401d8 read17 - carlosjorr/reading-notes GitHub Wiki

Cloud Network Security

What are some of the key features of the VPC model?

a. Isolation and Security: VPC offers isolation from other networks in the cloud, providing enhanced security and privacy for the resources deployed within it. Administrators have control over network access through security groups and network ACLs.

b. Private IP Addressing: Each resource within a VPC is assigned a private IP address from the VPC's defined IP address range. This allows communication among resources within the VPC using private IP addresses.

c. Subnets: A VPC can be divided into multiple subnets, which are segments of the IP address range. Subnets enable further network segregation and allow resources to be deployed in different availability zones for high availability and fault tolerance.

d. Internet Gateway: To connect the VPC to the internet, an Internet Gateway can be attached, enabling resources within the VPC to access the internet and receive inbound traffic from the internet.

e. Virtual Private Gateway (VPN Connection): VPC can be connected to an on-premises data center or another remote network using a VPN connection, establishing a secure and encrypted communication channel.

What are the three tiers that comprise the three-tier architecture model?

a. Presentation Tier (Frontend): This tier represents the user interface or the client-facing part of the application. It is responsible for presenting data to users, gathering input, and forwarding requests to the application's logic tier. Common components in this tier include web browsers, mobile apps, and user interfaces.

b. Application Tier (Middleware): Also known as the logic tier, this layer contains the application's business logic and performs the processing and manipulation of data. It handles user requests from the presentation tier, processes them, interacts with databases or other external systems, and prepares responses to be sent back to the presentation tier. Common components in this tier include application servers, API endpoints, and business logic components.

c. Data Tier (Backend): The data tier is responsible for storing and managing data used by the application. It includes databases, file systems, and other data storage mechanisms. The application tier interacts with the data tier to read and write data as needed.

Describe the differences between a VPC and a VPN to someone you know from your previous job.

VPC (Virtual Private Cloud):

Imagine a VPC as a private estate with a fence surrounding it. Within this estate, you have your own houses and facilities. Nobody from outside the estate can enter without permission, and the estate's inhabitants can freely communicate and interact with each other. The estate represents a logically isolated virtual network within a public cloud, and the fence symbolizes the network isolation and security.

VPN (Virtual Private Network):

Now, think of a VPN as a secure tunnel connecting two separate houses located in different cities. The tunnel allows the people inside the houses to exchange secret messages and have private conversations, even though they are far apart. The VPN establishes a secure and encrypted connection between two separate networks, like an on-premises data center and a cloud-based VPC, allowing them to communicate securely over the internet.

In summary, VPC is a private virtual network within a public cloud, providing network isolation and security for cloud resources. VPN is a secure tunnel connecting two separate networks, allowing them to communicate securely over the internet.