The University of Arizona
Exam 3 Study Guide

Exam 3 Study Guide #

Managed Cloud Services - Week 11a Slides - Week 11b Slides #

  • Know the basic AWS Services we've used or talked about this semester, and what they're used for.
  • EC2
    • Virtual Machines
    • Can SSH in
    • You're responsible for OS patching and security
  • RDS
    • Relational Database
    • Platform as a Service
  • ALB
    • Load Balancing
    • SSL/TLS Termination
    • Auto-scaling to handle public load
  • ECS
    • Managed Docker Container Service
    • Run your Docker images in AWS
    • Use with ALB
  • ECR
    • Elastic Container Registry
    • Store your built Docker images in AWS
    • Can pull images from here to run on ECS or EC2 etc.
  • S3
    • Object storage
    • Not a file system
    • Key/Value Pairs
    • Pay-as-you-go
    • No size limits (no cost limits either!)
  • Lambda
    • Function as a Service
    • Event Driven
    • Pay-as-you-go
    • Simpler than Docker for small / short workloads

Cloud Architectures - Week 12 Slides #

  • Architecture Diagrams are Good
  • Consider your audience
    • More detail for technical / coworker audience
    • Less detail for leadersup / supervisor audience
  • CloudFormation
    • Infrastructure as Code
    • Repeatability
    • Input Parameters
    • Codify Resource Deployments

Public Key Cryptography - Week 13 Slides #

  • Hashing
    • One Way
    • Math
    • Verify that the input hasn't been altered
    • Hashing the same input always produces the same output
  • Symmetric Cryptography
    • Shared Secret
    • One key is used to both encrypt and decrypt
    • Depends on the key being securely shared
    • Fast
  • Public Key Cryptography
    • Two Keys
      • Public
      • Private
    • Key B decrypts data encoded by Key A
    • Key A decrypts data encoded by Key B
    • One Key kept... private
    • One Key shared publicly
    • Use Case: Privacy
      • Encrypt with a public key - only the private key holder can decrypt
    • Use Case: Authentication
      • Encrypt with private key - decrypting with public key proves where it came from
  • Certificate Authorities
    • Chain of Trust
      • If I trust A, and A says B is trustworthy, I can trust B
      • If I trust B, and B says C is trustworthy, I can trust C
    • OS Vendors certify a set of Root Certificate Authorities
    • Root CAs can delegate to Intermediary CAs
    • Certificates issued by Intermediate CAs can be trusted, because we trust the Root CAs
    • Backbone of internet security

Cookies - Week 14 Slides #

  • Cookies preserve state
  • Host controls when and how cookies are set
  • Sent in an HTTP response header: Set-Cookie
  • Browser stores cookies separately for each Domain
  • Cookies are only sent back to the same Domain
  • Basic key/value pairs with some options
  • Used to track state from one request to another by comparing the Cookie value in the HTTP Request with stored information on the Server side
  • First-Party cookies sent by the same Domain as the parent Page Domain
  • Third-Party cookies sent by Domains other than the parent Page Domain
  • Security concerns
    • If attacker can gain access to cookie values, can impersonate users

WebSockets - Week 15 Slides #

  • When sateless HTTP doesn't work so well
  • Useful for responsive User Interfaces
  • When anynchronous communication needs to be fast and responsive
  • Polling
    • Useful if the number of clients is small, and polling interval is large
  • WebSockets
    • Better if number of clients is large, and need for client to be notified of new information quickly
  • WebSockets ≠ TCP Sockets
  • Begin live as a normal HTTP request with additional headers:
Connection: Upgrade
Upgrade: websocket
  • Server responds with:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
  • Once the WebSocket upgrade handshake is completed, all furhter communication over that TCP socket no longer follows the HTTP protocol, it follows the WebSockets protocol
  • WebSockets Protocol is Binary, not Text based
  • WebSocket stays open until either side explicitly closes it
  • Data can be sent in either direction. Server no longer has to wait for the client to initiate a request.
  • Host can send to multiple connected WebSockets
  • AWS API Gateway
    • Cloud Managed WebSocket endpoint
    • Computes handshake and keeps track of connections
    • Sends events to other AWS services, such as Lambda
    • Use the AWS API to have API Gateway send data to clients over connected WebSockets
  • JavaScript API
    • const exampleSocket = new WebSocket("wss://example.com/api")
    • ws://: Start a WebSocket over a non-secured HTTP connection
    • wss://: Start a WebSocket over a TLS secured HTTPS connection
    • Send data: exampleSocket.send(data)
    • Receive data: exampleSocket.addEventListener("message", (e) => {processEvent(e)} )