DEV Community: Aravind kumar TS

Cloud Network Services

Aravind kumar TS — Tue, 16 Sep 2025 07:08:57 +0000

Considering the fact that tech giants like hashtag#AWS hashtag#Microsoft hashtag#GCP provides us with various cloud computing services, the ideology and methodology is same.
When we think about Cloud the first thing that comes to mind is AWS because they came up with services first. When you want to study cloud and not sure where to land up, you cand up in www.aws.training, https://lnkd.in/ebCcy_RA
https://lnkd.in/eRPmH36h
The terms like Direct connect, site to site VPN, HA Connect, Interconnect, Direct VPN etc might sound different w.r.t service provider. When you go through these hands on by implementation you will realize its all the same for Cloud Providers. I read about the terms like Loadbalancer w.r.t GCP today.
Loadbalancer are of various types but it all depends on the port and the type of website. Application Loadbalancer deals with HTTPS whereas Network Loadbalancer deals with TCP traffic. Instance groups are set as a backend to Application Loadbalancer, Application Loadbalancer can be integrated with CDN. CDN stands for Content Delivery Network. When a request or repetitive request hits the CDN it delivers the output or response from cache memory.
In most cases TCP port 80 is used by Network Loadbalancer. Application Loadbalancer is path based routing whereas Network Loadbalancer is port based routing. Application loadbalancer can be mapped with S3 bucket or Cloud Storage bucket for static website hosting. Network Loadbalancer can be used for Dynamic website hosting. Application Loadbalncer is mapped with Web application firewall for App security. The term Static IP refers to a IP that gets allocated to a instance or Virtual Machine. When you reboot it wont get changed the static Ip can be public or private depends on the use case. Ephemeral Ip is temporary Ip, It gets changed post reboot. Its a public Ip. NAT Ip is associated with an Instance group or instance in order to connect to the internet outbound.
hashtag#AWS hashtag#Microsoft hashtag#GCP hashtag#Cloudtraining hashtag#Cloudjobs hashtag#Cloudlearning

Google Cloud Computing

Aravind kumar TS — Thu, 21 Mar 2024 08:57:18 +0000

GCP - Google Cloud Platform.
It consists of Compute Engine, APP Engine, Cloud Functions, Cloud Run and GKE ( Google Kubernetes Engine)
Compute Engine consists of Virtual Machine Resources
App Engine consists of a serverless platform( no need to create a machine with Operating System) we can directly run application in this serverless platform. Managed by Google.
Cloud Function - It is also a serverless platform lets us to write and run code with existing run time to interact with various cloud services available in Google Cloud.
Cloud Run - It is also a serverless platform lets us to run containerized applications or build applications that runs on containers
GKE - It is an orchestration platform which manages the containerized applications.
GCP consists of Organization Node - Folders - Projects - Resources.
Billing is enabled at the project level. A folder can have one or more projects. Resources are the Virtual Machines that we create inside the project.
We can have various folders like prod, non prod, dev, testing etc.
We can provide access to the team at the Folder level in order for them to operate.
GCP can be accessed from https://console.google.com
GCP sdk command line tool can be downloaded from https://cloud.google.com/sdk and used to play with GCP resources and services from local machine.
GCP cli is used to play with Virtual Machine, GKE, SQL Machines etc
GCP Billing tool can be accessed from https://cloud.google.com/products/calculator
In order for us to access Virtual Machine without logging into them manually we can use Google Cloud Shell, Its a GUI terminal.
Billing can be organized in order to be cautious in expenses.
Budgets, Quotas, Reports and alerts helps to achieve it.
Google Cloud can be learnt for free
from - https://cloud.google.com/learn?hl=en and https://www.cloudskillsboost.google/paths/
The base certification for Google Cloud is Google Cloud Digital Leader. Once we complete this we can progress towards Google Cloud Engineer and Google Cloud Architect.

Windows Administration

Aravind kumar TS — Thu, 28 Dec 2023 20:24:12 +0000

Domain Controller –
Domain the term means a group of PCs or Server that falls under a single or same network. Domain controller this term is used to control the users access on networks, it manages the authentication of the user. It is always a good practice to use a secondary domain controller because if one domain controller goes down the other one stands up and this prevents the down time.
Domain controller uses the active directory to access the user database.
Using Domain controller one can connect with a different server or computer on same domain or on different domain.
In windows Active Directory an object can be users, computer, server, file, folder, or an end user.
Before taking a deep dive on domain controller one must know what a “Forest” is and what a “Tree” is.
Tree – This can be either be a single domain or multiple domains grouped to share resources globally under same namespace. The term namespace means a name that specifies a particular entity.
Examples. A.example.logical, B.example.logical here example.logical is the namespace.
When we add a domain to a tree this domain is the parent domain and when we add another domain to a tree this falls under the child domain category.
Forest- A group of trees is known as Forest. This means a forest can have multiple tress that has different domains in them. It’s a best practice for an organization to have a single forest because an additional forest for an IT department is a budget constraint and that also means an additional application server is needed.
All the trees under a forest shares a global catalog and AD schema.
Similarly, all domains under a forest trust each other.
Global catalog is the collection of attributes of all the objects present in the forest.
An example of attributes is Username, Department Name, Organizational unit etc
What is Organizational unit?
It is a type of container in AD that contains all objects. All objects are stored as files under folders.
In other words, it can also be said as logical structuring of AD objects. It helps to set up the GPO. (Group policy object)
Group policy object it is a tool in Windows which is used to set up policy or rules for the objects in a domain.
We can right click a domain and create a GPO link and apply the rules or policies to the objects that comes under that domain.
Example of GPOs are password policies, enable audit, turn off forced restart etc
GPO is a strongly used by Cyber Security professionals to safeguard their IT environment.

Active Directory
It consists of user database, access control to data and security policies.
The main service of active directory is domain service known as ADDS.
ADDS can be split into Directory service, Authentication service and Authorization service.
Services that are included in ADDS are Domain Service, Certificate service, Lightweight directory service, Federation service and Rights Management
Along with this we will be looking into DNS, DHCP, Kerberos, Zones, Records, DMZ, RAS, SMB, LDAP, FTP, MDATP, Event Viewer, Active Directory replication, Firewall and Firewall rules, NAT, VLAN, IIS, VPN, Hyper-V etc
(to be continued)

#azure #microsoft #server #windows11

Aravind kumar TS — Thu, 14 Sep 2023 10:40:20 +0000

Top windows OS and Server commands for 2023

Windows + R = Run prompt
CMD = Command prompt In command prompt execute the below
Assoc = Associates file types
Netstat -aon = Displays TCP and UDP connection port's status Local address - Ip address of your laptop/Desktop/Windows Server Foreign address - Ip address of the remote machine to which our system has established connection to Time_wait in netstat - When the local address closed its connection to the foreign address, the foreign address waits to ensure whether the local address received the last acknowledgement Close_wait in netstat - When the foreign address closed the connection and the local address waits to close the connection it established. SYN_SENT means when the local address sent a request to the server(foreign address) but the remote end is not accepting it. 5.Pathping google.com - It traces the routes from your local system address to destination address, including the test packets. 6.Tracert google.com- It displays the path taken from local machine address to destination address. Telnet domain name port name - It allows a system to take remote of the destination ip address or domain name. 7.ipconfig /flushdns - It clears the DNS records and Ip address information stored in the local system cache memory. 8.ipconfig /renew - Gets a new Ip address for your local system Laptop/Desktop. 9.sfc /scannow - Scans the system and repairs the damaged or corrupt files with the files available in cache memory. 10.systeminfo - Displays the complete information about your local system. 11.nslookup google.com - Displays the Ip address records of a particular domain 12.Ver - Displays the version of your windows operating system 13.mkdir example - creates a directory named example 14.tasklist - Displays list of all running tasks 15.ipconfig /all - Gives you a detailed information about the networks in your system, including the mac address. 16.ipconfig /flushdns - It clears the DNS records present in your local system's cache 17.ipconfig /release - It releases the Ip address allocated for your system and when you type Ipconfig /renew - It gives a new Ip address to your local system from the DHCP server.
getmac -v - This gives the mac address associated with your system.
chkdsk - This fixes any disc failure or any third-party interference in your system.
netsh interface show interface - It shows the interfaces in your system example is wifi and ethernet interface.
cipher /e - When you type this command in cmd, it encrypts the files and folders located in your system.
title yourname - changes the command prompt's title name.
curl -OLC https://locationofthefiletobedownloaded - this command downloads the files to your local system, there are various commands associated with curl, checkout curl --help. 24. #azure #microsoft #server #windows11

Azure on the pipeline

Aravind kumar TS — Fri, 08 Sep 2023 09:49:29 +0000

Subscription - When we create an account in Azure portal. We get a unique identity known as Subscription ID. This gets created automatically. This is used for billing purposes. An account can have more than one subscription.

Management group - The Subscription Ids can be grouped together by Management group. The policies, access control, compliance of the resources in an account is managed by this Management group

Resource group - Prior creating any resource in Azure portal we create a resource group, this can be done via portal's GUI,Azure CLI, or Cloud Shell. Under resource group the resources will get created. To identify a resource we can directly type the resource group name in the search bar.

Azure Storage Types -

1.Managed Disks - Block level storage used to be attached to Virtual Machine or Vmware. Available in SSD, HDD.
2.Azure Blob storage - This is a object storage, used for applications that requires high speed and availability.
3.Azure Queue Storage -This stores message queues, this is mainly used for web application data.
4.File Storage - This is a file level server managed by Azure, used to share data files. Available for both onpremise as well azure cloud servers. This is a SMB file share. https://nordvpn.com/blog/what-is-smb/
Table Storage - This storage stores the data in tables, the datas are structured data, this is nosql. This is managed by Azure the user or customer need not bother about the maintenance of the database.

Azure Pricing calculator -
https://azure.microsoft.com/en-us/pricing/calculator/

AWS Security

Aravind kumar TS — Sun, 27 Aug 2023 15:43:37 +0000

AWS Security Services list -

1.Inspector, 2.Macie, 3.Security hub, 4.Cloud Trail, 5.Guard Duty, 6.Shield, 7.WAF, 8.Config, 9.Cognito, 10.Secrets Manager, 11.IAM, 12.Trusted Advisor, 13.Firewall Manager, 14.KMS, 15.HSM, 16.Certificate Manager 17.Directory Services 18.Amazon Detective

Inspector - When enabled for a EC2 Machine it scans and throws the software vulnerability and Network configuration issue. Inspector automatically scans the ECR Images, Repositories and displays the findings in a dashboard. It gives us the remediation for findings.

Shield - When enabled it prevents the DDOS attack on your application. DDOS- Distributed Denial of Service.
It guards the perimeter of your application by analysing the network traffic which comes outside from AWS.
DDOS- When a person or a bot or a machine sends floods of request to an application or another machine in order to make it unavailable or cause disruption to its features is DDOS attack. This can be prevent using a WAF.
Shield standard is a free service, Shield advanced is a paid service, enables access to the AWS Shield response team, Shield standard protects our website or application.Shield advanced protects and automatically mitigates the EC2, ELB, Cloud Front, Global Accelerator.

AWS trusted advisor is a tool of AWS which helps to maintain the AWS account by helping in cost optimization, fault tolerance, performance tuning, Service limits and security. Its available for free and paid service (Developer and Enterprise support plan).
Cost Optimization - Trusted Advisor analyze our AWS resources and provides recommendations to cost optimize the resources cost generated. For example, it recommends using reserved instance than on demand instance or recommends cost savings plan etc

Cost Optimization - It recommends by pointing out the idle load balancer, unassociated elastic Ip, EBS volumes, idle RDS instances, high error rate lambda functions etc

Trusted Advisor Service limit - When the resources in AWS account reaches the service limit allotted, trusted advisor recommends increasing the service limit by showing us that this particular resource reached 80% of the limit allotted to this particular AWS account.

Trusted Advisor Performance - IT shows us the less used EBS volumes, not ebs optimized EC2 instances, less throughput volumes, high utilized EC2 instances. Similarly, it helps us to handle performance fine tuning of other AWS Services associated in our account.

Trusted Advisor Security -It helps by recommending us the security best practices such as to enable mfa, rotate passwords, public EBS snapshots, public S3 bucket, security group opened to the world, to enable VPC flow logs and Cloud Trail logging.

Trusted Advisor Fault Tolerance - Enabling Backup of EC2 instances/Volumes, Enabling Bucket versioning and logging, Enabling RDS backup, VPN tunnel both tunnels should be active, Load Balancer instances connection draining etc are some of the examples.

Amazon Inspector - When enabled for a AWS account it throws the findings by scanning vulnerability in an EC2 instance, ECR images and any network reachability issues of an EC2 instance.
AWS Config - When enabled for an AWS account or for all accounts in an organisation, it provides the configuration changes done - aws resources. We can choose the AWS resources to be monitored and we can store the logs in an S3 bucket.

AWS Guard duty -When enabled for an AWS account or when multiple accounts are linked to the master account it automatically analyse the VPC flow logs,Cloud trail event logs,and DNS query logs (can be stored in Cloudwatch log group or S3 bucket) for potential threats !!

AWS Security hub - It provides consolidated report/findings in a centralised dashboard. AWS Macie, Guard Duty, AWS Config, Systems Manager, Firewall Manager all these services findings report can be monitored or viewed in Security hub.

How to install Jenkins !!

Aravind kumar TS — Fri, 07 Apr 2023 01:18:14 +0000

Step 1 - Prerequisites

Navigate to https://www.jenkins.io/
Choose Documents - https://www.jenkins.io/doc/book/installing/linux/
Understand the Pre-requisites. To run Jenkins on Host we need Java to be installed.

Step 2 - Install updates and Java

. apt-get install update
. apt-get install openjdk-11-jre

Step 3 - Installing Jenkins packages

.
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \

https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null

copy,paste above package download command as a whole and hit enter

. apt-get install jenkins

Step 4 : You need to open ports in system firewall

. ufw enable
. ufw allow 8080
. ufw reload
. ufw status -- wait for a while till this command throws open ports
. ufw allow openssh

step 5 : Start Jenkins and unlock Jenkins

. systemctl start jenkins
. systemctl status jenkins -- it should show the status as active

. cat /var/lib/jenkins/secrets/initialAdminPassword --- Note down this password

. In your browser navigate to https://your_ip_address_of_machine:8080

step 6 : Setup Jenkins

Remember or note down your admin username and passsword

Step 7 : Choose install plugins

Choose your plugins, thus I have integrated Jenkins with Github

step 8 : To be continued ...

MYSQL - Relational Database

Aravind kumar TS — Fri, 31 Mar 2023 05:10:39 +0000

Relational Database - Data is stored in Structured form like in rows, columns and records

Non Relational Database - Data is stored in unstructured form not as in rows and columns. Instead as Key-value pairs, Json or like a Graphical form

Commands involved in Mysql - Post installation of mysql in your server -- the command to install in Linux is yum install mysql-server

To login mysql terminal the command is -- : mysql -uroot -p
To create a mysql user the command is -- mysql CREATE user 'enriuque'@'localhost' IDENTIFIED BY anypassword" 3.

In this image we have listed the Databases and created a new Database

In this image we are using the Database out of the listed Database called(FRESHONE)

We have created a user named 'tskumar' in our localhost

We are giving full permission on the database called NEWLIFE to 'tskumar'

We exit mysql and switching to tskumar and displaying the current user using command SELECT CURRENT_USER()

In this image we have checked the current database we are in
and that is FRESHONE

In this image we are using a table called DATANEW inside the Database FRESHONE and viewing it using desc DATANEW;

To be continued ...

Interview requirements nowadays !

Aravind kumar TS — Tue, 28 Feb 2023 04:05:28 +0000

*AWS + Devops + SQL *
EC2, VPC, Components of a VPC, S3, Glacier, Cloud front with S3 and EC2, AWS WAF, Kinesis,
App stream, Workspaces, Auto scaling, Load Balancers, Cloud watch, AWS Config, AWS Shield, Trusted Advisor, AWS Guard duty, Lambda (start stop EC2 instances), AWS Backup, AMI, EFS, Light Sail, VPC Peering, Landing Zone, AWS Organization, RDS, SNS, IAM, Cloud Trail, Route53, Ad Connector, Proxy, Reverse Proxy, Systems Manager, EBS, VPN – site to site and client VPN,
AWS Devops, Generic Devops, Terraform, Linux, Docker, SQL, bashscripting, Python
(I am mastering MYSQL, Bash Scripting, Python Programming)

Proxy, Reverse Proxy, SSM, Cloudwatch

Aravind kumar TS — Sun, 29 Jan 2023 22:23:03 +0000

𝐏𝐫𝐨𝐱𝐲 𝐒𝐞𝐫𝐯𝐞𝐫 - A middle man server that masks your Ip address and sends the request to the destination server(Internet). For example a user "A" wants to hit the server "B"(Internet) , the request from A reaches a proxy server which sends the request of "A" as if a request is trying to reach "B"(Internet)
In this way "B" doesn't know the Ip address of user "A"
A(internet) - Proxy Server(Masks the Ip address of A) - B(Destination Server)_
𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐏𝐫𝐨𝐱𝐲 𝐒𝐞𝐫𝐯𝐞𝐫 - A middle man server which accepts the user's request (C) that comes via the internet to hit the server(D). The response from server (D) to (C) is sent to the user as if the response is coming from middle man server. In this way the IP address of Server D is masked
C(Internet) - Reverse Proxy Server(masks the ip address of D) - D(Destination)
𝐒𝐒𝐌 - Systems Manager in AWS is used to manage the EC2 instances. To manage the EC2 instances via Systems Manager we must create a role "ec2roleforSSM" and attach it to the EC2 instances. We must install SSM agent in EC2 instances. Once this is done in SSM dashboard we can see the EC2 instances under managed instances tab. Using Run command we can execute scripts or any command on the EC2 instances under the managed instances tab. We can perform patching using patchbaseline on Ec2 instances we can choose the patch required and not required via Patch baseline. Using Fleet Manager we can manage the nodes(EC2 instances or onpremise servers). We can manage the nodes access, RDP, SSH, Administrator passwords, user management, performance of the machines, utilization of Disk, CPU etc tasks of the nodes using Fleet Manager.
*𝐂𝐥𝐨𝐮𝐝 𝐖𝐚𝐭𝐜𝐡 *- Cloud Watch is a monitoring agent that has to be installed in your EC2 machine so that you will be able to view the detailed metrics of the EC2 machines such as disk, cpu, read ops, write ops, queue depth, etc.. We can configure Cloudwatch alarms in order for to monitor the performance of our Ec2 machines. For example when CPU utilization of a particular production server reaches 70-90% then an alarm should be triggered and we can also make this alarm to reach the customer or the user via SNS notification service. We can create log groups in Cloud Watch in which the ECS or VPC flow logs can be stored. Using Cloudwatch event rules we can define in a way of automation to trigger an event such as any action to be made on the specified AWS resources.
The detailed way of installing Cloud watch agent can be seen here - https://lnkd.in/gXxzgEET

aws #awscloud #cloudcomputing

(will be writing here about route53 and Kinesis shortly)

VPC,VPC Peering

Aravind kumar TS — Sun, 29 Jan 2023 20:22:13 +0000

𝐕𝐏𝐂, 𝐕𝐏𝐂 𝐏𝐞𝐞𝐫𝐢𝐧𝐠 - VPC is known as a virtual private cloud. It means though the servers or database you create in an AWS account are in the same location they can be segregated using VPC.
For example you create a VPC-1 and you create two servers inside a VPC-1. These two servers will be able to communicate between each other. In the same AWS account you create another VPC-2 and then two servers inside VPC-2 the servers in VPC-1 will not be able to communicate with servers in VPC-2 even though you have created them in the same AWS account.
This VPC-1 to VPC-2 communication is possible using VPC peering. It means VPC -1 and VPC-2 can be interlinked and in the route table of VPC-1 the routes are enabled for the VPC-2 . Similarly in VPC-2 routes are enabled for VPC-1. Thus the resources in VPC-1 and VPC-2 can be communicated with each other. In the security group of VPC-2 the traffic is allowed for VPC-1.
VPC peering can be done between VPCs in two different AWS accounts as well
Limitations of VPC peering -

Once a VPC peering connection is created it cannot be attached or detached
It's a mesh topology
Only 125 active peers per region
Site to Site VPN doesn't work in VPC peering #aws #cloudcomputing #awscommunity

AWS Organization, AWS Inspector, AWS Trusted Advisor

Aravind kumar TS — Sun, 29 Jan 2023 20:20:34 +0000

𝐀𝐖𝐒 𝐎𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧-AWS Organization is the Master account that you create, You can invite other AWS Accounts under this Master or Root Account. You can enable the Master or root account to have full permissions on the child accounts. When you receive an invitation to connect to an AWS Master account, you cannot receive invitation or you wont be able to accept the invitation from the other accounts.
When you create an account in AWS (root or Master account) by default a role gets created named organizationaccountaccessrole... In order for this Master account to have full control over the child accounts, click on this role and choose assign to account, enter the other account's Id. Thus the Master account will have full control over the child accounts. AWS Organization has SCP or Service Control Policies using which you can specify rules such as Tag names format to be used for resources, MFA to enabled compulsory for all IAM users, Using SCP we can restrict certain access to sub accounts or we can restrict the access permissions(for example rename the instance) of the resources that are hosted in sub accounts.
AWS Single Sign on is an option using which we need not sign in to sub accounts that falls under AWS Master Account one by one. Using Single Sign on option we can navigate between different accounts.
AWS Single Sign on is now replaced with IAM Identity Center.
When we make child accounts to fall under the Master or Root Account like a tree structure, we can enable consolidated billing as well.𝐀𝐖𝐒 𝐈𝐧𝐬𝐩𝐞𝐜𝐭𝐨𝐫,A service that helps to assess the vulnerabilities in an EC2 instance. The assessments are Network assessment and host assessment. When you create an AWS Inspector we need to choose the EC2 instances on which the AWS Inspector agent has to be installed. The common vulnerabilities that the AWS Inspector detects are any malicious software present in an EC2, any ports open to the outside world, are the EC2 machines CIS hardened. In AWS Market place we have CIS Hardened images for EC2 instances. The vulnerabilities the AWS Inspector detects are shown under the "findings" tab in AWS Inspector dashboard. We can also export all vulnerability reports and use them for audit purpose.𝐀𝐖𝐒 𝐓𝐫𝐮𝐬𝐭𝐞𝐝 𝐀𝐝𝐯𝐢𝐬𝐨𝐫-When you enable Trusted Advisor in your AWS Account. It helps us to assess Performance, Cost Optimization, Fault Tolerance, Security and Service Quotas. Each AWS account has limitations for Elastic IPs. Using Service Quotas we can analyze those limitations and raise a request with AWS Support to increase the service quotas. Consider you have an EC2 machine with 1Tb volume,If the 1TB volume is less used for long duration of time, Trusted Advisor helps you to recommend shrink the volume to save cost. Similarly with the type of EC2instances,MFAenablement,Open ports in security group, Snapshots not taken for RDS,Snapshots disabled for RDS,Latency issues for your EC2 webservers and to enable Cloudfront #awscommunity