Advanced Networking – Specialty Certification for AWS


Este curso de teleformación se diseña para prepararse la certificación de Advanced Networking - Nivel de Certificación Specialty

Con una selección de contenidos formativos cuya idioma base en una parte importante de los mismos es el inglés, y con el soporte y supervisión de nuestro equipo de soporte,  gestionados y supervisados por Nanfor.

El contenido base del curso es: 

Domain 1.0: Design and implement hybrid IT network architectures at scale.

In this domain we learn how to define network architectures on AWS and how to derive an appropriate architecture, and how to evaluate and optimize for performance and cost. We then explore the procedural concepts for the implementation of hybrid IT architecture connectivity. We examine hybrid IT architecture connectivity solutions using BGP, VPN and AWS Direct Connect.

VPN and advanced subnetting - understand VPC Subnet configurations and VPC routing to ensure you architect your solution correctly and efficiently. The Subnets and Routing course looks and VPC Subnets and VPC Routing in detail, providing examples of both across different configurations and solutions and how to best implement your network design. In this domain we explore:

  • VPC Subnets
  • VPC CIDR Blocks - The effect of subnetting your VPC CIDR Block
  • VPC Subnets - Public & Private Subnets
  • VPC Peering: Subnet Considerations - considerations when architecting your subnets in different VPC Peering configurations
  • Flow Logs: VPC Subnets
  • VPC Routing - Routing Fundamentals & Route Tables
  • Routing Priorities
  • Routing: VPC Peering - Routing: VPN Connection via a Virtual Private Gateway
  • Routing: Internet Gateways & NAT Gateways 
  • Routing: VPC Endpoints - This lecture looks at the automatic routing configuration when creating a VPC Endpoint
  • VPC IPsec VPNs. We explain the IPsec security protocol, highlighting key components - providing explanations of what it is and why and where it is useful.

We describe in detail the individual parts of IPsec protocol suite, such as Authentication Headers and Encapsulating Security Payloads.

We review the triple AAA of security - Authenitication, Access and Authorization. We then explore Security Associations and Key negotiation phases such as IKE phase 1 and phase2. We will finish our IPsec theory with an explanation of the differences between the different network transportation modes, Transport mode and Tunnel mode. We examine where and how AWS uses and implements IPsec, introducing you to the VPC components Virtual Private Gateway, Customer Gateway, and VPN Connection.This section includes two VPC IPsec demonstrations. First we will create a Statically routed IPsec VPN between 2 VPCs. Then create a Dynamically routed IPsec VPN between 2 VPCs. We work with BGP to perform route advertisements and route propagation.

Domain 2.0: Design and implement AWS networks

In this domain we extend our knowledge of AWS networking concepts including:

OSI and TCP/IP networking models. We ensure you have an understanding of both models, useful for learning, architecting, and/or operating large scale networks. To start with, we will review the Open System Interconnection model, which is a 7 layer reference model used to aid both learning, building, and troubleshooting of networks. Next, we will review the TCP/IP model, a more simplified 4 layer model that is used in the implementation of real world networks such as the Internet and/or private networks such as corporate LANs.

Jumbo Frames We provide a detailed overview of Ethernet frames and how and what effect Jumbo Frames have when configured. Jumbo frames allow more than 1500 bytes of data by increasing the payload size per packet. We will review use cases and scenarios where Jumbo Frames are useful.We create a complete working demonstration - configuring a Jumbo Frame enabled network between 2 VPCs. We deploy an EC2 instance within each VPC, each instance will be configured with a pair of ENIs. We will establish policy based routing such that we end up with 2 network paths between the instances - the 1st network path will have a 1500 MTU - utilising ethernet standard frames, and the second network path will have a 9000 MTU - utilising ethernet jumbo frames.

Domain 3.0: Automate AWS tasks

For domain 3 we examine and explore automation use cases including security and environment monitoring. We evaluate automation alternatives within AWS for network deployments

Evaluate tool-based alternatives within AWS for network operations and management

Domain 4.0: Configure network integration with application services

  • Evaluate DNS solutions in a hybrid IT architecture
  • Leverage the capabilities of Route 53
  • Determine the appropriate configuration of DHCP within AWS
  • Determine a content-distribution strategy to optimize for performance using Amazon CloudFront. 

Domain 5.0: Design and implement for security and compliance

  • Evaluate design requirements for alignment with security and compliance objectives.
  • Evaluate monitoring strategies in support of security and compliance objectives

Domain 6.0: Manage, optimize, and troubleshoot the network

We explore the tools and steps you can implement to troubleshoot and resolve network issues using hands on labs and a preparation exam.


        Learning Path Steps

        1. Course: Networking Specialty Learning Path - Introduction

        2. Course: AWS Virtual Private Cloud: Subnets and Routing

        3. Lab: Securing your VPC using Public and Private subnets

        4. Course: Amazon VPC IPSec VPNs- Understanding, Building and Configuring

        5. Lab: Set Up VPC Peering between Amazon Virtual Private Clouds (VPCs)

        6. Lab: VPN Connections with an Amazon VPC Using Dynamic Routing

        7. Course: OSI and TCP/IP Networking Models

        8. Course: Jumbo Frames - Understanding, Building and Configuring

        9. Course: IPv4 - Internet Protocol version 4 - In-depth Review


        11. Course: Working with AWS's Domain Name System: Amazon Route 53

        12. Course: Working with Amazon CloudFront

        13. Course: Static Website Hosting, Storage, and Content Delivery on AWS

        14. Lab: Configuring a Static Website With S3 And CloudFront

        15. Lab: Serve your files using the CloudFront CDN

        16. Course: Understanding of AWS Authentication, Authorization & Accounting

        17. Course: AWS CloudTrail: An Introduction

        18. Course: AWS Config: An Introduction

        19. Course: Intrusion Detection and Prevention on Amazon Web Services

        20. Course: Amazon Inspector

        21. Course: Advanced Techniques for AWS Monitoring, Metrics and Logging

        22. Course: Using AWS X-Ray to monitor a Node.js App deployed with Docker containers

        23. Lab: Learn the Tools for Governing Accounts

        24. Course: Networking Specialty Learning Path - Conclusion

        25. Exam: Certified Advanced Networking - Specialty for AWS