CompTIA Cloud+ tips to troubleshoot cloud networks
The CompTIA Cloud+ exam covers a range of topics, including how to secure and troubleshoot cloud networks. Some of the first steps: Start simple, and isolate the problem.
Cloud networks and on-premises networks share traditional networking concepts. But cloud has also sparked several changes, such as shifts in responsibility, troubleshooting flows and security considerations.
The CompTIA Cloud+ exam targets cloud administrators helping their organizations migrate from "old-fashioned, traditional on-premises networks" to hybrid or full cloud deployments, said Damon Garn, author of The Official CompTIA Cloud+ Study Guide (Exam CV0-003) from CompTIA. In his study guide, Garn explains how to design cloud environments, administer cloud resources and troubleshoot cloud networks, among other topics.
Most network admins probably won't lead cloud orchestration projects or manage cloud security. But, thanks to blurred lines of responsibility among enterprise IT teams, they should be familiar with cloud concepts. They are no longer solely responsible for on-premises networks, Garn said, as most network admins now also deal with cloud-based networks and hybrid networks. And those changes mean following certain best practices for cloud network configuration and troubleshooting.
Editor's note: The following interview was edited for length and clarity.
What are the biggest challenges with troubleshooting cloud networks?
Damon Garn: One of the biggest challenges is on the conceptual side of things. You have the major service providers -- the three big ones being AWS, Microsoft Azure and Google Cloud. One of the biggest problems for troubleshooting is they all tend to use different terminology.
With something conceptual, like the Cloud+ guide, it's hard to get detailed because the terms are different. The way Microsoft labels something is different from how Amazon does. That makes it difficult in terms of troubleshooting and learning to troubleshoot.
The other part I think is really difficult, and really good at the same time, is that cloud is evolving so fast. Things change, and things change quickly. Information that was current three months ago doesn't necessarily apply now. That's a real challenge when you're trying to figure out what's wrong with a particular network.
How can someone get more hands-on experience with these environments?
Garn: CompTIA has developed the CertMaster Labs. These are divided into two parts: assisted labs and applied labs. Assisted labs are step by step, and they're a good learning tool. Applied labs are much more generic, where you're heading toward a particular goal. With the applied labs, it's much more proving of concept. Can you really get from point A to point Z? I recommend lab environments that are at least two of the major vendors. And, if you can get all three, that's great.
Another important way to get experience is all three major cloud service providers offer free accounts. You have to put a credit card in, almost like a deposit. But all the fundamental services you need to prepare for Cloud+ are available with free subscriptions. They're usually annual subscriptions, so it gives you plenty of time to prepare for the exam. It allows you to go through and say, 'I want to build a virtual private cloud. How do I do that in AWS? How do I do that in Azure?' And you're not having to pay for those services within that first year.
What are some common mistakes with cloud network configurations?
Garn: A lot of it boils down to basics, with things like typos. That's one of my troubleshooting tips I always recommend: Start with the simple things.
In terms of that, I think it's a lack of design and planning ahead -- having an overall architecture and knowing what you're going for. You find yourself recreating things a lot because you didn't do it right the first few times. So, a pilot program in a test environment is really important.
What are your go-to best practices for cloud troubleshooting and configuration?
Garn: For cloud services, I would start with ensuring you understand where the problem is. Is it on premises? Are you having trouble accessing your cloud resources getting out of your network? Or is it, once you're at the cloud service provider's location, once you're through that portal, then you have a problem on the other side? The first thing would be to isolate that. Do you have a connectivity problem? Or do you have a problem that's in the cloud?
From there, one of the common things is access. Are you receiving an 'Access Denied' message? Or are you receiving a misconfiguration or broken service message? Figure out whether you're allowed to do what you're trying to do or if you've already done it and did it wrong. Can you connect? Do you have access? Then, from there, did you make a mistake in the configuration?
How can you implement security into cloud network design?
Garn: The first thing is to understand something called the shared responsibility model. This was phrased by Amazon or an Amazon employee, but it covers all cloud services nicely. The shared responsibility model divides responsibility into two parts: certain things the cloud service providers are responsible for and certain things the consumer is responsible for. The first part of that design is understanding what cloud services you're going to work with and who is responsible for the security of those. That's where it really kicks off.
How should someone study for the cloud security parts of Cloud+?
Garn: I would start with that idea of whose responsibility it is. Within that, anything that lands on the consumer side is something to study. Amazon does a good job with the shared responsibility model of giving examples of what they are responsible for and what you are responsible for. You could use those examples as a jumping-off point of, 'OK, I'm going to be responsible for the connection between here and there.' And then it gives you something to start with.
What things will secure my connection? Secure Shell, or SSH, HTTPS connections and certificate-based security, in general? It gives you the ability to say, 'Here's what I'm responsible for, and here are the tools and technologies that will help.'
The other thing I do to prepare for certifications -- and this applies to everything, not just security -- is to print out the exam objectives and use it as a checklist. For those who are working through Cloud+, use the objectives as a checklist. Understand whether you know all these points and technologies and where they fit in.
What are prerequisites for taking the Cloud+ exam?
Garn: A really important one is at least a passing familiarity with Windows services and Linux services. Typically, we find that folks have experience with only one platform and not both. Most of the cloud runs on Linux. AWS, for example, runs on Linux, so you're passing Linux commands, using Linux scripts and Linux vocabulary to accomplish a lot of things. If you're a Windows administrator, that's an area you're not familiar with and vice versa. I've seen plenty of Linux admins who don't really know anything about how Windows works, or PowerShell, and so forth. So, one thing is to make sure you've played a little bit with the other operating system and have a passing understanding.