Cloud computing skills are in demand nowadays and lots are aspirers are honing up their skills in this area to make a successful career.
Let’s see some cloud architecture interview questions which are generally asked. Though these questions would reference Oracle Cloud Infrastructure but is equally applicable to other providers.
Table of Contents
Cloud Computing interview questions
There are various areas in a cloud architecture that should be understood well to answer scenario-based questions. Some of them are
- Virtual Cloud Network
- Connectivity & VPN
- Load Balancer
- Identity and Access Management
- Database CLI
- Capacity Planning
- Moving database to Cloud Infrastructure
- Availability of Service
- Autonomous Database
- Disaster Recovery
- Data Safe
- OCI Events
- OCI Streaming Service
- Registry Services
- Resource Manager
Common Cloud Architecture Interview Questions | Infrastructure
What is IaaS ? How do you differentiate between IaaS PaaS and SaaS
IaaS is infrastructure, PaaS is a development environment, SaaS is ready to use the software on the cloud. Do read this article which covers the difference between IaaS, PaaS, and SaaS
What is VCN?
VCN Stands for Virtual Cloud Network. Once a Cloud Infrastructure is provisioned by the cloud provider, Cloud architects need to configure virtual devices. VCN is one of them.
What is VCN Peering? Tell us some characteristics of VCN Peering.
VCN Peering is used to configure connectivity between resources in different VCNs. Some characteristics are
Traffic never leaves the provider network
Does not require public IP
Faster connectivity and higher security
In-region, peering is called Local while cross-region is called Remote Peering.
How do you do Local VCN Peering?
Create a connection between LPG (local peering Gateway)
Update route table and security list
Have IAM policies to establish a connection.
What is different with Remote Peering of VCN?
For Remote Pairing DRG ( Dynamic Routing Gateways) is used. RPCs of two DRGs from two different regions are connected to create a Peering Relationship.
we will also need to update the route table and security list and have IAM policies defined.
How does Transit Routing happens between multiple VCNs?
One VCN acts as a hub and other VCN’s are locally peered with the hub VCN. The traffic goes through the hub. The route table that is associated with DRG have rules to target an LPG or private IP and the route table of LPG has rules to target DRG or private IP.
What is VPN Connect?
VPN Connect is a managed VPN service that connects securely from on-premise to Cloud (OCI) VCN through IPSec VPN Connection
What are the components involved in creating VPN connections?
DRG : Dynamic Routing Gateway. VPN end at OCI
CPE: Customer premise Equipment. The VPN router in on-prem network A representation to be created in OCI call CPE object.
IPSec Connection: Routing to be created after configuration of DRG and CPE
What are the routing options while creating VPN?
Static and Dynamic options are there. Default is Static.
How do you avoid downtime when you want to switch routing type of a tunnel?
Do One tunnel at a time.
What is FastConnect?
FastConnect is a dedicated private network connection from OCI to its network partners
Provides high-speed elastic network in 1Gbps and 10 Gbps increments
Can be used to connect remote data centers (private peering) or public resources (public peering).
What is the protocol used for FastConnect?
BGP- Border Gateway Protocol.
What is Virtual Circuit?
Virtual Circuit is an isolated network path that runs over the physical network to provide a single logical connection over a customer edge router and DRG.
What is Compute Quota?
Compute quota is the resources assigned at levels to controls the usage. for e.g At the compartment level It controls how many instances can be launched.
What is BYOI?
The BYOI feature allows customers to bring their own Operating system image to the cloud.
What is Horizontal Scaling Vs Vertical Scaling?
Horizontal Scaling is adding more Compute devices or nodes, Vertical Scaling is adding more resources to a single compute.
What is a Console Connection? what are the 2 types ?
Console connection provides the facility to troubleshoot instances remotely. The 2 types are Serial (SSH) console connections and VNC console connections.
What is BYOH?
BYOH is Bring your own Hypervisor. This allows extending customers’ environment to the cloud and provides the ability to install legacy OS and prepackaged VMs.
Currently, 3 Hypervisors are supported
OVM- Oracle virtual machine
What are the ways you can access your OCI resources?
CLI- Command line Interface
SDK- software development kit can call OCI services- java , ruby python can be used
Rest APIs- http
Oracle cloud infrastructure IAM console
What is TerraForm and why it is used?
TerraForm is the virtualization of OCI resources and provisioning via Code. It can help in the automation of OCI environments.
What is Ansible?
Used for OCI provisioning , orchestration and Configuration management ofr OCI resources.
What is Availability Domain?
Data center region from where services can be provided
What is a Fault Domain?
Fault domain is similar to availablity domain where the load can shift in case of disastery recover
Can an availability domain have multiple data centers?
What is Region?
Geographical Region which can have multiple Avaliblity domains
Where are the user identities stored?
Identity and Access management service.
What is a Compartment?
Its the logical boundary within a tenancy and Grouping of resources (eg storage , network , user access) for a certain logical department ( eg. Finance)
What is user access Policy?
IAM policy is defined to give access to user and manage access control. users are added to groups and policy states for e.g which group can access what.
What is Tenancy?
Tenancy is a unique id for a Tenant ( a cloud infrastructure customer)
Can compartment level access can be implemented?
Yes, and to nested compartments as well.
Can compartment have resources from different Regions?
Yes. Resources from different regions are used when you need global presence.
How many compartments you get on a vanila OCI instance?
Only one – that is the root compartment
Can you create a resource without a compartment?
No . Compartment is manadatory.
What is Principal?
Principal is who can access the resources, It can be root User, or IAM user Example : User tied to group and given a access policy is a principal. Or Instance (eg. a VM instance).
What is the use of instance principal?
To avoid direct user credentials storage.
How does authentication happen in OCI?
API signing Key- Public Private Key
Authorization Token- A series of random text and numbers.
How does authorization happen?
After authentication is done authorization is done by the IAM policies defined at compartment level and tenancy level.
How does a policy structure look like?
Policies are defined with structure as below
Allow (Subject) to <verb) <resource-type) in (location) where <conditions)
Allow group (group_name) to (verb) (resource-type) in tenancy
Allow group (group_name) to (verb) (resource-type) in compartment [where <conditions)]
What would be your policy for a super user who can mange everything in your cloud account?
AllOW GROUP Administrators to manage all-resources in TENANCY
What is a Subnet and VCN?
A subnet is sub network in an availability domain within a VCN
VCN can span across multiple availability domain. Subnet divides your VCN into more sub networks.
A Compute instance is assigned private IP inside subnet.
What are the types of subnet ?
Subnets are of Public and private type.
Public- have apps for public-facing
private for internal apps
What is a routing table?
A component that has an entry to route your network traffic to outside VCN (public) meaning the VCN does not have the IP range requested.
What is IGW ?
IGW is an internet Gateway that provides path for network traffic between VCN & internet.
What is a NAT Gateway?
NAT gateway is used for one way internet connection between a private subnet and external network.
External network cannot access the resource within the private subnet. (External requests blocked).
e.g to update a VM driver.
What entry routing table has ?
It has entry to addresses outside VCN . these can be public internet or onprem or other peered VCN
Route entry rule has
Destination CIDR Block
Route Target for the traffic that matches that CIDR
How may IGWs can be present in a VCN?
How can you architect high availability in Oracle Cloud Infrastructure?
– We can attach block volume from availability domain 1 to a compute instance in availability domain 2 or vice versa.
– Distribute application servers across all availability domains within a region
– Have multiple Fault Domains across regions.
What is a Service Gateway (SGW) ?
SGW lets resources in VCN access public OCI service eg object storage without using internet ( IGW or NAT)
Can be used for e.g taking backups.
What is a DRG?
DRG provides private traffic between VCN and destinations other than internet (e.g on-premise orother VCNs)
Where do you define ingress and Egress traffic rules?
In Firewall Security List where we need to provide the CIDR , Protocol , source port, and destination port
What is the difference between VPN and Fast Connect?
VPN : encrypted connection up to 400 Mbps speed
Cheap for basic usage.
Fast Connect: Dedicated Connection between premises and oracle data center
upto 10 GbPS
Costly and suitable for Enterprise
What is a Bare Metal Compute service?
It is a compute system without any virtualization layer. we can deploy our hypervisor and install VMs
Key Control Characteristics
Direct hardware access
Bring your hypervisor
What is a dedicated Compute virtual host?
A single tenant with the virtualization layer
Control Characteristics :
What are the characteristics of a OIC Virtual Machine?
a Multitenant dedicated virtual host machine
What are the characteristics of a container engine?
It’s a compute instance where we do not worry about virtualization
and can run our code
Control Characteristics :
What is Functions service?
Can allow running Code only
Serverless option . Not provisioning any hardware
A low-cost solution
What is a Hypervisor?
The hypervisor is a hardware virtualization technique that allows multiple deployed O.S to run on single host at the same time.
What is a Container?
The container is a bundle of app + dependencies
app + dependencies + kernel / OS is a VM container with apps
App + binaries & Libraires + Guest OS
App + binaries & Libraires .This can be run anywhere
What is Oracle Kubernetes Engine?
Kubernetes is an open-source system for automating deployment, scaling and management of containerized applications.
OKE is a fully managed scalable and highly available service that you can use to Deploy your containerized applications in OCI.
Which OCI service is best suited for serverless Apps?
What is Block Storage Object storage and File storage?
Storage connected to network
Any data any type
can have any type of storage
modular unit, self contained repository
Network area storage
organized as an array of unrelated blocks
Given Object Storage and File Storage For which storage do you need to attach a compute instance?
File storage. for object storage you do not need compute instance.
Looking for Oracle Cloud Infrastructure Training? Check out Best OCI Trainings
To know more on reference architecture refer oracle documentation
If you also work on integrations do checkout OIC interview questions