12.2 Cloud System Management

Question 1

_________, ________, and ________are new technologies that provide powerful solutions to some of the most difficult problems of infrastructure management.

Answer 1

Containers, infrastructure as code (IaC), and provisioners are new technologies that provide powerful solutions to some of the most difficult problems of infrastructure management.

Question 2

_______ can be thought of as “lightweight VMs.”

Answer 2

Containers can be thought of as “lightweight VMs.”

Question 3

_______ are tools that automatically configure VMs or containers for you

Answer 3

Provisioners are tools that automatically configure VMs or containers for you

Question 4

Instead of manually logging into a machine and issuing commands like apt get, or editing configuration files
yourself, you can use a ______ to do this automatically.

Answer 4

provisioner

Instead of manually logging into a machine and issuing commands like apt get, or editing configuration files
yourself, you can use a provisioner to do this automatically.

Question 5

____________ is the idea that the configurations for all of the VMs, containers, and networks in your deployment should be defined in text files, which you can use with provisioners to automatically recreate machines and networks whenever necessary.

Answer 5

Infrastructure as code (IaC) is the idea that the configurations for all of the VMs, containers, and networks in your deployment should be defined in text files, which you can use with provisioners to automatically recreate machines and networks whenever necessary.

Question 6

What is the primary benefit to IaC?

Answer 6

The primary benefit to IaC is that everyone can see exactly how the network is configured by reading text files. These can be easily version controlled with tools like Git, Apple Time Machine, or Microsoft OneDrive.

Question 7

________________________ is the concept of automatically updating machines on the network whenever your IaC files change.

Answer 7

Continuous Integration/ Continuous Deployment (CI/CD) is the concept of automatically updating machines on the network whenever your IaC files change.

Question 8

What is the difference between secure configuration and secure architecture

Answer 8

SC is setting secure “rules” for individual machines and networks. Secure architecture is connecting these
individual machines and networks in safe ways.

SA can effectively mitigate the fallout of a breach.
But, the machines deployed according to that architecture must be securely configured in order for the architecture to fully deliver its security guarantees.

Question 9

Important cloud security concepts include ________ and _______.

Answer 9

Important cloud security concepts include fault tolerance and redundancy.

Question 10

True or False:

A fault tolerant system cannot keep running even if one or more components within the system fail.

Answer 10

False

A fault tolerant system can keep running even if one or more components within the system fail.

Question 11

Network Redundancy

If one system or component is lost or compromised, a redundant system or component can step in and keep the system going.

Answer 11

If one system or component is lost or compromised, a redundant system or component can step in and keep the system going.

Question 12

When making decisions about network architecture, we should always consider the amount of _______ needed versus the amount of ________.

Answer 12

When making decisions about network architecture, we should always consider the amount of redundancy needed versus the amount of budget available.

Question 13

Placing a gateway router between VMs on a network forces all traffic through a single node. Securing and monitoring this single node is called ______.

Answer 13

Placing a gateway router between VMs on a network forces all traffic through a single node. Securing and monitoring this single node is called fanning in.

By focusing on the interactions between the routers instead of all of the machines, we only have to worry
about a few connections between a few machines, rather than connections between all machines.

Question 14

Using a jump box, which is essentially identical to a gateway router, what are some other steps you should take to harden the system? (7)

Answer 14

1. Limiting the number of machines that our jump box can access.
2. Locking the root account and limiting sudo access of the admin account on the jump box.
3. Implementing log monitoring on the jump box.
4. Implementing two-factor authentication for SSH login to the jump box.
5. Implementing a host firewall (UFW or IPtables) on the jump box.
6. Limiting jump box network access with a virtual private network (VPN).

Question 15

What is a LAMP server?

Answer 15

Linux

A web server like Apache

A database like MYSQL

A back-end codebase like PHP

Question 16

You can use VMs to configure a single LAMP server by:(3)

Answer 16

Setting up a VM as a LAMP server.

Capturing an image of this VM.

Duplicating this image whenever a new LAMP server is needed.

Question 17

What does a heavy VM mean?

Answer 17

Takes a long time to download and deploy.

Additionally, if you clone an entire VM, most of the VM is “wasted space.”

Only a few files on the entire disk are actually relevant to running the LAMP server.

The rest are just operating system files.

Question 18

True or False:

Containers are essentially lightweight VMs. These act as VMs but are smaller and use fewer resources they have in common with other containers.

Answer 18

True

Question 19

What are the benefits of containers?(5)

Answer 19

Lightweight - don’t need to virtualize all computer hardware and don’t need to run their own OS.

Share resources - Containers intelligently share OS resources while remaining isolated, allowing each one to focus exclusively on its own state.

Specialized - Containers only run the software components that they need to complete their task. Containers only do one thing.

Easily duplicated - A copy or image of a container can be easily downloaded and shared from computer to computer.

Prevalent and redundant - Containers are widely used in today’s web architecture.

Question 20

True or False:

Using containers instead of VMs to run a LAMP server will immediately result in massive cost and operational savings. But, they still have to maintain their own data.

Answer 20

True

Question 21

What is the diffrence between sateful and stateless container?

Answer 21

A stateless process or application can be understood in isolation. An example of a stateless transaction would be doing a search online to answer a question you’ve thought of. You type your question into a search engine and hit enter. If your transaction is interrupted or closed accidentally, you just start a new one. Think of stateless transactions as a vending machine: a single request and a response.

Stateful applications and processes, however, are those that can be returned to again and again, like online banking or email. They’re performed with the context of previous transactions and the current transaction may be affected by what happened during previous transactions. For these reasons, stateful apps use the same servers each time they process a request from a user.

Question 22

Creating more containers to handle additional load is called ________. This is different from ________, where we simply make an existing machine more powerful by adding more RAM or CPU.

Answer 22

Creating more containers to handle additional load is called horizontal scaling. This is different from vertical scaling, where we simply make an existing machine more powerful by adding more RAM or CPU.

Question 23

True or False:

Horizontal scaling is vastly preferable to and more flexible than vertical scaling.

Answer 23

True

Question 24

What is the most common used program used to manage containers?

Answer 24

docker

Question 25

While downloading a container with Git adds a whole layer of indirection, it also eliminates _____ and ______.

Answer 25

While downloading a container with Git adds a whole layer of indirection, it also eliminates platform and version issues.

Question 26

What is Ansible?

Answer 26

A provesioning tool to ensure our proveisioning scripts run identically everywhere.

Question 27

_______ is the concept of defining all of our equipment and network with code. When using virtual machines and containers, almost every server, database, workstation, and other component in your infrastructure can be individually defined with code.

Answer 27

Infrastructure as code (IaC)

Question 28

IaC is important for keeping track of ___________. When we create code that contains the configuration of a server, that code can be version controlled and easily audited.

Answer 28

the changes we’ve made

Question 29

A provisioner is a software application used in IaC setups used to ________________.

Answer 29

A provisioner is a software application used in IaC setups used to make automated configuration changes to computers.

Question 30

True or Flse:

Answer 30

Provisioners focus on bringing a server to a certain state of operation.

Question 31

Changes made by a provisioner are created using text files, usually written in _____ or _____.

Answer 31

Changes made by a provisioner are created using text files, usually written in YAML or JSON.

Question 32

What are some common provisioners?

Answer 32

Common provisioners include Ansible, Puppet, and Chef.