ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync: wiki-ingest 3 sources (2026-04-16)

Browse Source
This commit is contained in:
weishen
2026-04-16 00:08:35 +08:00
parent 9688f3f54b
commit 5ae9550d8c
267 changed files with 9537 additions and 1163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-1-gruntwork-landing-zone-architecture.md
View File

@@ -11,7 +11,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 1_ Gruntwork Landing Zone Architecture.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 1 Gruntwork Landing Zone Architecture

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md
View File

@@ -12,7 +12,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 10_ AWS  Landing Zone (LZ) Data Collection, Tagging _ Related Security.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security
@@ -21,7 +21,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
**Status:** ✅ 已完成Gemini 摘要)
---

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md
View File

@@ -11,7 +11,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 14_ Octane Hub on AWS_ Real life experience moving production services into the new land.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 14 Octane Hub on AWS: Real-Life Experiences
@@ -20,7 +20,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** ✅ 已完成摘要
**Status: ✅ 已完成摘要**
---

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-17-active-directory-services-in-gruntwork-aws-lzs.md
View File

@@ -12,7 +12,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 17_ Active Directory Services in Gruntwork AWS LZs.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 17 Active Directory Services in Gruntwork AWS LZs
@@ -21,7 +21,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
**Status: 🟡 Awaiting Whisper transcription → Summary**
---

29
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md
View File

@@ -1,8 +1,8 @@
---
title: "CTP Topic 25 Labs Landing Zone overview - ITOM teams"
title: CTP Topic 25 Labs Landing Zone overview - ITOM teams
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
@@ -10,9 +10,9 @@ tags:
- ITOM
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 25 Labs Landing Zone overview - ITOM teams
@@ -27,7 +27,26 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## Labs Landing Zone Overview
The Labs landing zone is based on the Gruntworks reference architecture and AWS standards, utilizing a multi-account strategy. The entire stack is managed through infrastructure as code (Terraform), using a library of common functions accessible for review and modification. *Everything should be managed using Terraform or some other code-based mechanism.*
Key components include:
* **Shared Account:** Hosts the Jenkins master for the CI/CD pipeline (Gruntworks production grade), hardened AMIs, and a Docker container store.
* **Logs Account:** Secure storage for AWS Config and CloudTrail logs, with access controlled by the security team.
* **Security Account:** Manages user accounts and access, primarily for cross-account access and shared accounts, with most access being federated.
* **Core Accounts:**
* Active Directory: Manages Windows instances and IDPs (all in Swimford.net).
* DNS: Manages AWS Swimford.net, allowing for local domains or referencing the wider infrastructure.
* **Network Account:** Central hub for network communication, managing traffic via Transit Gateway and JetPult firewall. All internet access is routed through here, managed by the network team via tags. Pulse VPN access is also managed here, providing access to the micro focus network.
* **Shared Service Accounts:** Provide access to services like monitoring (45 arc site) and Qualys.
* **Product Account:** The primary working environment, built to standard infrastructure-as-code modules. It can have multiple accounts (production, staging, development). Logs are shipped to the logs account, and Jenkins manages automation within the account.
When deploying a product account, key requirements include defining IP address ranges and agreeing on specific tags with the network team for firewall access. *Access through that firewall is all managed by tags.* The team recommends using their Terraform modules for deploying subnets.
The standard Jenkins-based pipelines scan GitHub Enterprise repositories for changes, running Terragrunt plans or applies based on the branch. Internet connectivity is restricted; access to specific corporate network locations requires a request to the network services team. The pipelines are continuously being improved for robustness and security, including pre-commit checks and Fortify scans.
---

52
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-25-labs-landing-zone-overview-itom-teams.md.bak Normal file
View File

@@ -0,0 +1,52 @@
---
title: CTP Topic 25 Labs Landing Zone overview - ITOM teams
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
- Labs
- ITOM
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4
audio-source: ""
status: raw
---
# CTP Topic 25 Labs Landing Zone overview - ITOM teams
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 25_ Labs Landing Zone overview - ITOM teams.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-26-standard-ami-build-publish-share-processes.md
View File

@@ -11,7 +11,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 26_ Standard AMI build, publish, share processes.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 26 Standard AMI build, publish, share processes
@@ -20,7 +20,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
**Status:** ✅ 已完成Gemini 摘要)
---

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-28-aws-tag-validation-tool.md
View File

@@ -12,7 +12,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 28_ AWS Tag Validation Tool.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 28 AWS Tag Validation Tool
@@ -21,7 +21,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
**Status:** ✅ 已完成Gemini 摘要)
---

19
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md
View File

@@ -1,16 +1,16 @@
---
title: "CTP Topic 34 Azure Landing Zone Architecture Overview"
title: CTP Topic 34 Azure Landing Zone Architecture Overview
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- Azure
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 34 Azure Landing Zone Architecture Overview
@@ -25,7 +25,16 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## Azure Landing Zone Architecture Overview
Kishore Garlopati presents an overview of the upcoming Azure Landing Zones implementation within Micro Focus, detailing how it will simplify Azure adoption for various teams and enable them to deploy workloads to the Azure cloud. The primary goal is to minimize cross-team dependencies through automation, granting teams greater independence in deploying innovative solutions within the Azure environment.
The architecture begins with enrollment into Azure Enterprise, utilizing Azure Active Directory for user authentication. Azure employs management groups, similar to parent directories in Windows, to organize the entities within Micro Focus. These are divided into four areas: platform, landing zones, decommission, and sandbox. The platform includes identity management and connectivity subscriptions, each with a specific purpose and managed by dedicated teams to enhance security. *The core reason of these individual or isolated subscriptions is you are basically containing a subscription for a specific purpose.*
Identity subscriptions manage access policies, while connectivity subscriptions serve as a central hub for all inbound and outbound Azure traffic, incorporating security measures like DDoS protection and checkpoint firewalls. Landing zones are designed to be scalable, modular, and fully automated, providing a template-based approach for new projects. These zones emphasize identity access management, auditing, compliance, security monitoring, and networking. Decommissioned subscriptions are for unused resources, and sandbox subscriptions offer isolated environments for experimentation. *This sandbox is a is an interesting one because these landings on subscriptions allows your workloads.*
Privileged Identity Management (PIM) and privileged access groups manage user access, ensuring appropriate role and policy enforcement. Terraform Cloud is used for infrastructure automation, leveraging Terraform states to manage dependencies between subscriptions. This layered approach allows teams to access necessary data without exposing sensitive information.
---

50
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md.bak Normal file
View File

@@ -0,0 +1,50 @@
---
title: CTP Topic 34 Azure Landing Zone Architecture Overview
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- Azure
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4
audio-source: ""
status: raw
---
# CTP Topic 34 Azure Landing Zone Architecture Overview
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 34_ Azure Landing Zone Architecture Overview.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

17
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md
View File

@@ -1,8 +1,8 @@
---
title: "CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)"
title: CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
@@ -10,9 +10,9 @@ tags:
- Labs
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
@@ -27,7 +27,14 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## AWS Landing Zone Design Refresher
This session provides an overview of AWS Landing Zones, focusing on their design, updates, and differences between SaaS and Labs environments. The primary goal of landing zones is to support diverse AWS use cases while ensuring reuse, control, auditing, and management. *Our AWS landing zones, they're built infrastructure as code as you'd expect on terraform templates using the grunt work framework.*
AWS SaaS landing zones offer customer-dedicated environments with product accounts for each product area, such as Snacks. These accounts connect to shared services accounts for security, logging, and networking. The core accounts group includes Active Directory, DNS, and network accounts to support IT services within the micro-focus infrastructure. The shared service accounts host services like artifactory, cyberqualice, cyber EPO, ArcSight, and monitoring. Grunt work accounts manage AMIs, logs, and security across all accounts. Product accounts host IT products, projects, applications, and supporting AWS resources, managed by individual project teams.
Recent changes to the landing zones include network segmentation to block direct connectivity to SaaS workloads, decommissioning of the Gruntworks Cloud Trail in favor of CCOEs Cloud Trail, and proposed rerouting of ingress traffic via checkpoints in the network account. Native AWS backup is likely to be mandated, and management VPCs may be removed for new accounts. The key difference between SaaS and Labs is that SaaS is for production, while Labs is for development, with plans to introduce internet access into Labs. *Basically, the only answer is that SAS is production, Labs is development.* The PoC landing zone will be combined with Labs to maximize shared resources. The Cloud Technology Design Forum aims to standardize and centralize microfocus's cloud delivery offering, including landing zone designs.
---

52
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-35-aws-landing-zone-design-refresher-saas-labs.md.bak Normal file
View File

@@ -0,0 +1,52 @@
---
title: CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
- SaaS
- Labs
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4
audio-source: ""
status: raw
---
# CTP Topic 35 AWS Landing Zone Design Refresher (SaaS Labs)
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 35_ AWS Landing Zone Design Refresher (SaaS _ Labs).mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

21
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md
View File

@@ -1,8 +1,8 @@
---
title: "CTP Topic 40 SaaS Database Architecture On AWS Cloud"
title: CTP Topic 40 SaaS Database Architecture On AWS Cloud
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- SaaS
- Database
@@ -10,9 +10,9 @@ tags:
- AWS
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 40 SaaS Database Architecture On AWS Cloud
@@ -27,7 +27,18 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## SAS Database Architecture on AWS Cloud
The SAS database team is a global team located in the US, Canada, India, and Israel, providing 24/7 support. The team consists of certified professionals, including Oracle certified professionals, DBAs, and security professionals. They manage over 500 databases and 1000+ DB servers on-premise and in the public cloud, having migrated numerous DB servers and databases to the public cloud.
The team supports various regions, including Sacramento and Reading for on-premise data centers, and AWS regions like Canada, Frankfurt, London, Oregon, North Virginia, and Sydney. They support database flavors such as Oracle, Vertica, Postgres, DynamoDB, SQL Server, MongoDB, and MySQL, utilizing AWS technologies like Postgres Aurora, Elasticsearch, AWS RDS, EFS, S3, and EBS. Databases reside mostly on application VPCs with integrated security measures.
For database monitoring, performance tuning, and gap analysis, tools like Micro Focus Sidescope, Oracle OEM, Ignite, AWS CloudWatch, and Questsoft Foglight are used. Day-to-day operations are managed through a ticketing tool, with an on-call DBA resource. The team actively participates in squads and executes a minimum of 10 changes a month, handling 400-500 SSRs and IMs monthly. They provide layer 1 and layer 3 support, using technologies like shell scripting, Terraform, AWS CLI, and PowerShell for automation. *Data center migrations and cloud provisioning were key automation projects.*
Key projects include data center migrations, onboarding new customers, database security enhancements, DB-AD integrations, SOX compliance, database consolidation, and DB patching. The team is also working on Oracle Golden Gate for multi-tenancy, adopting cloud-native technologies, and enhancing the Pretty Tool for on-demand backups and database migrations. Future plans involve new AMI automations, storage compression, RI instance optimization, AWS cloud-native backups, and enhancements to the DB apps tool. *The idea was to move those databases seamless without downtime or with minimum downtime.*
For high availability, Oracle uses Data Guard technology, Postgres uses a classic active-passive mechanism (with plans to use Active Active), and RDS uses RDS high availability. Databases are run in two availability zones within a region, with a primary database in one zone, a standby database in the second, and a witness in the third to observe and manage failovers. Reporting databases have a read-only warehouse in the third availability zone, with secure VPN access for customers to run operational warehousing queries.
---

52
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-40-saas-database-architecture-on-aws-cloud.md.bak Normal file
View File

@@ -0,0 +1,52 @@
---
title: CTP Topic 40 SaaS Database Architecture On AWS Cloud
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- SaaS
- Database
- Architecture
- AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4
audio-source: ""
status: raw
---
# CTP Topic 40 SaaS Database Architecture On AWS Cloud
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 40_ SaaS Database Architecture On AWS Cloud.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

4
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md
View File

@@ -11,7 +11,7 @@ tags:
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 44_ AWS Backup in Micro Focus.mp4"
audio-source: ""
status: summarized
status: summarized (Gemini 摘要)
---
# CTP Topic 44 AWS Backup in Micro Focus
@@ -20,7 +20,7 @@ status: summarized
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** ✅ 已完成摘要
**Status:** ✅ 已完成Gemini 摘要
---

56
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 46 NetApps on AWS"
title: CTP Topic 46 NetApps on AWS
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- NetApp
- AWS
- Storage
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 46 NetApps on AWS
@@ -26,7 +26,53 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## NetApp on AWS: A Cloud Transformation Program Learning Session
Sandeep and Yael presented a training session on NetApp, covering basic components, architecture, data tiering, security, backup/DR strategy, migration from on-prem to cloud, current NetApp usage, architecture, and a demonstration.
### Traditional NetApp
NetApp is a storage system, with ONTAP as its operating system. It features controller nodes connected to disk enclosures, supporting SSD, SATA, SAS, and FC disks. NetApp primarily supports SMB, NFS, FC, FCOE, and ISCSI protocols, often configured as a single node or HA pair (high availability pair).
Key components include:
* **Aggregate:** A collection of disks forming a RAID group.
* **Volume (FlexVolume):** A data container hosted on top of an aggregate, presented to hosts for data storage, accessible via NFS or CIFS.
* **Qtree:** A further segmentation of a volume, similar to directories in UNIX or folders in Windows, with special attributes like permissions and quota management.
* **LUN (Logical Unit Number):** A logical representation of storage, hosted on a volume or Qtree, presented to hosts via FC or ISKSI as block-level storage.
* **Logical Interface (Lift):** An interface on top of a physical network card, hosting an IP address or WWPN, used for node management, inter-cluster replication, cluster management, and data serving.
* **Storage Virtual Machine (SVM):** A virtual segmentation of a NetApp system, enabling multi-tenancy, treating each SVM as a separate operating system with no data flow between them. *At least one SVM is needed for a cluster.*
### NetApp in AWS (Cloud Volume ONTAP - CVO)
CVO is a software-only storage appliance hosted on EC2 instances, functioning as nodes. It can be a single node or HA pair, utilizing a mediator instance to aid during takeover and give back processes. The nodes are deployed across multiple availability zones with synchronous replication. EBS disks (GP3, GP2, IEO, IEO1, ST1) are used as storage, managed via Cloud Manager.
High availability is maintained through a floating IP concept, where clients access data via a unique IP address that migrates to the serving node in case of failure. Takeover give back refers to the process of a serving node taking over services from a failed node and relinquishing them when the failed node recovers.
### Data Tiering
Data tiering involves using various storage media to optimize cost, performance, and availability. NetApp in AWS stores active data on EBS and inactive data on S3. Data inactive for 30 days or more is automatically moved to S3 and pulled back to EBS when accessed. *NetApp stores the active data in EBS and inactive data to S3.*
### Data Security
NetApp supports encryption via AWS Key Management Service and NetApp Encryption Solution (volume or aggregate encryption), both offering 256-bit encryption. Virus scanning is integrated with McAfee Antivirus (VSES), using an external scan server. Scanning options include on-access (for SMB/CIFS) and on-demand (for NFS) scanning.
### Backup and DR
Snapshots are point-in-time, read-only file system images that create copies of volumes using pointers, minimizing space consumption. SnapMirror is a tool for replicating data between NetApps, copying volumes and their snapshots. It requires peering relationships between clusters and SVMs, with optional encryption. Baseline copies perform initial full data replication, while subsequent updates copy only the changes. Destination volumes in a SnapMirror relationship are read-only.
### Migration
Tools for migrating from on-prem to AWS include:
* **SnapMirror:** Fast, block-level replication, preserving D-Dupe and compression.
* **NetApp XCP:** File-based tool, copying data at the file level with concurrent sessions.
* **NetApp Cloud Sync:** Used for AWS migrations, supporting NetApp to NetApp, NFS, SMB, NetApp to S3/EFS, and EFS/S3 to NetApp.
* **AWS DataSync:** AWS-provided file-based tool for NetApp to EFS or S3 migrations.
* **Silver Peak:** A WAN optimizer for compressing packets.
### Current NetApp Usage and Future Plans
The organization has around 15 NetApp clusters in various AWS regions, hosting approximately 1.3 petabytes of data. Cloud Manager is used for central management, with storage operations maintaining and supporting the NetApps. Monitoring is currently done through Cityscope and WebTool, with plans to use AWS native services. S3 tiering is enabled for most NetApps, and FSX for NetApp is under POC. There are also plans to use Terraform for deploying NetApps.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-46-netapps-on-aws.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 46 NetApps on AWS
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- NetApp
- AWS
- Storage
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4
audio-source: ""
status: raw
---
# CTP Topic 46 NetApps on AWS
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 46_ NetApps on AWS.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

24
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md
View File

@@ -1,16 +1,16 @@
---
title: "CTP Topic 47 Enterprise Architecture Cloud Standards"
title: CTP Topic 47 Enterprise Architecture Cloud Standards
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- Enterprise-Architecture
- Cloud-Standards
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 47 Enterprise Architecture Cloud Standards
@@ -25,7 +25,21 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## Enterprise Architecture Cloud Standards
[slide:N]
The session will cover landing zones, their purpose, the role of enterprise architecture in cloud environments, guardrails, and the need for community input. The speaker, Lindsay, an enterprise architect with a development background, aims to provide a learner's perspective on cloud architecture.
A landing zone is a framework for hosting cloud workloads, focusing on security, compliance, and manageability. Key components include account structure, networking, security, access management, and telemetry. *The account structure aligns with environments (dev, staging, production), and roles define access based on zero trust and least privilege principles.* The landing zone provides pre-configured networking and security, reducing the security review burden on application teams. Centralized logging and auditing are provided within the framework.
Benefits of using landing zones include a pre-designed security model, pre-built compliance, and visible cost control. Infrastructure automation, using Terraform, enables efficient environment configuration. *Terraform allows specifying the desired environment in code, promoting standardization and testability.* Terragrunt, a wrapper for Terraform, aids in generating different environments. The framework eliminates reinvention, allowing application teams to focus on application-specific tasks.
Enterprise architecture helps articulate the cloud architecture, informing application teams about available resources and requirements. Guardrails capture mandatory requirements and optimal practices for scalability, cost minimization, and flexibility. The enterprise architecture team has created a page on the intranet site with business architecture concepts, data connections, application information, and technology roadmaps.
The cloud guardrails document covers design concepts, capabilities, and best practices. Key design concepts include cloud-first, leveraging well-architected frameworks, infrastructure as code (Terraform), and resource tagging. The document provides guidance on executable packaging, functional partitioning, capacity management, and identity management.
Executable packaging prioritizes using existing cloud services and managed services to minimize custom code. Functional partitioning involves breaking monolithic applications into smaller, independent blocks or serverless functions. The speaker emphasizes the need for input from application teams to refine the guardrails and incorporate real-world experiences. *We want your knowledge collected here for reuse and help help to help other app developers down the road.*
---

50
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-47-enterprise-architecture-cloud-standards.md.bak Normal file
View File

@@ -0,0 +1,50 @@
---
title: CTP Topic 47 Enterprise Architecture Cloud Standards
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- Enterprise-Architecture
- Cloud-Standards
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4
audio-source: ""
status: raw
---
# CTP Topic 47 Enterprise Architecture Cloud Standards
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 47_Enterprise Architecture Cloud Standards.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

21
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 50 AMI Roadmap for AWS AMIs"
title: CTP Topic 50 AMI Roadmap for AWS AMIs
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- AMI
- Roadmap
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 50 AMI Roadmap for AWS AMIs
@@ -26,7 +26,18 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## AMI Roadmap for AWS AMIs
The Cloud Transformation Program held a learning session to discuss the AMI roadmap for AWS AMIs. The session covered the CCOE AMI roadmap, end-of-life operating systems, AMI notifications, change logs, new features, the process for adding new AMIs, current supported AMIs, and the roadmap.
The CCOE provides hardened AMIs on a bi-monthly basis aligned with security standards. The session focused on the roadmap, not the hardened AMIs themselves. The current available AMIs include three versions of Ubuntu, CentOS 7 and 8, Reddit 8.4 ARM, Amazon Linux 2, and four versions of Windows operating systems.
The roadmap includes planned releases for new operating systems. In November, SLES 15 and Reddit 9 will be released. In January 2023, open Susa 15 and Amazon Linux 2022 will be added. In March 2023, Rocky 8 and Rocky 9 will be available. May 2023 will see Reddit 9.4 ARM and Ubuntu 22.04 ARM. *Starting May 2023, all ARM processors related to AMIs will be released.* The order was created mainly by ADM requirements. Any requirements to change the prioritization of the roadmap should go through the demand pipeline process.
Windows Server 2008 and 2008 R2 are end-of-life since January 2020, CentOS 8 since December 2021, and Windows Server 2012 will be by October 2023. Red Hat 7 will be end-of-life by June 2024, as will CentOS 7. AMI notifications are sent via email to those on the CCOE notifications PDL. A change log is now available in the CCRE portal, representing the latest changes from the previous release. *This change log focuses on changes done by CCRE.*
The features contained in the AMIs include domain join services, enabling SSHR, integrating McAfee antivirus services, enabling DNS settings, updating the cloud init process, enabling the SSM client, and edge installations. The process of adding new AMI integration and validation involves integrating services, enabling features, and undergoing a build and test process. The AMIs are shared with every account in the organization, including the AMI itself, EBS volumes, and KMS keys.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-50-ami-roadmap-for-aws-amis.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 50 AMI Roadmap for AWS AMIs
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- AMI
- Roadmap
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4
audio-source: ""
status: raw
---
# CTP Topic 50 AMI Roadmap for AWS AMIs
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 50_ AMI Roadmap for AWS AMIs.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

27
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 51 Architecting with AWS purpose-built databases"
title: CTP Topic 51 Architecting with AWS purpose-built databases
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Database
- Purpose-Built
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 51 Architecting with AWS purpose-built databases
@@ -26,7 +26,24 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## Architecting with AWS Purpose-Built Databases
Femi George, a database sales specialist from AWS, discussed purpose-built databases for modern applications, covering modern applications, the rationale for purpose-built databases, key AWS databases, and the evolving role of DBAs/developers in the cloud.
Modern applications have evolved from client-server models due to changing customer requirements, new devices, diverse data types, and economic considerations. Key questions include scalability, global delivery with low latency, and developer access. The approach involves starting with the use case and selecting the best tool for the job, avoiding a one-size-fits-all approach. *We need to start thinking of the right purpose built database for the right application.*
Considerations for purpose-built databases include application scale, user numbers, access patterns, usage spikes, and performance requirements like latency and availability. Duolingo uses DynamoDB for personalized data, ElastiCache for common words/phrases, and Aurora for transactional data. AWS offers a range of purpose-built databases, including relational (e.g., RDS, Aurora) and NoSQL (key-value, document, in-memory, graph) options, along with time series, ledger, and wide-column databases.
Relational databases are suitable for fixed schemas and maintaining referential integrity. Amazon RDS provides fully managed traditional and open-source databases, handling backups and patching. Data endpoints in RDS facilitate easy application access. Amazon Aurora, a cloud-native database, offers MySQL and PostgreSQL compatibility with enhanced performance, scalability, and security. *Amazon Aurora has two flavors, MySQL and PostgreSQL.* Aurora separates storage and compute, improving IO and availability.
Key-value data is popular among developers and forms the basis of NoSQL databases. Amazon DynamoDB is a key-value and document database with single-digit millisecond performance at any scale, supporting trillions of requests per day. Netflix uses DynamoDB for resilience and low-latency access to JSON documents. Document databases extend key-value stores by enabling deeper querying within JSON files. Amazon DocumentDB is compatible with MongoDB and offers flexible schemas.
Apache Cassandra, a wide-column database, is used for large-scale applications with unstructured schemas. Amazon Keyspaces is a managed service for Cassandra-compatible databases, offering serverless options. In-memory databases, like Amazon ElastiCache (Redis, Memcached), are used for caching, media streaming, session stores, and real-time analytics. Peloton uses ElastiCache Redis for immediate feedback to customers.
Graph databases (e.g., Amazon Neptune) are suitable for fraud detection, social networking, and recommendations. They help uncover correlations that relational databases struggle with. Time series databases (e.g., Amazon Timestream) are designed for high-volume, time-based data analysis, such as data from IoT devices.
The role of the DBA is evolving in the cloud. While AWS manages much of the platform, DBAs still handle tasks like restoring databases, managing access, and optimizing queries. The focus shifts from platform management to application innovation.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-51-architecting-with-aws-purpose-built-databases.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 51 Architecting with AWS purpose-built databases
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Database
- Purpose-Built
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4
audio-source: ""
status: raw
---
# CTP Topic 51 Architecting with AWS purpose-built databases
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 51_ Architecting with AWS purpose-built databases.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

23
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 58 AWS EC2 image builder"
title: CTP Topic 58 AWS EC2 image builder
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- EC2
- Image-Builder
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 58 AWS EC2 image builder
@@ -26,7 +26,20 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## AWS EC2 Image Builder
AWS EC2 Image Builder is a managed AWS service to automate the creation, management, and distribution of AMIs and Docker images using components like image pipelines, image recipes, and infrastructure configurations. Image pipelines define how AMIs are published, including installations, security hardening, and distribution schedules.
Image recipes, written in YAML, define the source AMI for creating an output AMI, while container recipes support Docker images. Components are individual steps executed within the source AMI, such as installing packages or running shell commands. *A component is basically just a particular step that you want to execute in order to achieve the output AMI.* Infrastructure configurations define instance attributes like instance type, VPC, subnet, and security groups. Distribution settings manage the distribution of AMIs across different regions and accounts.
The current AMI publishing process involves OS-specific hardening scripts in GitLab repositories and Jenkins pipelines launching Packer to build and share images. Some product teams have developed parallel image bakeries, while others use manual processes with limited automation. The current approach has shortcomings, including longer turnaround times for modifications, AMI compatibility issues across landing zones, and limited automation in manual image bakeries. *Due to these limitations and these things what happens is eventually the product teams try to cater to their requirements by developing some kind of workflow or CI CD pipelines wherein they consume that CCOE AMI and they try to update or install whatever packages they require for their requirement or try to fulfill the functionalities which were lacking in the base AMI.*
Image Builder offers advantages such as increased productivity through automation, efficient image testing during the build process, incorporation of hardening standards, and easy image distribution. It integrates with AWS Organizations and AWS RAM for distributing AMIs across managed accounts. Supported OSes include Amazon Linux, Windows Server, Red Hat Linux, CentOS, Ubuntu, and SUSE, with the list expected to expand.
A POC has implemented end-to-end pipelines for CentOS 7 and Ubuntu 18, using CCOE hardening scripts converted into individual components. Terraform modules are in place for creating resources, with a consolidated module simplifying consumption for product teams. Testing scenarios are incorporated within components to validate execution, and AWS Inspector is integrated for AMI scanning against security standards. A Lambda workflow triggers scans, sends email notifications, and uploads reports to S3, maintaining a historical data of published AMIs. Qualys scan integration is under evaluation.
Product groups can use a service module to add components to the golden AMI. A component is a script, and components should be added in alphabetical order. The HCL file is used to create and manage components. Logs are published in CloudWatch. The image builder process requires approval, and the approval process is still under development.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-58-aws-ec2-image-builder.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 58 AWS EC2 image builder
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- EC2
- Image-Builder
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4
audio-source: ""
status: raw
---
# CTP Topic 58 AWS EC2 image builder
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 58_ AWS EC2 image builder.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

50
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md
View File

@@ -1,8 +1,8 @@
---
title: "CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora"
title: CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- RDS
@@ -10,9 +10,9 @@ tags:
- PostgreSQL
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora
@@ -27,7 +27,47 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## RDS vs. Aurora: Key Differences
Greg Klau presented a detailed comparison of PostgreSQL on Amazon RDS and Aurora, focusing on performance, cost, and use cases. The session covered choosing between the two, running blue-green and cross-region operations, monitoring, and network performance tweaks for high availability.
### Key Differences and Considerations
* **Minimum Size and Cost:** RDS offers smaller, cheaper instances suitable for small databases, while Aurora has a higher minimum size and cost due to its architecture.
* **Maximum Size and Performance:** Aurora scales to larger databases and offers better IO performance, making it suitable for databases exceeding 10-20 terabytes.
* **Auto Scaling:** Aurora offers auto-scaling (Serverless v2) but with limitations on instance shapes, versions, and regions.
* **Recovery Time Objective (RTO):** Aurora boasts a 30-second RTO, compared to RDS's two minutes in the event of an AZ failure.
* **Storage Flexibility:** RDS provides more storage options (GP2, GP3, provisioned IOPS, magnetic), while Aurora charges per IO.
* *With RDS, you get to choose multiple different storage mechanisms.*
* *Aurora IO is generally unbounded because they're motivated to give you as much IO as you can consume because they're charging you per IO.*
### Architectural Comparison
* **RDS:** Uses compute with attached storage (EBS). Multi-AZ setup involves another compute and storage node for failover. Replication across regions is asynchronous.
* **Aurora:** Employs six EBS volumes across three availability zones, managed by Amazon. Adding compute uses the same cluster volume, avoiding data replication for read replicas. Aurora Global allows multi-region setups with asynchronous replication.
* *With Aurora, you get six EBS volumes. They're spread across three availability zones.*
* **Endpoints:** RDS has one endpoint per cluster, while Aurora has separate writer and reader endpoints.
### Database Switchover and Failover
* **RDS:** Requires blocking access, forcing a new primary, destroying the old cluster, and rebuilding it as a standby.
* **Aurora:** Allows clean, managed switchovers using Aurora Global, without re-replication. Failover involves promoting a secondary region and re-adding the failed region as a new global cluster after it recovers.
### Blue-Green Deployments (Aurora MySQL Only)
* Aurora MySQL supports blue-green deployments for major version upgrades, creating a duplicate environment for testing before switching over. This involves logical replication to a green environment, with guardrails to prevent data loss.
### Monitoring
* Both RDS and Aurora offer monitoring options via CloudWatch, Grafana, and Performance Insights. Performance Insights provides a view of database load, query performance, and wait times.
* Aurora utilizes free local storage (ephemeral SSD) for temporary work, which is fixed per instance type. RDS uses EBS for temporary storage.
### High Availability Performance Tweaks
* Lower DNS time to live (TTL) to one second for faster failover.
* Adjust TCP Keep-Alive settings to detect database failures quickly.
* Use JDBC connection string overloading with reader and writer endpoints for resilience.
---

52
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-66-exposing-the-differences-between-postgresql-rds-and-aurora.md.bak Normal file
View File

@@ -0,0 +1,52 @@
---
title: CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- RDS
- Aurora
- PostgreSQL
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4
audio-source: ""
status: raw
---
# CTP Topic 66 Exposing the differences between PostgreSQL RDS and Aurora
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 66_ Exposing the differences between PostgreSQL RDS and Aurora.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

19
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 68 Introduction to Redshift"
title: CTP Topic 68 Introduction to Redshift
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Redshift
- Data-Warehouse
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 68 Introduction to Redshift
@@ -26,7 +26,16 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## AWS Redshift Architecture and Components
This learning session covers AWS Redshift, focusing on its architecture, management, and key components. The session aims to provide a foundational understanding of Redshift, including its features like columnar operations, row-based operations, MPP (Massively Parallel Processing), data compression, and the significance of distinct and hot keys.
Redshift is a fully managed, petabyte-scale data warehouse solution in the cloud. *It is designed for data warehousing, enabling quick data retrieval from large datasets.* It supports online analytical processing (OLAP) and offers advantages such as easy installation, maintenance of backups, point-in-time recovery, and cross-region disaster recovery.
Redshift architecture involves client applications communicating with Redshift clusters via JDBC and ODBC drivers, connecting to a leader node. The leader node manages schema, warehouse metadata, and query planning, distributing instructions to compute nodes. Compute nodes, determined by the instance type, execute queries across slices, processing data and returning results to the leader node. *The leader node then stores results in buffers for quick retrieval, enhancing performance.* Instance types include dense compute, dense storage, and RA3, each offering varying levels of compute power, RAM, and storage capacity. RA3 is noted for its cost-effectiveness and large storage capacity, utilizing AWS-managed NVMe storage.
Key features of Redshift include MPP, which enables parallel processing of queries across multiple compute nodes, improving query speed and response times. Data storage can be columnar or row-based; columnar storage is optimized for data warehouse operations due to faster performance and efficient memory usage. Data compression techniques, including LZO, further enhance performance by reducing data size. The sort key and dist key play a crucial role in optimizing queries and managing data distribution across compute nodes.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-68-introduction-to-redshift.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 68 Introduction to Redshift
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Redshift
- Data-Warehouse
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4
audio-source: ""
status: raw
---
# CTP Topic 68 Introduction to Redshift
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 68_ Introduction to Redshift.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

56
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md
View File

@@ -1,17 +1,17 @@
---
title: "CTP Topic 7 SaaS Landing Zone design"
title: CTP Topic 7 SaaS Landing Zone design
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
- SaaS
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 7 SaaS Landing Zone design
@@ -26,7 +26,53 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## SAS Landing Zone Design
The session covers the high-level design for the new production SAS Landing Zone, emphasizing a single landing zone approach for all products to reduce overhead and costs, a departure from the per-product group (PG) landing zones used in dev labs. The design incorporates AWS accounts, Terraform modules, and TerraGrant for deployment.
Key components include core accounts (shared, logs, security), baseline accounts (network, DNS, Active Directory), shared services accounts (software factory, cyber, ARC site, monitoring), and product accounts.
*The SAS landing zone will use a single landing zone for all the product groups.*
### Core Accounts
These accounts are based on the grant work reference architecture and include:
* **Shared Account:** Hosts hardened AMIs and a master Jenkins server for managing deployments. The master Jenkins initiates Lambda functions within each account to trigger Jenkins slaves, enhancing security by preventing direct exposure of the master Jenkins to jobs or credentials.
* **Logs Account:** A centralized account for logs from every account (CloudTrail, Config, Flowlogs), accessible primarily to the security team, with read access for products to their specific logs.
* **Security Account:** Hosts IAM roles inherited within each account, with the ability for account owners to attach additional policies to restrict role usage.
### Baseline Accounts
These accounts are essential for product functionality and include:
* **Network Account:** Contains a regional transit gateway connecting all accounts, with a checkpoint appliance for monitoring traffic based on a tagging approach. Resources require specific tags to access destinations like the internet or on-prem networks.
* **DNS Account:** Hosts Route 53, with each product having its own hosted zone for managing DNS records.
* **Active Directory Account:** Includes two AD nodes for domain joining and controlling resource access.
### Shared Services Accounts
These accounts provide internal production services to product accounts:
* Software Factory accounts (45 hubs, Octane Hub, Artifactory).
* Cyber account (Qalis).
* ARC site account.
* Monitoring account (OBM, potentially Sitescope).
### Product Accounts
Each product account features a public subnet for internet exposure via a load balancer and internet gateway, while workloads reside in private subnets. A web application firewall (WAF) monitors incoming traffic, and CloudFront is available as a CDN.
*The workload itself is going to be under private subnet.*
### Automation and Deployment
Terraform is used for automation, with each account having its own GitHub repository. Changes to Terraform code trigger Jenkins via a GitHub hook, initiating a deployment process through the management VPC, Lambda, and ECS cluster. A review process, including code review and plan output review, is implemented before applying changes, with staging environments used for testing before production deployment.
### Remote Access
Remote access is transitioning from Checkpoint VPN to Pulse VPN, requiring operators to use a VPN client and authenticate against the AD. Future plans involve SD1 replacing some network components.
---

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-7-saas-landing-zone-design.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: CTP Topic 7 SaaS Landing Zone design
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Landing-Zone
- SaaS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4
audio-source: ""
status: raw
---
# CTP Topic 7 SaaS Landing Zone design
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 7_ SaaS Landing Zone design.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

23
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md
View File

@@ -1,8 +1,8 @@
---
title: "CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup"
title: CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- DR
@@ -10,9 +10,9 @@ tags:
- Enterprise
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup
@@ -27,7 +27,20 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> ## Implementing an Enterprise DR Strategy Using AWS Backup
Sabith from AWS discusses disaster recovery (DR) strategies using AWS Backup, differentiating between high availability and disaster recovery. He recaps basic concepts like RTO and RPO, introduces AWS Backup, and presents reference architectures.
*We should always be prepared for a situation that everything falls all the time.* The shared responsibility model defines AWS's and the customer's roles in ensuring a resilient cloud environment. Human errors, technical failures, and natural disasters are major categories to consider when creating DR plans.
High availability ensures a system performs its functions, measured by mean time between failures. Disaster recovery focuses on data loss prevention and recovery, while high availability focuses on system uptime and service availability.
Recovery Point Objective (RPO) defines the acceptable data loss, while Recovery Time Objective (RTO) defines the acceptable downtime. Architectural patterns range from multi-site active-active (minimal interruption, high cost) to backup and restore (lower cost, longer interruption). AWS Backup is a fully managed, policy-based backup service that simplifies data protection. It supports numerous resource types and integrates with AWS Organizations for cross-account backup copies.
AWS Backup uses backup plans to define what, when, and how to back up, storing recovery points in backup vaults. It integrates with IAM policies for access control and AWS Backup Audit Manager (BAM) for compliance reporting. AWS Backup integrates with underlying services through data plane and control plane integrations. Full backups capture all data, while incremental backups only capture changes since the last backup.
AWS Backup offers immutable recovery points, automated scalability, and compliance features. Vault Lock in compliance mode prevents even root users from deleting recovery points until their lifecycle ends, deterring ransomware. Customers often use a vault or bunker account for storing backup copies, separate from workload accounts, to protect against compromises. A forensic account can be used to regularly test recovery points and scan for malware.
---

52
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-72-implementing-an-enterprise-dr-strategy-using-aws-backup.md.bak Normal file
View File

@@ -0,0 +1,52 @@
---
title: CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- DR
- Backup
- Enterprise
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4
audio-source: ""
status: raw
---
# CTP Topic 72 Implementing an Enterprise DR Strategy using AWS Backup
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 72_ Implementing an Enterprise DR Strategy using AWS Backup.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

17
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md
View File

@@ -1,16 +1,16 @@
---
title: "CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program"
title: CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Backup
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4"
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4
audio-source: ""
status: raw
status: summarized (Gemini 摘要)
---
# CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
@@ -25,7 +25,14 @@ status: raw
## 摘要
> 待转录后由 LLM 生成
> The session covers the AWS backup implementation of the cloud transformation program, focusing on the CTP backup strategy, AWS backup audit manager, and the AWS backup module. The SRE core, SRE product, and architecture teams collaborated on a design to provide product groups with flexibility in their backup strategies.
Key points include the assumed backup policy for production workloads, which requires customer data to be backed up regularly (at least once in 24 hours) with a retention policy of at least 30 days, and two backup locations. AWS backup was adopted as the strategic tool for backup in AWS for the cloud transformation program to standardize backup processes. An SRE model was developed to allow product groups to create and control their own backups, aligned with the assumed backup policy, enabling independent backup and restore operations in their DRA accounts.
AWS backup was chosen because it is a native service managed by AWS, simplifying data protection at scale and supporting multiple AWS resources. It supports TAC based backup plans, cross-account and cross-region backups, immutability for backups, out-of-the-box audit reports and frameworks, and point-in-time recovery for S3 and RDS. The design involves taking initial backups within the source accounts and copying them to a remote account and region, ideally a dedicated DR account for each production workload account. *This keeps backups within the DR account for immediate restore, avoiding time-consuming data copies.* If a DR account is unavailable, a Databunker account can be used as a centralized account for storing backups. The SRE backup model simplifies the adoption of AWS backup by creating AWS backup plans, selections, local AWS backup vaults, KMSKN policies, additional vaults in the DR account, Enroll policies, lifecycle policies, SNS topic creations, audit reports, and optional point-in-time restore for SRE and RDS. *The SRE models were adjusted to optionally create custom KMS kits, which is a fundamental requirement for having a remote account and region for the AWS backup processes.*
The AWS backup audit manager provides out-of-the-box reports and compliance reports. Reports can be exported to an S3 bucket in CSV or JSON format, providing insights into the status of backups, resources backed up, creation date, recovery point, backup duration, and size. SNS notifications can be configured to receive alerts regarding the status of backups. The AWS backup audit manager framework includes controls that help evaluate backup practices, providing compliance reports. Controls include ensuring backup resources are protected by a backup plan, minimum frequency and retention, prevention of manual deletion of recovery points, encryption of recovery points, and scheduled cross-region and cross-account backups.
---

50
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md.bak Normal file
View File

@@ -0,0 +1,50 @@
---
title: CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
type: cloud-learning
source-type: video
category: DevOps & SRE/01_AWS-Landing-Zone
tags:
- AWS
- Backup
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4
audio-source: ""
status: raw
---
# CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md
View File

@@ -1,51 +1,26 @@
---
title: "Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)"
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
tags:
- AWS
- AMI
- Updates
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4"
audio-source: ""
status: raw
---
# Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4`
# learning sessions standard amis updates 20231205 160324 meeting recording 2
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
## Standard AMI Updates and Overview
**Status:** 🟡 Awaiting Whisper transcription → Summary
The session provides a high-level overview and updates regarding Amazon Machine Images (AMIs). The standard AMIs are based on AWS AMIs but include OS hardening, the latest patches, and security updates. These AMIs also support domain joining, security tools, endpoint protection, access integration, a QALIS agent, SSM agent, DNS settings, Microsoft Edge for Windows AMIs, and GP3 EBS storage.
---
The AMIs are built, tested, and shared to all AWS accounts every two months, and are immediately available as private AMIs. Currently, 23 different AMIs are supported, including various versions of Amazon Linux, CentOS, Oracle Enterprise Linux, Red Hat, Rocky Linux, SUSE Linux, Ubuntu, and Windows servers. The latest three releases are available in 12 regions, and older AMIs are archived for 12 months.
## 摘要
The AMI release process follows a standard software release process, with changes developed on feature branches and merged into an integration branch. Jenkins multi-branch pipelines are used for building and testing the AMIs, including scripted tests and AWS Inspector. The publishing process involves copying the AMIs to different regions and sharing them to multiple organizations, with encryption and automatic creation of necessary grants. *The AMIs are then thrown through all of the test suites, and we'll see a couple of those as they come up in later slides, and then we verify that nothing seems to have regressed at that point.*
> 待转录后由 LLM 生成
## Roadmap, Notifications, and End-of-Life
---
The current roadmap includes a future release of Amazon Linux 2023, X64, planned for January. New AMI requests must go through the demand pipeline and take approximately 60 days to release. AMI notifications are sent out with each release, including links to relevant documents and the portal. A change log is available in the portal, detailing the changes included in each release.
## 关键概念
Several operating systems are reaching end-of-life, including CentOS 7 and Red Hat 7 in June 2024. *CentOS 7 will be replaced by Rocky Linux, which is already available as a standard AMI.* OpenSUSE Leap 15 and OEL 7 will reach end-of-life in December 2024.
-
## New Features and Validation
---
New features are injected into the release cycles based on various inputs, such as the migration from Trellix to Sentinel-1. The AMIs are designed to work across multiple landing zones and domain controller environments. The new landing zone uses secrets instead of parameter stores, and all automations now use cloud-based init. AMI utilization is monitored to track how frequently and how many AMIs are being used.
## 行动项
A robotic framework has been integrated to automate basic test cases and validations, reducing the validation time for one AMI from three-four days to 60 minutes. An SSM patching solution is available for long-running instances that cannot be refreshed frequently. The AMIs are validated and tested according to the highest security standards, with penetration testing conducted periodically.
via model google/gemini-2.0-flash
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
Cached · google/gemini-2.0-flash

51
knowledgebase/DevOps & SRE/01_AWS-Landing-Zone/learning-sessions-standard-amis-updates-20231205-160324-meeting-recording-2.md.bak Normal file
View File

@@ -0,0 +1,51 @@
---
title: "Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)"
type: cloud-learning
source-type: video
category: "DevOps & SRE/01_AWS-Landing-Zone"
tags:
- AWS
- AMI
- Updates
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4"
audio-source: ""
status: raw
---
# Learning Sessions Standard AMIs Updates - 20231205 160324-Meeting Recording (2)
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Learning Sessions _ Standard AMIs Updates - 20231205_160324-Meeting Recording (2).mp4`
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*