Category Archives: Certification Exams

Introducing ACE Cloud Operations

Recently Aviatrix developed a new course in the Aviatrix Certified Engineer (ACE) program. Aviatrix Certified Engineer – Multi-Cloud Network Operations (or ACE Cloud Ops for short) is catered towards cloud operations practitioners who need to successfully run, operate, and manage business-critical Day-2 workloads in the cloud.

The ACE program recently announced its 10,000th certified engineer. That’s a phenomenal achievement considering our stretch goal for the year 2020 was only 500. It’s amazing how Covid 19 has resulted in expanding our reach to hundreds of students per week.

ACE Cloud Ops takes a unique view on operating cloud infrastructure, which is necessarily different from operating on-prem infrastructure.

Operations in the On-Prem World

In the On-prem world, enterprises own the underlay. They have full control over traffic patterns and have a familiar toolkit regardless of what vendor they use on-prem.

Of course some tools, such as SNMP died away, but ICMP-based tools such Ping and Traceroute are still going strong 40 years after RFC 792. IP doesn’t go away when you move to the cloud and neither should the network engineering toolkit.

Key skills for Infrastructure Operations engineers include:

  • Hardware (knowledge of cables, transceivers, switches, routers, racks, real estate, physical security, power, cooling)
  • Layer 2 (Spanning Tree is the worst use of an Operations Engineer’s time)
  • OSPF, BGP
  • Repeatability achieved by scripting tools such as Expect (which is really screen-scraping), Shell, Perl, Python (still invaluable). This is not true automation.

Capacity planning in the on-prem world often involves ordering the right number of spares to plan for outages, so that there is some form of high availability, although it does result in higher RPOs and RTOs.

We all know the financial benefits (when done well) of moving apps to the cloud. But while it offers great agility for Developers (you can  spin up a database within minutes), networking has been slow to catch up. Moreover, as we see a rapid shift towards multi-cloud, Operations teams are left on their own without guidance.

Operations in the Cloud World

Operations engineers have a harder time doing their job because of the lack of toolsets afforded to them by Cloud Service Providers (CSPs). Each CSP has proprietary tools that are intended to keep their customers locked into their cloud. Moreover, networking is not a source of revenue for CSPs. They don’t make networking easy and their networking tools are, simply put, not enterprise-ready. 

For example, consider what it takes just to view a route table in Azure. An intuitive approach would be to list the routes from the VNet or at least have a direct link to it. However, you would be mistaken into thinking that way.

Instead, buried in a list of connected devices in that VNet, you have to select the appropriate NIC, which may have an obscure ID.

Next, you have to select an even more obscure term called ‘Effective Routes’

Only then can you see the routes.

It is a very clunky approach to a routine task in the On-prem world. Of course the problem grows exponentially when having to deal with the oddities of each cloud when the enterprise goes multi-cloud. Each CSP abandons the networking toolkit and offers their platform as a blackbox to Operations teams.

When moving to the cloud, an Operations Engineer must have these new skills at a minimum:

  • Agile mindset
  • Infrastructure as Code (read Terraform)
  • CI/CD
  • VCS

Capacity planning takes place with cloud-native principles, such as elasticity and auto-scaling. It requires a new way of thinking, not just for Developers, but also for Operations teams. 

ACE Cloud Ops

The ACE Cloud Ops course better equips Cloud Operations teams  to run a multi-cloud network in their daily jobs. It builds on the immensely popular ACE program with some of the most common use cases we see our customers when operating in any cloud:

  • How to Ensure Business Continuity with an Enterprise-class Transit Solution
  • How to Strengthen Compliance and Audit Initiatives by providing Monitoring and Troubleshooting for Cloud Security Appliances
  • How to Efficiently Connect Remote Sites to Cloud
  • How to Improve your Cloud Egress Security posture
  • Best Practices for Platform Operations Management
  • DevOps for Network Engineers

There are also hands on labs focused on break-fix scenarios that are based on this topology:

The source code of the Terraform that built this topology is here.

ACE Associate is a pre-requisite for ACE Cloud Ops. 

Submit interest for taking ACE Cloud Ops here.

Why I Joined Aviatrix

Earlier this month I joined Aviatrix Systems as a Solutions Architect with a focus on growing the Aviatrix Certified Engineer (ACE) program. I had gone through a journey of 2 years of immersing myself in Public Cloud platforms from training sites, such as A Cloud Guru and Linux Academy. Here are some of my observations during that period which led to my decision to join Aviatrix:

  • Cloud Networking is radically different from on-premises networking. For example,
    • In the on-prem world, network architects designed in layers (Core, Aggregation/Access). The world of Public Cloud is flat in order to meet the pace of DevOps.
    • Security principles, such as Defense-in-Depth have led to new constructs, such as IAM, Accounts, Organizations, Subscriptions, which were not prevalent in the on-prem world.
    • Cloud Vendors try their best to abstract the networking underlay constructs so that networking is represented as a black box to the cloud architect. To a certain extent they’ve done well (who honestly misses Spanning Tree?), but just because they don’t offer a mechanism to view these constructs, it doesn’t mean they no longer exist. In fact, Operations needs better visibility now than they did in the on-prem world.
  • While Cloud Vendors offer Networking Specialty certifications, they don’t provide any visibility into Day 2 Operations. And from an Architecture perspective, they trivialize the networking underlay. For example, they don’t provide solutions to real-world problems like overlapping subnets or end-to-end visibility.
  • Cloud vendors are incentivized by lock-in and have no real motivation for multi-cloud.
  • Enterprises find it easier to interpret multi cloud mostly in terms of governance and billing rather than infrastructure.
  • Cloud Training platforms such as A Cloud Guru and Udemy completely lack multi-cloud networking offerings. They have training courses on various cloud-first tools and technologies like Terraform, CloudFormation, Deployment Manager, Docker, Kubernetes, and certification courses for AWS, Azure, and GCP. But when it comes to multi cloud let alone multi cloud networking, they have not yet capitalized on the opportunity.
  • Enterprises need better instruction on the need for multi-cloud networking. Often when Enterprises say they need Cloud Infrastructure Architects, they really mean Cloud Application Architects. Yet, when they cross that bridge of multi-cloud (and they almost inevitably will), then they realize that application performance relies on a rock solid transit. And that is where Aviatrix shines.

Aviatrix is the pioneer in multi-cloud networking and is solving a really hard problem the right way – by simplifying. I’m looking forward to sharing some more of my learnings with you as I embark on this new journey.

Five Reasons Why Print Editions of Exam Certification Guides are Better Than E-books

In order to prepare for my CCIE R&S recert, and in an attempt to save trees, I bought the e-book (Kindle edition) of CCIE Routing and Switching Certification Guide, 4th Edition from Amazon.com. The print edition costs at least $20 more than the Kindle edition. However, after a few weeks of reading it on my first generation Kindle, I returned it to Amazon and bought the print edition instead. Here are the reasons why:

Continue reading Five Reasons Why Print Editions of Exam Certification Guides are Better Than E-books