Canadian PR

As an Indian working in US on L1 visa, constant worrying about change (no change) to H1 visa because of lottery has been lingering pain.

So we tried for Canadian PR as an alternate way of giving ourselves some comfort without the constant thought about immigration as a solid backup option.

The steps to follow are pretty elaborate and we can get it in 6-7 months usually with good background work.

Background work:

  1. Applying for police certificates for all countries where you and your spouse lived for more than 6 months since you turned 18. FBI process was the long pole taking 3-4 months until recently when they changed the process to be a week or 10 days.
  2. Prepare for IELTS exam and book a date in advance. The exams are held only twice or thrice a month and the slots get filled quickly.
  3. Applying for educational credential evaluation from the certified evaluator (authorized by CIC Canada). I had my graduation from Anna University, Chennai. I got the transcripts mailed to the evaluator directly by using the site – https://annauniv.itranscripts.in
  4. This was a 2-3 week effort to get it to them and they evaluate and reply usually in a month.
  5. Make sure the passports have atleast 1 year validity.. If not, renew them now to save a lot of trouble later.

Considerations:

  1. Monitor the site cicnews site. Also the forums in canadavisa site. They are really useful and provide lot of upto date information.
  2. Based on your cutoff score and the current score, you can effectively decide when to get into the pool. See if it makes sense to give IELTS again or to learn french to increase your score. Based on what I saw, the frequency of draws were increasing in the mid of the year and thats when the scores needed to qualify for ITA drops.

Process:

The process is to get into the pool and then get ITA (happened usually on wednesdays in 2017). Once we have all the documents ready for submission, the PR process itself doesn’t take that long (3-4 months), if you are lucky. Others went into different checks which delayed the process (usually 6 months – 1 year).

This is a solid backup option for people getting constantly worried about immigration status in the United States. Hoping the best for everyone reading this post!

 

 

 

 

 

 

AWS Solution Architect Associate exam prep

Training path:

  1. Start with Udemy
    1. Author – Ryan Kroonenburg  Course Name – AWS Certified Solutions Architect – Associate 2017
    2. Once you register for the above course, go to the author site – acloud.guru and you get free redemption of udemy course on this site. This is more updated version of the same course.
    3. Author – Chandra Lingam  Course Name – FREE: Practice Test AWS Certified Solutions Architect – Read for networking concepts. Free course.
  2. Create AWS account for free tier and practice all lessons from Ryan’s course.
  3. Go through forums on acloud.guru
  4. Go through jayendrapatil website for notes
  5. Whiz labs – sample tests for practice. You get 8 full question papers to practice. Around $18.

 

Notes:

Components of AWS:

IAM – Identity and Access Management

EC2 – Elastic compute cloud

S3 – Simple storage service

Route 53 – DNS

Domains

VPC – Virtual private cloud

EFS – Elastic file storage

EBS – Elastic block storage

SQS – Simple Queue Service

SES – Simple Email Service

SNS – Simple Notification Service

Lambda

Glacier

Snowball

Cloud Watch

Cloud Formation

Cloud Front

Cloud Trail

Kinesis

API Gateway

Elastic Transcoder

RDS

DynamoDB

Elastic BeanStalk

 

Forum pages from acloud guru that are most helpful for exam prep:

Only 55 questions. Mostly straight forward questions. 

Around 15 questions from AWS  Lambda, API Gateway & DynamoDB – Must Read FAQs.

One VPC Peering question.

One subnet = 1 AZ

EBS volume – encryption –  Server side and client side.

EBS volume to Snapshot (Conversion Encrypted & Unencrypted)

Know the difference between NAT instance & NAT Gateway.

Know the difference between Security group & Network ACL.

Know how to configure federated users login to aws. Active directory

Choosing between Storage classes S3, S3-IA, glazier & RRS

Choosing the right EC2 instance type. DR MC GIFT PX

Choosing between SQS and SWF.

Long polling and short polling SQS

What is elastic cache.

What can you do with WAF ?

Which aws service you will have full control ?

two question from security process : Shared security responsibility and 

underlying hardware and virtual instance. 

2 questions from Kenesis – read Faqs

To attend scenario question. Don’t  need to read the whole question. read and understand only the question given in the last few lines.

take notes.

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-Kq_YAH0c7T_ykNakWfW/passed_aws_csa_a_exam_on_27th>

 

1) S3 – different classes use case (standard, IA for less access, Glacier for deep archive)

2) Combo: EC2, ELB, Autoscale (high availability = multi-AZ) 

3) For Cost optimum EC2 – Spot / Reserved instances (characteristics/charge) 

4) Databases:  Complex relational joints= RDS vs Simple and single digit latency = DynamoDB 

5) If need root access – EC2, EMR, Beanstalk don’t use managed services like RDS

6) VPC – NACL (stateless) vs SG (stateful),  for internet access remember Internet gateway, public/elastic ip, route table to IGW

7) NAT Gateway (AWS managed, easy and scalable) vs NAT instance (manual EC2 instance, MUST disable source/destination check) 

8) 1 subnet can only be 1 AZ –  public subnet (with IGW) vs private subnet 

9) Lambda – set trigger to create function with codes 

10) EBS encryption – how?

11) EBS (persistent) vs Instance Store (ephemeral = stop and gone forever) 

12) IAM (global) – Use IAM roles instead of IAM user when granting permission for security 

13) How to create cross account access 

14) SQS = for decouple task,  when to change the visibility timeout, long polling vs short polling 

15) STS – how to authenticate and give user access

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KrFUf20rkhXS4MZAJn7/passed_the_csa_a_today_-_exam>

 

Some of the questions read out like:

You launched a set of Ubuntu AMIs using Amazon ECS, but their resources don’t appear; why? 

Your security team requires an ECS task to limit the privileges to only required users, how? 

When an EBS snapshot is taken, can the drive be written to or is it read only? 

You have high-priority clients requiring data transformative services via SQS.  How do you architect it so their SQS messages are prioritized to take precedence over default messages. 

When would CORS need to be enabled? 

Which services natively encrypt data at rest? 

Know a little bit about configuring a Windows Instance Using the EC2Config Service. 

Understand what Total Cost of Ownership (TCO) is and how it applies to AWS. 

Understand AWS STS and which security functions it involves 

A question asked when you enable CloudTrail and VPC logs do you need to enable it on for the specific services or on the AWS account as a whole. 

Know a little about spot instance pricing.  A question asked if you bid .22 cents and the market price is .20; you get the instance and can run it for an 90 minutes before the market price jumps up to .25 cents.  How much do you pay for the 90 minutes. 

There was a question about CloudFront distribution where user’s can’t access an S3 bucket in USWest-2; they get a 404 response.  Then they show you some code from the bucket

static1/* -> S3 bucket in USEast-1 

*              ->An ELB in USEast-1 

static2/* ->S3 bucket in USWest-2

You need to interpret it and why the user’s get that message. 

And another question asks how to make two PEERED VPCs (VPC1 and VPC2) have higher availability when VPC 1 only has a private subnet configured and a direct connect to your on-prem environment and VPC2 has only a public subnet and the IGW.

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KqFK1NG2pvEhFL4C2Xd/passed_my_exam_today_%7C_takeawa>

 

You should know about:

Not covered in the course:

  • Options on authenticating using LDAP together with IAM.

From <https://acloud.guru/forums/aws-certified-developer-associate/discussion/-KBkBPMHpN2ITSH1oDTO/passed_with_90%25_-_my_exam_tips>

 

Some extra topics I hadn’t seen here before or weren’t quite covered in enough detail:

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KqTvkfGo3cmjxW0dWU2/exam_notes_from_today>

 

I have seen many post saying exam has been updated and so i was just concern that i have just read the faq of these 3 new services [lambda,api gateway,ecs].

From your question 

Your EC2 instances use an IAM role to access the ECS service.

Your ECS tasks use an IAM role to access services and resources.

is this a answer to your question?

Triggers of lambda

sns,dynamo db, kinesis stream, api gateway , s3, cloudwatch logs,event, iot etc….

Ecs mainly topics i think so is

scheduler

task

ECR

ECS

Blox

Lambda mainly topics

triggers,

integration with api gateway for example as custom authorize

how to scale , troubleshoot

Api gateway mainly topics

requirements

benefits

how to scale , troubleshoot

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KpzNyw9mdtFS4UxLhQl/i_passed_my_csa_exam!!!__a_few>

 

But there were definitely some things that stood out in my mind that weren’t covered or weren’t covered enough.

1. There were at least 3 questions about AWS ECS (EC2 Container Service). I was completely thrown off by these because they weren’t covered at all in the course. Definitely something to pay attention to. The one question that stands out was about if you could add a role to a container instance vs. a container task.

2. Lambda popped up at least 3 times during the exam as well. One question in particular was something to the effect of “Which events will trigger a Lambda?” and I had to pick at least 2 out of the five choices.

3. Stateless architecture and the components that you would need to build them popped up a few times too.

4. SQS! I don’t recall SQS coming up in the course a lot but I do remember coming up on your practice exam a lot. Thank goodness I did the extra research to make sure I knew it well before going into the exam. I definitely think their needs to be more emphasis placed on SQS and decoupling systems because this was definitely a point of reference on the test.

5. Make sure you understand VPC, RDS, EC2 & S3!!!  The big 4 (That’s what I like to call them) were in full effect on the exam and understanding the difference between when to use RDS vs S3 vs DynamoDB was something they made sure I understood.

6. If you need some extra practice test to run through, check out Whizlabs. You get about 7 practice test to work on and those definitely helped a lot in preparing me for the exam. But don’t rely solely on those practice test!!! 

There’s definitely a level of understanding you’re required to have in order to pass this exam! You can’t prepare for everything, so having a solid understanding of the concepts acloud.guru teaches in their courses is paramount in passing the exam since you will have to lean on it more than any type of memorizing you think you will be able to get by with. 

From <https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-KpzNyw9mdtFS4UxLhQl/i_passed_my_csa_exam!!!__a_few>

Securing WL resources

For access to WL JMS queues, even if the cross-domain security is enabled, access to imported destination still requires user to have permission.

Error on navigating to SAF Agents:

Authorization failure.

Stack trace:

#### <> <The JMS SAF forwarder failed to connect to the remote destination "t3://localhost:8001/Queue", because of weblogic.jms.common.JMSSecurityException: Access denied to resource: type=, application=jms_module, destinationType=queue, resource=Queue, action=send
at weblogic.jms.dispatcher.DispatcherAdapter.convertToJMSExceptionAndThrow(DispatcherAdapter.java:110)
at weblogic.jms.dispatcher.DispatcherAdapter.dispatchSyncNoTran(DispatcherAdapter.java:61)
at weblogic.jms.client.JMSProducer.toFEProducer(JMSProducer.java:1293)
at weblogic.jms.client.JMSProducer.deliveryInternal(JMSProducer.java:796)
at weblogic.jms.client.JMSProducer.forwardInternal(JMSProducer.java:523)
at weblogic.jms.client.JMSProducer.forward(JMSProducer.java:1500)
at weblogic.jms.client.WLProducerImpl.forward(WLProducerImpl.java:620)
at weblogic.jms.extensions.JMSForwardHelper.ForwardInternal(JMSForwardHelper.java:219)
at weblogic.jms.extensions.JMSForwardHelper.ForwardFromMessage(JMSForwardHelper.java:168)
at weblogic.jms.forwarder.Forwarder$Subforwarder.forwardInternal(Forwarder.java:893)
at weblogic.jms.forwarder.Forwarder$Subforwarder.forward(Forwarder.java:786)
at weblogic.jms.forwarder.Forwarder$Subforwarder.pushMessages(Forwarder.java:713)
at weblogic.messaging.util.DeliveryList.run(DeliveryList.java:263)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Solution:

Refer to

http://weblogic-wonders.com/weblogic/2011/02/01/securing-weblogic-jms-resources/

Opening multiple weblogic consoles in the same browser

Managing WL consoles in one browser simultaneously can become a nightmare very easily as the WL server constantly logs out one domain on click of another server. This is because of the overlap of the cookie being saved in the client.

This can be changed by assigning a unique name for the Weblogic server.

Steps –
1. Login to the WL console.
2. Navigate to Domain Name –> Configuration –> General tab.
3. Click on Advanced button.
4. Provide a unique name for “Console cookie name” field.
5. Click on Save.
6. Restart the weblogic domain for changes to take effect.

 

Capture

This one time change helps in managing multiple domains better!

Using execute queues in Weblogic server 10.3

Certain applications still use execute queues instead of work manager. By default, the self-tuning thread pool is initialized in weblogic server for the execute queues like below:

<Jun 15, 2012 2:13:10 PM IST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Jun 15, 2012 2:13:10 PM IST> <Info> <WorkManager> <BEA-002902> <Creating execute queue “A”.>
<Jun 15, 2012 2:13:10 PM IST> <Info> <WorkManager> <BEA-002902> <Creating execute queue “B”.>
<Jun 15, 2012 2:13:10 PM IST> <Warning> <WorkManager> <BEA-002918> <Server detected execute queue(s) in self-tuning mode. Execute queues will not be self-tuned. They retain their behaviour from earlier releases. Consider using WorkManagers to take advantage of self-tuning>

 

This can be changed by adding the following property to the config.xml and restarting the WLS server:

 

 <name>A</name>

      <queue-length>65536</queue-length>

      <thread-count>20</thread-count>

      <queue-length-threshold-percent>90</queue-length-threshold-percent>

      <threads-increase>0</threads-increase>

      <threads-maximum>400</threads-maximum>

      <threads-minimum>5</threads-minimum>

    </execute-queue>

    <execute-queue>

      <name>B</name>

      <queue-length>65536</queue-length>

      <thread-count>20</thread-count>

      <queue-length-threshold-percent>90</queue-length-threshold-percent>

      <threads-increase>0</threads-increase>

      <threads-maximum>400</threads-maximum>

      <threads-minimum>5</threads-minimum>

    </execute-queue>

    <use81-style-execute-queues>true</use81-style-execute-queues>

 

Use the above config to retain the execute queue behavior and the these can be monitored from the WLS console

Haproxy setup for my weblogic cluster

Setting up haproxy for weblogic cluster has been very easy and straight-forward. Downloaded the gunzip file from the site: http://haproxy.1wt.eu/

Created a basic config file:

##### begin #####
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096

defaults

log global
mode http
option httplog
option dontlognull
option redispatch
retries 3
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000

listen wlsproxy server:80
mode http
balance roundrobin
stats enable
stats auth weblogic:weblogic1
cookie JSESSIONID prefix
option httpclose
option forwardfor
server wls1 server1:7032 cookie wls1 check
server wls2 server2:7034 cookie wls2 check
##### end #####

The request is getting loadbalanced between server1 and server2 on giving the haproxy server url like http://server/<args&gt; where args belongs to app deployed in server1/server2.

The default user/pass is root/setup. This is overriden in the example with weblogic/weblogic1

Starting the haproxy using the cmd:

nohup ./haproxy -f <config-file>

Remember to start this using root or sudo.

Oracle RAC and Grid References

Here are the quick references to the documentation on Oracle 11g RAC and Grid –

jonathanlewis.wordpress.com

structureddata.org

hoopercharles.wordpress.com

juliandyke.com

orainternals.wordpress.com

10g rac hand book –> gopalakrishnan

ardentperf.com

Metalink notes –

11887361.1

997522.1

972500.1

1058357.1

823587.1

 

 

 

Hello world!

Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.

Here are some suggestions for your first post.

  1. You can find new ideas for what to blog about by reading the Daily Post.
  2. Add PressThis to your browser. It creates a new blog post for you about any interesting  page you read on the web.
  3. Make some changes to this page, and then hit preview on the right. You can always preview any post or edit it before you share it to the world.