CompTIA Cloud+ CV0-003 – Domain 3.0 Maintenance

  1. Patching Methodologies

methodology to patching. Let’s go ahead and discuss ways to manage your virtual machines in the cloud. Now, this is specifically focused on infrastructure as a service because, essentially, with Pass and SAS, you likely won’t be managing any virtual machines in most cases; however, that is not always the case, but generally what you would see as possible. Some passes allow you to configure some virtual machine capabilities per se, but in general, this is really focused on infrastructure as a service. When you’re maintaining your cloud environment, be aware that you’ll need to address specific areas such as hypervisors, VMs, and virtual appliances, the network, storage clusters, operating systems, and applications.

If you use Google App Engine, for example, you may have more flexibility in how you manage these areas than you would on other platforms as a service. When we talk about infrastructure as a service, for example, you want to be aware that with the Google Cloud Platform, you have a lot of flexibility as well. Amazon is another option. So you’ll need to understand what areas of your cloud service you can maintain in the first place. When it comes to cloud patching, generally you’ll need to address applications, code, runtime, and APIs.

When it comes to SAS, generally the cloud provider is going to handle everything, and you as a consumer don’t really need to do a whole lot with the exception of perhaps looking at APIs and updating those on your front end. With AWS, there is a tool that is specifically used with EC2, and it is called EC2 Systems Manager. This can be used on the AWS platform for rolling out patches to your hybrid cloud. Remember that hybrid cloud refers to having your own infrastructure connected to Amazon. And, of course, there are some limitations to this. So you’ll want to make sure that you understand the requirements. when you’re working with your virtual machines. It does support baselines.

Now remember, “baselining” is important because that’s going to give you, basically, as the name suggests, a baseline. In other words, it’s going to be a starting point for your virtual machine environment. It also supports compliance requirements when it comes to patching methodologies. In most development environments, you’ll find very strict procedures and methods. Remember that when it comes to patching, you want to handle it in a way that addresses the specific environment. So for example, in production, development, or QA, there will typically be at least a couple of minor differences in how patches are rolled out and approved in those environments. Once again, production will be much more stringent than development. We’ll talk about rolling updates, blue-and-green deployments, as well as cluster failover. When it comes to patching, be aware that there should be some SOPs that you may want to address in your environment inventory of your VMs and apps. So one of the first things you really need to do is understand the machines that you have and the applications that you have.

So, for example, if you have this specific version of Linux with this specific version of databases or applications, you need to identify those because each of those will need to be patched in a different manner. Typically, you want to patch the correct instance at the proper time and determine any change management approvals. And then there are also some pretty solid utilities out there, like Alatiris. And then we also talked about ECT Systems earlier. In software development, a rolling update is used to update software with continuous delivery. This means the uptime of the instance should not be affected by continuous upgrades and rolling releases. These are also terms by which this may be known as.As well, a “blue-green” deployment is a technique that should reduce time and risk by running two identical production environments called blue and green. For example, in one zone you’ll have an instance, and then in another zone you’ll have another instance of the same production environment. As a result, when you deploy a patch over here, let’s say on the left here for those who may not see it very well, this service is really essentially backing up this other service in case there’s any kind of issue with those patches. This is a very solid change management strategy that’s widely used in high-end production environments. It provides full redundancy as well as a lower risk, but of course, it also substantially increases the cost substantially.

When it comes to blue-green deployments in AWS, you can certainly use this model. As a matter of fact, AWS supports us pretty robustly in most cases. Once again, a lot of the capabilities in AWS may be limited to specific zones and regions. So you’ll need to identify where you are. For example, in the US, it won’t be much of an issue, but perhaps if you’re in Asia or South America, there may be some limitations, so you’ll want to identify those for your specific resources. EC2 load balancing and auto scaling, Route 53, and EBS are some of the services you can use. And remember, for the exam you don’t need to know just to go back here. You don’t really need to know this for this exam. Remember, for Cloud Plus, you don’t need to know anything specific about AWS. I’m just using this as an example so you can correlate this to what can be done in the cloud. For example, when it comes to failover clusters, this is a group of servers and nodes that work together to maintain high availability of applications and services.

If one of these nodes fails, another node in the cluster can take over its workload and therefore have no downtime. Remember, too, that typically a failover provides several functions, not just high availability but also continuous operations as well. It can also provide performance benefits as well. In a lot of cases, dependencies When it comes to dependencies, be aware that each of these patches, hot fixes, or upgrades that you may be ruling out can have dependencies. Review those dependencies and understand what the priorities are. For example, if you’re running specific versions of Python or PHP, you need to identify the dependencies for each of those languages. Do you need to have a specific operating system or a specific development environment? Rolling updates are used in software development to update software. And let’s talk about a test tip. Understand what a “blue-green” deployment is and why it’s important. Generally, this is a technique that reduces downtime and risk by running two identical production environments called blue and green. For this exam, make sure you know this. Be aware of this.

  1. Patching Virtual Machines

Patching Virtual Machines When it comes to managing your infrastructure as a service, this is an area to consider, especially if you have a private cloud. You’ll probably need to concentrate a little more than you would if you were using other services. But when it comes to maintaining your infrastructure as a service, once again, we spoke about this in the previous slide deck as well. You’ll need to look at the different areas you need to address, which could be hypervisors for the virtual appliances, specific network and storage requirements, et cetera.

Now, when it comes to virtual machines, there are a couple of things that you want to address before you do any kind of patching. Of course, the first step is to identify risk management procedures. You may need to follow change management procedures and policies. In most cases, you’ll want to upgrade your virtual machines using templates and automation. Be aware that each of the service providers has tools that can help you with this. Of course. For example, ECT systems manager Alternatively, you could use Google Cloud. And you could use Deployment Manager over there. When it comes to virtual machines, you want to be aware that these are hosted in the cloud. In contrast to a private cloud, where you have complete control over your resources, infrastructure as a service is typically hosted in your environment. So therefore, you may have some specific routines and policies to look at. Be aware that there are also standard operating procedures when it comes to identifying your OS provider’s requirements. Here’s an example of Microsoft. They use critical, important, moderate, and low. You want to identify what the patch level is for that specific application or that specific operating system. Once again, if it’s a low priority, like, for example, “low,” being that there’s no real security vulnerability and it’s more of a feature or functionality issue, then you may not have to work the weekend to deal with it.

So identify what is important. On this exam, You should be aware of these four possible breakdowns. Once again, ECT has an ECT systems manager that supports baselining and setting compliance requirements as well. Take some time to take a look at AWS Systems Manager and see if that makes sense. Especially if you use AWS. You are likely familiar with this. Here’s an example of the patching dashboard. What’s really nice about this is that after you add the VMs, for example, to your System Manager services, you could pick and choose and correlate specific actions like updating or turning off and on whatever and basically roll out patches based on templates and services as well. Ectvms allows you to manage those as a group. And this again could create some of what I would call “efficiencies” in your management as well. When it comes to AWS patching, what AWS has done is identify a fair number of routine updates and incorporate those patching requirements already into the environment, essentially so that you don’t have to go download a lot of these.

Microsoft patches, for example, can be automatically applied to the environment. Once again, use Patching Manager to enable this. When it comes to AWS patching, here are some SOPs you may want to look at: Once again, you don’t need to know this for the exam. I’m just going through this part of AWS to give you an idea of the typical structure that a cloud provider uses for patching. First of all, you want to determine if your VMs are managed or not. Determine if you’re going to use the patch manager, GUI, or CLI. Again, most cloud providers have utilities that can be accessed via the GUI or the CLI. Whatever makes sense Now, there’s going to be some cases where, if you need to do specific routines or customizations or you want to run scripts, you may have to use a CLI. Identify what you can and cannot do, of course, before determining if you have the right SDK kit. You want to establish a baseline, apatch group, and a maintenance window. Now, what’s good about AWS patching processes with ECT, for example, is that you could go ahead and set the baseline, add those VMs to the group, and also set the maintenance window.

And automatically, it’ll update those patches based on the policies you create. So if you want to go ahead and take all patches for Windows machines that are running, I don’t know, let’s say, SQL and put them in a patch group, you could then go ahead and create a maintenance window for Saturday evening at 11:00 p.m. and it’ll kick those off automatically. And then, of course, you could tie in monitoring and management of that as well. After that, you could scan the APT test and validate. Remember what a failover cluster is? We talked about this in the previous module. I’m reiterating this because you will likely see it again. Remember that a failover cluster is a collection of servers and nodes that collaborate to ensure the high availability of applications and services. When you’re patching VMs, it’s important to understand that you need to apply several factors and make sure you know what those several factors are. Good. Return to the material that makes, you know, but for example, change management, risk management, and so on.

  1. Maintenance Automation

automation and workflows when it comes to deploying resources in the cloud. Once again, it’s important to understand the difference between automation and orchestration. Remember that automation is a single task that does not require human intervention. Orchestration is the arranging of those automated tasks in an order that will typically deploy a workflow essentially. Provisioning, big data services, monitoring, automated messaging, and end-to-end workflows are some of the use cases that could benefit from automation and orchestration.

For example. When it comes to workflows, essentially understand that workflows are used to create an automated and orchestrated sequence of services, initiation processes, et cetera. The goal of a workflow is to be able to take a set of automated and orchestrated tasks and make them work together to essentially flow in a specific order essentially. And over here in the picture, you can see that this is a step-by-step process. An example of that is AWS Simple Workflow, which will help enable this. In AWS, a “run book” is a compilation of standard operating procedures that the system administrator or operator carries out. You’ll probably want to know what a run book is now that you’re on the exam. Just be aware of that. It is also used as a reference in the baseline. When it comes to Microsoft Azure, they have a nice feature that allows you to automate these run books. In Azure, in what’s called automation management, you create a new run book. You could also use PowerShell as well.

You don’t need to know this for the test. I’m just giving you a quick example. When it comes to updates, just be aware that there are different types of updates. Be aware of what you’re updating because some of these may simply be a hot fix. Being that a hot fix is going to typically address a specific vendor-initiated issue, or, I should say, a customer-initiated issue in a lot of cases, For example, let’s say the machine is panicking for some reason. It’s because of some machine code that’s causing it. Maybe there’s a patch that has to be updated, so a hot fix is meant to correct those errors. A patch is usually released in a specific mythology.

Typically, it’s not. A hot fix is something that’s created as sort of an impromptu resolution, whereas a patch is going to be more symbolic. As a term, I suppose quarterly, annual, or whatever version updates should be used. For example, you’ll be upgrading from version seven to version seven two. A rollback happens when you, for example, update something and that update doesn’t work as expected. Be aware of what a rollback is as well. When it comes to automation activities, you’re generally going to want to automate snapshots,  cloning, and patching, as well as probably your restarts and shutdowns as well. Alerting. These are just some areas that you create activities for in your workflows to address in your environment. In AWS, for example, they call them what’s called an “operational checklist” or a “best practice.” They are referred to as a launch checklist by Google Cloud Platform. Depending on the use case, Azure refers to them as a checklist.

Workflows are called different names by different cloud providers. So what I’d like to emphasise is that you make sure that because each of you will be using a different cloud service, possibly two. Again, most folks will likely be using AWS, and then probably Azure or GCP after that. Just from a market share perspective, I don’t know again what each of you is using, but just as an example, understand what your provider calls these best practises, workflow procedures, SOPs, and so on. Let’s talk about a test tip. So the two things I just want to make sure you get from this module are that you understand the difference between automation and orchestration. Remember, automation is basically where you’re going to create a specific task that is going to be implemented without human interaction. whereas orchestration is essentially a bunch of automated tasks that are going to be used in a specific manner. A runbook, and this is again a run book, is what is going to be used to deploy in specific cases for standard operating procedures to follow instructions, whatever that purpose is for.

  1. Updating your Resources

updating your resources. Let’s talk about updates to resources and what you need to know for this exam. When it comes to updates, be aware that there are several types of updates. We talked briefly about what these were in the previous module. Let’s go ahead and discuss these in more detail. Now, from a definition standpoint, a “hot fix” is a single cumulative package that includes data that is used to address a problem in a software product. This is also known as a “quick fix,” and usually these are rolled out to address specific customer issues. When it comes to patches, they are a software record of changes made to a set of resources. Remember, patches are typically used to address new features and fix minor issues. In general, there may be major issues. But in general, if it’s too major, then usually you’ll see a major update instead of a patch and then a version update. This is where features will be updated. There are two types. You have a major update and a minor update. Now, typically, a version update is exactly what it sounds like. where you go from, let’s say, twelve one-two to twelve two-one, whatever that life cycle that has been set by the vendor is. Generally, that update is for a specific reason. Then we have what’s called a rollback.

Now, a rollback occurs when a software update,  fix, or patch doesn’t work out as planned. It’s used to recover previous states and hopefully maintain the production state as well. When it comes to updates, one of the things you should do is confirm dependencies, such as required software versions, hardware configurations, et cetera. Determine the order of operations. One of the things that you do need to pay attention to, especially in cloud environments, is to follow those specific vendors. SOPs, procedures, run books—whatever terms the vendor uses Just keep in mind that you will need to follow instructions. Essentially, a “hot fix” is a single cumulative package that includes data that is used to address a problem in a software product. On this exam, you’ll certainly see a question on understanding the different types of updates. Be aware; you know what hot fixes are, you understand what patches are, et cetera. So here is an exam tip. Make sure you know what the different updates are, but also know when a rollback is going to be implemented. Remember, a rollback is used to ensure production stability by going back to a previous version because the new version that was rolled out may not be performing as expected.

  1. Backup Requirements

Backup requirements. Let’s talk about backups in the cloud and identify what you have to do when it comes to s. Essentially. Simply put, this is a process of copying and archiving data in the event that you have to restore it later. It could be lost, modified, or corrupted. And if that happens, you want to be able to go back to a known-good state, essentially. Backups, in general, should be part of a well-structured disaster recovery plan and used for compliance in many cases. When it comes to backup types on this exam, you’ll want to know these major backup types—or recovery types, depending on how you look at it. So in this case, be aware of what a full backup is, what a differential is, what an incremental is, what a clone is, and what a snapshot is. Let’s talk about these. A full backup is when you back up the whole system. Now, this is going to typically take the longest.

When it comes to backups, this has the best RTOadvantage from a BCperspective, business continuity perspective. You also want to know what a differential is. A differential is essentially after you perform a full backup; this will only back up the changes that have been made since the last full backup. For example, if on a Sunday night you back up everything for Monday, guess what? It’ll only back up the changes that have occurred since that last full backup. And then on day two, it’ll create another differential, and so on and so forth. So again, just look at this. Over time, you can see that if you have to recover, what will happen is that you’ll have to recover several types of media, or at least several types of backups or backups. Whatever your backup scheme is You have to look at it from that perspective. So you could be recovering several backups in order to get back to that full backup objective, essentially. And then we have what’s called an incremental backup. This is essentially the last full backup, so let’s restate. That incremental backup is essentially where it’ll back up the files that have changed since the last backup. Now notice that I said the last backup. So it could be a full backup or a differential backup. Let’s slow down, okay? So just be aware. So let’s go back. I just want to reiterate this because this could be a part of the exam that some folks may overlook. So a full backup is probably the easiest to understand. It’s going to back up everything, and then we go over here to the differential. This is going to be the last full backup. And then, on day one, guess what? That’s back up there. That’s a backup for day two. Day three. So let’s say on day three, something occurs for you to go back to the full state on, let’s say, Sunday night, and this is Monday, Tuesday, and Wednesday. How many backups would you have to recover? Well again, you have to recover days three, two, and one and then go back to the full backup. So this could take some time to recover. And then we have incremental. This is different in the sense that an incremental backup will go back and say, “Hey, I’ll go ahead and only back up the changes that have occurred since the last backup.” Now, if it was a differential backup, it will reflect the changes since that last differential. If it was a full backup, it will backup the changes made since the last full backup.

So from that perspective, just be aware of what that means. It’s more efficient for an incremental backup, but it could take longer to recover. Now for a snapshot Now, generally, I’ve seen a lot of confusion between a snapshot and a clone. Let’s go ahead and clarify. These snapshots are essentially point-in-time copies. This is a table of contents that can be rolled back. This will essentially allow you to go back to the changes that have occurred. This provides a quick and easy restore. You could use this for data protection, testing, and rollbacks. Snapshots can make your cloud environment much more available and efficient in terms of recovery. But too many snapshots, on the other hand, could make it much more inefficient from a cost perspective. Once again, snapshots cost money. Remember that your VMs and storage will most likely consume the most resources on your monthly or quarterly bill, regardless of which cloud provider you use. Redirect and write. Now, this is essentially a copy-and-write, but it’ll redirect that to the data storage that is provisioned for snapshots. Now redirect and write is again atype of snapshot from a perspective. There’s a benefit to this, and I’m covering it for a reason because on the exam objectives, it made sort of correlated references to types of snapshots. And one of the more common types is called a redirect on the right. What this does is say, for example, that there is a change in the data.

It’ll go ahead and direct that change to the storage that has been provisioned for that snapshot. This could again create some efficiencies. The main goal is to eliminate the need to write this twice. For example, over here, and that could be efficiency. And then what is a clone? A clone is a split-mirror snapshot. Once again, it’s different in the sense that it’s going to reference all the data on that mirrordrive when it comes to a snapshot. Remember, a snapshot is a point in time, whereas a clone is really a split mirror. In other words, it’s essentially making a mirror, and a mirror is what this is, where if there’s a right here, it writes it over here, and essentially what it’s doing is creating two copies. That’s essentially what it’s doing. Now, for the goal of having a clone, in a lot of cases, you can mirror a drive, for example. The reason you want to mirror your drive is so that, in case the primary goes down, you have a ready and available clone available to utilise in case the primary goes down. Right then, we have what’s called “change block tracking.” Now, you don’t need to know this for the exam; I just wanted to throw it in there because this is a common issue that you could run into when you’re using VMware.

And many customers continue to use VMware, especially if you’re using the most recent releases of VMware and AWS, which now allow you to connect your VMware cloud to AWS. So this could be a feature that you need to correlate in AWS as well. But for this exam, you don’t need to know what CBT is per se. I just want to throw in there that this is another reference to how you handle essentially changing blocks. Now, a change block is a different thing than a delta. So it’s similar to snapshot differentials, which is how you would compare it to incremental backup files that have changed since the last backup and require the last full backup plus all the incremental backups to perform a restore. That’s sort of a long definition, but remember what an incremental backup is. It’s going to back up all the changes since the last backup. And if you have to recover to a certain point in time, you then have to go back so many backups, whether it’s one or twelve, whatever it is, to essentially perform that restore. Here’s a test tip: make sure you know the different backup types. Secondly, make sure you understand that snapshots are generally the best way to keep data online for VMs in the cloud. On the exam, if you get a question asking you to select a proper backup structure for a virtual machine, I’m not saying this is the right answer all the time. I’m just saying that, generally, the rule of thumb is that if you talk about virtual machines in the cloud, snapshots are generally the best way to keep data available. That’s essentially the lesson to be learned here. However, read the question and identify what they’re asking.

  1. Cloud Backups

Backup for cloud resources or actuallybacking up to the cloud.however you want to look at it. Let’s talk about why the cloud is used for backups. When it comes to backing up your resources, you can essentially do this through specific utilities and services like Mosi or Carbonite. You could also do VM backups, like with Veeam, but essentially, just be aware that a cloud backup is a remote backup that is accessed over the Internet. Simply put, there are a lot of advantages to doing this right now, but in general, it serves the purpose of having those resources located on another resource that is separate from your primary resource, for whatever reason. Dr. Accessibility, let’s talk about some of these reasons. Some of the advantages of cloud backups are that they’re remote, they have a low opex cost, and the enterprise backup provider handles the service since it is a managed service. Essentially. For example, if you’re using Moshi Enterprise, you have a lot of functionality that you could enable as a customer. But the reality is that the provider is actually backing up your data in their resource infrastructure, so if you have to recover any of that data, assuming that you’ve set up your backup properly, you should be able to restore that data properly, assuming that you set up the restore properly.

But with that said, a lot of companies like to backup to the cloud because it’s remote, has low opex costs, and the provider handles all the back-end services. Some of the disadvantages of a cloud backup are that it could be more expensive than a local backup. One of the challenges with doing everything over the Internet is that you’ll, of course, increase your infrastructure costs from a networking perspective. What I mean is that you may need to increase your bandwidth requirements. You must obtain a larger link. You may also incur other charges for recovering your data. Every provider has its own, I guess, specific way of charging for backups and restores. Again, you need to understand what they are. When it comes to recovering backups, it could take longer. So if you think about it, if you get your data 5 feet away on a storage array versus having it on a cloud provider, which could be hundreds or thousands of miles away, that could take some time to recover.

Remember to use network bandwidth, and when you’re recovering over the network, you have to look at other issues too, like latency and jitter. These could be all factors of the user experience as well. When it comes to cloud backup types, there are three main backup types I’d like you to be aware of. The first is from cloud to local. This is where you’re going to backup from the cloud to your local environment. Cloud-to-cloud is where you’re going to backup from one cloud provider to another cloud provider. Then you’ll backup from your own infrastructure to the cloud provider using Local to Cloud. Those are the three types of backups when it comes to backup services. For example, you don’t need to know this for the exam—for the cloud plus exam, that is. You just want to be aware that AWS does have specific backup solutions. Each of these use cases has, of course, different cost approaches. Archives are going to be handled differently than production or object storage, for example. So just look at the right use case. The lesson learned in this slide is that each of the providers is going to have different levels of backup and recovery schemas that you could look at and utilize. Understand that each of these may have a different use case when it comes to cloud backup. This is essentially a remote backup accessed over the Internet. Let’s talk about a test tip. The main thing to know about this module for the exam is to make sure you understand some of the benefits and disadvantages of cloud backups. Remember that you may have, from a benefit perspective, or in this case, let’s call it an advantage, that it could have a lower cost initially. It could also reduce overhead. It could also pass some of the responsibilities on to the cloud provider. Again, know the difference between advantages and disadvantages for this exam.

img