Cloud Training

Norman Abungan / Engineer / ZTE Philippines Inc / (+63) 9454877114 / normanabungan@gmail.
com
Cloud Fundamental : Level 1

24 June 2023
Norman Abungan / Engineer / ZTE Philippines Inc / (+63) 9454877114 / [email protected]
Agenda
Time Training Details Exam Rule
9:00 - 12:00 Section A: BASICS of CLOUD
• Cloud Computing Concepts
• Virtualization Basics
• Cloud Computing Models
- Characteristics of Cloud
- Service Model
- Deployment Model
• Fundamental Cloud Architecture
• Components of Cloud Infrastructure
• Cloud Performance Monitoring
• Cloud Security
• Cloud Standards
• Solutions Use Cases
12:00 – 13:00 Lunch Break
# 1 Hours 30 minute
13:00 – 16:00 Section B: Principle of AWS Cloud
• Cloud concept overview
• Cloud Economic and Billing
• AWS Global Infrastructure overview
• AWS Cloud Security
• Networking and Content Delivery
• Compute Service introduction
• Storage Service introduction
• Cloud Architecture
• Automatic Scaling and Monitoring
PSTC upcoming courses
Mr. Poramet Ruangnoo (CEO & Co-Founder)

Poramet has experience for data center business over 13 years which more background from data center
design, project management, facility operational & colocation business from leading data center in global with
NTT Global Data Center and TCCT Data Center (TCC Group) at Thailand. He can full fill these experience in the
data center design phase to meet cost-effectiveness, flexible and friendly operation to any client and make “the
Data center trusted advisor". It makes the value proposition to partner and client. These services included data
center business consulting, and accomplished, professional, proactive engineering with significant experience in
the cooling & electrical designed. He is very unique data center designer person, who has with experience
background to fully data center life-cycle (design, build, & operation).
Data Center Skills:

➢ Data Center Facility Management, Quality Control & Best Practices : 13 years experience
➢ Data Center Colocation Business : 13 years experience
➢ Data Center Design& Project Management : 10 years experience
Data Center Designed & Consultant Ref. ( 6 of 50 Project )
➢ BNDC5 Data Center (Thailand) : TCCT Technology Co.,ltd
➢ Digital Port Asia Data Center (Thailand) : NTT Limited
➢ SINET Data Center (Cambodia) : SINET Group.
➢ Delta Data Center (Thailand) : Delta Electronics
➢ BLS Data Center (Thailand) : Bualuang Securities Public Company Limited
➢ SPRC Data Center (Thailand) : Star Petroleum Refinning Public Company Limited
Mr. Sarawut Sangtham (COO & Co-Founder)

Sarawut has experience in data center business over 6 years which more background from data center
operations, project management, facility operational, colocation business and design from leading data center in global
with NTT Global Data Center, Huawei Technologies and Genesis Data Center in Thailand. He can full fill these
experience in the data center design phase to meet cost-effectiveness, flexible and friendly operation to any client and
make “the Data center trusted advisor". It makes the value proposition to partner and client. These services included
data center business Training, Consulting, Design and Accomplished, Professional, Proactive engineering with
significant experience in the cooling & electrical designed. He is unique data center designer person, who has with
experience background to fully data center life-cycle (design, build, & operation).
Data Center Skills:
➢ Data Center Manager: NTT Global Datacenters / 6 Years

Joined NTT Global Data Centers Limited almost 6 years for Data Center facilities management. I work with NTT
Global Data Centers Limited at the beginning of new building with Tier III standard that my mission on that time to
deliver building and each facilities on time. After new building was complete, we maintain our facilities to provide SLA
to our customer by 100% uptime power and 99.99% uptime for the cooling Temperature and humidity. To make our
operation reach on global standard operation we might design and maintain our team to meet ISO27001, PCIDSS,
SOC1, ISO50001 and Thailand Datacenter standard. Totally scale of this DC is 9.5 MVA (2N). Moreover, on my role is
also coverage Bangkok 1 Datacenter that design for DC in DC concept and manage by TCC Technology.
➢ Data Center Engineering Lead and Data Center Manager (Thailand): Huawei Technology / 0.5 Years
Joined with Huawei Technologies (Thailand) that coverage 3 Data Center in Thailand. My critical mission are
maintaining 100% uptime for our cloud data center service that coverage and advise each DC provider to work with
zero risk and coordinated with related parties to make sure all work are no risk/impact to our service.
Mr. Thanawat Wiwatpanit (CTO & Co-Founder)

Following 17 years experiences in IT field covering Telecommunications, Networks, Systems, Cyber Security,
Cloud, Data center, IoT etc. as Head of Cloud Services for a global technology services provider and Service
Management Manager for a global technology business consulting firm, Thanawat is successfully managing the
complexities of enterprise solution especially for Cloud Business and grow clients and partners network not only in
Thailand but in the region.
Cloud & Infrastructure Skills:
➢ Head of Cloud Services: NTT (Thailand) Ltd. / 4 Years

Introducing NTT ICT Infrastructure Service to Enterprise and managing the complete portfolio of Products
and Services of Cloud Infrastructure in Thailand, Cambodia, Laos and Myanmar.
➢ Head of Sales and Channel Partners: SUPERNAP Thailand / 1 Years

Collaborate with enterprise customers, strategic system integrators, cloud providers and high-performance
computing and information technology system integrators to provide data center solutions which enhance their
businesses.
➢ Head of IoT - Smart Property: Advanced Info Services Plc. / 1 Years

Engage enterprise customers from diversified vertical industries as well as governmental departments as
expert in energy efficiency in building estates and city; identifying and resolving issues, developing ideas and business
opportunities for 5G/IoT and other supporting products such as infrastructure and security
➢ Service Management Manager: Accenture / 5 Years

Responsible for IT Services and support clients across 5 countries (Cambodia, Myanmar, Philippines,
Vietnam, and Indonesia
Contents: Section A
A.0 Introduction
A.1 Cloud Computing Concepts
A.2 Virtualization Basics
A.3 Cloud Computing Models
A.4 Fundamental Cloud Architecture
A.5 Components of Cloud Infrastructure
A.6 Cloud Performance Monitoring
A.7 Cloud Security
A.8 Cloud Standards
A.9 Solutions Use Cases
Introduction to Cloud
What Is Cloud Technology? & its history

Cloud computing is the delivery of computing services
- servers, storage, databases, networking, applications — over the network (Internet)
- offer faster innovation, flexible resources, and economies of scale.
Vmware cloud

The term “cloud computing” itself was coined in 1996 (26 Years ago) within a Compaq internal document
“was originally linked to the concept of distributed computing”
in 1999, Salesforce became the first company to offer applications over the
internet
On August 25, 2006, Amazon Web Services launched Elastic Compute Cloud (EC2)
In 2007, Netflix launched its video streaming website

2001 - 2022
1994 1996 1999 2000
Web Cloud Application VPS / Colo Vmware cloud
Hosting computing over Internet Service

Cloud Trends
Source: IDG Source: Gartner

Cloud Trends
Enterprise users need to work on migrating traditional Infrastructure to Cloud and create new business using
Cloud Native platform while maintaining the On-Premise systems.
Cloud Native
Cloud-enabled Infrastructure
Infrastructure
• Micro-service and
Traditional ICT • Some ICT systems run on API architecture
Infrastructure Private Cloud or Public
Cloud • DevOps-based
• Existing ICT runs on on- • Keeping core system runs IT management
premise physical on on-premise physical
servers servers • Remove cost of system
• Local operations IT • Optimizing cost & maintenance and
management for improvement of infrastructure
systems, hardware and operations efficiency for operations
data center hardware and data center
Cloud Trends
Source: Gartner
Cloud Trends
Attractive Growth Opportunities in AI Infrastructure and BIG DATA Market
23.1% 10.6%
AI market will grow Global BIG DATA will grow
from $14.6 billion to from $138.9 billion to
$50.6 billion by 2025 $229.4 billion by 2025
Increasing demand for

mobile and IoT devices
Source: marketsandmarkets.com
Cloud Trends
How Does It Works?

VM Servers
Server#1 App#1
Server#2 App#2
Server#3 App#3
.
. NW Switch
.
Server #XX App#XX
Server, Storage, Rack

NW Switch
Users/PCs
Users/PCs
Traditional Physical Servers Cloud Servers

How Does It Works?
App App App App App App App App App App App App App App App App App App
User Profile User Profile User Profile User Profile User Profile User Profile
OS OS OS OS
(Windows/Linux) (Windows/Linux) (Windows/Linux) (Windows/Linux)
Physical Server Physical Server Physical Server Physical Server
Traditional Physical Servers Share Physical Servers/Separated Environment

How Does It Works?

App App App App App App App
User User
User Profile User Profile
App App App App App App App App App Profile Profile
OS OS OS
User Profile User Profile User Profile (Windows) Linux Appliance
OS Hypervisor
(Windows/Linux) (ESXi, Hyper-V, OpenStack etc.)
Physical Server Physical Server
Share Physical Servers/Separated Environment Virtual Machine/Server Virtualization

How Does It Works?
Hypervisor
(ESXi, Hyper-V, OpenStack etc.)
Where is data stored in cloud?
VM Servers
App App App App App App App
User User
User Profile User Profile
Profile Profile
VM OS VM OS VM OS
(Windows) Linux Appliance
Hypervisor
Physical Server
NW Switch
Virtual Machine/Server Virtualization

Users/PCs
Server Room

Data Center

Global Players
AWS
MS AZURE
Google Cloud
NTT
Alibaba
Huawei
Where is data stored in cloud (Thailand) ?

Thailand Local Players
Cloud Computing Concepts


“Cloud computing” itself. Often referred to simply as ‘cloud,’ this is web-based
computing that provides on-demand access to various compute resources.
These resources include things like data

centers, servers, application software and more
NW Switch
VM Servers
Users/PCs
Data center, Network, Servers, Storage, Application Software etc.
As Resource Pools (except Security)

Why Cloud?
1. Optimize Cost: To setup Physical system must invest upfront in High Cost
2. Stability: More convenient to implement HA system
3. Scalability: Increase resource with minimize impact to system / investment
4. Low complexity: Manage in Virtualization view and less touching on

Physical things such as Server, Cabling etc.
5. Security: With Cloud Technology the real data cannot access directly
6. Mobility: Access anytime, anywhere, any devices

Virtualization Basics
Virtualization
• Run multiple operating systems and applications on a single computer.

• Consolidate hardware to get vastly higher productivity from fewer servers.
• Save more on overall IT costs
• Speed up and simplify IT management, maintenance, and the deployment of new applications.
Increasing more productivity
85%
20% 60%
5%
Server#1 Server#2 Server#3 Consolidate to 1 Server
Traditional Physical Servers Consolidate and Virtualization

Software define anything

Server, Storage, SAN Switches, Rack
Server#1 App#1
Server#2 App#2
Server#3 App#3
.
. NW Switch
.
Server #XX App#XX
Firewall
WAF Load Balancer
Users/PCs
Physical Managed, Many Skill required Remote Managed via SD-X

Cloud Computing Models

Characteristics of Cloud
1. On-Demand
Users can access computing services via the cloud when they need to without interaction from the service
provider. The computing services should be fully on-demand so that users have control and agility to meet
their evolving needs.
2. Network access
Cloud computing services are widely available via the network through users’ preferred (Private
Link/MPLS, Internet with Public IP, Site-to-Site VPN etc.)
3. Resource Pool
The most attractive elements of cloud computing is the pooling of resources to deliver computing services
at scale. Resources, such as storage, memory, processing, and network bandwidth, are pooled and
assigned to multiple consumers based on demand
Characteristics of Cloud
4. Rapid elasticity
Successful resource allocation requires elasticity. Resources must be assigned accurately and quickly with
the ability to absorb significant increases and decreases in demand without service interruption or quality
degradation.
5. Measured service
Cloud Computing resources used to monitor and the company uses it for recording. This resource
utilization is analyzed by supporting charge-per-use capabilities.
6. Easy Maintenance
The servers are easily maintained and the downtime is very low and even in some cases, there is no
downtime. Cloud Computing comes up with an update every time by gradually making it better.
Service Model
IaaS – Infrastructure as a Service

Infrastructure as a service offers a standardized
way of acquiring computing capabilities on
demand and over the web. Such resources
include storage facilities, networks, processing
power, and virtual private servers
PaaS – Platform as a Service

Platform as a Service is halfway between
Infrastructure as a Service (IaaS) and Software
as a Service (SaaS) It offers access to a cloud-
based environment in which users can build
and deliver applications without the need of
installing and working with OS or Middleware
SaaS – Software as a Service

Software as a Service offers applications that are
accessed over the web and are not managed by
your company, but by the software provider. This
relieves your organization from the constant
pressure of software maintenance, infrastructure
management, network security, data availability,
and all the other operational issues involved with
keeping applications up and running
IaaS
Infrastructure as a Service, contains the basic building blocks for cloud

IT and typically provide access to networking features, computers
(virtual or on dedicated hardware), and data storage space.
Suitable for Lift and Shift Cloud Migration?
Google Cloud VM VMwareVM
Azure Storage Google Cloud

Storage
PaaS
Platforms as a service remove the need for organizations to manage
the underlying infrastructure (usually hardware and operating
systems) and allow you to focus on the deployment and
management of your applications.
Serverless/Hostless
WebHosting Platform/
MangoDB as a Service Azure SQL cPanel/WordPress
SaaS
Software as a Service provides you with a completed product that is run and
managed by the service provider. In most cases, people referring to Software as
a Service are referring to end-user applications. With a SaaS offering you do not
have to think about how the service is maintained or how the underlying
infrastructure is managed;
Deployment Model
Private Cloud Public Cloud Hybrid Cloud Multi Cloud

Exclusive to a specific openly accessible to With a hybrid solution, Combines public and
company anyone you may host the app private cloud resources.
It is a type of cloud in a safe environment Instead of merging
It’s a one-on-one
hosting (Shared HW) while taking advantage private and public
environment for a
that allows customers of the public cloud’s clouds, multi-cloud uses
single user
and users to easily cost savings many public clouds
(customer)
access services
Private Cloud
Dedicated HW for only Organization
VM Servers
Advantages of the private cloud model:

•Better Control: You are the owner of the property. You gain complete command over service integration, IT operations,
policies, and user behavior.
•Data Security and Privacy: It’s suitable for storing corporate information to which only authorized staff have access. By
segmenting resources within the same infrastructure, improved access and security can be achieved.
•Supports Legacy Systems: This approach is designed to work with legacy systems that are unable to access the public cloud.
•Customization: Unlike a public cloud deployment, a private cloud allows a company to tailor its solution to meet its specific
needs.
Public Cloud
Virtualization Environment
Advantages of the public cloud model:
•Minimal Investment: Because it is a pay-per-use
Customer Customer Customer Customer service, there is no substantial upfront fee, making it
A B C XX excellent for enterprises that require immediate access
to resources.
•No setup cost: The entire infrastructure is fully
subsidized by the cloud service providers, thus there is
no need to set up any hardware.
•Infrastructure Management is not required: Using
the public cloud does not necessitate infrastructure
management.
•No maintenance: The maintenance work is done by
the service provider (Not users).
•Dynamic Scalability: To fulfill your company’s needs,
on-demand resources are accessible.
Physical Servers/Storage
Hybrid Cloud
Advantages of the hybrid cloud model:

•Flexibility and control: Businesses with more flexibility can design personalized solutions that meet their particular needs.
•Cost: Because public clouds provide for scalability, you’ll only be responsible for paying for the extra capacity if you require it.
•Security: Because data is properly separated, the chances of data theft by attackers are considerably reduced.
Multi Cloud
Advantages of a multi-cloud model:

•You can mix and match the best
features of each cloud provider’s
services to suit the demands of your
apps, workloads, and business by
choosing different cloud providers.
•Reduced Latency: To reduce latency
and improve user experience, you can
choose cloud regions and zones that are
close to your clients.
•High availability of service: It’s quite
rare that two distinct clouds would have
an incident at the same moment. So,
the multi-cloud deployment improves
the high availability of your services.
Fundamental Cloud Architecture

Cloud computing architecture is divided

into two parts
The front end is used by the client/user. It contains client-side interfaces
and applications that are required to access the cloud computing platforms.
The front end includes web servers (including Chrome, Firefox, internet
explorer, etc.), thin & fat clients, tablets, and mobile devices.
The back end is used by the service provider. It manages all the resources
that are required to provide cloud computing services. It includes a huge
amount of data storage, security mechanism, virtual machines, deploying
models, servers, traffic control mechanisms, etc
Client/User Interfacing (Front End)
Type 1: User Manage all Cloud resources, Create VM, Network and Security configurations
Example: Service provider model that provide IaaS to Customer, Customer’s IT Team will access to Cloud Portal
Hybrid Cloud
Cloud Management Portal

Managed service Option
(OS/ Middleware etc.) 3rd Party Cloud services
Google Office365
Compute Resource Network Hybrid
Azure AWS
VLAN, Trunk, NW
CPU Memory
Virtual Segment, vFW,
Hybrid
Server vLoadbalancer, Colocation rack
Storage Physical Ports
Virtual Cross connection MPLS
Server Customer
Hybrid
Backup service, file storage, etc. On-premises
Client / Users
(IT Team)
Remark: User has required Technical skill to manage Cloud Portal such as, Vmware vCenter, vCD, Azure Portal, ASW Portals
VMWare Cloud Portal

VMWare ESXi VMWare vCloud Director
VMWare vCenter
VMWare Cloud Portal

vCloud Director vCloud Director vCloud Director
(Customer A) (Customer B) (Customer C)
ESXi
vCenter
Connect all ESXi to managed in single portal
as cluster(s)
Hypervisor

Type 2: User Manage OS, Middleware
Example: Users are the system admin which’s not required to managed Cloud Runtime of Hypervisor
Hybrid Cloud

Google Office365
Azure AWS
VLAN, Trunk, NW
CPU Memory
Hybrid
Server Customer
Hybrid
On-premises
Client / Users Backup service, file storage, etc.
(System Admins)
Remark: User has not required Cloud skill to manage Cloud Portal, Just access to OS
OS Remote Login Screen

Remote Desktop Login Windows Server Login
SSH Login SSH Terminal Login


Type 3: User access to applications
Example: Users are the system admin which’s not required to managed Cloud Runtime of Hypervisor
ERP Apps
Client / Users
(end users)
Applications DB
Hybrid Cloud

Google Office365
Azure AWS
VLAN, Trunk, NW
CPU Memory
Hybrid
Server Customer
Hybrid
Cloud Infra. Management (Back End)

Hybrid Cloud

Google Office365
Azure AWS
VLAN, Trunk, NW
CPU Memory
Hybrid
Server Customer
Hybrid
• Data center
• Servers / Storage
• Hypervisor
• Cloud Management Servers
• Network and Security Management
Cloud Infra. Management (Vmware Back End)
Network
Security
Network Internet MPLS Firewall DDOS VPN Load
Security L2 / L3 IPS/IDS IPSEC/SSL Balance WAF Anti-virus
Back End Cloud

Architecture
vRealize Operation & Automation NSX Veeam Backup & Recovery Additional Storage
Cloud Foundation
Performance / Capacity / Configuration GW / FW / LB / VPN VM / File level / Item level SAS / NL-SAS
Service (SDDC)
vCloud Director + VMware vSphere + Virtual SAN
Multi-Tenancy / Operational / Catalog management / Virtualized compute / Storage Policy
VMWare SDDC Server / Storage / HCI (Hyper Converged Infrastructure)
Colo./
Datacenter DC DR
Cloud Infra. Management (Azure Landing Zone)

Take a break : 15 Mins

Components of Cloud Infrastructure

Cloud Infra. Management (Azure)

Virtual components
Cloud Infra. component
Physical components
Virtualization | Hypervisor
Network Switches
Servers
Storage
Virtual Storage Concept
Traditional Storage
Virtual Storage
(e.g. Vmware vSAN)
Cloud Tenant |Landing Zone

VMware Tenant Azure Landing Zone
Necessary Cloud Items
Cloud Gateway Routing fnc., Loadbalancer

Accessible IPs NAT, Segment
Internet
MPLS
Firewall
VM on Cloud
Minimum items to use Cloud Infra.

Backup Software
1. Connectivity
2. IP Address | Gateway
3. Firewall
4. NW Routing | NAT | Segmentation
5. VM Resource (CPU,RAM,DISK)
6. Additional Storage
vStorage
7. Backup Solution
Cloud Performance Monitoring

Physical Server Monitoring

How to Monitor Cloud (Vmware)

vRealize Operations
How to Monitor Cloud (Azure)

Azure Monitoring
How to Monitor Cloud (AWS)

AWS Monitoring
How to Monitor Cloud (GCP)

GCP Monitoring
Other 3rd Party Monitoring Tools

Solarwinds monitoring
CloudHealth by VMware
Cloud Security
Cloud security
Cloud security is the whole bundle of technology, protocols, and best practices that
protect cloud computing environments, applications running in the cloud, and data
held in the cloud.
The full scope of cloud security (infra.) is designed to protect the following
• Physical networks — routers, electrical power, cabling, climate controls, etc.
• Data storage — hard drives, etc.
• Data servers — core network computing hardware and software
• Computer virtualization frameworks — virtual machine software, host machines, and guest machines
• Operating systems (OS) — software that houses
• Middleware — application programming interface (API) management,
• Runtime environments — execution and upkeep of a running program
• Data — all the information stored, modified, and accessed
How to Secure the Cloud

1. Communications encryption with the cloud in their entirety
Internet
VPN
MPLS
VM on Cloud
Cloud Gateway
SSL VPN Accessible IPs
IPSec
SSL VPN
VM on Cloud
SSL VPN VM on Cloud
How to Secure the Cloud

2. Protect account credentials
Configuration
• Never leave the default settings unchanged. Using the default settings gives a hacker front-
door access. (such as Admin/Admin)
• Use strong passwords
• Protect all the devices
• Modify permissions
3. Establish necessary Security component
• VPN Gateway • 2nd/NextGen Firewall • Backup Solution
• Firewall • IPS/IDS • Endpoint Security (Advanced)
• Antivitus • DDoS Protection • SIEM
• VA/PT
4. Choose Cloud which applied Security Standard
Cloud Standards
Cloud Standard
ISO/IEC 27001 for Cloud Service
ISO/IEC 27001 outlines and provides the requirements for an

information security management system (ISMS), specifies a set of best
practices, and details the security controls that can help manage
information risks.
CSA STAR
The CSA STAR Certification is a rigorous third-party independent

assessment of the security of a cloud service provider. This technology-
neutral certification leverages the requirements of the ISO/IEC 27001:2013
management system standard together with the CSA Cloud Controls Matrix
Cloud Standard
ISO/IEC 22301
ISO/IEC 22301 is an international standard for security and resiliency. It
outlines frameworks for establishing business continuity management systems.
Having business continuity management systems in place is vital in offering
highly available infrastructure to customers.
SOC 2
The System Organization Controls (SOC) 2 report is an independent third party audit
report on the control procedures within a data center. It analyzes and concludes on the
understanding of the control and risk assessment associated from an external point of
view.
Cloud Standard
ISO/IEC 20000-1
This document specifies requirements for an organization to
establish, implement, maintain and continually improve a service
management system (SMS)
ITIL® for Operations
The Information Technology Infrastructure Library (ITIL®) framework is the most widely
accepted framework for IT Service Management in the world . ITIL helps all
organizations, regardless of their industry or business sector, provide their IT services
using the most efficient and economical methods. The framework focuses on IT
Service Management best practices and efficient operations, and is used in
government, commercial, and non-profit organizations, alike.
Solutions Use Cases

Servers Virtualization – On Premise

Benefit
• Reduce Cost
- Servers MA
- License
- Operations
• Simplify management
• Improve flexibility
• Improve SLA to user
Cons
• Investment required
• Still must maintain HW MA for new
Servers
• Still require skill for Server, NW, Storage
plus Cloud Admin (Hypervisor)
Servers Virtualization – to Cloud Provider
Data Migration
Pros
• No require skill to manage Physical Things
Physical
Servers Cons
• Architect redesign required
DR on Cloud
DC DR onPublic Cloud
Backup data
Internet
Private Colocation
Cloud
On-premise
challenges Solution Benefits
• Need DR, limited on budget • Comply with DR policy
• Lead time to failover to DR • Cost efficient
• To reduce DR cost • PAY as you GROW

• Easily to manage and Deploy
• Easily to perform DR Test
Storage / Backup on Cloud
• BYOL
Cloud • VM level
Provider
NFS / FTP
• File level
• Backup disk space
Cloud Disk
Backup server
• NFS
• FTP
• Own Operations
Dev. | Test on Cloud
Pay as you Grow Environment

SaaS on Cloud
IoT Hub
Pay as you Grow Environment
Hadoop
Lunchtime 12:00 – 13:00

Cloud Fundamental : Level 1

Contents: Section B, AWS Cloud

• Cloud concept overview
• Cloud Economic and Billing
• AWS Global Infrastructure overview
• AWS Cloud Security
• Networking and Content Delivery
• Compute Service introduction
• Storage Service introduction
• Cloud Architecture
• Automatic Scaling and Monitoring
AWS Cloud will be provided as Live Session only

Additional Cloud Fundamental : Level 1

Planning and Implementing Cloud

Challenges with cloud transformation
Cloud adoption and Modernizing applications to Reduced IT budgets impact ability

IT transformation leverage public cloud to find and retain skills
Keeping pace in the digital age while Applications need to be modernized to Recruiting, training and
controlling costs and mitigating enable fast delivery that enables retaining cloud skilled people against a
business risks. developer productivity backdrop of shrinking IT budgets.
Increasing security and A network that is unable to Deriving increased value from
compliance risks adequately support hybrid cloud data
The pace of change of public cloud Providing fast and secure network Business leadership demand instant
features, distributed working needs, and connectivity can make or break a cloud access to insights and analytics to
regulatory compliance requirements are migration project. make informed decisions
increasing complexity exponentially.
Critical outcomes needed
End-to-end service Deep cloud Platform Cost Flexible commercial

capabilities expertise capabilities optimization models
A breadth of service Deep cloud expertise A platform approach to A more efficient total cost Agile contracting service
provider capabilities to throughout the different enable discovery, of IT operations and high- provider capabilities that
plan, design, migrate, stages of transformation. configuration, integration, performance environment. offers flexibility.
manage and optimize. and management of
services.
Cloud Transformation Framework
Run
Build
Operate
Design
Cloud Enablement Operation of
your IT landscape
Understand Identify Cloud Transformation
Plan, Cloud Architecture
Strategy. Current and Discovery, analysis and
target states. Business define High-level service
target and challenges. and solution design.
Cloud Foundation Cloud Migration

Assessment
Optimize
Low-level design, planning Migration of infrastructure.
Assessment and high- and implementation of
level TCO analysis. applications, databases etc. Continuous track
cloud solutions.
Provides a clear roadmap of performance
Design – Business Strategy

Agility &
Total cost of Innovation
operating
On-Prem Migrate Move to Managed Cloud Native

Design – Business Strategy
31% 43%
Average Infrastructure Fewer security
Cost savings incidents per year
62% 3X
IT staff More features
Productivity boots Delivered per year
Source: IDC, Nucleus Research, AWS Analysis

Design – Identify Service

> 200 Services
Design – Identify Service

Design – Assessment
Current IT views Discover & Organize data Strategies for each workload
• Refactor
Applications • Re-platform
Asset inventory System configurations
• Repurchase
Infrastructure
• Rehost
Performance info. SLA/OLA
• Relocate
Performance • Retain
• Retire
Architecture
Resource Sizing for P2V (Physical to Virtual)
vCPU = ?
vRAM = ?
vDISK = ?
HPE ProLiant DL360 Gen9 E5-2640v4 1P 16GB-R P440ar 8SFF 500W PS Base Server
1 * Intel® Xeon® E5-2640v4 (2.4GHz/10-core/25MB/90W)
16GB (1x16GB Registered DIMMs, 2400 MHz)
HPE Embedded 1Gb Ethernet 4-port 331i Adapter
HPE Flexible Smart Array P440ar/2GB (RAID 0,1,10, 5, 50, 6, 60)
HPE 500W Flex Slot Platinum Power Supply
iLO Management (standard), Intelligent Provisioning (standard)
Rack (1U), HP Easy Install Rails
4x HP 300GB 12G SAS 10K 2.5in SC ENT HDD (Configure RAID5)
Design – Assessment, P2V
What is the correct way to right size a virtual machine??
The current physical server has the following data available:-

Server Name - WEBROLE1
CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz
Memory - 8 GB
HDD - 500 GB
OS - Windows 2003 Standard Edition
How to convert to Cloud Spec?

Assumption -> must check Cloud Provider

CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz 1 vCPU in Cloud = 1 GHz
Memory - 8 GB
HDD - 500 GB
2.4 x 2 x 2 = 9.6 GHz

GHz 2 CPUs Dual Core
10 vCPUs

Server Name - WEBROLE1 Remark #1
CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz Need to know the
Memory - 8 GB Utilization !!!
HDD - 500 GB
OS - Windows 2003 Standard Edition 2.4 x 2 x 2 = 9.6 GHz
GHz 2 CPUs Dual Core
Server has 9.6 GHz Capacity

But use only 10%
Cloud is Pay per use concept

Why need to pay all 9.6 GHz
Just pay only 10%

Is that make sense?

Server Name - WEBROLE1 Now lets look at the Average
CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz utilization in the real terms:-
Memory - 8 GB
Total CPU MHz available on the server
HDD - 500 GB = 2 CPU x 2 Cores x 2400 MHz =
OS - Windows 2003 Standard Edition 9600MHz or 9.6GHz
Average used in MHz = 5% of 9600

Utilization data (Assuming it is available) Mhz = 480 Mhz
Avg CPU Utilization 5% Total Memory available on the server =

Avg Memory Utilization 8% 8192 MB
Disk Utilization 47% Average used in MB's= 8% of 8192
MB = 656 MB
So now if you look at the utilization we get the Total Disk available on the server =
following specs 500 GB
Used in GB's = 235 GB
CPU = 480 MHz

Memory = 656 MB
Disk = 235 GB (Actual Used)

CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz
Memory - 8 GB
Is it correct?
HDD - 500 GB
So now if you look at the utilization we get the

following specs
CPU = 480 MHz

Memory = 656 MB
Remark #2
"Never Size on Average Utilization" - "Always Size on Peak Utilization“
or add buffer for peak utilization

Server Name - WEBROLE1 Now, it is always a best practice to
CPU Specs – intel 2 CPUs, Dual core, 2.4 GHz sizing to support the Peak
Memory - 8 GB Utilization values. Hence add a
buffer of 25% to estimate the Peak
HDD - 500 GB
Utilization Values if we don’t know
OS - Windows 2003 Standard Edition as initial is fine
So now if you look at the utilization we get the CPU = 480 MHz + 25% = 600 MHz
following specs
Memory = 656 MB + 25% = 820 MB
CPU = 600 MHz = 1 vCPU
CPU = 480 MHz Memory = 820 MB = 9 GB
Disk = 235 GB + 25% = 294 GB
Memory = 656 MB Disk = 294 GB
There are 2 reasons why we added this 25%: or for play safe add 35%
i) The peak utilization data is a single peak point collected, however there could be multiple peak
points across business cycles which we needs to address, hence a buffer is always good.
ii) Its good to have some head room for situations where the memory utilization shoots up due to a
misbehaved service, process, application etc.

Customer/user use “HPE ProLiant DL360 Gen9 Server Model E5-2640v4” only 1 Server
and it will be expired soon. They interesting to use Cloud service and asked you to
provide Cloud spec for their system
Customer provided the quotation of Server that they use to buy as follows:
HPE ProLiant DL360 Gen9 E5-2640v4 1P 16GB-R P440ar 8SFF 500W PS Base Server
1 * Intel® Xeon® E5-2640v4 (2.4GHz/10-core/25MB/90W)
16GB (1x16GB Registered DIMMs, 2400 MHz)
HPE Embedded 1Gb Ethernet 4-port 331i Adapter
HPE Flexible Smart Array P440ar/2GB (RAID 0,1,10, 5, 50, 6, 60)
HPE 500W Flex Slot Platinum Power Supply
iLO Management (standard), Intelligent Provisioning (standard)
Rack (1U), HP Easy Install Rails
4x HP 300GB 12G SAS 10K 2.5in SC ENT HDD (Configure RAID5)
Customer don’t know the average Utilization

Customer Provided
Peak Time workload
Current HDD Used:

C: = 90/100 GB, D: 200/800 GB
⚫ Peak Capacity
Existing Capacity
• CPU: 24 GHz * 87% = 20.9 GHZ
• CPU: 2.4 GHz x 10 = 24 GHz • RAM: 1.9 GB
• DISK: 290/900 GB
• RAM: 16 GB
• DISK: 300GB*4 (RAID 5) =
900 GB
⚫ Propose Cloud Spec
• vCPU: 21 vCPUs
• RAM: 2 GB
• DISK: 290 GB or More
Resource Sizing for V2V (Virtual to Virtual)
Specific System Conditions - Oracle
CPU: Intel Xeon 8C 2Socket

RAM: 128 GB
HDD: 1 TB
•DBSE2
• Server 2 Socket = 2 License Database
• DBEE
• Core x Socket x PCF = License Database
• 8 x 2 x 0.5 = 8 License Database
Design – Assessment Specific System Conditions - Oracle

CUSTOMER/User
Network
Normal VMware farm Oracle Server farm

Compute Node Shared Server Intel base
App App App DB DB DB
Storage Node Dedicated Server ODA S/M/HA

NFS for Backup
DB DB DB
Specific System Conditions - SAP
Extend to 2030
SAP ECC 6.0
SAP S4
The new version of

ECC is S/4
SAP Business Suite SAP Business Suite SAP Business Suite
ECC 6.0 ECC 6.0 S/4
Windows/RHEL/SUSE Windows/RHEL/SUSE Windows/RHEL/SUSE
SAP on Traditional
DB will EOS by ECC6.0 will EOS by
Traditional DB 2025 2030 2025
HANA HANA
MS SQL / Oracle
Suite on Traditional DB Suite on HANA S/4 HANA
HW Appliance
HP, IBM, DELL etc.
Use any Server/VM,

Need HANA Cert. (TDI) Storage
SAP HANA tailored data center integration (TDI)
Specific System Conditions - MS SQL
Licensing
E.g. License for 8 sockets or 24 cores
Socket Core per vCPU

socket
DB server 1 1 16 16 Socket
Socket Core per vCPU
socket
DB server 1 2 16 8 Socket
Software version compatibility
Windows Server includes tooling to migrate your legacy

applications from Windows Server 2003, 2008, and
2008 R2 to newer, supported versions on AWS
Build - Enablement
• Web Servers
• App Servers
• DB Servers
• Mail servers
• Etc.
Build
Build – Details design





Cloud Connectivity
Internet access
Cloud Logging Monitoring

IAM
DB: Zone App: Zone

SAP S/4
HANA PRD
S4-Prd
Cloud
Storage
SAP
Veeam
Internet Gateway
VBR
Content
Server PRD
SAP S/4 SAP Web

Backup Application 1 Dispatcher
Cloud Storage
Users Backup Repository

Private Link
Provider Data center / Cloud Provider
App: Zone DB: Zone

VIP
MPLS
S4-Prd Primary S4-Prd Secondary
Provider A
S4-Prd Active S4-Prd StandbyS4-Prd App1 S4-Prd App2
S4-Qas S4-Dev
MPLS
Provider B S4-Qas S4-Dev Solman
DMZ: Zone
Cont-Prd Cont Qas | Dev Cockpit Backup Server
Users SAP Router Terminal Web Dispatcher

Virtual Private Network (VPN)
Cloud Logging Monitoring

IAM
DB: Zone App: Zone

SAP S/4
HANA PRD
S4-Prd
Cloud
Storage
SAP
Veeam
Internet Gateway
VBR
Content
Server PRD
VPN SAP S/4 SAP Web

Backup Application 1 Dispatcher
Cloud Storage
Users Backup Repository

Software defined Network (SD-WAN)
Traditional Hybrid Network App: Zone DB: Zone
VIP
MPLS
S4-Prd Primary S4-Prd Secondary
Provider A
S4-Prd Active S4-Prd StandbyS4-Prd App1 S4-Prd App2
S4-Qas S4-Dev
VPN Internet VPN
S4-Qas S4-Dev Solman
DMZ: Zone
Cont-Prd Cont Qas | Dev Cockpit Backup Server
Users SAP Router Terminal Web Dispatcher

Cloud direct access

Azure ExpressRoute | AWS Direct Connect | Google Cloud Router
Other Azure
Internet
Azure ExpressRoute Service
Users
AWS
AWS Direct Connect

Take a break : 15 Mins

Migrating to the Cloud

Migrating
• Web Servers
• App Servers
• DB Servers
• Mail servers
• Etc.
Move
Build – Migration Activities
• Live Migration
Hybrid Cloud
VPN
Private Cloud
/ On-Prem Public Cloud
ERP Server
Mail Server
Web Server
Extender
Appliance
Extender

• Backup / Restore

Veeam Cloud Connect Architecture for Veeam Backup & Replication
1. Tenant setup | connection setup
2. Create replication jobs and set the destination to the service provider
3. Finish and run replication jobs

Migrate VMs to Cloud Provider
4. Run failover jobs. Switch VM to cloud site
5. VMs are automatically powered on in tenant portal
6. Reset VM network in tenant portal
7. Edit DNS records and service back online
Bandwidth required for Data moving
https://www.expedient.com/knowledgebase/tools-and-calculators/file-transfer-time-calculator/ https://www.omnicalculator.com/other/data-transfer
3,355,443.2 Sec > 38.8 Days

4TB = 4,194,304 MB 1 day has 86400 seconds.
= 33,554,432 MBits Seconds in a day calculation

1 day = 24 hours.
1 hour = 60 minutes.
1 minute = 60 seconds.
Fallback plan
Work Plan for change Cloud IP
Target Actual
No Activities Responsible Name Date Status Note
Time (Hrs) Start Finish Time (Hrs) Start Finish
Preparation Steps Porar to change DNS forward on Thu 19 Jan 2012 5:30pm
Coordinate
Preparation Steps
1 Amnat 19-Jan-22 0:15 9:00 9:15 0:15 9:00 9:15 Done
- webmail.siphhospital.com
2 Coordinate NOC to change DNS reverse on Thu 19 Jan 2012 5:30pm
Amnat 19-Jan-22 0:15 9:15 9:30 0:15 9:15 9:30 Done
- webmail.siphhospital.com
3 Backup ASA firewall configuration Sasi 19-Jan-22 0:30 17:00 17:30 0:05 17:00 17:05 Done
Deployment Step
1 Anouncement all users for network down by ? Wanpen2 19-Jan-22 0:05 8:00 8:05 0:05 8:00 8:05 Done
Change ip WAN interface on both ASA
2 Sasi2 19-Jan-22 0:10 17:30 17:40 0:05 17:05 17:10 Done
- Change 118.174.142.218 ==>1.179.129.12
3 Test WAN connection - ping & trace route with result
Sasi2 19-Jan-22 0:10 17:40 17:50 0:03 17:10 17:13 Done
(Check Point 1)
4
5
6
Change
-Change
firewall
Test firewall
DNS bymail
rulerule and NAT (refer NAT, Firewall rule)
Metha (SiPH),configuration
outgoing
backup by Supachai
on both(IT1)
Ironport (send mail directly, not
Sasi2
Metha2, Amnat2
Amnat2
19-Jan-22
19-Jan-22
19-Jan-22
0:30
1:00
0:15
17:50
18:20
19:20
18:20
19:20
19:35
0:02
0:35
0:10
17:13
17:15
17:50
17:15
17:50
18:00
Done
Done
Done
Deployment Steps
forward to TOT) mail
Test send/receive
7 Amnat2 19-Jan-22 1:00 19:35 20:35 0:30 18:00 18:30 Done (With issue) Can not send mail from siphhospital.net to siphhospital.com: Asked Porar to fix this issue
- Hot mail
Backout plan
(Check
ChangePoint 1) interface on both ASA
ip WAN
1 - Change 1.179.129.12 ==>118.174.142.218 19-Jan-22 0:10 17:50 18:00 0:10 17:13 17:23
2 Test WAN connection - ping & trace route with result 19-Jan-22 0:10 18:00 18:10 0:10 17:23 17:33
3 Coordinate Porar to change DNS forward Amnat 19-Jan-22 0:10 18:10 18:20 0:10 17:33 17:43
4 Coordinate NOC to change DNS reverse Amnat 19-Jan-22 0:10 18:20 18:30 0:10 17:43 17:53
(Check
ip WAN 19-Jan-22
1 - Change 1.179.129.12 ==>118.174.142.218 19-Jan-22 0:10 19:20 19:30 0:10 17:50 18:00
3 Restore firewall
Test firewall rulerule and NAT from backup 19-Jan-22 0:10 19:40 19:50 0:10 18:10 18:20
4 Metha, Amnat 1:00 19:50 20:50 1:00 18:20 19:20
Backout plan
- DNS by Metha (SiPH), backup by Supachai (IT1) 19-Jan-22
(Check
ip WAN 19-Jan-22
1 - Change 1.179.129.12 ==>118.174.142.218 19-Jan-22 0:10 20:35 20:45 0:10 18:30 18:40
3 Restore firewall
Test firewall rulerule and NAT from backup 19-Jan-22 0:10 20:55 21:05 0:10 18:50 19:00
4 - DNS by Metha (SiPH), backup by Supachai (IT1) Metha, Amnat 19-Jan-22 1:00 21:05 22:05 1:00 19:00 20:00
5 Change mail outgoing
Test send/receive mailconfiguration on both Ironport (send mail by forward to TOT) Amnat 19-Jan-22 0:15 22:05 22:20 0:15 20:00 20:15
6 - Hot mail Amnat 19-Jan-22 1:00 22:20 23:20 1:00 20:15 21:15
19-Jan-22
Fallback plan
(Check
ChangePoint
ip WAN1) interface on both ASA
1 - Change 1.179.129.12 ==>118.174.142.218 NA NA NA NA NA NA NA
2 Test WAN connection - ping & trace route with result NA NA NA NA NA NA NA
(Check
ChangePoint
ip WAN2) interface on both ASA
1 - Change 1.179.129.12 ==>118.174.142.218 NA NA NA NA NA NA NA
3 Restore firewall
Test firewall rulerule and NAT from backup NA NA NA NA NA NA NA
4 - DNS by Metha (SiPH), backup by Supachai (IT1) NA NA NA NA NA NA NA
5 Coordinate Porar to change DNS forward NA NA NA NA NA NA NA
1
6 Coordinate NOC to change DNS reverse
(Check
ip WAN
- Change 1.179.129.12 ==>118.174.142.218
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
Fallback plan
3 Restore firewall
Test firewall rulerule and NAT from backup NA NA NA NA NA NA NA
4 - DNS by Metha (SiPH), backup by Supachai (IT1) NA NA NA NA NA NA NA
5 NA NA NA NA NA NA NA
Change mail outgoing
Test send/receive mailconfiguration on both Ironport (send mail by forward to TOT)
6 - Hot mail NA NA NA NA NA NA NA
7 Coordinate Porar to change DNS forward NA NA NA NA NA NA NA
8 Coordinate NOC to change DNS reverse NA NA NA NA NA NA NA
Cloud Operations & Service Level Agreement

Run - Operations
Performance Monitoring and alert
Run – Operations SLA

SLA (Service Level Agreement), which guarantees maximum network+compute+power uptime
Example: Local Provider #1
Example: Local Provider #2

Run – Operations Backup

Run – Operations Backup
4TB
3.8TB 1TB
0.8TB 0.2TB
0.8TB
3TB 3TB 3TB
Storage for Backup 10.2TB 4.2TB 4TB

Snapshot VS Backup
Day 1 Day 2
Snapshort Snapshort
Recovering
Day 1 Day 2
Backup Backup
Recovering
Backup
Run - Optimization
Cloud Strategies for Speed & Business value

How Cloud Technology Generates Business Value
Software, hardware Provide Enabling adoption of

& networking as a service new innovations
& ready to use
Data Analytics AI RPA
CAPEX
OPEX
Help to generate new

revenue streams
• High investment with facility, hardware • Reduce upfront investment • Easy adoption of new technologies
and software • Ready to use • Flexible and scalable support for business
• Takes months or years for growth
implementation
Saving Costs with as a Service Model

Not only the upfront investment reduces, but it also helps companies to align
resources with their business growth.
Traditional ICT Infrastructure
• Planning for long term capacity expansion
• Purchase hardware and equipment to support growth
• Big investment although starting with a small system
Year 1 Year 2 Year 3 Year 4 Year 5 Year 6
Treaditional Investment as a Service Model Business Growth

Complexity of Infrastructure Management
Facility Management
Network Management
Complex System Management
Application Vendor
SLA?
Bandwidth Management? internet
internet
internet
internet
internet
Operation cost
Complexity of Infrastructure Management
Facility Management
Network Management
System Management
Application Vendor
Cloud Connect
Simple
internet SLA
Security
Cloud Provider
Cloud Governance and Risk Management

Cloud Governance
a set of rules and policies adopted by companies that run services in the cloud. The
goal of cloud governance is to enhance data security, manage risk, and enable the
smooth operation of cloud systems.
Monitoring
Cost Optimization
Security & Compliance
Governance
Recommendations/
Auditing
Improvement
Operations review
Risk Management
Business Cases, Experience Sharing

Backup SLA
Test restore on Full backup on Sunday, and it took 5 hr.
Then committed user for RPO 24hr and RTO hr.
1. For Daily Backup if one job failed, mean we don’t

have backup on that day
Mon Tue Wed Thu Fri
2. Restoration time for incremental backup is

Full + Incremental restoration
Sun Mon Tue Web

in some case of strictly SLA we Clone VM to image as a 0.5 hr 0.5 hr 0.5 hr
template to create the system faster 5 hr
Migration with Exporting to External HDD

(Local Provider)
On-Prem
Thank you for joining PSTC Class Today

Cloud Training

Uploaded by

Copyright:

Available Formats

Cloud Training

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Training

Uploaded by

Copyright:

Available Formats

Norman Abungan / Engineer / ZTE Philippines Inc / (+63) 9454877114 / normanabungan@gmail.

Cloud Fundamental : Level 1

Mr. Poramet Ruangnoo (CEO & Co-Founder)

Data Center Skills:

Mr. Sarawut Sangtham (COO & Co-Founder)

Data Center Skills:

➢ Data Center Manager: NTT Global Datacenters / 6 Years

Mr. Thanawat Wiwatpanit (CTO & Co-Founder)

Cloud & Infrastructure Skills:

➢ Head of Cloud Services: NTT (Thailand) Ltd. / 4 Years

➢ Head of Sales and Channel Partners: SUPERNAP Thailand / 1 Years

➢ Head of IoT - Smart Property: Advanced Info Services Plc. / 1 Years

➢ Service Management Manager: Accenture / 5 Years

What Is Cloud Technology? & its history

What Is Cloud Technology? & its history

In 2007, Netflix launched its video streaming website

What Is Cloud Technology? & its history

1994 1996 1999 2000

Web Cloud Application VPS / Colo Vmware cloud

Hosting computing over Internet Service

Source: IDG Source: Gartner

Increasing demand for

How Does It Works?

Server, Storage, Rack

Traditional Physical Servers Cloud Servers

How Does It Works?

Physical Server Physical Server Physical Server Physical Server

Traditional Physical Servers Share Physical Servers/Separated Environment

How Does It Works?

Physical Server Physical Server

Share Physical Servers/Separated Environment Virtual Machine/Server Virtualization

How Does It Works?

Where is data stored in cloud?

Virtual Machine/Server Virtualization

Where is data stored in cloud?

Where is data stored in cloud?

Where is data stored in cloud?

Where is data stored in cloud (Thailand) ?

Cloud Computing Concepts

Cloud Computing Concepts

These resources include things like data

Cloud Computing Concepts

2. Stability: More convenient to implement HA system

3. Scalability: Increase resource with minimize impact to system / investment

4. Low complexity: Manage in Virtualization view and less touching on

6. Mobility: Access anytime, anywhere, any devices

• Run multiple operating systems and applications on a single computer.

Increasing more productivity

Server#1 Server#2 Server#3 Consolidate to 1 Server

Traditional Physical Servers Consolidate and Virtualization

Software define anything

WAF Load Balancer

Physical Managed, Many Skill required Remote Managed via SD-X

Cloud Computing Models

IaaS – Infrastructure as a Service

PaaS – Platform as a Service

SaaS – Software as a Service

Infrastructure as a Service, contains the basic building blocks for cloud

Suitable for Lift and Shift Cloud Migration?

Google Cloud VM VMwareVM