ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nexus: fix conflicts and sync local changes

Browse Source
This commit is contained in:
Shen Wei
2026-04-26 12:06:50 +08:00
parent 191797c01b
commit f09834b5a5
2443 changed files with 254323 additions and 255154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-18-wide-area-networking-in-aws-cloud.md
View File

@@ -1,69 +1,69 @@
---
title: "CTP Topic 18 Wide Area Networking in AWS Cloud"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- AWS
- WAN
- Networking
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 18_ Wide Area Networking in AWS Cloud.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 18 Wide Area Networking in AWS Cloud
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 18_ Wide Area Networking in AWS Cloud.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本次会议由 Micro Focus 的 IT 网络架构师 Christian Deckelman 主讲,核心探讨了 AWS 云环境中的广域网WAN架构设计及其演进路径。会议重点介绍了如何通过 AWS Transit Gateway (TGW) 构建跨区域的全球网络连接,并详细说明了当前架构与未来规划。
>
> **核心内容与背景:**
> 目前该架构将全球划分为三个地理区域APJ、EMEA、AMS每个区域设立一个核心 Hub如 EMEA 的伦敦AMS 的俄勒冈)。所有 Landing Zones落地页/着陆区)通过 TGW Peering 接入区域 Hub形成星型拓扑Hub-and-Spoke而各区域 Hub 之间则通过全网状Full Mesh连接确保全球流量的可达性。
>
> **关键技术要点:**
> 1. **连接性方案**:当前主要依赖 AWS Transit Gateway 进行 VPC 间及跨区域的对等连接。对于存量ClassicLanding Zones同样通过 TGW 接入 Hub 以实现新旧环境互通。
> 2. **容灾与路由**:现阶段 TGW 间的路由主要基于静态前缀列表Prefix Lists缺乏动态路由协议如 BGP的支持因此在灾难恢复DR场景下需要人工干预切换路由。
> 3. **未来演进SD-WAN**:计划引入 Silver Peak 的 SD-WAN 方案作为叠加网络Overlay。通过在 AWS 中部署虚拟 SD-WAN 设备,实现动态路径选择和自动化流量调度,解决静态路由的局限性。
> 4. **远程访问优化**:计划将传统的 Pulse VPN 迁移至 Palo Alto 的 Prisma AccessSASE 架构)。通过在全球部署更多的接入网关,让用户就近接入,显著降低访问延迟,并直接打通 SD-WAN 骨干网。
>
> 该 session 为理解大型企业如何管理复杂的跨国云网络提供了深度视角,涵盖了从底层物理连接到上层逻辑编排的完整链路。
---
## 关键概念
- **AWS Transit Gateway (TGW)**: 一种区域级网络中转服务,用于连接 VPC、本地网络及其他 Transit Gateway充当云上路由器的角色。
- **Landing Zone**: 按照企业标准预先配置好的、具备安全性与合规性的 AWS 多账号环境。
- **TGW Peering**: 在不同区域或同一区域的两个 Transit Gateway 之间建立的连接,用于跨网段的流量传输。
- **Hub-and-Spoke**: 一种网络拓扑结构所有分支Spoke连接到中心节点Hub分支间的通信通常经过 Hub 中转。
- **SD-WAN (Software-Defined Wide Area Network)**: 软件定义广域网,通过软件控制层对物理网络进行抽象,实现动态路径选择和负载均衡。
- **Static Routing**: 静态路由,指手动配置的固定路由条目,在网络拓扑变化时无法自动更新。
- **Prisma Access**: Palo Alto Networks 提供的基于云的安全访问服务SASE用于替代传统 VPN提供更近的接入点和统一的安全策略。
- **Overlay Network**: 叠加网络在现有物理网络Underlay之上构建的逻辑网络用于实现复杂的路由和隧道功能。
---
## 相关视频
> [!info]+ 交叉引用
> [[Security and Firewalling in Transit Gateway]] — 本视频中多次提到安全过滤与防火墙配置已在另一专题中详细讨论,建议结合阅读以了解 TGW 的安全策略。
> [[AWS Landing Zone Architecture Overview]] — 关联原因:本视频深入探讨了 Landing Zone 之间的网络互联,是 Landing Zone 基础架构的延伸。
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: "CTP Topic 18 Wide Area Networking in AWS Cloud"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- AWS
- WAN
- Networking
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 18_ Wide Area Networking in AWS Cloud.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 18 Wide Area Networking in AWS Cloud
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 18_ Wide Area Networking in AWS Cloud.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本次会议由 Micro Focus 的 IT 网络架构师 Christian Deckelman 主讲,核心探讨了 AWS 云环境中的广域网WAN架构设计及其演进路径。会议重点介绍了如何通过 AWS Transit Gateway (TGW) 构建跨区域的全球网络连接,并详细说明了当前架构与未来规划。
>
> **核心内容与背景:**
> 目前该架构将全球划分为三个地理区域APJ、EMEA、AMS每个区域设立一个核心 Hub如 EMEA 的伦敦AMS 的俄勒冈)。所有 Landing Zones落地页/着陆区)通过 TGW Peering 接入区域 Hub形成星型拓扑Hub-and-Spoke而各区域 Hub 之间则通过全网状Full Mesh连接确保全球流量的可达性。
>
> **关键技术要点:**
> 1. **连接性方案**:当前主要依赖 AWS Transit Gateway 进行 VPC 间及跨区域的对等连接。对于存量ClassicLanding Zones同样通过 TGW 接入 Hub 以实现新旧环境互通。
> 2. **容灾与路由**:现阶段 TGW 间的路由主要基于静态前缀列表Prefix Lists缺乏动态路由协议如 BGP的支持因此在灾难恢复DR场景下需要人工干预切换路由。
> 3. **未来演进SD-WAN**:计划引入 Silver Peak 的 SD-WAN 方案作为叠加网络Overlay。通过在 AWS 中部署虚拟 SD-WAN 设备,实现动态路径选择和自动化流量调度,解决静态路由的局限性。
> 4. **远程访问优化**:计划将传统的 Pulse VPN 迁移至 Palo Alto 的 Prisma AccessSASE 架构)。通过在全球部署更多的接入网关,让用户就近接入,显著降低访问延迟,并直接打通 SD-WAN 骨干网。
>
> 该 session 为理解大型企业如何管理复杂的跨国云网络提供了深度视角,涵盖了从底层物理连接到上层逻辑编排的完整链路。
---
## 关键概念
- **AWS Transit Gateway (TGW)**: 一种区域级网络中转服务,用于连接 VPC、本地网络及其他 Transit Gateway充当云上路由器的角色。
- **Landing Zone**: 按照企业标准预先配置好的、具备安全性与合规性的 AWS 多账号环境。
- **TGW Peering**: 在不同区域或同一区域的两个 Transit Gateway 之间建立的连接,用于跨网段的流量传输。
- **Hub-and-Spoke**: 一种网络拓扑结构所有分支Spoke连接到中心节点Hub分支间的通信通常经过 Hub 中转。
- **SD-WAN (Software-Defined Wide Area Network)**: 软件定义广域网,通过软件控制层对物理网络进行抽象,实现动态路径选择和负载均衡。
- **Static Routing**: 静态路由,指手动配置的固定路由条目,在网络拓扑变化时无法自动更新。
- **Prisma Access**: Palo Alto Networks 提供的基于云的安全访问服务SASE用于替代传统 VPN提供更近的接入点和统一的安全策略。
- **Overlay Network**: 叠加网络在现有物理网络Underlay之上构建的逻辑网络用于实现复杂的路由和隧道功能。
---
## 相关视频
> [!info]+ 交叉引用
> [[Security and Firewalling in Transit Gateway]] — 本视频中多次提到安全过滤与防火墙配置已在另一专题中详细讨论,建议结合阅读以了解 TGW 的安全策略。
> [[AWS Landing Zone Architecture Overview]] — 关联原因:本视频深入探讨了 Landing Zone 之间的网络互联,是 Landing Zone 基础架构的延伸。
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

128
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-19-configuring-dns-within-aws-lzs.md
View File

@@ -1,64 +1,64 @@
---
title: "CTP Topic 19 Configuring DNS within AWS LZs"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- AWS
- DNS
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 19_ Configuring DNS within AWS LZs.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 19 Configuring DNS within AWS LZs
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 19_ Configuring DNS within AWS LZs.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本次视频由 Sankar Gopov 主讲,核心内容围绕 AWS Landing Zone 环境下的 DNS 配置架构展开,特别是如何在多账号架构中实现集中化的 DNS 管理。讲座背景基于 Frankfurt R&D 和 London SAS 等实际落地场景旨在解决跨账号、跨云与本地数据中心On-prem之间的域名解析难题。
>
> 视频的核心要点包括:
> 1. **集中化管理模式**:推荐在 Landing Zone 中设立专门的 DNS 账号(曾被称为 InfoBlocks 账号而非在每个业务账号中分散创建私有托管区Private Hosted Zones。这种方式便于统一维护路由规则和域名记录。
> 2. **关键技术组件**:详细介绍了 Route 53 Resolver 的作用。通过 **Inbound Endpoints** 接收来自本地数据中心的解析请求,通过 **Outbound Endpoints** 将 AWS 内部请求转发至本地 DNS 服务器。
> 3. **资源共享机制**:利用 **AWS RAM (Resource Access Manager)** 将 DNS 账号中定义的解析规则Resolver Rules共享给各个业务账号Workload Accounts。同时强调了跨账号 VPC 与私有托管区关联时必须先进行“授权Authorization”再进行“关联Association”的必要步骤。
> 4. **典型应用场景**Sankar 演示了三种场景:从 AWS 访问本地资源(如 GitHub Enterprise、从本地 VPN 访问 AWS 内部服务、以及 AWS 账号间的相互解析。
> 5. **自动化实施**:该架构高度依赖 Terraform 进行部署。在创建业务 VPC 的过程中,通过预定义的模块自动完成规则共享与 VPC 关联,确保新账号上线即具备完整的解析能力。
---
## 关键概念
- **Private Hosted Zones (PHZ)**: AWS Route 53 中的私有托管区,用于在指定的 VPC 内部解析自定义域名(如 `int-sas.local`),不对互联网开放。
- **Route 53 Resolver Rules**: 解析规则,定义了特定域名的解析路径,例如规定匹配某后缀的域名需转发至本地数据中心的特定 IP。
- **Inbound/Outbound Endpoints**: 路由解析终端节点Inbound 处理“由外向内”的解析请求Outbound 处理“由内向外”转发至本地的请求。
- **RAM (Resource Access Manager)**: AWS 资源共享管理器,用于在组织内跨账号共享 Resolver Rules、Transit Gateway 等资源。
- **VPC Association & Authorization**: 跨账号关联流程;当 VPC 与另一个账号的 PHZ 关联时,需先由 PHZ 拥有者授权,再由 VPC 拥有者执行关联。
- **Landing Zone**: 一种多账号 AWS 环境规范,通过预配置的安全、网络和治理规则,为企业提供可扩展的基础设施框架。
---
## 相关视频
> [!info]+ 交叉引用
> [[AWS Landing Zone Architecture Overview]] — 了解 DNS 账号在整体多账号架构中的位置
> [[Introduction to Terraform for Cloud Infrastructure]] — 本视频中 DNS 自动化配置的技术前提
> [[Hybrid Connectivity: Direct Connect and VPN]] — 了解 DNS 流量通过 Inbound/Outbound Endpoints 传输的物理路径
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: "CTP Topic 19 Configuring DNS within AWS LZs"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- AWS
- DNS
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 19_ Configuring DNS within AWS LZs.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 19 Configuring DNS within AWS LZs
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 19_ Configuring DNS within AWS LZs.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本次视频由 Sankar Gopov 主讲,核心内容围绕 AWS Landing Zone 环境下的 DNS 配置架构展开,特别是如何在多账号架构中实现集中化的 DNS 管理。讲座背景基于 Frankfurt R&D 和 London SAS 等实际落地场景旨在解决跨账号、跨云与本地数据中心On-prem之间的域名解析难题。
>
> 视频的核心要点包括:
> 1. **集中化管理模式**:推荐在 Landing Zone 中设立专门的 DNS 账号(曾被称为 InfoBlocks 账号而非在每个业务账号中分散创建私有托管区Private Hosted Zones。这种方式便于统一维护路由规则和域名记录。
> 2. **关键技术组件**:详细介绍了 Route 53 Resolver 的作用。通过 **Inbound Endpoints** 接收来自本地数据中心的解析请求,通过 **Outbound Endpoints** 将 AWS 内部请求转发至本地 DNS 服务器。
> 3. **资源共享机制**:利用 **AWS RAM (Resource Access Manager)** 将 DNS 账号中定义的解析规则Resolver Rules共享给各个业务账号Workload Accounts。同时强调了跨账号 VPC 与私有托管区关联时必须先进行“授权Authorization”再进行“关联Association”的必要步骤。
> 4. **典型应用场景**Sankar 演示了三种场景:从 AWS 访问本地资源(如 GitHub Enterprise、从本地 VPN 访问 AWS 内部服务、以及 AWS 账号间的相互解析。
> 5. **自动化实施**:该架构高度依赖 Terraform 进行部署。在创建业务 VPC 的过程中,通过预定义的模块自动完成规则共享与 VPC 关联,确保新账号上线即具备完整的解析能力。
---
## 关键概念
- **Private Hosted Zones (PHZ)**: AWS Route 53 中的私有托管区,用于在指定的 VPC 内部解析自定义域名(如 `int-sas.local`),不对互联网开放。
- **Route 53 Resolver Rules**: 解析规则,定义了特定域名的解析路径,例如规定匹配某后缀的域名需转发至本地数据中心的特定 IP。
- **Inbound/Outbound Endpoints**: 路由解析终端节点Inbound 处理“由外向内”的解析请求Outbound 处理“由内向外”转发至本地的请求。
- **RAM (Resource Access Manager)**: AWS 资源共享管理器,用于在组织内跨账号共享 Resolver Rules、Transit Gateway 等资源。
- **VPC Association & Authorization**: 跨账号关联流程;当 VPC 与另一个账号的 PHZ 关联时,需先由 PHZ 拥有者授权,再由 VPC 拥有者执行关联。
- **Landing Zone**: 一种多账号 AWS 环境规范,通过预配置的安全、网络和治理规则,为企业提供可扩展的基础设施框架。
---
## 相关视频
> [!info]+ 交叉引用
> [[AWS Landing Zone Architecture Overview]] — 了解 DNS 账号在整体多账号架构中的位置
> [[Introduction to Terraform for Cloud Infrastructure]] — 本视频中 DNS 自动化配置的技术前提
> [[Hybrid Connectivity: Direct Connect and VPN]] — 了解 DNS 流量通过 Inbound/Outbound Endpoints 传输的物理路径
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

122
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-22-global-dns-service-offerings.md
View File

@@ -1,61 +1,61 @@
---
title: "CTP Topic 22 Global DNS service offerings"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- DNS
- Networking
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 22_ Global DNS service offerings.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 22 Global DNS service offerings
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 22_ Global DNS service offerings.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本视频由 Sankar 和 Vino 主讲,深入探讨了企业在全球范围内的 DNS 服务架构与配置方案,特别是针对 AWS 云环境、本地On-prem数据中心以及两者之间的混合云协作。视频的核心背景是公司正在进行的云转型计划旨在构建一个高可用、多区域的 Landing Zone 基础架构。
>
> 讲座重点介绍了 AWS 环境下的 DNS 设计。团队采用了 Route 53 Private Hosted Zones (PHZ) 作为核心服务,并结合 Active Directory (AD) 托管的 DNS。为了实现跨区域和混合云的域名解析架构中大量使用了 Route 53 Resolver 的入站Inbound和出站Outbound终端节点。通过在出站规则中配置多个区域的 AD 域控制器 IP确保了即使在某个区域发生故障时DNS 解析仍能保持弹性。
>
> 此外,演讲者对比了云端与本地 DNS 技术的差异。本地环境采用了 Infoblox 平台,利用 DNS Anycast 技术实现了全球范围内的低延迟和自动故障转移,而 AWS 目前在 EC2 基础架构上尚不支持 Anycast因此需要手动维护 IP 列表。在安全方面,方案涵盖了防 DNS 隧道攻击、防数据外泄及缓存污染等高级特性。最后,视频强调了“就近解析”原则,以优化 Office 365 等全球化服务的访问性能。
---
## 关键概念
- **Route 53 Private Hosted Zone**: AWS 提供的私有托管区域,仅对指定的 VPC 可见,用于管理内部网络域名。
- **Route 53 Resolver Endpoints**: 包括入站和出站终端节点,用于在 AWS VPC 与本地网络或其他云环境之间转发 DNS 查询。
- **DNS Anycast**: 一种网络寻址和路由方法,使多个 DNS 服务器共享同一个 IP 地址,将请求路由至地理位置最近的节点,提供极高的冗余性和低延迟。
- **IPAM (IP Address Management)**: IP 地址管理工具(如 Infoblox用于规划、追踪和管理网络中的 IP 地址空间及 DNS/DHCP 服务。
- **Landing Zone**: 一种预先配置好的多账号 AWS 环境,包含安全、网络和身份管理等基础设置,用于快速部署业务负载。
- **Hybrid DNS Resolution**: 混合云 DNS 解析,指通过配置转发规则,使云端资源能解析本地域名,同时本地资源也能解析云端域名的机制。
- **Infoblox Grid**: 一种分布式架构,通过 Grid Master 统一管理全球分布的 DNS/DHCP 器具,确保配置的一致性和高可用性。
---
## 相关视频
> [!info]+ 交叉引用
> [[Inbound and Outbound Endpoints Deep Dive]] — 本视频多次提到了前一节关于入站和出站终端节点的详细技术实现。
> [[AWS Landing Zone Architecture Overview]] — 视频中提到的 DNS 架构是该 Landing Zone 核心服务账号Core Accounts的重要组成部分。
> [[Hybrid Cloud Connectivity and Networking]] — 讨论了 DNS 如何在通过 Direct Connect 或 VPN 连接的混合云环境中运作。
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: "CTP Topic 22 Global DNS service offerings"
type: cloud-learning
source-type: video
category: "DevOps & SRE/08_Networking"
tags:
- DNS
- Networking
- CTP
date-added: 2026-04-14
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 22_ Global DNS service offerings.mp4"
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 22 Global DNS service offerings
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 22_ Global DNS service offerings.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** ✅ 已完成Gemini 摘要)
---
## 摘要
> 本视频由 Sankar 和 Vino 主讲,深入探讨了企业在全球范围内的 DNS 服务架构与配置方案,特别是针对 AWS 云环境、本地On-prem数据中心以及两者之间的混合云协作。视频的核心背景是公司正在进行的云转型计划旨在构建一个高可用、多区域的 Landing Zone 基础架构。
>
> 讲座重点介绍了 AWS 环境下的 DNS 设计。团队采用了 Route 53 Private Hosted Zones (PHZ) 作为核心服务,并结合 Active Directory (AD) 托管的 DNS。为了实现跨区域和混合云的域名解析架构中大量使用了 Route 53 Resolver 的入站Inbound和出站Outbound终端节点。通过在出站规则中配置多个区域的 AD 域控制器 IP确保了即使在某个区域发生故障时DNS 解析仍能保持弹性。
>
> 此外,演讲者对比了云端与本地 DNS 技术的差异。本地环境采用了 Infoblox 平台,利用 DNS Anycast 技术实现了全球范围内的低延迟和自动故障转移,而 AWS 目前在 EC2 基础架构上尚不支持 Anycast因此需要手动维护 IP 列表。在安全方面,方案涵盖了防 DNS 隧道攻击、防数据外泄及缓存污染等高级特性。最后,视频强调了“就近解析”原则,以优化 Office 365 等全球化服务的访问性能。
---
## 关键概念
- **Route 53 Private Hosted Zone**: AWS 提供的私有托管区域,仅对指定的 VPC 可见,用于管理内部网络域名。
- **Route 53 Resolver Endpoints**: 包括入站和出站终端节点,用于在 AWS VPC 与本地网络或其他云环境之间转发 DNS 查询。
- **DNS Anycast**: 一种网络寻址和路由方法,使多个 DNS 服务器共享同一个 IP 地址,将请求路由至地理位置最近的节点,提供极高的冗余性和低延迟。
- **IPAM (IP Address Management)**: IP 地址管理工具(如 Infoblox用于规划、追踪和管理网络中的 IP 地址空间及 DNS/DHCP 服务。
- **Landing Zone**: 一种预先配置好的多账号 AWS 环境,包含安全、网络和身份管理等基础设置,用于快速部署业务负载。
- **Hybrid DNS Resolution**: 混合云 DNS 解析,指通过配置转发规则,使云端资源能解析本地域名,同时本地资源也能解析云端域名的机制。
- **Infoblox Grid**: 一种分布式架构,通过 Grid Master 统一管理全球分布的 DNS/DHCP 器具,确保配置的一致性和高可用性。
---
## 相关视频
> [!info]+ 交叉引用
> [[Inbound and Outbound Endpoints Deep Dive]] — 本视频多次提到了前一节关于入站和出站终端节点的详细技术实现。
> [[AWS Landing Zone Architecture Overview]] — 视频中提到的 DNS 架构是该 Landing Zone 核心服务账号Core Accounts的重要组成部分。
> [[Hybrid Cloud Connectivity and Networking]] — 讨论了 DNS 如何在通过 Direct Connect 或 VPN 连接的混合云环境中运作。
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

120
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md
View File

@@ -1,60 +1,60 @@
---
title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- Network-Security
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 31 Network segregation and secure access to the new AWS landing zones
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Network Segregation and Secure Access to AWS Landing Zones
The primary driver for this initiative is to address security concerns related to internal systems accessing production workloads in the new AWS landing zones. Currently, on-prem systems and VPN users have access due to shared network configurations, raising security and compliance issues. The goal is to segregate network access while maintaining necessary access for run teams.
The proposed solution involves two main parts: network segregation and secure access. Network segregation will be implemented using checkpoints to control server-to-server communications and block direct access from internal networks to AWS segments. *The SPI features will be enabled with default deny enabled and allowances made for require services and network segments into the landing zones.* Secure access will be facilitated through AWS Systems Manager (SSM), which provides remote access via a browser-based session or AWS CLI, eliminating the need for VPN.
Authenticated users will assume roles granting access to the SSM agent on the target EC2 instance, leveraging existing access controls. This approach offers enhanced security with two-factor authentication and a secure connection within the AWS network. While this solution is considered temporary or a backup until SD-WAN is implemented, it offers cost and speed advantages by removing reliance on third-party management. *SSM gives users remote access via a browser based session.* The implementation is in progress, with testing planned to address urgent security risks associated with production workloads on AWS landing zones.
Concerns were raised about the SSM agent's presence in all AWS-derived AMIs, with some suggesting it may need explicit installation on certain systems. The long-term goal is to move towards infrastructure as code to minimize console access and enhance security, with break-glass access reserved for emergencies. The current solution doesn't address credential theft but isolates the network. A question was raised about how users with multiple accounts for different roles can use SSM, as the current setup is designed for individual accounts. This edge case will be examined further.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- Network-Security
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 31 Network segregation and secure access to the new AWS landing zones
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Network Segregation and Secure Access to AWS Landing Zones
The primary driver for this initiative is to address security concerns related to internal systems accessing production workloads in the new AWS landing zones. Currently, on-prem systems and VPN users have access due to shared network configurations, raising security and compliance issues. The goal is to segregate network access while maintaining necessary access for run teams.
The proposed solution involves two main parts: network segregation and secure access. Network segregation will be implemented using checkpoints to control server-to-server communications and block direct access from internal networks to AWS segments. *The SPI features will be enabled with default deny enabled and allowances made for require services and network segments into the landing zones.* Secure access will be facilitated through AWS Systems Manager (SSM), which provides remote access via a browser-based session or AWS CLI, eliminating the need for VPN.
Authenticated users will assume roles granting access to the SSM agent on the target EC2 instance, leveraging existing access controls. This approach offers enhanced security with two-factor authentication and a secure connection within the AWS network. While this solution is considered temporary or a backup until SD-WAN is implemented, it offers cost and speed advantages by removing reliance on third-party management. *SSM gives users remote access via a browser based session.* The implementation is in progress, with testing planned to address urgent security risks associated with production workloads on AWS landing zones.
Concerns were raised about the SSM agent's presence in all AWS-derived AMIs, with some suggesting it may need explicit installation on certain systems. The long-term goal is to move towards infrastructure as code to minimize console access and enhance security, with break-glass access reserved for emergencies. The current solution doesn't address credential theft but isolates the network. A question was raised about how users with multiple accounts for different roles can use SSM, as the current setup is designed for individual accounts. This edge case will be examined further.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

102
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-31-network-segregation-and-secure-access-to-the-new-aws-landing-zones.md.bak
View File

@@ -1,51 +1,51 @@
---
title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- Network-Security
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4
audio-source: ""
status: raw
---
# CTP Topic 31 Network segregation and secure access to the new AWS landing zones
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 31 Network segregation and secure access to the new AWS landing zones
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- Network-Security
- Landing-Zone
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4
audio-source: ""
status: raw
---
# CTP Topic 31 Network segregation and secure access to the new AWS landing zones
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 31_ Network segregation and secure access to the new AWS landing zones.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

124
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md
View File

@@ -1,62 +1,62 @@
---
title: CTP Topic 36 SendGrid as an email service
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- SendGrid
- Email
- AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 36 SendGrid as an email service
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Cloud Transformation Program: SendGrid Email Service & Cyber Suite Standards
The Cloud Transformation Program session covered the adoption of SendGrid as a standard email service and provided an update on Cyber Suite standards. Rejoy Ganapati and Rajiv presented SendGrid, while Yu-Yan provided the Cyber Suite update.
SendGrid is being adopted as the standard email service for both classic and new landing zones, replacing the existing semantic message gateway and SES solutions. The existing semantic message gateway has security concerns because it relays mail to the public internet through port 25, which is not secure. Additionally, the relay servers are not compatible with cloud environments and are hosted on a soon-to-be-decommissioned on-premises network. The current SES setup has a limitation of only 50 recipients per message.
SendGrid overcomes these issues by allowing up to 1,000 recipients per message and being fully cloud-compatible. *Almost 30 billion emails per month customers are already used across the whole country.* It offers real-time monitoring logs, two-factor authentication, and end-to-end encryption using TLS. The support plan covers 5 million emails per month. Two architectures are available: direct sending to SendGrid (requires TLS) and relaying via servers for applications lacking TLS support. *We were looking for the maximum number of recipients per message.* Data flow involves relay servers in various locations (London, India, Tokyo, etc.) sending mail through private circuits to a US-based data center for processing.
Key configuration requirements for direct sending include using the software.microcopy.com domain, connectivity to smtp.sendgrid.net on port 587, and TLS enablement. Domain-specific email blocking is not supported, and the sender email address must use the software.microcopy.com domain. Email logs are retained for seven days, and API keys are rotated every 180 days for security. SPF and DKIM records are essential for valid email sending to avoid emails landing in junk folders or being rejected.
Yu-Yan from PSAC provided an update on Cyber Suite standards, presenting an updated version of the standard Cyber Suite documentation. The updated documentation includes a list of Cyber Suites considered standard by different industry standards like FIPS, Java, Golang, Node.js, and OpenCel for CNC++. An optional Cyber Suite is available for backward compatibility, but it includes CBC (Cipher Block Chaining) which is considered weak. For more choices, products can select cyphers from different portions, including K exchange, authentication, encryption, and hash. It is recommended that products using cyphers outside the standard and optional suites be reviewed by the PSAC team.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 36 SendGrid as an email service
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- SendGrid
- Email
- AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 36 SendGrid as an email service
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Cloud Transformation Program: SendGrid Email Service & Cyber Suite Standards
The Cloud Transformation Program session covered the adoption of SendGrid as a standard email service and provided an update on Cyber Suite standards. Rejoy Ganapati and Rajiv presented SendGrid, while Yu-Yan provided the Cyber Suite update.
SendGrid is being adopted as the standard email service for both classic and new landing zones, replacing the existing semantic message gateway and SES solutions. The existing semantic message gateway has security concerns because it relays mail to the public internet through port 25, which is not secure. Additionally, the relay servers are not compatible with cloud environments and are hosted on a soon-to-be-decommissioned on-premises network. The current SES setup has a limitation of only 50 recipients per message.
SendGrid overcomes these issues by allowing up to 1,000 recipients per message and being fully cloud-compatible. *Almost 30 billion emails per month customers are already used across the whole country.* It offers real-time monitoring logs, two-factor authentication, and end-to-end encryption using TLS. The support plan covers 5 million emails per month. Two architectures are available: direct sending to SendGrid (requires TLS) and relaying via servers for applications lacking TLS support. *We were looking for the maximum number of recipients per message.* Data flow involves relay servers in various locations (London, India, Tokyo, etc.) sending mail through private circuits to a US-based data center for processing.
Key configuration requirements for direct sending include using the software.microcopy.com domain, connectivity to smtp.sendgrid.net on port 587, and TLS enablement. Domain-specific email blocking is not supported, and the sender email address must use the software.microcopy.com domain. Email logs are retained for seven days, and API keys are rotated every 180 days for security. SPF and DKIM records are essential for valid email sending to avoid emails landing in junk folders or being rejected.
Yu-Yan from PSAC provided an update on Cyber Suite standards, presenting an updated version of the standard Cyber Suite documentation. The updated documentation includes a list of Cyber Suites considered standard by different industry standards like FIPS, Java, Golang, Node.js, and OpenCel for CNC++. An optional Cyber Suite is available for backward compatibility, but it includes CBC (Cipher Block Chaining) which is considered weak. For more choices, products can select cyphers from different portions, including K exchange, authentication, encryption, and hash. It is recommended that products using cyphers outside the standard and optional suites be reviewed by the PSAC team.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

102
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-36-sendgrid-as-an-email-service.md.bak
View File

@@ -1,51 +1,51 @@
---
title: CTP Topic 36 SendGrid as an email service
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- SendGrid
- Email
- AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4
audio-source: ""
status: raw
---
# CTP Topic 36 SendGrid as an email service
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 36 SendGrid as an email service
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- SendGrid
- Email
- AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4
audio-source: ""
status: raw
---
# CTP Topic 36 SendGrid as an email service
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 36_ SendGrid as an email service.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

144
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md
View File

@@ -1,72 +1,72 @@
---
title: CTP Topic 43 VMware Cloud on AWS
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- AWS
- Networking
- Hybrid-Cloud
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 43 VMware Cloud on AWS
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## VMware Cloud on AWS: An Introduction
The Cloud Transformation Office program hosted a session on VMware Cloud on AWS (VMC on AWS), presented by Brian Reeves, Michael Riley, and Mike Armstrong from VMware. The session aimed to provide an understanding of VMC on AWS and its potential benefits for organizations.
VMware and AWS partnered to enable vSphere workloads on Amazon's backend servers, offering a middle ground for organizations not ready for a full native cloud migration. *This allows applications to move back and forth in seconds.* VMC on AWS provides access to AWS services and aims to be economical. The presenters covered use cases, cost benefits, and a technical demonstration of the platform.
Mike O'Reilly, a staff cloud solutions architect at VMware, explained that VMC on AWS is a jointly engineered cloud service where the VMware hypervisor is natively installed on AWS hardware. *This is not just something where VMware showed up at Amazon and dropped off a box of CDs.* VMC on AWS is running vSphere 8 and provides access to AWS services with low latency. VMware and Amazon manage the underlying infrastructure, allowing users to focus on their workloads. The service is available across multiple regions and availability zones globally.
Key features and benefits include:
* Same toolset as on-premises environments.
* Integration with AWS services.
* On-demand scalability.
* Any-to-any vSphere migration using HCX.
* Various use cases such as next-generation application development, cloud migrations, virtual desktops, and disaster recovery.
The service is available in numerous regions worldwide and has various certifications for security and compliance. The infrastructure is built on i3.metal and i3en.metal server hosts from Amazon, which are organized into clusters within availability zones and regions. Stretched clusters across availability zones are also possible for increased resilience.
A live demo showcased the VMware Cloud service portal, including the Developer Center with API Explorer for various APIs. The demo also showed how to create a new software-defined data center (SDDC) and manage the environment through vCenter, similar to on-premises setups. A follow-me help button provides access to VMware engineers for assistance.
Brian Reeves discussed the economics of VMC on AWS, highlighting that VMware sells an entire host, enabling over-provisioning and cost reduction. VMC on AWS offers a 27% cost saving compared to going to a regular cloud. The cloud economics team can perform a Total Cost of Ownership (TCO) calculation to compare costs with on-premises or other hyperscalers.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 43 VMware Cloud on AWS
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- AWS
- Networking
- Hybrid-Cloud
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 43 VMware Cloud on AWS
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## VMware Cloud on AWS: An Introduction
The Cloud Transformation Office program hosted a session on VMware Cloud on AWS (VMC on AWS), presented by Brian Reeves, Michael Riley, and Mike Armstrong from VMware. The session aimed to provide an understanding of VMC on AWS and its potential benefits for organizations.
VMware and AWS partnered to enable vSphere workloads on Amazon's backend servers, offering a middle ground for organizations not ready for a full native cloud migration. *This allows applications to move back and forth in seconds.* VMC on AWS provides access to AWS services and aims to be economical. The presenters covered use cases, cost benefits, and a technical demonstration of the platform.
Mike O'Reilly, a staff cloud solutions architect at VMware, explained that VMC on AWS is a jointly engineered cloud service where the VMware hypervisor is natively installed on AWS hardware. *This is not just something where VMware showed up at Amazon and dropped off a box of CDs.* VMC on AWS is running vSphere 8 and provides access to AWS services with low latency. VMware and Amazon manage the underlying infrastructure, allowing users to focus on their workloads. The service is available across multiple regions and availability zones globally.
Key features and benefits include:
* Same toolset as on-premises environments.
* Integration with AWS services.
* On-demand scalability.
* Any-to-any vSphere migration using HCX.
* Various use cases such as next-generation application development, cloud migrations, virtual desktops, and disaster recovery.
The service is available in numerous regions worldwide and has various certifications for security and compliance. The infrastructure is built on i3.metal and i3en.metal server hosts from Amazon, which are organized into clusters within availability zones and regions. Stretched clusters across availability zones are also possible for increased resilience.
A live demo showcased the VMware Cloud service portal, including the Developer Center with API Explorer for various APIs. The demo also showed how to create a new software-defined data center (SDDC) and manage the environment through vCenter, similar to on-premises setups. A follow-me help button provides access to VMware engineers for assistance.
Brian Reeves discussed the economics of VMC on AWS, highlighting that VMware sells an entire host, enabling over-provisioning and cost reduction. VMC on AWS offers a 27% cost saving compared to going to a regular cloud. The cloud economics team can perform a Total Cost of Ownership (TCO) calculation to compare costs with on-premises or other hyperscalers.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

104
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-43-vmware-cloud-on-aws.md.bak
View File

@@ -1,52 +1,52 @@
---
title: CTP Topic 43 VMware Cloud on AWS
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- AWS
- Networking
- Hybrid-Cloud
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4
audio-source: ""
status: raw
---
# CTP Topic 43 VMware Cloud on AWS
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 43 VMware Cloud on AWS
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- AWS
- Networking
- Hybrid-Cloud
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4
audio-source: ""
status: raw
---
# CTP Topic 43 VMware Cloud on AWS
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 43_ VMware Cloud on AWS.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

132
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md
View File

@@ -1,66 +1,66 @@
---
title: CTP Topic 45 Automatic IP address allocation with IPAM
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- IPAM
- Networking
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 45 Automatic IP address allocation with IPAM
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Automatic IP Address Allocation Using IPAM
IPAM (IP address management) provides the ability to effectively manage, control, monitor, and assign IP address space within a company. It automates IP address management tasks in a centralized and easily accessible manner. Currently, IP addresses are managed in Excel sheets, which is inefficient. Info blocks NIOA appliance provides IPAM functionality as a seamless extension of distributed grid framework, DNS, and DHCP with a unified management console.
The current architecture involves a grid master and various AWS cloud accounts. API calls are made to interact with the grid. Extensible attributes have been defined for cloud usage, including space owner, company, subnet name, compartment type, and status.
The current VPC provisioning approach involves collecting data from the business unit (BU) regarding their IP address needs. The SRE team raises a request to the network team, who calculates the optimal CIDR range and updates a spreadsheet. The SRE team then prepares a YAML file to provision the VPC. *Managing the IP address in a spreadsheet takes time and it's not a good approach.*
The new approach automates subnet calculation using Infoblox NIOS. If the requested network address is less than 24, the VPC module is run. If it is more than 24, mandatory approval from the network team is required. The key difference is that IP addresses are no longer requested from the network team, and the network.yml file is not prepared manually. NIOS automatically provides the next available IP address.
The new YAML file includes a new info blocks block with business contact, engineering contact, and date. It does not contain CIDR subnet IP addresses. Instead, it specifies the desired subnet size (e.g., /22). A parent cider is included, which is a constant value per region. The VPC name is now included in the YAML file, allowing for multiple VPCs.
The new system is fully automated, querying info box to get the next available block and provision accordingly. It aims to reduce handoffs and provide a single source of truth. The system is backward compatible, meaning existing VPC configurations using the old YAML file will continue to work. The goal is for any new VPC that we don't have to engage the network team every time we want to create a VPC with the subnets.
The implementation also allows for specifying availability zone IDs for subnets. *We are not asking for IP address from the network team.* The system also supports de-provisioning, where destroying a VPC will remove all entries from the IPAM grid. Safeguards are in place to prevent accidental deletion of VPCs, such as requiring a special flag in Terragrant.htl.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 45 Automatic IP address allocation with IPAM
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- IPAM
- Networking
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 45 Automatic IP address allocation with IPAM
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## Automatic IP Address Allocation Using IPAM
IPAM (IP address management) provides the ability to effectively manage, control, monitor, and assign IP address space within a company. It automates IP address management tasks in a centralized and easily accessible manner. Currently, IP addresses are managed in Excel sheets, which is inefficient. Info blocks NIOA appliance provides IPAM functionality as a seamless extension of distributed grid framework, DNS, and DHCP with a unified management console.
The current architecture involves a grid master and various AWS cloud accounts. API calls are made to interact with the grid. Extensible attributes have been defined for cloud usage, including space owner, company, subnet name, compartment type, and status.
The current VPC provisioning approach involves collecting data from the business unit (BU) regarding their IP address needs. The SRE team raises a request to the network team, who calculates the optimal CIDR range and updates a spreadsheet. The SRE team then prepares a YAML file to provision the VPC. *Managing the IP address in a spreadsheet takes time and it's not a good approach.*
The new approach automates subnet calculation using Infoblox NIOS. If the requested network address is less than 24, the VPC module is run. If it is more than 24, mandatory approval from the network team is required. The key difference is that IP addresses are no longer requested from the network team, and the network.yml file is not prepared manually. NIOS automatically provides the next available IP address.
The new YAML file includes a new info blocks block with business contact, engineering contact, and date. It does not contain CIDR subnet IP addresses. Instead, it specifies the desired subnet size (e.g., /22). A parent cider is included, which is a constant value per region. The VPC name is now included in the YAML file, allowing for multiple VPCs.
The new system is fully automated, querying info box to get the next available block and provision accordingly. It aims to reduce handoffs and provide a single source of truth. The system is backward compatible, meaning existing VPC configurations using the old YAML file will continue to work. The goal is for any new VPC that we don't have to engage the network team every time we want to create a VPC with the subnets.
The implementation also allows for specifying availability zone IDs for subnets. *We are not asking for IP address from the network team.* The system also supports de-provisioning, where destroying a VPC will remove all entries from the IPAM grid. Safeguards are in place to prevent accidental deletion of VPCs, such as requiring a special flag in Terragrant.htl.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

102
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-45-automatic-ip-address-allocation-with-ipam.md.bak
View File

@@ -1,51 +1,51 @@
---
title: CTP Topic 45 Automatic IP address allocation with IPAM
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- IPAM
- Networking
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4
audio-source: ""
status: raw
---
# CTP Topic 45 Automatic IP address allocation with IPAM
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 45 Automatic IP address allocation with IPAM
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- IPAM
- Networking
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4
audio-source: ""
status: raw
---
# CTP Topic 45 Automatic IP address allocation with IPAM
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 45_ Automatic IP address allocation with IPAM.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

122
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md
View File

@@ -1,61 +1,61 @@
---
title: CTP Topic 61 Workload VPC provision with IPAM Automation
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- VPC
- IPAM
- Automation
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 61 Workload VPC provision with IPAM Automation
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## IPAM and Workload VPC Provisioning Automation
Pushka, a principal SRE, presented an overview of IPAM (IP Address Management) and its integration with workload VPC provisioning, including recent enhancements. The session covered the benefits of IPAM, its architecture, and a demo of the automated VPC provisioning process.
IPAM automates IP address management, eliminating manual intervention and reducing errors. It uses Infoblox grid, which consists of containers and IP addresses, and includes extensible attributes (metadata) for each IP address, such as owner, company, and status. The current workload VPC approach is automated, using IPAM YAML files that specify parameters like business contact, engineering contact, and parent CIDR. *We don't need to worry about IP address. If it's beyond IP address is 22 or greater, then only we need to take the approval.* Availability Zone IDs (az id) are used instead of names (az name) to avoid inconsistencies.
Enhancements include provisioning multiple VPCs, email notifications, additional CIDR support, non-routable IP address support (using 10.2.0.0/16), and approval requirements for /22 or smaller CIDR blocks. Overlapping IP addresses are prevented by Infoblox grid, which manages all IP addresses. A demo showed how to provision a VPC, including the justification process for larger CIDR blocks. *So we just need to put the information at the right place and everything will work.*
The approval process for CIDR blocks smaller than /22 involves submitting a justification that is reviewed by the network team. If approved, the VPC provisioning proceeds; otherwise, it fails. Email notifications are sent to the user and the network team throughout the process. Infoblox maintains a list of provisioned IPs against each AWS account, accessible via the Infoblox grid interface. The Infoblox architecture includes a master database in a Houston data center, with redundant systems for DNS, NTP, and DHCP services.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 61 Workload VPC provision with IPAM Automation
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- VPC
- IPAM
- Automation
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 61 Workload VPC provision with IPAM Automation
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> ## IPAM and Workload VPC Provisioning Automation
Pushka, a principal SRE, presented an overview of IPAM (IP Address Management) and its integration with workload VPC provisioning, including recent enhancements. The session covered the benefits of IPAM, its architecture, and a demo of the automated VPC provisioning process.
IPAM automates IP address management, eliminating manual intervention and reducing errors. It uses Infoblox grid, which consists of containers and IP addresses, and includes extensible attributes (metadata) for each IP address, such as owner, company, and status. The current workload VPC approach is automated, using IPAM YAML files that specify parameters like business contact, engineering contact, and parent CIDR. *We don't need to worry about IP address. If it's beyond IP address is 22 or greater, then only we need to take the approval.* Availability Zone IDs (az id) are used instead of names (az name) to avoid inconsistencies.
Enhancements include provisioning multiple VPCs, email notifications, additional CIDR support, non-routable IP address support (using 10.2.0.0/16), and approval requirements for /22 or smaller CIDR blocks. Overlapping IP addresses are prevented by Infoblox grid, which manages all IP addresses. A demo showed how to provision a VPC, including the justification process for larger CIDR blocks. *So we just need to put the information at the right place and everything will work.*
The approval process for CIDR blocks smaller than /22 involves submitting a justification that is reviewed by the network team. If approved, the VPC provisioning proceeds; otherwise, it fails. Email notifications are sent to the user and the network team throughout the process. Infoblox maintains a list of provisioned IPs against each AWS account, accessible via the Infoblox grid interface. The Infoblox architecture includes a master database in a Houston data center, with redundant systems for DNS, NTP, and DHCP services.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

104
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-61-workload-vpc-provision-with-ipam-automation.md.bak
View File

@@ -1,52 +1,52 @@
---
title: CTP Topic 61 Workload VPC provision with IPAM Automation
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- VPC
- IPAM
- Automation
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4
audio-source: ""
status: raw
---
# CTP Topic 61 Workload VPC provision with IPAM Automation
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 61 Workload VPC provision with IPAM Automation
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- AWS
- VPC
- IPAM
- Automation
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4
audio-source: ""
status: raw
---
# CTP Topic 61 Workload VPC provision with IPAM Automation
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 61_ Workload VPC provision with IPAM Automation.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

116
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md
View File

@@ -1,58 +1,58 @@
---
title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- Migration
- VMWare-Cloud-AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> The session covers best practices for migrating on-premises virtual machines to VMware Cloud on AWS, based on experience and consultant support from VMware. It includes an overview of VMware Cloud, its deployment, security considerations, migration practices, automation, and a live demo.
The VMware Cloud environment is hosted on AWS infrastructure, offering services like vSphere, connectivity, and firewalls. It enables seamless migration of workloads with minimal changes, saving time and reducing downtime. *It hardly takes a VM migration with few minutes, which will enable them operated in the cloud infrastructure.* Benefits include easy deployment, interoperability, and infrastructure on demand. The architecture involves connecting the on-premises cloud to the Frankfurt AWS region via Direct Connect, utilizing a virtual transit gateway for seamless migration connectivity. The infrastructure includes compute and management gateways, with the latter managed by VMware and AWS.
Network and security considerations include using segments (VLANs), VPNs, NATs, and firewalls. The setup involves connecting customer premises to the VMware cloud through BGP protocol and a virtual gateway. HCX (Hybrid Cloud Extender) facilitates multi-cloud management, allowing viewing of on-premises vSphere from STDC and vice versa. Account structure involves VMware owning the STDC, with clusters and ESX nodes (EC2 bare metal instances) managed by VMware. Cost implications involve data transfer charges, with costs varying based on the number of STDCs and regions. *Anything which leaves definitely attracts cost.* Workload migration involves assessing compute sizing, configuration, and network requirements. Pre- and post-migration activities are automated, gathering metrics and configuring settings. HCX manager is used for seamless migrations, supporting up to 200 VMs per iteration.
Two migration methods are used: the UI method provided by VMware Cloud and a solution developed by the CCOE team using over-sell scripts. The UI method is straightforward, while the CCOE solution uses an input file with VM details for automated migration. Post-migration, VMs are managed through a Brown to Manage system, integrating SMACS suite and HCMX with a content pack for user management. The demo showcased preparing an input file, accessing HCX appliance in vCenter, configuring interconnect settings, and initiating migration. Post-migration tasks include ensuring proper network adapter connections and enabling tags for end-user access.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- Migration
- VMWare-Cloud-AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4
audio-source: ""
status: summarized (Gemini 摘要)
---
# CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> The session covers best practices for migrating on-premises virtual machines to VMware Cloud on AWS, based on experience and consultant support from VMware. It includes an overview of VMware Cloud, its deployment, security considerations, migration practices, automation, and a live demo.
The VMware Cloud environment is hosted on AWS infrastructure, offering services like vSphere, connectivity, and firewalls. It enables seamless migration of workloads with minimal changes, saving time and reducing downtime. *It hardly takes a VM migration with few minutes, which will enable them operated in the cloud infrastructure.* Benefits include easy deployment, interoperability, and infrastructure on demand. The architecture involves connecting the on-premises cloud to the Frankfurt AWS region via Direct Connect, utilizing a virtual transit gateway for seamless migration connectivity. The infrastructure includes compute and management gateways, with the latter managed by VMware and AWS.
Network and security considerations include using segments (VLANs), VPNs, NATs, and firewalls. The setup involves connecting customer premises to the VMware cloud through BGP protocol and a virtual gateway. HCX (Hybrid Cloud Extender) facilitates multi-cloud management, allowing viewing of on-premises vSphere from STDC and vice versa. Account structure involves VMware owning the STDC, with clusters and ESX nodes (EC2 bare metal instances) managed by VMware. Cost implications involve data transfer charges, with costs varying based on the number of STDCs and regions. *Anything which leaves definitely attracts cost.* Workload migration involves assessing compute sizing, configuration, and network requirements. Pre- and post-migration activities are automated, gathering metrics and configuring settings. HCX manager is used for seamless migrations, supporting up to 200 VMs per iteration.
Two migration methods are used: the UI method provided by VMware Cloud and a solution developed by the CCOE team using over-sell scripts. The UI method is straightforward, while the CCOE solution uses an input file with VM details for automated migration. Post-migration, VMs are managed through a Brown to Manage system, integrating SMACS suite and HCMX with a content pack for user management. The demo showcased preparing an input file, accessing HCX appliance in vCenter, configuring interconnect settings, and initiating migration. Post-migration tasks include ensuring proper network adapter connections and enabling tags for end-user access.
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*

102
raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/08_Networking/ctp-topic-69-best-practices-for-migrating-on-premises-iod-virtual-machines-to-vm.md.bak
View File

@@ -1,51 +1,51 @@
---
title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- Migration
- VMWare-Cloud-AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4
audio-source: ""
status: raw
---
# CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*
---
title: CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
type: cloud-learning
source-type: video
category: DevOps & SRE/08_Networking
tags:
- VMware
- Migration
- VMWare-Cloud-AWS
- CTP
date-added: 2026-04-14
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4
audio-source: ""
status: raw
---
# CTP Topic 69 Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 69_ Best Practices for Migrating On-Premises (IOD) Virtual Machines to VMware Cloud on A.mp4`
**Type:** VIDEO | **Category:** 08_Networking
**Status:** 🟡 Awaiting Whisper transcription → Summary
---
## 摘要
> 待转录后由 LLM 生成
---
## 关键概念
-
---
## 行动项
-
---
## 相关视频
> 配对视频笔记链接(生成后填入)
---
*最后更新: 2026-04-14*