Whether you’re running a simple website, a mobile app, or a suite of business applications, DNS is a fundamental part of any architecture in the cloud. In this mid-level architecture session, we’ll cover everything you need to get started with Amazon Route 53, AWS’s highly-available DNS service. You’ll learn how to use public DNS, including routing techniques such as weighted round-robin, latency-based routing, and geo DNS; how to configure DNS failover using health checks; how and when to use private DNS within your Virtual Private Cloud (VPC); and how Amazon Route 53 interacts with Amazon EC2’s DNS for instance naming and DNS resolution across your network.
We will conclude the session with a real-world migration example. Warner Bros. Entertainment recently completed a full DNS migration to Route 53. Vahram Sukyas, Vice President, Application Infrastructure & Operations at Warner Bros. Entertainment, will share details on his team's architecture, migration strategy, and lessons learned which are useful for enterprises and startups alike.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
AWS' philosophy and recommended best practices for building microservices applications, how AWS services like Lambda and API gateway benefit developers building microservices apps, and how customers are using these two and other AWS services to deliver their microservices apps
AWS Summit Seoul 2023 | 데이터, 분석 및 AI를 통합하는 단 하나의 레이크하우스, Databricks on AWS 로 ...Amazon Web Services Korea
데이터브릭스의 레이크하우스 플랫폼을 이용하여 비용을 절감하고 협업을 촉진하며 혁신을 가속화할 수 있는 방법을 설명드립니다. 데이터브릭스의 레이크하우스 플랫폼은 데이터 레이크와 데이터 웨어하우스의 장점을 통합하여 다양한 데이터 분석과 AI 워크로드를 단일 플랫폼에서 수행할 수 있는 클라우드 데이터 플랫폼입니다. 오픈소스와 오픈포맷으로 구성된 레이크하우스 플랫폼을 통하여 AWS의 데이터 및 AI 서비스들과 유기적으로 연계하여 고객 맞춤형 데이터 플랫폼으로 쉽게 확장할 수 있는 방법을 소개합니다.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail.
We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."
AWS' philosophy and recommended best practices for building microservices applications, how AWS services like Lambda and API gateway benefit developers building microservices apps, and how customers are using these two and other AWS services to deliver their microservices apps
AWS Summit Seoul 2023 | 데이터, 분석 및 AI를 통합하는 단 하나의 레이크하우스, Databricks on AWS 로 ...Amazon Web Services Korea
데이터브릭스의 레이크하우스 플랫폼을 이용하여 비용을 절감하고 협업을 촉진하며 혁신을 가속화할 수 있는 방법을 설명드립니다. 데이터브릭스의 레이크하우스 플랫폼은 데이터 레이크와 데이터 웨어하우스의 장점을 통합하여 다양한 데이터 분석과 AI 워크로드를 단일 플랫폼에서 수행할 수 있는 클라우드 데이터 플랫폼입니다. 오픈소스와 오픈포맷으로 구성된 레이크하우스 플랫폼을 통하여 AWS의 데이터 및 AI 서비스들과 유기적으로 연계하여 고객 맞춤형 데이터 플랫폼으로 쉽게 확장할 수 있는 방법을 소개합니다.
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, learn about the considerations, limitations, and security patterns of building a multi-account strategy. Get insight into topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. Finally, see an enterprise-ready landing zone framework and the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
The unique global cloud infrastructure offered by AWS helps customers build reliable, available, secure, scalable, and fault-tolerant applications. AWS has more experience operating global cloud infrastructures that enables customers run business critical workloads in the public cloud than anyone else. In this session, learn how AWS is continuously enhancing and expanding the AWS global infrastructure through more Regions and Availability Zones, custom hardware, purpose-built global network backbone, and innovative energy management systems to deliver to our customers lower latency, greater reliability, greater scalability, and operational efficiencies.
This talk will be a 2-300 level discussion on Serverless Architectures on AWS. We’ll first explore the Serverless ecosystem on AWS, looking at some particular use cases for Serverless. Looking through the lens of AWS customers, we’ll look at the typical Serverless journey, as well some of the key emerging patterns and benefits of Serverless Architectures. We’ll also touch some of the key challenges in a distributed environment and some potential solutions and tools that customers might want to consider.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
한국의 클라우드 정책은 국가 기업, 공공기관 및 개인 사용자를 위해 미래지향적이고 효율적인 클라우드 서비스 제공을 목적으로, 최근에는 국가 레벨에서 클라우드 전략을 강화하고 있으며, 국내 클라우드 산업의 발전과 제품의 경쟁력 향상을 위한 정책이 제시되고 있습니다.
클라우드 정책의 어제와 오늘을 살펴보고, 소프트웨어산업협회, 법무법인 율촌, 행정 학회 등의 산학연 전문가와 함께 클라우드 정책의 나아갈 방향에 대해 토론합니다.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
Come learn what's new with Amazon CloudWatch, and watch as we leverage new capabilities to better monitor our systems and resources. We also walk you through the journey that BBC took in monitoring its custom off-cloud infrastructure alongside its AWS cloud resources.
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...Amazon Web Services
DNS management and consistent naming across multiple VPCs and multiple accounts can often be a challenge. In this session, we implement a solution that provides a unified namespace across on-premises and AWS environments. Bring your laptop.
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...Amazon Web Services Korea
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자!
신은수 솔루션즈 아키텍트, AWS
IAM 서비스는 AWS 에서 계정을 생성하고 서비스를 사용하고 위해서는 반드시 사용하여야 하는 서비스 중에 하나입니다. 본 세션에서는 IAM에서 기본적으로 제공하는 기능의 구조와 동작 원리, 각 IAM 정책(Policy) 별 상호 관계 등에 대해 이해함으로써 보다 단순화되고 관리가 편한 IAM 정책을 작성하고 실무에 적용할 수 있는 방법 등에 대해 살펴보고자 합니다.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
by Kashif Imran, Sr. Solutions Architect, AWS
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Amazon Web Services
This session provides attendees with approaches to their VPC, including creating and protecting subnets, routing, performing VPC peering, and leveraging the latest features in Amazon VPC. Additionally, we'll discuss Amazon Route 53 for delivering traffic.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Amazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, learn about the considerations, limitations, and security patterns of building a multi-account strategy. Get insight into topics such as thought pattern, identity federation, cross-account roles, consolidated logging, and account governance. Finally, see an enterprise-ready landing zone framework and the background needed to implement an AWS Landing Zone using AWS Control Tower and AWS Organizations.
The unique global cloud infrastructure offered by AWS helps customers build reliable, available, secure, scalable, and fault-tolerant applications. AWS has more experience operating global cloud infrastructures that enables customers run business critical workloads in the public cloud than anyone else. In this session, learn how AWS is continuously enhancing and expanding the AWS global infrastructure through more Regions and Availability Zones, custom hardware, purpose-built global network backbone, and innovative energy management systems to deliver to our customers lower latency, greater reliability, greater scalability, and operational efficiencies.
This talk will be a 2-300 level discussion on Serverless Architectures on AWS. We’ll first explore the Serverless ecosystem on AWS, looking at some particular use cases for Serverless. Looking through the lens of AWS customers, we’ll look at the typical Serverless journey, as well some of the key emerging patterns and benefits of Serverless Architectures. We’ll also touch some of the key challenges in a distributed environment and some potential solutions and tools that customers might want to consider.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
한국의 클라우드 정책은 국가 기업, 공공기관 및 개인 사용자를 위해 미래지향적이고 효율적인 클라우드 서비스 제공을 목적으로, 최근에는 국가 레벨에서 클라우드 전략을 강화하고 있으며, 국내 클라우드 산업의 발전과 제품의 경쟁력 향상을 위한 정책이 제시되고 있습니다.
클라우드 정책의 어제와 오늘을 살펴보고, 소프트웨어산업협회, 법무법인 율촌, 행정 학회 등의 산학연 전문가와 함께 클라우드 정책의 나아갈 방향에 대해 토론합니다.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Amazon Web Services
Come learn what's new with Amazon CloudWatch, and watch as we leverage new capabilities to better monitor our systems and resources. We also walk you through the journey that BBC took in monitoring its custom off-cloud infrastructure alongside its AWS cloud resources.
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...Amazon Web Services
DNS management and consistent naming across multiple VPCs and multiple accounts can often be a challenge. In this session, we implement a solution that provides a unified namespace across on-premises and AWS environments. Bring your laptop.
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...Amazon Web Services Korea
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자!
신은수 솔루션즈 아키텍트, AWS
IAM 서비스는 AWS 에서 계정을 생성하고 서비스를 사용하고 위해서는 반드시 사용하여야 하는 서비스 중에 하나입니다. 본 세션에서는 IAM에서 기본적으로 제공하는 기능의 구조와 동작 원리, 각 IAM 정책(Policy) 별 상호 관계 등에 대해 이해함으로써 보다 단순화되고 관리가 편한 IAM 정책을 작성하고 실무에 적용할 수 있는 방법 등에 대해 살펴보고자 합니다.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
The AWS Landing Zone solution provides a consolidated collection of AWS best practices, prescriptive guidance, and templates for automatically configuring and securing AWS multi-accounts, networks, and core services. In this workshop, you will learn the Landing Zone solution design. With your laptop, you will go through demonstrations of AWS Landing Zone deployment, automated new account creation using the built-in account vending machine, and Landing Zone customization for additional services. You will leave the workshop with an understanding of the AWS Landing Zone solution mechanisms, CI/CD deployment pipeline, and Landing Zone extension methods. This workshop is intended for architects, IT administrators, and engineers of consulting and technology partners as well as customers who will design, deploy, extend, or operate AWS Landing Zones. We encourage you to attend the full AWS Landing Zone track including SEC303; search for #awslandingzone in the session catalog.
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
As you continue to grow your footprint on AWS, centralized tools and features are required to help govern multiple AWS accounts for account management, security and access control, and resource sharing. This session discusses how you can use AWS Organizations to manage and govern multi-account environments on AWS with security and compliance in mind. This session covers AWS Organizations, IAM, AWS Config, AWS Firewall Manager, CloudTrail, CloudWatch Events, Directory Service, License Manager, Resource Access Manager, and Single Sign-On.
by Kashif Imran, Sr. Solutions Architect, AWS
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Amazon Web Services
This session provides attendees with approaches to their VPC, including creating and protecting subnets, routing, performing VPC peering, and leveraging the latest features in Amazon VPC. Additionally, we'll discuss Amazon Route 53 for delivering traffic.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
In this presentation, created for a webinar recorded on 4/26/2012, we demo'd Amazon Route 53's new Latency Based Routing (LBR) feature. LBR is one of Amazon Route 53’s most requested features and helps improve your application’s performance for a global audience. LBR works by routing your customers to the AWS endpoint (e.g. EC2 instances, Elastic IPs or ELBs) that provides the fastest experience based on actual performance measurements of the different AWS regions where your application is running.
(SDD408) Amazon Route 53 Deep Dive: Delivering Resiliency, Minimizing Latency...Amazon Web Services
Learn how to utilize Amazon Route 53 latency-based routing, weighted round-robin, and other features in conjunction with DNS failover to direct traffic to the least latent, most available endpoints across a global infrastructure. We explore topics such as balancing traffic between endpoints in terms of load and latency, and discuss how to provide multi-record answers to improve client-side resiliency. As part of this session, Loggly will present how they utilize Route 53 for their traffic management needs.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
Question 1 Refer to the graphic above to answer the following .docxIRESH3
Question 1
Refer to the graphic above to answer the following question.
You are the administrator of the westsim.private domain. The data for the westsim.private zone is stored in Active Directory. You have just opened a branch office in Phoenix. The branch office is connected to the main offices with a slow WAN link. The WAN link is unreliable and is sometimes down for 3 days at a time. You plan on replacing the connection in the future, but for now the link will have to be used.
You configure a secondary zone for westsim.private at the Phoenix location accepting the default configuration. The SOA record for the zone is shown in the graphic above. What change should you make to prevent name resolution problems at the Phoenix location?
Answer
Increase the Refresh interval to 3 days.
Decrease the Refresh interval value to 10 minutes.
Increase the Expires after value to 4 days.
Increase the Retry interval to 1 day.
1 points
Question 2
You are the network manager for the westsim.private domain. You are in the process of transitioning from IPv4 to IPv6 on your internal network.
You want to configure DNS to provide hostname-to-IPv6 address and IPv6 address-to-hostname resolution for a specific IPv6-only host. Which record types would you create? (Select two.)
Answer
SRV
AAAA
A
CNAME
NS
PTR
1 points
Question 3
You are the network administrator for your company's network. Your network consists of 8 Windows 2008 Server computers, 500 Windows XP Professional computers, and 5 UNIX servers. One of your Windows 2008 Server computers is your DNS server. The DNS zone is configured as an Active Directory-integrated zone. The DNS zone is also configured to allow dynamic updates. Users report that although they can access the Windows XP computers by host name, but they cannot access the UNIX servers by host name. What should you do?
Answer
Manually enter A (host) records for the UNIX servers in the zone database.
On the DNS server, manually create a HOSTS file that contains the records for the UNIX servers.
Configure a UNIX computer to be a DNS server in a secondary zone.
Manually add the UNIX servers to the Windows domain.
1 points
Question 4
You are configuring the network for a new company with two sites: the main office is in Denver, and a branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2008. All servers will be members of an Active Directory domain. The main office uses the domain of corp.westsim.com. All domain members are currently located only in the Denver location. The branch office uses the domain of research.corp.westsim.com. All domain members are located only in the Phoenix location. The following servers are in each location (Location, Server, Role):
Denver, srv1.corp.westsim.com, Domain controller DNS server
Denver, srv2.corp.westsim.com, Domain controller DNS server
Denver, srv3.corp.westsim.com, Domain controller ...
We browse the Internet. We host our applications on a server or a cloud that is hooked up with a nice domain name. That’s all there is to know about DNS, right? This talk is a refresher about how DNS works. How we can use it and how it can affect availability of our applications. How we can use it as a means of configuring our application components. How this old geezer protocol is a resilient, distributed system that is used by every Internet user in the world. How we can use it for things that it wasn’t built for. Come join me on this journey through the innards of the web!
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
2. What to expect from the session
• What is DNS? (in under 5 minutes)
• Step-by-step: setting up DNS for a basic web application
• Improving availability and performance with advanced
DNS features
• Strategies for migrating multiple domains to Amazon
Route 53
• Real-world migration example: Warner Bros.
Entertainment
4. What is DNS? (in under 5 minutes)
Your web server
5. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
6. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
www.example.com
7. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
8. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
9. What is DNS? (in under 5 minutes)
http://www.example.com
Your web server
IP address: 1.2.3.4
10. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Your web server
IP address: 1.2.3.4
www.example.com?
11. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Your web server
IP address: 1.2.3.4
www.example.com?
www.example.com?
12. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .com
www.example.com?
13. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .com
www.example.com?
www.example.com?
14. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
15. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
16. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
A: Your domain name registrar updates
this info on your behalf
17. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
www.example.com?
18. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
19. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
20. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
A: You’ve created a hosted zone for
example.com in Route 53
21. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
I found an answer!
www.example.com is at the
IP address 1.2.3.4
22. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
23. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
Success!
24. What is DNS? Advantages of managed DNS
• Worldwide anycast network with redundant locations
• 100% availability SLA
• Advanced routing: LBR, Geo, WRR, Failover
• AWS integrations: Alias
• Manage via API, CLI, SDKs, AWS tools, third-party tools
26. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
27. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Name server for
example.com
Root name server
Register a domain name
28. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Name server for
example.com
Register a domain name
Create a hosted zone
29. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Register a domain name
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
30. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Your web server
Name server for
example.com
Root name server
Name server for .com
“Delegate” to Route 53
Register a domain name
Create a hosted zone
Create DNS records in your hosted
zone
31. Step by step: domain name registration
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Register a domain name
32. Step by step: domain name registration
You can do it in Route 53
You can do it elsewhere (another registrar)
We’ll show both:
• New domain name in Route 53
• Existing domain name in another registrar
33. Step by step: domain name registration
Steps to register domain name in Route 53
Console screenshots
37. Step by step: domain name registration
If you’ve already registered a domain name using another
registrar:
• We’ll create a hosted zone in Route 53 and create
records in the hosted zone
• Then we’ll come back to your registrar to update name
servers to point to your Route 53 hosted zone
38. Domain Name: example.com
Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
39. Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
40. Step by step: create a hosted zone
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
41. Step by step: create a hosted zone
If you registered a new domain name in Route 53, we’ve
created a hosted zone for you.
Here’s how to find it in the console.
52. Step by step: point records at your server
Root domain (example.com) vs. subdomain
(www.example.com)
Wildcard record – will respond to any unmatched subdomains
Let’s create records for example.com and www.example.com
and point them both at your web server
60. Step by step: point records at your server
AWS resources you can create alias records for:
• Elastic Load Balancing
• AWS Elastic Beanstalk
• Amazon CloudFront*
• Amazon S3 website*
* DNS name must exactly match CloudFront alternate domain name or
S3 bucket name
61. Step by step: create more records
MX record: for your email service
TXT records for email validation, web analytics, certificates
62. Step by step: delegate to the hosted zone
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Delegate to Route 53
64. Step by step: delegate to the hosted zone
This set of four name servers is called a delegation set.
For example:
• ns-1949.awsdns-51.co.uk
• ns-592.awsdns-09.net
• ns-317.awsdns-39.com
• ns-1158.awsdns-16.org
66. Step by step: delegate to the hosted zone
If your domain name is with another registrar, here’s how to
delegate to Route 53
67. Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
68. Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns-1949.awsdns-51.co.uk
ns-592.awsdns-09.net
ns-317.awsdns-39.com
ns-1158.awsdns-16.org
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
69. Step by step: delegate to the hosted zone
When you migrate between DNS providers for an existing
domain, the change can take up to 48 hours to become
fully effective.
Why? Name server DNS records are typically cached
across the global DNS system for up to 48 hours.
70. Step by step: recap
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Delegation: name servers for
example.com
Domain name: example.com
Hosted zone: example.com
DNS record:
www.example.com A 1.2.3.4
71. Step by step: recap
Let’s trace a request from client to TLD to authority (r53) to
web server
73. Step by step: recap
[ec2-user@10.0.1.3]$ dig example.com
74. Step by step: recap
[ec2-user@10.0.1.3]$ dig example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47523
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 60 IN A 175.41.145.117
;; Query time: 80 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Fri Nov 11 01:48:40 2016
;; MSG SIZE rcvd: 51
75. Step by step: recap
[ec2-user@10.0.1.3$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
76. Step by step: recap
[ec2-user@10.0.1.3$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
77. Step by step: recap
[ec2-user@10.0.1.3$ dig example.com +trace
78. Step by step: recap
[ec2-user@10.0.1.3$ dig example.com +trace
. 518400 IN NS B.ROOT-SERVERS.com.
...
;; Received 508 bytes from 172.31.0.2#53(172.31.0.2) in 6 ms
com. 172800 IN NS a.gtld-servers.com.
...
;; Received 492 bytes from 199.7.83.42#53(199.7.83.42) in 29 ms
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-1456.awsdns-54.org.
;; Received 203 bytes from 192.55.83.30#53(192.55.83.30) in 266 ms
example.com. 60 IN A 175.41.145.117
example.com. 172800 IN NS ns-1456.awsdns-54.org.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
;; Received 187 bytes from 205.251.197.176#53(205.251.197.176) in 25 ms
79. Getting a bit more advanced
• Private DNS in VPC
• Health checks and failover
• Multi-region scenarios: Geo and LBR
• Traffic flow
89. Overview
• About Warner Bros.
• Warner Bros. & AWS
• DNS setup before Route 53
• The road to Route 53
• Our results
• Next steps
90. About Warner Bros.
• A global leader in the creation, production, distribution,
licensing, and marketing of all forms of entertainment:
• Movies
• TV shows
• Games
• Huge portfolio of websites and internal applications
• Thousands of domains
91. Warner Bros. & AWS
• Multiple active projects to move applications – and even
entire data centers – to AWS
• Primary drivers for moving to AWS
• Application isolation – 150+ Accounts!
• Billing clarity
• Security
• Agility
• Long history of applications running on AWS (TMZ.com,
DramaFever, Turbine, and more!)
92. DNS setup before Route 53
• On-premises solution
• Bind9
• No self-service
• Poor fault tolerance
• Poor geographic distribution = poor international DNS lookup
times
• 25,000+ domains
• Some zones have over 10,000 records
• DNS without an API is misery
93. The road to Route 53
Problems to solve:
• Domain registration process
• Devise a scheme for reusable (and WB branded!)
delegation sets
• Find a way to import (and validate) thousands of zones
• IAM and delegating access to specific zones
• Several Route 53 default limits needed to be raised…
95. The road to Route 53
• Upper limit on a delegation set is 2,000
• …which means we need to migrate zones in chunks of
2,000 domains
• Our goal was to migrate 2-3 batches a week
• Write a tool to validate entire zones in Route 53 vs. Bind
• Write a tool to easily setup new domains
• Lower TTLs
• Find a tool to handle the migration: cli53 (with some
custom patches)
98. Our results
• Migrated 25,000+ zones in < 6 weeks
• Upfront investment in automation resulted in a smooth,
error-free migration
• Ability to self-serve on zones
• Greatly reduced risk of DDoS attacks taking down DNS
• Increased performance!
99. Our results – DNS performance (before)
Latency in ms.
100. Our results – DNS performance (after)
Latency in ms.
102. Next steps
• Enable full self-service at the individual record level
• Leverage Route 53 advanced traffic policies
• Leverage Route 53 health checks
• Cleanup “legacy” (invalid) records
105. Amazon Route 53 survey
Give us your feedback about Route 53’s features and
usability at http://amzn.to/Route53_200
Meet the Route 53 team and get Route 53 swag at the
Networking, Content Delivery, & Media Solutions booth.
106. Related Sessions
NET201 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
NET401 Another Day, Another Billion Packets
NET305 Extending Datacenters to the Cloud: Connectivity Options and Considerations for
Hybrid Environments
NET302 Global Traffic Management with Amazon Route 53 Traffic Flow
NET304 Moving Mountains: Netflix's Migration into VPC
NET402 Deep Dive: AWS Direct Connect and VPNs
NET403 Elastic Load Balancing Deep Dive and Best Practices
NET203 From EC2 to ECS: How Capital One uses Application Load Balancer Features to
Serve Traffic at Scale
NET303 NextGen Networking: New Capabilities for Amazon’s Virtual Private Cloud