I can go ahead and I can update the user. Now as soon as you do that, you will automatically be redirected to this website which is clan Amazonworkspaces. com. Now it will basically give you a lot of options.
You have a Mac iPad, windows, Tablet, Chromebook, et cetera. Now depending upon which printing system you have, you can download the relevant client. In case of Windows, you can just download it, you’ll have an exe which you need to install. So in my case I already have it installed. So if I quickly say Amazon Workspaces, I have an Amazon Workspaces client over here. So this is how the Workspaces client might look like. Now, in our demo we already had seen on how exactly it might look like. So let me do one thing, let me click on Manage registration over here and let me update this registration code. So this specific registration code that you see here belongs to our demo Workspace instance will replace this with a registration code which we have received over the email address. So let me update a registration code here, I click on Register. Now once you have registered, it will go back to the login screen and you need to fill in the username and password that you had created. Once you have done that, you can go ahead and you can click on Sign in.
I just put Remember me as no and currently it is launching the session. So let’s quickly wait for a moment here and you have your perfectly working workspace which is present over here. Now in order to go to full screen you can always click on View and you can select the show full screen over here. Now one more thing that I wanted to show you is specifically on how you can launch through the web access. So if I select Web Access here and if I click on Launch I put the entire new registration code. So I’ll copy the same registration code which I had received over email and I’ll click on Register and now you see it basically gives an error saying that the access is denied. Now by default the web based access is denied for your workspaces. So what you need to do is you have to explicitly allow it. Now in order to do that, you need to go to directories. We already know that when a workspace is created by default a directory would be created where your user information and a few more things would be stored. So you have to click on the directory, go to Actions, click on Update Details.
Now within this you have the option of access control. And within here if you see for the platforms you have the web access platform is not selected. So I can go ahead and I click here and I’ll do update and exit. Great. Once you do Update and Exit, let’s select launch here. Once again, I’ll click on registration code. Let’s quickly verify if it is an updated one. This is the updated one. And now let’s log in here. And now you are able to open your workspaces. So since this workspaces based on Windows Ten, you’ll be able to perform all the operation. Now again, it’s always better to use the client instead of web browser, because you will not really have a good graphic.
17. Network Requirementsfor Amazon WorkSpaces
Hey everyone and welcome back. In today’s video we will be discussing about the network requirements for the Amazon workspaces. Now workspaces is something that we have discussed in detail in the earlier video. So in today’s video we will be specifically focusing on the requirements specific to the network for the workspaces. Now one very important point to remember is that every work workspace that you provision would have two network interfaces. Now the first network interface would reside in a customer VPC and the second network interface would reside in the AWS managed VPC. Now the Amazon management VPC that we are discussing over here typically has one of the following CIDs which can be 172 310 00:16, 190 to 1680 00:16. Which CIDR that will be used depends upon your current VPC CIDR where your workspace is getting launched so that it does not clash. However, do remember that let’s say you have three VPCs with the exactly similar subnet or subnet or CIDR which is clashing along with this. On a longer term it will create an issue.
So that is something that you need to remember there. Now let’s understand this point before we go into detail. So I have my workspace client over here, let me open this up and this is the demo server that we had seen in the earlier video. Now if I typically do a right click and I do an open network and sharing center, let me maximize this over here. Now within the change adapter setting you will see that there are two network adapters over here. This can be validated from the command prompt as well. So if I do IP config all you would typically see that there are two interfaces. One would be the 170 2160, 223. So basically this is the VPC level network interface and you also have one more network interface which is available. You see 1921-681-3248. So this specific network interface which is with the idea of three, this is in the management VPC side. However, the first network interface which is 170 216, this is part of the custom VPC which means my present VPC.
So you can also verify this. So if you quickly open the VPC and I’ll go to your VPC tab and you will see I have two VPCs over here. One is 170 216 and second is 172 31. We don’t really have a 190 to 168 VPC. So the third interface, the interface with the ID three is associated with a management VPC over here which has received this specific block. All right, so do remember that it’s the AWS managed VPC. Now there are certain important network requirements which the workspaces need. The first is the virtual private cloud. Now basically, if you remember that while we had created the workspace it automatically had set up the directory service. And directory service is basically the platform where your authentication and your users are stored. So basically in order for the workspace to work you need to have a VPC which contains at least two subnets basically because the directory service that you launch requires two subnets for the multia deployment. So this is one of the requirement that you need to ensure that you have before you create the workspace. Second requirement is the directory service by itself. So directory service is basically responsible for authentication as well as storing the user information. So it is very important that a directory service is created. Now, it is not necessarily that you need to have a directory service in your AWS, you can even use your on premise ad. And the third very important requirement is the security group for access control.
So basically you can attach a security group to your workspace. Let me quickly show you this. So this is my workspace. Now if you go to the directories so I’ll select the directory, I’ll go to action, I’ll select update details and within your if you basically go to security group you see it states that select a security group that will be added to your workspaces network interface in your Amazon VPC. So you can go ahead and attach a security group over here. Now, if you just wanted to see how exactly the network interface would look like or where you can find the network interface associated to your workspace, you can go to an easy to console and you can select Network Interface. Now within the network interface you see there are multiple network interfaces which are present.
The first one and the last one if you look into the description they are basically the network interfaces for the directory service. Now we already have seen that the directory service if you remember that we need to have at least two subnets for the directory service and if you go to the EC to console the first network interface is associated with the zone two C and the second interface is associated with two B. So basically this was for multi AZ. Now this specific interface which is the third one is basically created by Amazon workspaces. So this is the network interface which has been associated with the workspace. Now if I select this network interface and if you go a bit down you would typically see the private IP which is 170, 2160, 223. You can even verify from here you have 170, 2160, 223. So that is the network interface associated with my workspace machine. So since we have network interface we can also associate a security group with that network interface.
18. Lambda@Edge
Hey everyone and welcome back. In today’s video we will be discussing about lambda ADH. Now, at a high level overview, lambda ADH basically allows you to run your lambda function to customize the content that your Cloud Front might deliver to your end users. Now basically, this can be easily explained in a diagrammatic view because you have we directly jump into these theoretical points. It will just confuse. So this is a diagrammatic representation. So let’s say this is a user. This can be a browser CLI or anything and you have a Cloud Front here, this is a Cloud Front cache and this is the origin. Now this can be an S three bucket or whatever website that you are running behind the scenes. Now what lambda at the edge allows you to do is it allows you to run lambda function at four major points. First major point is before the request hits the Cloud Front cache.
The second point is after the request misses the Cloud Front cache and before it hits the origin. So this is the second point where you can run your lambda function. Third point is as soon as you get the data back from your origin. This is the third part and the fourth part is after the data traverses the Cloud Front cache and before it goes back to the user. You have one more pointer here. So there are four pointers where you can run your lambda function. Now, these pointers are defined by a name. The first one is defined by viewer request. Second one is defined by origin request. Then you have the origin response and fourth is the viewer response. Now, because of the capability of AWS to run your lambda function in these four pointers, it really allows a lot of possibilities and lot of capabilities. So let’s go back to our first slide and understand about each of these points. So now coming back to the second point of the first slide, it states that you can run your lambda function to change the cloud print request and responses at the following points. Now, we already discussed that there were four pointers. Now these are the four pointers that you need to remember. First is viewer request, second is origin request. Third is origin response and fourth is viewer response.
Now, viewer request is nothing but after CloudFront receives a request from a viewer. So this is what the viewer request is all about. Second is the origin request which basically states that this is the location before Cloud Front forwards the request to the origin. So you have a Cloud Front cache over here. Now, before you forward the request to the origin, there is a pointer over here. So this pointer is referred as the origin request. Now the third one is the origin response which is basically after CloudFront receives the response from the origin. So this is the third place of it and the fourth place is the viewer response which basically states that before the cloud front forwards the response to the viewer. So this is the location. So before the request is sent back to the user agent, this is the fourth place over here. Now, do remember that this representation that you see here, it’s basically the cloud front cache.
So let’s do one thing, let’s understand about each of these events in a detailed manner. Now, the viewer request is basically executed on every request before the cloud front cache is checked. This is something that we already saw that viewer request. So any lambda function that you put over here, so these are the four locations where you can put your lambda function and that lambda function will execute at each of these location whenever a request is arrived. So any lambda function that you put at this specific location will be executed every time before a cloud front cache is checked. Now, there are a lot of benefits of running a function at the viewer request.
One of the benefit is modifying the URL. You can do a cookie, you can do a query string related modification and one of the very famous ones which is also easy to explain is perform authentication and authorization checks. So this can be understood with the following diagram where you have a user agent over here and you have a cloud front. So as soon as the cloud front receives the request, then the first thing before the cloud front cache is checked is the viewer request event. So viewer request event can basically look into what is the request that the user agent has sent, whether the request contains the appropriate password which is required to open the website. If the request contains the appropriate password to open the website then the request will be go to the OK and then it will be sent to the origin.
If the request does not have the password then your viewer request even can send the Http 40 three back to the user agent. And this password authentication is one of the functions which a lot of organization puts at the viewer request level itself because let’s say that a user agent is requesting for a specific file and that file is cached to a rear. Now it might be possible that the request would not go to the origin, the request would be responded from the cache itself. So it is very important. Specifically, if you have a kind of a password authentication, you put your password authentication related check in the viewer request so that as soon as the request is arrived at the cloud front level, you run your lambda function here and that lambda function can determine whether the request should be allowed to pass or not. Now the second part is the origin request.
Now, origin request is generally a location of your lambda function, which would execute whenever a cache is missed or before a request is forwarded to the origin. Now, basically, there are a lot of things that you can do at this stage, like dynamically set the origin based on the request headers. So let’s understand this part. So, this is the diagram of the origin request. If you note, I have put a star over here so that it is easy to know on which function or which location we are discussing about. So here we are assuming that the request first went to Cloud Front. Then you have the viewer request then it went to Cloud Front cache there is a cache? Miss, do remember important part to remember here if a cache hit is there, then Cloud Front can deliver the data directly to the user agent, then the origin request and the origin response might not execute. So it is important to remember. So whenever a cache miss occurs, the data traverses to the origin request. Over here, now. Origin request. You can. Control a lot of parameter over here. One of the parameters or one of the use cases that you can work at this level is dynamically. Set the origin based on request headers so it might happen that there are multiple origins. Let’s say you have a s three bucket.
You have an EC two instance. Now, from this lambda function, you can tell whether the request should go to the s three bucket or to the EC to instance based on the request headers. So all of those control you can have at the origin request level itself now you can also directly send the data from the origin request back. It is not necessarily that it would hit the end. Point. So depending upon what is the logic that you want to define a warrior? So the next part that we need to discuss is the origin response. Now, origin response basically is executed on a cache miss after a response is received from the origin. So if we look into the diagram associated with origin response so origin response comes after the origin and the data which origin sends back. It goes to the origin response stage over here. Now again, this stage is very important and you will be able to achieve a lot of use cases from this origin response. Stage one is you can modify the response headers and you can also intercept and replace various four XXX and five xx errors from the origin.
So let’s say you have an origin here, it can be an easy to instance and somehow your application is down and it is not working at all. And what it gave, it gave a 500 error back. Now, at the origin response, you can have a logic that whenever you get a 500 response from the origin, either it can replace that response with a specific. You can say a page saying that the website may be in a maintenance or the origin response can connect or it can send a 30 one redirect to a back end or to the backup origin for the request to happen. So this is also one critical stage. Now the last stage is the viewer response. Viewer response is basically the function which gets executed on all the responses received either from the origin or from the cache.
Now this again is a very important state because it might happen that after viewer request the request might hit the cloud front cache and from the CloudFront cache itself the data would go back to the user agent. So this right side part might not get executed at all. So if you want certain functions to happen for all the responses which are being sent back to the user agent putting your function at the viewer response level is extremely important. Now one of the use cases is which lot of organizations use the viewer response for is to modify the response headers before the caching of the response happens. Now basically what happens is from the origin response if you have certain headers it might get cached at the CloudFront cache but if you put it at the viewer response level you will not have the caching at all. It will go directly at the user agent level.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »