SAP-C02 Amazon AWS Certified Solutions Architect Professional – Exam Preparation Guide Part 4

  • By
  • September 5, 2023
0 Comment

4. Exam Preparation – Domain 3

Hey everyone and welcome back. Now in today’s video for important pointers for exams our focus would be on domain three. So the domain three is migration planning and it constitutes to be 15% of the examination. So let’s get started and see what are some of the important topics of this domain. So as part of this domain, there are certain important services that you need to know.

First is the server migration service. You have storage migration service, you have database migration service, you have application discovery service. You need to know at a high level overview what migration hub is also the network migrations related pointers and migration strategies. So speaking about migration strategies, there are six migration strategies which are also referred as six Rs. So at a high level overview, just understand what each one of these is. So the first one is Rehost.

Rehost is also referred as Lift and shift. So what you do here is you move the application from on premise to AWS without any changes. So one sample use case here would be the on premise MySQL to EC to MySQL. The next one is replac from reapplatform is also referred as lift, tinker and shift. So here you basically make some optimization. So if a cloud provider has a better service, you make use of that to achieve some kind of a tangible benefit. So one of the example here would be to move the onpremise MySQL to RDS. The third one is Refactor and Re architect.

So here you reimagine on how the application is architected and developed by making use of cloud native features. So let’s say you have an on premise application. So you migrate that on premise application to serverless. The fourth one is repurchase. So in repurchase you basically move from perpetual license to a software as a service based model.

So one quick example is Nessus. So if you are making use of necessary for vulnerability scanning instead of Nessus you can make use of AWS inspector. The fifth one is retire. So here you basically remove the applications which are no longer needed. And the last one is Retain. So what happens at Retain is you basically keep the applications that are critical within your on premise itself.

So let’s say you have a critical application and it needs a lot of refactoring, all right? So you don’t really want to do that right now because it is one of the critical aspect of your organization. So what you do is you just keep it there for some amount of time. All right. So that is referred as the retain. Now the next important pointer is the server migration service. Now do remember that in exams you might see something like SMS.

So just know that SMS is basically the server migration service. So the server migration service is basically an agent less service which makes it easier and faster for you to migrate thousands of onpremise workloads to AWS. Now there are two supported platforms here, one is Vsphere and second is HyperV. So at a high level overview, just understand the steps which are needed. First is you schedule a migration. All right, so then what this does, it basically takes a snapshot of your virtual machines. It exports your VM to an OVF template.

Now, it uploads that VMDK file to an s three bucket and it cleans the snapshot. The next stage is to convert that VMDK file which was uploaded to s three bucket. So it converts it in the form of EBS snapshots, and then it goes ahead and deletes the VMDK file. And then it goes ahead and creates the AMI. So it can also create regular AMI if you intend to do it. All right, so that’s the high level overview about the Server Migration Service. Now, you will not be asked about the technical aspect here, primarily because HyperV and Vsphere configuration is not part of the exam. The next important pointer is the database migration service. So the Database Migration Service basically helps you migrate to AWS quickly and securely. Now, during the migration, the source database remains fully operational, hence it minimizes the overall time for the applications which might be relying on that database.

Now, do remember that the DMs also works with the Schema Conversion tool for both the homogeneous, which is the same database type, as well as the heterogeneous migrations, which would be a different database type. Now, the DMs also supports no SQL databases like DynamoDB as well as MongoDB. So if you’re speaking about the AWS Schema conversion tool, these are the supported types for Schema conversion here. So for example, if you have an Oracle database, then the target database on RDS can be Aurora, MySQL, post Gray Sequel and Oracle. So same goes for MySQL and Mariodb. The target can be post gray SQL. So this is at a high level overview, the Schema conversion, you can just go through it, no need to remember exactly, but having an understanding about the Schema conversion and how DMs also integrates with it is useful.

So this is one of the document as part of the Database Migration Service here. Now, the next important pointer is the application discovery service. So the Application Discovery Service basically helps enterprise customers plan the migration projects by gathering the information about the on premise data center. So do remember the word gathering. Now, for the enterprises which might have hundreds to thousands of onpremise servers, it is important to understand what is the current utilization of those servers, what are the network dependency, and what might be the right instance type when these servers are migrated to AWS. So all of these details can be given by the Application Discovery Service. Now application Discovery service works based on both agent base as well as agent list base. However, if you want to work with Agent List then you need to have the VMware based environment. Now, the next important point here is the AWS Migration Hub.

Now AWS Migration Hub by itself is just the central location to track the progress of your overall application migration that might be happening. So within your Migration hub you will be able to see how many agents are currently running, how many of them are in the shutdown state, the state of migration by itself and similar. So that is what migration hub does at a high level overview. So for example, if you are running the application discovery service, so you will be able to see the agent specific information from the Migration Hub console. Now the next important pointer here is the IP address reservation. Now this is both important when you are doing a migration from your on premise to AWS, as well as whenever you’re creating a CID R in AWS. So whenever you’re migrating to AWS from your on premise, you have to make sure that the CID arranged between on premise and AWS do not overlap, otherwise the communication would not happen there. Now whenever you’re creating a CIDR, there are certain address which are automatically reserved by AWS.

So you should have information about that. So do remember that the first four IP address and the last IP address in each subnet CIDR block is not available for us to use and cannot be assigned to any instance. So let’s say for a subnet block of 100 zero 00:24 following five IP addresses are reserved and cannot be used by customers. So the first one is the 100 zero zero, this is the network address. Then you have 100 zero one, this is reserved for AWS for VPC router, then you have 100 zero two, this is reserved for the AWS DNS. Then you have 100 zero three, this is reserved by AWS for future use, and then you have the 100 zero 255, this is reserved for network broadcast. Now, since in AWS broadcasts are not supported, this address remains to be reserved.

Now, there are certain important considerations that you should take whenever you are doing migrations from your on premise to AWS, specifically when it comes to network. So whenever an organization typically they migrate from on premise to AWS, they take a simplistic approach by establishing a VPN connection between the AWS environment and the on premise. So here you should understand the basic concepts of virtual private gateway as well as customer gateway. So initially they can make use of VP internals, but at a later stage when they require a minimal latency or a higher bandwidth, then they can also opt for direct connect as a better solution. Now for direct connect, do remember that a single direct connection is not highly available. So they can also make use of a VPN that can act as a backup if the direct connect connection fails. Now the transition from VPN to direct connect can be straightforward with the BGP.

So generally what happens? Let’s say that you have a VPN connection between your on premise and AWS. And now you also have a direct connect connection. So you want to migrate or you want to transition the traffic from VPN to direct connect. So one quick way is you just close the VPN and that becomes a hard failover, all your application stops working and then you can drop the traffic to direct connect. That is one way, but that will lead to a downtime. So second way is through BGP. So if you are using BGB, then you can assign a score priority. So let’s say you have a priority of five for VPN. So this is just an example. You have priority for five for VPN, priority of five for BGP for Direct connect. So now what you do, you increase the priority of the direct connect connection. All right?

So let’s say you increase the priority to one. So now what will happen is the traffic will go towards the connection which has the higher priority. So since the direct connect has a higher priority, all the traffic will slowly transition towards the direct connect connection. And in this way you will not really need a downtime there. All right? So now when you have a VPN as well as the direct connect connection, do remember from the AWS side, the direct connect is always the preferred path. This is always the first priority from the AWS side. So you have to make sure that even the return traffic from your network to AWS also has the direct connect as the preferred path. So let’s say from AWS to your customer gateway, the preferred path is the direct connect. And from your customer gateway to the VGW, your preferred path is VPN. So things will not really work as expected there. So you have to make sure that even for your customer gateway side, the direct connect becomes your preferred path. Now again, this can be achieved. We already discussed we can assign a priority so that is also referred as the BGP weights. If you are using dynamic routing, you can also do it with static routing if you have it. Now along with that you need to also know the Elastic File system.

So Elastic File system is generally good for use cases where you need storage solutions which can be attached to multiple hosts at a given instant of time. So EFS is one of the solutions where you can mount it to multiple EC two instances simultaneously. Now, one great benefit about EFS is that its ability to scale on demand to petabytes without disrupting applications, so it can grow as well as shrink automatically as you go ahead and add and remove files. Now, you can also access the EFS file system from your on premise. So you must have a direct connect or an AWS VPN connection between your on premise data center and your VPC to do that. Now do remember that do not get confused between block file as well as object storage within the exams.

So EFS is a file storage. Now, if you have a question which specifically says file storage, do not answer EBS. There EBS is a block storage, EFS is a file storage, and s three is an object storage. So this is something that you should know. There are cases where the exam question is intentionally created to confuse to select EBS as the right answer. However, that exam question would have file storage. So EBS is not a file storage. So the EBS option becomes a no no straightaway. So the last important pointer is the storage migration. So there are multiple storage migration options that you can use. The first one is the AWS import export. So within import export, the customer basically ships their external hard disk to AWS. Now, AWS team plugs in that hard disk drive and whatever data that they might have, it can transfer, the AWS team can transfer the data to s three.

Then you have a double snowball. So AWS snowball is basically a rugged nas which AWS ships to the customers. Now, the customers can copy up to 80 TB of data and they can ship it back to AWS. Now, AWS team can copy the data to s three there. The third one is AWS Snowball Edge. Now, it is similar to snowball, but it provides additional capacity related to local processing and edge computing workloads. And the last one, which is pretty cool, is AWS snowmobile. So here it is basically a 45 foot long ruggedized shipping container which is pulled by a semi trailer truck. Now, it supports exabyte scale storage. So this is how exactly it looks like. So if you order it, then you will have a truck shipment which will come to you. So make sure that whichever street your organization has, it has a proper capacity for the shipping container to come along. So this is a pretty cool thing from AWS, which AWS had recently released.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img