Open in app

Sign in

Write

Sign in

IBM Cloud Technical Advocate V3 Exam Cheat Sheet

Alvis F
26 min readSep 7, 2022

--

Hi I have recelty got my Cloud V3 Badge for IBM Cloud and I have created a cheet sheet for anyone who is going to take up the exam. ALL THE BEST!!

START-Define Cloud Computing, its Essential Characteristics, History, and Emerging Trends

In Define Cloud Computing, its Essential Characteristics, History, and Emerging Trends, you should have learned that:

  • In 2006, Amazon launched what would become AWS, with IBM, Microsoft, and Google launching services in the following years.
  • Cloud computing is a technology that has evolved over time.
  • Cloud computing enables convenient access to a shared network of computer resources.
  • On-demand self service is a simple interface with no human interaction.
  • Multiple virtual machines can run on a single computer, improving resource utilization and company returns.
  • Cloud computing changes quickly and trends should be monitored

Business Case Studies for Cloud Computing

In American Airlines Case Study-Transformation, you should have learned that:

  • Some companies motivated to adopt the cloud are looking to transform their operations to better serve customers.
  • The pay-as-you-go model helps companies save money.
  • Switching to the cloud results in faster development and release of new applications.
  • Migrating to the cloud can help businesses respond faster to customer needs.

In Port of Rotterdam Case Study-Modernization, you should have learned that:

  • Companies who switch to the cloud experience improved efficiency, decreased development time, and decreased expenses.
  • Companies who transform using cloud technologies find they are leading change and innovation in their industry.
  • Operation efficiency improves by changing to a cloud environment.
  • Companies have easier access to data and an ability to more efficiently process large amounts of data in the cloud.

Service and Deployment Models of Cloud Computing

In The Cloud Service Models, you should have learned that:

  • Cloud service providers own, manage, and maintain IT assets.
  • Organizations save money by accessing and scaling IT resources through a cloud service provider.
  • IaaS, PaaS, and SaaS are the most common types of cloud services offered.
  • More than one cloud service model can be used at the same time.

In The Cloud Deployment Models, you should have learned that:

  • Ongoing operating expenses are more predictable when using a public cloud model.
  • Using a combination of cloud environments at the same time can be more cost effective and efficient for businesses.
  • Individual security needs can be tailored by using a virtual private cloud.
  • A private cloud provides exclusive access to the infrastructure with greater control over resources.

Cloud Architecture Components and Relevance

In IBM Cloud Platform, you should have learned that:

  • Many components within the cloud platform work together to provide a consistent, dependable cloud experience for users.
  • With the cloud platform, it is possible to provide higher levels of compliance, security, and management.
  • The three core services the cloud provides are containers, storage, and servers.
  • Data centers around the world deploy cloud platform services.

In IBM Cloud Infrastructure Architecture, you should have learned that:

  • Cloud architecture models provide a secure foundation for various workloads.
  • Cloud infrastructure provides a secure environment for applications.
  • Data is isolated in a cloud infrastructure.
  • The cloud infrastructure architecure uses open source technologies.

In Virtual Private Cloud Architecture, you should have learned that:

  • Private cloud architecture provides greater control and security along with the benefits of a public cloud.
  • Customers can connect securely to on premises or remote infrastructure.
  • A network can be extended by creating a dedicated connection between the cloud and on premises resources.
  • Responsive cloud applications are possible with a virtual private cloud architecture.

Cloud Compliance and Governance Practices

In IBM Compliance Programs, you should have learned:

  • IBM Cloud provides programs and certifications that help organizations meet global guidelines.
  • The CIS IBM Cloud Foundations Benchmark helps organizations securely adopt IBM Cloud services.
  • The cloud features multiple, overlapping tiers of protection to stop cybersecurity threats.
  • IBM Cloud for Government data centers adhere to global, industry, and regional compliance programs.

In IBM Cloud Hosting Options, you should have learned:

  • Government agencies can trust that the IBM Cloud environment housing their applications provides flexibility and enhanced security features.
  • IBM data centers are available across multiple regions and countries around the world.
  • The same set of regulatory services are available in each IBM Cloud availability zone within six regions around the world.
  • Those managing multiple clouds have full visibility and control across the cloud and data center infrastructure.

Cloud Catalog Services

In IBM Cloud Catalog and IBM Cloud Docs Overview, you learned that:

  • The IBM Cloud Catalog is where services created by IBM and third parties are located.
  • You can filter services based on a variety of parameters including provider, pricing plan, and category.
  • Services can be added to your IBM Cloud account using their “Create” tab in the catalog.
  • The API Docs and general documentation can be accessed using the appropriate links in the IBM Cloud Catalog.
  • The left-hand menu in documentation is used to navigate through major topics.
  • The right-hand menu in documentation is used to navigate the topics and sub-topics included in the currently open documentation.
  • Breadcrumbs at the top of the screen allow you to quickly go back to a previous topic.

Locating Services to Deliver Specific Functions

In IBM Cloud Catalog Services, you learned that:

  • You can find additional information about each service in the IBM Cloud Catalog using the “About” tab.
  • Code Engine can be used to build container images.
  • IBM Cloud Object Storage is a way to store data in units called buckets for easy access.
  • Db2 is a relational database with enterprise-grade performance.
  • Cloudant is a NoSQL database that uses JSON files to store and index documents.
  • Watson Assistant can be used to add chat functionality to an application.
  • Watson Discovery is used to gain a deeper understanding of data and implement natural language document search capabilities.
  • Watson Studio allows you to customize machine learning models.
  • Certificate Manager provides a centralized location to store and manage your security certificates.
  • Hyper Protect Crypto Service provides hardware solutions to manage your crypto keys.

Delivering Cloud Services to DevSecOps Teams

In DevOps vs DevSecOps, you learned that:

  • DevOps was designed to create an integrated working environment between developers and IT operations.
  • DevSecOps added security into the development cycle.
  • DevOps was intended to decrease development time by adding automation to the process.
  • Instead of releasing a couple updates per year, DevOps is designed to continually release smaller updates as needed.

In Continuous Delivery, you learned that:

  • Toolchains are sets of tools that are used to automate the process of developing and deploying code.
  • Pipelines are used to build, test, and deploy code with minimal human intervention.
  • An integrated web-based environment allows developers to work from anywhere.

Core Groups of Available Database Integration and Analytical Services

In Databases on IBM Cloud, you learned that:

  • IBM Cloud Databases for PostgreSQL are customizable, open-source object-relational databases.
  • IBM Cloud Databases for EnterpriseDB optimize the built-in features of PostgreSQL while adding compatibility with Oracle.
  • IBM Db2 on Cloud is based on the enterprise-class IBM Db2 database engine and provides a fully managed solution.
  • IBM Cloudant is a document database that uses JSON.
  • IBM Cloud Databases for MongoDB is a JSON-based document store which includes rich query functionality.
  • IBM Cloud Databases for DataStax is a NoSQL database built on Apache Cassandra which is best for high-availability and workload flexibility.
  • IBM Cloud Databases for Elastisearch are based on JSON document databases and allow full-text search.
  • IBM Cloud Databases for Redis are designed for in-memory functionality making them very fast.
  • IBM Cloud HyperProtect can be used with PostgreSQL and MongoDB for fully managed, highly secure applications.

In Analytics of IBM Cloud, you learned that:

  • There are three types of analytics: descriptive, diagnostic, and prescriptive.
  • IBM Cloud Analytics use two open-source technologies: Apache Hadoop and Apache Spark.
  • IBM Analytics Engine builds on Apache Hadoop and Apache Spark but separates compute and storage functionality.
  • IBM Information Server on Cloud can analyze a wide variety of data and is easily scalable.
  • IBM Streaming Analytics allows you to analyze fast moving, real-time data.

In Integration on IBM Cloud, you learned that:

  • API Connect is used to create and manage APIs to your applications.
  • App Connect is used to connect various applications to each other.
  • Event Streams are built on Apache Kafka and are used as high throughput message buses.
  • MQ provides enterprise-grade messaging capabilities between applications.

IBM Cloud Documentation

In IBM Cloud Documentation, you should have learned:

  • Where to find product-specific guides and tutorials from across all of IBM docs, including site tours, learning more about the console, developer tools, resources for deploying, and API & SDK references.
  • IBM’s reference architectures are a source to help architect solutions that enable ways to meet business objectives using leading edge hybrid cloud and AI technologies.
  • The IBM developer site contains a collection of learning paths for step-by-step technical training, tutorials, articles, videos, and more.
  • Code patterns are a collection of common use cases with ready to use code.

Building IBM Cloud Solutions that Adhere to IBM Security Compliance Guidelines

In IBM Cloud Security Strategy Overview, you learned that:

  • There are three types of encryption: data at rest, data in motion, and data in use.
  • IBM Cloud Identity and Access Management (IAM) is used to identify users and grant them access to specific parts of an application or network.
  • There are two common types of IAM used in IBM Cloud: Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC).
  • There are three network encryption options: Secure Socket Layer (SSL), Transport Layer Security (TLS), and Hypertext Transfer Protocol Secure (HTTPS).
  • IBM Certificate Manager is used to manage SSL and TLS certificates.
  • Data in IBM Object Storage is divided up and distributed across multiple data centers.
  • Once data in IBM Object Storage is deleted, it is impossible to retrieve it.

Compute Options

In IBM Cloud Bare Metal Offerings, you should have learned:

  • Bare Metal servers are servers that are physical and dedicated to a single tenant.
  • Some of the benefits of Bare Metal servers are that they are isolated physically, powerful, consistent, and can scale seamlessly.
  • The two Bare Metal server options are fast provisioning servers and custom-based servers.

In IBM Cloud Virtual Server for Classic, you should have learned:

  • Classic Virtual Servers are easily deployed and can be created on shared or dedicated infrastructure.
  • Classic Virtual Servers are customizable, can be provisioned quickly, are scalable, and integrated seamlessly.
  • Some of the deployment options are public virtual servers, transient virtual servers, and dedicated virtual servers.
  • Some of the key differences between bare metal servers and virtual servers are that bare metal servers can offer better performance and security for certain workloads and are more ideal for heavy workloads. However, virtual servers provision more quickly and offer a more flexible and scalable environment than bare metal.

In IBM Cloud Virtual Private Cloud, you should have learned:

  • Virtual Private Cloud (VPC) allows the creation of a private cloud computing environment on a shared public cloud infrastructure. VPC saves on cost and focuses on convenience for clients.
  • VPC offers virtual server instances (VSIs) with a wide range of vCPU and memory options.
  • Under VPC, block storage can be provisioned and attached to virtual server instances. Block storage either has defined IOPS tiers or you can provision storage with custom IOPS.

In IBM Cloud for VMware Solutions Offerings, you should have learned:

  • Some benefits of VMware Solutions are being able to have the full use of VMware vCenter Server (VCS), multiple storage options, private and dedicated environment, and the use of VMware vCenter Server with Hybridity Bundle.
  • The key features of VMware Solutions Shared, VMware Solutions Dedicated, VMware Solutions Regulated Workloads, and VMware Solutions Dedicated Security and Compliance Readiness Bundle.

In IBM Cloud Power Systems Virtual Server, you should have learned:

  • Power Systems Virtual Servers can be quickly created and deployed through the IBM Cloud console but are colocated with IBM Cloud resources.
  • Power Systems Virtual Servers can run AIX, IBM i, or Linux operating systems.
  • Some key features are monthly billing rates, customized infrastructure, and images from AIX and IBM i.
  • Backup strategies for AIX are Veeam AIX and IBM Spectrum Project and IBM i uses IBM Backup, Recovery, and Media Services.

In IBM Cloud Code Engine, you should have learned:

  • Code engine is a serverless platform and offers several benefits including:
  • Building apps with your code using IBM’s infrastructure
  • Being able to run HTTP-driven apps and run-to-completion batch jobs,
  • Having private workloads
  • Allowing clients to determine who gets access to the resources

Compute Option Use Cases

In Bare Metal Use Case, you should have learned:

  • Bare Metal servers are typically used where performance is a key concern — such as where data needs to be retrieved quickly from local storage or where a specific hardware type is required for high bandwidth, encrypted data processing.
  • Bare Metal servers are also great when a dedicated environment is needed due to security, policy, or compliance requirements.

In Virtual Server Use Cases on IBM Cloud, you should have learned:

  • There are three virtual compute options, Virtual Server for VPC, Virtual Servers for Classic Infrastructure, and Power Systems Virtual Servers.
  • Some use cases for Virtual Server for VPC are hosting and building apps and advancing workload capacities.
  • Use cases for Virtual Server for Classic include high-level needed for computing and apps that have multiple levels.
  • Use cases for Power Systems Virtual Servers include developing and experimenting IBM power apps and workloads, along with disaster recovery.

In VMware Use Cases on IBM Cloud, you should have learned:

  • VMware in IBM Cloud enables:
  • Datacenter transformation and the ability to easily increase capacity or migrate to newer hardware more cost-effectively.
  • The simple creation of a disaster recovery environment in the cloud.
  • A secure environment through data encryption.
  • The option of running RedHat OpenShift on VMware to provide cloud-native services.

In Skytap Service on IBM Cloud Offerings, you should have learned:

  • Skytap is a cloud service that can easily migrate AIX, IBM i, and Linux and can be quickly provisioned. It is highly available and can create a self-managed application environment.

In Virtual Desktop Applications for IBM Cloud Offering, you should have learned:

  • Some virtual desktop applications include Citrix and Dizzion. Citrix allows for easy management of the virtual desktop infrastructure on the IBM Cloud.
  • Dizzion allows organizations to build remote work environments. There are two service levels for Dizzion: Dizzion DaaS and Dizzion Managed DaaS.
  • Dizzion DaaS is provided by IBM and Dizzion and controls Horizon 7 to handle virtual desktops. Dizzion Managed DaaS is similar to Dizzion DaaS but has additional features such as Desktop Patching, Pool Management, GPO assistance, etc.

IBM Cloud Satellite

In IBM Cloud Satellite, you have learned:

  • IBM Cloud Satellite enables organizations to run IBM Cloud Services in the location of their choice: on-premises, a competitor’s cloud, or at the edge.
  • IBM Cloud Satellite enables users to run select IBM Cloud Services on-premises, behind their corporate firewall, allowing them to meet more demanding security rules or simply process data closer to its source
  • There are four main Satellite components: hosts, link, location, and endpoints.
  • A host is a customer-provided computer running Red Hat Enterprise Linux 7.x. A minimum of three hosts are required for a Satellite location.
  • A Satellite location is a customer data center, competitors’ cloud, or edge location, at which the Satellite Hosts are deployed and run.
  • A Satellite Link is an encrypted TLS tunnel that allows you to securely connect the Satellite installation to other services running in IBM Cloud and to manage and monitor the Satellite instance from the IBM Cloud Console.
  • Satellite Link has two types of Endpoint: a Cloud Endpoint and a Location Endpoint. The Cloud Endpoint destination is outside of the Satellite location, while the Location Endpoint provides access to a server, service, or app that runs in your Satellite location from a client that is connected to the IBM Cloud private network.

IBM Cloud Storage Offerings and Use Cases

In Introduction to Storage Options, you should have learned that:

  • The three most common types of storage in IBM Cloud are block, file, and object.

In Block Storage, you should have learned that:

  • Block storage stores data by breaking it into evenly sized blocks, which is written to disk. The data stored is highly available because each block is stored multiple times across different disks.
  • Block storage is used for computing situations where users require fast, efficient, and reliable data storage.
  • Block storage decouples data from user environments. This allows that data to be spread across multiple environments enabling the user to retrieve it quickly.
  • Block storage can be deployed on a Virtual Private Cloud (VPC) or classic environments.
  • There are two available tiers: the IOPS tier, and the Custom IOPS profile tier.

In File Storage, you should have learned that:

  • File storage uses a hierarchical structure to organize files, folders, and subfolders.
  • There are strategic benefits to choosing file storage: reducing costs, and scaling up capacity.
  • It is available in the endurance and performance tier.

In Object Storage, you should have learned that:

  • Object storage is a storage option that manages unstructured data into self-contained units called Objects. Object storage is referred to as unstructured as it does not use a conventional ‘folder/subfolder’ structure to store objects. Instead, it uses a flat structure known as a “bucket.”
  • IBM Cloud Object Storage stores encrypted and dispersed data across multiple geographic locations.
  • There are some advantages to using object storage. It enables customers to handle large amounts of unstructured data, is scalable and cost-effective, uses metadata allowing users to maximize the search feature, and quickly access the object they need.
  • IBM Cloud Object Storage service offers different levels of resiliency: cross region, regional, and single data center.
  • There are four tiers, including Smart, Standard, Vault, and Cold Vault tier.

In Software Defined Storage (SDS) Offerings, you should have learned that:

  • Software-defined storage (SDS) is a storage architecture that separates storage software from its hardware.
  • It enables organizations to increase their storage capacity quickly making it flexible and scalable.
  • SDS allows the organization to use existing hardware that they currently have, which can be a tremendous cost savings.
  • Portworx is a highly available SDS that can be used as persistent storage management for containerized applications.

Backup, Recovery, and Replication Solutions

In IBM Cloud Backup Capabilities, you should have learned that:

  • IBM Cloud Backup Portal is a browser-based management utility that enables customers to back up data between servers or data centers on the IBM Cloud network.
  • Backup and restore make periodic copies of data and applications to a secondary device.
  • RTO is the maximum amount of time the organization can afford to be without access to the data or application. In other words, how quickly the customer needs to recover the data and application.
  • RPO is the amount of data an organization can afford to lose and effectively dictates how frequently they need to back up their data to avoid losing more.
  • There are four types of backup devices or services a customer can use: tape drive, HDD or SDD, backup server, or cloud backup.
  • Commonly used back and restore methods include full image only, incremental, differential, CDP, bare metal backup, and instant recovery.
  • Disaster recovery is much different than backup and restore. Disaster recovery is a plan that is created to deal with an outage that impacts applications, data, and IT resources.
  • Data replication allows the use of real-time information that captures data that is constantly changing to allow for efficient data growth management.

In Zerto, Veeam, and IBM Spectrum Protect Plus within VMware Solutions in IBM Cloud, you should have learned that:

  • There are a wide variety of services used for disaster recovery and protection. Zerto, Veeam, and IBM Spectrum Protect Plus are the most commonly used for these services.
  • Zerto is a service that provides replication and disaster recovery capabilities using continuous data replication with journaling versus snapshots.
  • Veeam is a service that integrates directly with VMware hypervisors to help an organization achieve high availability to control backup and restore for all the virtual machines attached to their infrastructure from one console.
  • IBM Spectrum Protect Plus creates an efficient and scalable solution for clients who need data protection, reuse, and recovery in virtual environments.

In Disaster Recovery options in IBM Power Systems Virtual Server, you should have learned that:

  • In the event of a hardware failure, the IBM Power Systems Virtual Server service will restart the virtual servers on a different host system to provide uninterrupted service.
  • There are four strategies used for data recovery, including image capture, AIX backup, IBM i backups, and cloud object storage.

Networking Components and their Advantages

In Basic Networking Options, you should have learned:

  • Automatic VLANs are provisioned and removed automatically based on whether there are cloud services which need them.
  • VRF allows multiple instances of a routing table to exist in a router and to work simultaneously.
  • The cloud automatically assigns and manages primary subnets.

In Load Balancer Options, you should have learned:

  • Distributing connections using load balancers prevents server overload and enhances uptime.
  • Cloud Internet Services provide global load balancer services.

In Direct Link Offerings, you should have learned:

  • Direct Link offerings provide connectivity from external sources into a private cloud network.
  • Direct Link Connect on Classic provides private access to the cloud infrastructure.
  • Global routing can be added to all Direct Link products.

In Virtual Private Cloud Networking, you should have learned:

  • A VPC provides cloud security to workloads.
  • By default, resources in a VPC are isolated from other services.
  • A VPC can contain multiple subnets within each zone.
  • A public gateway can be attached to a VPC subnet to allow the subnet to route traffic to and from the internet.

IBM Networking Components

In Direct Link Use Cases, you should have learned that:

  • Direct Link creates private connections between on-premises environment and cloud resources.
  • Private connects are created without using the public internet.
  • Workloads with large and frequent data transfers are supported.

In Public And Private Components Use Cases, you should have learned that:

  • VRF connections to resources are more secure because of the use of a private network endpoint.
  • The BYOIP option enables users to connect existing networks to cloud infrastructure.
  • Workload isolation helps virtual machines and bare metal servers securely deploy with less risk.

In Use Cases for Local and Global Load Balancers, you should have learned that:

  • Load balancing helps prevent failure when resources are overloaded.
  • Hardware load balancers are less flexible and scalable.
  • A global load balancer helps balance workloads across regions.

VPC and Related Networking Concepts

In VPCs, you should have learned that:

  • A virtual private cloud provides a private cloud environment on a shared public cloud infrastructure.
  • VPC infrastructure is deployed across three zones.
  • VPC cloud resources have their own isolated virtual network.

In Transit Gateways, you should have learned that:

  • Transit gateways connect VPC resources across multiple regions.
  • Routing options stay in the private cloud infrastructure.
  • Connecting transit gateways to Direct Link enables connection to an on-premises network and other networks connected to the transit gateway.

Integration use case

In When to Use API Connect, APP Connect, or IBM Messaging Options, you should have learned that:

  • Some organizations have adapted to the added difficulty of integration by replacing large code silos with small, independent components called microservices. This strategy offers greater scalability, resilience, and agility, which is why it is called agile integration.
  • Agile integration decentralizes services, so applications teams can better control the creation and exposure of their application program interfaces (APIs), messages, and events.
  • IBM API Connect lets users create, secure, expose, manage, socialize, and analyze its APIs across clouds.
  • IBM APP Connect integrates data and applications from existing systems, and ties together technologies across environments, including legacy and SaaS systems.
  • Apache Kafka-based IBM Event Streams enable organizations to create smart applications that react to events as soon as they happen.
  • IBM MQ is a scalable messaging platform that uses Java Message Service (JMS) and other technologies to integrate applications and put information such as product availability on the cloud, where consumers can easily retrieve it.

Edge Solutions

In How Edge Functions Work, you should have learned that:

  • Edge computing is a distributed computing method that aims to use bandwidth more efficiently, by bringing applications close to where data is created and actions are performed.
  • By eliminating the need to send data over a network, edge computing reduces latency and enables real-time processing.
  • When implementing an IBM Cloud Internet Service (CIS) Edge function, developers consider the actions they want it to perform. For each action, they define a uniform resource identifier (URIs) called a trigger. IBM CIS Edge intercepts user requests, compares them against the list of triggers, and performs the associated action if it finds a match, called a trigger event.
  • Because edge functions run code on trusted CIS Edge servers, users don’t need to use a modern browser.
  • If processing needs to occur on client-provided servers physically located at the edge, IBM Cloud Satellite may be a more appropriate solution.

Cloud AI and analytics use case

In IBM’s AI Ladder, you should have learned that:

  • IBM’s AI Ladder views the process of gathering, preparing, and using data in terms of a ladder comprised of four steps: collecting data, organizing data, analyzing data to scale business insight, and infusing data to implement AI with trust and transparency.

In IBM Services That Support Analytics and AI, you should have learned that:

  • IBM offers many services that use AI and analytics to improve business processes. These include:
  • Watson Assistant, which can build dynamic, branded chatbots.
  • Watson Studio, which can create custom data models using RStudio and Jupyter Notebooks.
  • Watson OpenScale, which can track AI outcomes, monitor compliance, and measure alignment with business goals.

In Use Cases Associated with Analytics and AI, you should have learned that:

  • Two applications of AI and analytics include COVID-19 information delivery and explanations of AI methods.

IBM Cloud Managed Database Options

In When to Use SQL and NoSQL Databases, you should have learned that:

  • Most databases fall into one of two groups:
  • SQ
  • NoSQL

In Benefits of Database-as-a-Service (DBaaS), you should have learned that:

  • DBaaS, sometimes called “managed database service,” lets users access and use a database over the cloud. The provider handles upgrades, backups, and other maintenance tasks to keep the system running 24/7.
  • Benefits include cost savings, scalability, simplicity, rapid development, security, reduces risk, and quality.
  • Factors to consider in selecting a DBaaS provider include how specialized the application will be, the architecture, test results, and other provider offerings.

In IBM-Managed Cloud Databases, you should have learned that:

  • IBM offers managed cloud databases for various applications, including web and mobile apps, developer tools, confidential data, and business intelligence.

Benefits and Options of IBM Hyper Protect Crypto Services

In IBM Hyper Protect Crypto Services Features, you should have learned that:

  • IBM Cloud Hyper Protect Crypto Services (HPCS) is a dedicated key management service that uses a dedicated cryptographic processing Hardware Security Module (HSM) to generate, encrypt, store, and decrypt keys.
  • The HSM is built on FIPS 140–2 Level 4 certified hardware: the highest level available for cryptographic security.
  • Customers retain exclusive control of their keys with a feature called Keep Your Own Key (KYOK).

In Key Database Services that Integrate with IBM Hyper Protect Crypto Services, you should have learned that:

  • Users can integrate HPCS with selected managed database services to bring and manage their own encryption in the cloud.
  • Integration involves associating user-managed HPCS root keys to control the randomly generated ones from the database service, and then adding another layer of protection, envelope encryption, to the data.

In Key Management Concepts, you should have learned that:

  • By default, cloud providers control system keys. But for even greater protection, users should control their own keys.
  • In order to keep all of their keys, users must set up the HSM themselves, which requires a dedicated solution like HPCS.

In Use Cases Associated with IBM Hyper Protect Crypto Services, you should have learned that:

  • Customers benefit from HPCS cryptographic capabilities in many ways: image protection, app development, database encryption, and enterprise environments.

Compute Security Options

In Compute Security Options, you should have learned that:

  • A Virtual Private Cloud (VPC) is a private, secure location that enables organizations to define and control a virtual network that is essentially isolated from other users in the public cloud environment.
  • Logical isolation secures VPCs.

In Security Groups and Access Control Lists (ACLs) Secure Solutions in IBM Cloud VPC, you should have learned that:

  • Security Groups and ACLs are the primary way to enhance security to subnets and instances and can be used independently or together.

In Encryption Options Available in IBM Cloud to Protect Compute Focus Solutions, you should have learned that:

  • IBM-managed encryption, customer-managed encryption, and end-to-end encryption are the encryption options available in IBM Cloud.

In Methods of Securing IBM Cloud VMware based solutions, you should have learned that:

  • IBM Cloud for VMware Solutions enables users to manage resources like they are on-premises through dedicated infrastructure.
  • IBM Cloud for VMware Regulated Workloads provides encryption.

In Role-Based Access Control Security uses within IBM Cloud, you should have learned that:

  • IBM Cloud Identity and Access Management (IAM) provides access to services in IBM Cloud through the model of least privilege and does this through Resource Groups and Access Groups.

Network Security Options

In Network Security Options, learners should have learned that:

  • ACLs and security groups are two types of network access controls that make up the layers of VPC security.
  • Network security provides security to information in a network and also controls who can access the network, but there are vulnerable entry points that warrant defense mechanisms for enhanced security.

In Network Encryption Options Available in IBM Cloud to Protect Solutions, learners should have learned that:

  • Juniper vSRX is a router, firewall, and security device that exists as a virtual appliance and provides a firewall, VPN gateway, and NAT as an encryption feature.
  • There are multiple ways to secure data in transit or data at rest.

Storage Security Options

In Advantages of Using IBM Cloud Storage Services Security Options when Building Solutions, you should have learned that:

  • IBM Cloud File Storage and IBM Cloud Block Storage are provisioned with Endurance or Performance options.
  • IBM Cloud Object Storage provides the ability to store large volumes of unstructured data.

In RBAC Secures Solutions built on IBM Cloud, you should have learned that:

  • IAM, OpenShift & Containers, and VMware provide varying levels of access policies in order to secure solutions built on IBM Cloud.

In Various Storage Services Protect Solutions in IBM Cloud,you should have learned that:

  • Block Storage for VPC gives users the ability to provide hypervisor-mounted, high-performance data storage for any VSIs that can be provisioned within a VPC.
  • IBM Cloud Object Storage provides storage for large volumes of unstructured data that provides security, availability, and reliability.

In Secure Storage Options when Utilizing IBM Cloud VMware Solutions, you should have learned that:

  • When utilizing VMware Solutions Dedicated, data can be stored locally, or using IBM Cloud File Storage or Cloud Object Storage.
  • When using VMware Solutions Shared, the workload data is in an IBM-managed cloud infrastructure account.
  • VSIs and customer-managed encryption are other options to secure data.

PaaS Security Options

In Network Security, you should have learned that:

  • Data Shield is an IBM Cloud service that helps protect data in containerized workloads that run on Kubernetes Service and OpenShift clusters while the data is in use.
  • Service endpoints are a connectivity option for securely accessing cloud service endpoints.
  • Application exposure services enable users to securely expose applications to external traffic.

In Authenticating Users, you should have learned that:

  • SSO provides authentication between multiple web apps.
  • App ID is a service provided by IBM Cloud that allows users to create and use SSO for their own applications.
  • vCenter Single Sign-On (SSO) is an authentication broker and security token exchange infrastructure. This allows vSphere to communicate with each other via a secure token mechanism.

In Encryption, Secrets, and Certificates, you should have learned that:

  • Secrets Manager creates dynamic secrets and manages the lifecycle of the secrets.
  • IBM Key Protect securely stores and applies secrets for apps. It provides encryption solutions and allows data to be secured and stored in IBM Cloud through envelope encryption.
  • Hyper Protect Crypto Services is a key management system that provides keep your own key (KYOK) capabilities for cloud data encryption. It provides lifecycle management for keys, encryption for IBM Cloud services, access management, auditing, and security certification.
  • VMware integrates on-premises vSphere vCenter networks to the IBM Cloud for VMware solutions deployment.

In IBM Cloud Code Engine and Security, you should have learned that:

  • IBM Code Engine provides a security solution by isolating customers and their workloads.

In Delivery Pipeline Private and Public Workers, you should have learned that:

  • Delivery Pipeline Private Workers and the IBM Cloud Continuous Delivery Development teams work together to use the private worker in their toolchain.

In Other Security Topics, you should have learned that:

  • Terraform is a third-party service used by IBM Cloud, and it enables predictable provisioning of the IBM Cloud platform, classic infrastructure, and VPC infrastructure.
  • Data Shield is an IBM Cloud service that helps protect data in containerized workloads that run on Kubernetes and OpenShift clusters while the data is in use.

Core Principles and Practices of Building Cloud-Native Applications

In Define Cloud Native, its Benefits, and List Use Cases, you learned that:

  • Scaling of cloud native applications is very easy.
  • Cloud native applications are made up of microservices.

In The Twelve-Factor App Methodology and How Microservices Benefit the Organization, you learned that:

  • Microservices are independently deployable.
  • Microservices have specialized functionality.
  • Twelve-factor app methodology uses a declarative approach, reducing the time needed to onboard new developers.

In Key Enabling Technologies and Tools for a Cloud Native Solution, you learned that:

  • Containers are self-contained.
  • Container orchestration systems are used to manage containers.
  • Kubernetes is an example of a container orchestration system.
  • IBM Cloud Functions and IBM Code Engine are examples of serverless technologies.
  • APIs allow applications to communicate with each other.
  • REST APIs have additional architectural constraints to standard APIs.
  • Messaging and event streaming are used for routine status updates from applications.
  • Serverless architecture is designed to be a flexible alternative to a traditional server.

High-Level Benefits of Modernizing Existing Applications to be Cloud-Native

In The Importance of Application Modernization, you learned that:

  • Modernization can reduce the cost of managing applications.
  • Containerization can be an easy yet effective approach to modernizing applications.
  • Security and compliance of an application can be increased by modernization.
  • Development speed can be increased by modernizing.

In Application Modernization Approaches, you learned that:

  • Existing applications can be modernized by replacing existing functionality with microservices.
  • APIs can be used to expose parts of an existing application, making it easier to use microservices for new functionality.

In Whether to Modernize or Rebuild an Existing Application, you learned that:

  • The first step in application modernization is to assess how ready the application is to be moved to the cloud.
  • Containerization can reduce costs and resources when modernizing an application.
  • Rebuilding an application is made easier by using existing microservices.

IBM Container Orchestration

In Containers and How They Differ From Virtual Machines (VMs), you learned that:

  • Containers are self-contained units that are designed to hold applications as well as all libraries and dependencies that the application requires.
  • Containers do not have an operating system of their own. Instead, they access the operating system of the device they are running on using a hypervisor.

In Containers, Container Orchestration, and Kubernetes, you learned that:

  • The process of designing and packaging software in containers is called containerization.
  • When an application is containerized, it is packaged with its relevant environment variables, configuration files, libraries, and software dependencies.
  • Container orchestration is a way to manage large volumes of containers.
  • Kubernetes is a platform that enables customers to manage their containerized workloads. It provides tools that enable developers to deploy, automate, monitor, and scale their apps efficiently.

In An Overview of Red Hat OpenShift on IBM Cloud, you learned that:

  • Red Hat OpenShift on IBM Cloud enables customers to deploy apps on Red Hat OpenShift clusters. These clusters run on the Red Hat OpenShift on IBM Cloud container platform software.
  • Red Hat OpenShift on IBM Cloud provides customers with a fast, secure, and scalable solution.

In IBM Cloud Kubernetes Service and its Benefits, you learned that:

  • IBM Cloud Kubernetes Service is a certified Kubernetes provider that enables customers to create their own Kubernetes cluster of compute hosts to deploy and manage their containerized apps.
  • Some benefits of IBM Cloud Kubernetes Service include that customers can choose to deploy clusters with Red Hat OpenShift or Kubernetes installed, it is a single-tenant Kubernetes clusters with compute, network, and storage infrastructure isolation, supports multizone clusters, has image security compliance with Vulnerability Advisor, has highly available masters, continuous monitoring of the cluster health, and secure exposure of apps to the public.

Solution Scalability

In Horizontal and Vertical Scaling for Containers, you learned that:

  • Customers can quickly scale up simply by increasing the CPU and RAM.
  • Customers can scale out by provisioning additional VMs to spread out the workload.

In Scaling Clusters Using Cluster Autoscaler, you learned that:

  • The cluster autoscaler periodically scans the cluster and adjusts the number of worker nodes based on the workload requests.
  • If there are insufficient compute resources to schedule the pod on a worker node, that pod is considered pending. If a pending pod is detected, the autoscaler scales up the worker nodes evenly across zones.
  • If a pod is not fully utilized — meaning less than 50% of the total compute resources have been requested in the last 10 minutes — the autoscaler considers it underutilized and will scale the worker node down one at a time. This threshold can be customized by the customer.

In Horizontal and Pod Autoscalers, you learned that:

  • An HPA enables customers to determine the minimum or the maximum number of pods to run, the CPU, and memory utilization the pods should utilize.
  • The HPA automatically scales the workload to match the demand.
  • When there is an increased workload, it deploys more pods.
  • When there is a decrease in the workload, it communicates to the workload resource to scale back down.

In Vertical Pod Autoscalers, you learned that:

  • Vertical pod autoscaling (VPA) helps size pods for optimal CPU and memory utilization.
  • Like HPA, VPA uses the cluster nodes efficiently because the pods use exactly what they need.

Hybrid and Multicloud Architectures

In Technology and Strategies in Hybrid Cloud Solutions, you learned that:

  • The hybrid cloud combined the public cloud, private cloud, and on-premises infrastructure. It enables customers to have a distributed environment where they can run their traditional or cloud-native workloads as they need to.
  • The hybrid cloud enables customers to have improved developer productivity, greater infrastructure efficiency, improved regulatory compliance and security, and overall business acceleration.
  • Multicloud is the use of cloud services from more than one cloud vendor.
  • A multicloud solution is a solution that is portable across these providers’ cloud infrastructures, usually build on open-source, cloud-native technologies.
  • IBM Cloud Satellite provides consistency in services and the ability to deploy anywhere.

In The Role of IBM Cloud Paks in the Hybrid Multicloud Strategy, you learned that:

  • Cloud Paks are pre-integrated Artificial Intelligence (AI), powered software that is designed to run in a customer’s cloud environment managed by a single intelligent control plane.
  • IBM Cloud Paks are portable, can run anywhere, are certified, and secure.
  • There are 12 foundational services available.

https://www.linkedin.com/in/alvisf/

Ibm Cloud
IBM
Certification
Cheet Sheets

--

--

Alvis F

Written by Alvis F

44 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams