1.8 cloud concepts and connectivity options. Flashcards
Deployment models - Public
A public cloud deployment model refers to cloud computing services provided by third-party providers and made available to the general public over the internet. In this model, resources like servers, storage, and applications are shared among multiple users, though each user’s data and workloads remain isolated and secure. Examples of public cloud providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
For the exam, you should know that public cloud services are highly scalable, flexible, and cost-effective because they operate on a pay-as-you-go model, eliminating the need for upfront capital investment in hardware. Public cloud is ideal for organizations that need rapid scalability, especially for hosting websites, applications, and testing environments. However, since resources are shared, security and compliance are key considerations, as organizations have less control over the infrastructure. Understanding the advantages, limitations, and use cases of public cloud will help you in identifying appropriate cloud solutions for different business needs.
Private Deployment Model
The private cloud deployment model refers to a cloud environment that is dedicated exclusively to a single organization. Unlike public cloud services, the infrastructure in a private cloud is not shared with other users and can be managed either internally by the organization or by a third-party provider. Private clouds can be hosted on-premises or at an off-site data center.
For the exam, you should know that the private cloud offers enhanced control, customization, and security compared to public cloud services, making it ideal for organizations with strict regulatory or security requirements. Although private clouds offer similar scalability and flexibility benefits as public clouds, they typically come with higher costs due to the need for dedicated hardware and management resources. Private clouds are often used by organizations handling sensitive data, such as financial institutions or government agencies. Understanding the key benefits, such as enhanced data control, and trade-offs, like higher costs and maintenance, is crucial for distinguishing between cloud deployment models.
Hybrid Deployment Model
The hybrid cloud deployment model combines both public and private cloud environments, allowing organizations to utilize the benefits of both. In a hybrid model, data and applications can move between public and private clouds depending on specific needs, enabling greater flexibility, scalability, and cost efficiency while maintaining control over sensitive data.
For the exam, you should know that hybrid clouds are ideal for organizations that want to keep critical, sensitive workloads in a private cloud for security or compliance reasons, while leveraging the scalability and cost-effectiveness of the public cloud for less sensitive operations. This model allows for optimized resource allocation, with private cloud ensuring security and public cloud handling high-demand or temporary workloads. Hybrid cloud also supports disaster recovery, where the public cloud can serve as a backup for private cloud data. Understanding the interoperability and integration challenges, as well as the advantages of balancing performance, security, and cost, is key when studying hybrid cloud models.
Community Deployment Model
The community cloud deployment model is a cloud infrastructure that is shared by multiple organizations with common concerns or goals, such as security, compliance, or business objectives. It is typically managed by one of the organizations in the community or by a third-party service provider, and it can be hosted on-premises or externally.
For the exam, you should know that community clouds are used by industries or groups with similar needs, such as healthcare, government agencies, or financial institutions, where they must adhere to specific regulations or data privacy standards. The model allows for cost-sharing and collaboration between organizations, while still offering more security and control compared to the public cloud. However, because resources are shared among several organizations, managing and maintaining the community cloud requires agreed-upon policies and governance. Understanding when a community cloud is appropriate, such as in regulated industries or consortiums, will help you differentiate between cloud models.
Software as a service (SaaS)
Software as a Service (SaaS) is a cloud computing model where applications are delivered over the internet and accessed through a web browser, without requiring installation on local devices. In this model, the cloud provider hosts and manages the software, including updates, maintenance, and security, while users simply interact with the application.
For the exam, you should know that SaaS eliminates the need for organizations to manage the underlying infrastructure, allowing them to focus solely on using the software. It is highly scalable, with a pay-as-you-go or subscription model, making it cost-effective for businesses of all sizes. Common examples of SaaS include platforms like Google Workspace, Microsoft 365, and Salesforce. Understanding SaaS’s benefits—such as ease of use, rapid deployment, and reduced IT management—and its limitations, like reduced control over customization, will help you identify when it’s the best solution for various business needs.
Infrastructure as a service (IaaS)
Infrastructure as a Service (IaaS) is a cloud computing model where virtualized computing resources, such as servers, storage, and networking, are provided over the internet. In IaaS, the cloud provider manages the physical infrastructure, while the customer is responsible for managing the operating systems, applications, and data.
For the exam, you should know that IaaS offers flexibility and scalability, allowing organizations to quickly provision and scale computing resources based on demand. It’s ideal for businesses that want control over their infrastructure without the cost and complexity of managing physical hardware. IaaS is commonly used for hosting websites, running development environments, and supporting disaster recovery plans. Popular IaaS providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Understanding the benefits of IaaS, like reducing capital expenditure and providing flexible infrastructure management, is important for identifying when this model is most suitable.
Platform as a service (PaaS)
Platform as a Service (PaaS) is a cloud computing model that provides a development and deployment environment in the cloud, allowing developers to build, test, and deploy applications without the complexity of managing the underlying infrastructure. PaaS includes everything from hardware and software resources to development tools and middleware, streamlining the entire application development process.
For the exam, you should know that PaaS is ideal for developers who want to focus on coding and application functionality without worrying about server management, storage, or networking. It offers scalability, allowing applications to automatically adjust to user demand, and often includes integrated development tools, databases, and application hosting services. Examples of PaaS include Google App Engine, Microsoft Azure App Service, and Heroku. Understanding the advantages of PaaS, such as rapid development cycles and reduced operational burdens, helps in determining when this model is best for application development and deployment needs.
Desktop as a service (DaaS)
Desktop as a Service (DaaS) is a cloud computing model that delivers virtual desktop environments to end-users over the internet. In this model, the desktop operating system, applications, and data are hosted in the cloud, allowing users to access their desktops from any device with an internet connection.
For the exam, you should know that DaaS provides flexibility and mobility, enabling remote work and reducing the need for physical hardware on-site. It simplifies management for IT departments, as updates, security, and maintenance are handled by the DaaS provider, allowing organizations to focus on their core business functions. DaaS is particularly useful for organizations with a distributed workforce or those looking to quickly provision and manage desktop environments without significant upfront investment. Examples of DaaS providers include Amazon WorkSpaces, Citrix Virtual Apps and Desktops, and Microsoft Windows Virtual Desktop. Understanding the benefits of DaaS, such as cost efficiency, scalability, and enhanced security, is crucial for identifying suitable solutions for virtual desktop needs.
Infrastructure as code - Automation/orchestration
Infrastructure as Code (IaC) is a practice in IT and DevOps that involves managing and provisioning computing infrastructure through machine-readable definition files, rather than through physical hardware configuration or interactive configuration tools. Automation and orchestration are key components of IaC, enabling teams to deploy and manage infrastructure more efficiently.
For the exam, you should know that automation refers to the process of executing tasks automatically using scripts or tools, reducing manual intervention and minimizing the risk of human error. Orchestration, on the other hand, involves coordinating multiple automated tasks to ensure they work together seamlessly. This might include deploying virtual machines, configuring networking, and managing storage in a defined sequence.
IaC tools like Terraform, Ansible, and AWS CloudFormation enable automation and orchestration, allowing teams to define their infrastructure requirements in code, version control it, and deploy it consistently across environments. Understanding the benefits of IaC, such as increased deployment speed, improved consistency, and enhanced collaboration between development and operations teams, is essential for effective infrastructure management in modern IT environments.
Virtual private network (VPN)
A Virtual Private Network (VPN) is a secure connection that allows users to access a private network over the internet as if they were directly connected to that network. VPNs encrypt the data transmitted between the user’s device and the VPN server, ensuring privacy and security, especially when using public Wi-Fi or unsecured networks.
For the exam, you should know that VPNs are commonly used for remote access, allowing employees to securely connect to their organization’s network from offsite locations. They help protect sensitive information from eavesdropping and can also mask the user’s IP address, enhancing anonymity. Various protocols are used to implement VPNs, including PPTP, L2TP, and OpenVPN. Understanding the different types of VPNs—such as remote access VPNs for individual users and site-to-site VPNs for connecting entire networks—will help you grasp how VPNs fit into broader network security strategies.
Private-direct connection
to cloud provider
A private direct connection to a cloud provider refers to a dedicated, secure link established between an organization’s on-premises infrastructure and a cloud service provider’s data center. This connection bypasses the public internet, offering enhanced security, reliability, and performance for data transfers.
For the exam, you should know that such connections are typically implemented using services like AWS Direct Connect, Microsoft Azure ExpressRoute, or Google Cloud Interconnect. These services allow organizations to transfer data to and from the cloud with lower latency and higher bandwidth compared to standard internet connections. This is particularly beneficial for businesses handling sensitive data or running mission-critical applications in the cloud. Understanding the advantages of a private direct connection, such as improved security, consistent performance, and reduced data transfer costs, is essential for making informed decisions about cloud architecture and connectivity strategies.
Multitenancy
Multitenancy is a software architecture principle where a single instance of an application serves multiple tenants or users, with each tenant’s data and configurations kept separate and secure. This approach allows multiple customers to share the same infrastructure and resources while maintaining privacy and data integrity.
For the exam, you should know that multitenancy is commonly used in cloud computing and Software as a Service (SaaS) models, enabling service providers to deliver applications efficiently and cost-effectively. Benefits of multitenancy include reduced operational costs, simplified management, and easier scalability, as updates and maintenance can be performed on a single instance rather than multiple separate ones. However, it also poses challenges, such as ensuring adequate security and performance isolation among tenants. Understanding how multitenancy impacts application design and resource allocation will help you grasp its significance in modern cloud environments.
Elasticity
Elasticity is a key characteristic of cloud computing that refers to the ability of a system to dynamically allocate and deallocate resources in response to varying workloads. It enables organizations to automatically scale their infrastructure up or down based on demand, ensuring optimal performance and cost efficiency.
For the exam, you should know that elasticity allows businesses to handle traffic spikes without experiencing downtime or performance degradation, as resources can be provisioned quickly to meet increased demand. Conversely, during periods of low usage, resources can be scaled back to avoid unnecessary costs. This capability is often associated with cloud services such as Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), where automated scaling features are provided. Understanding the difference between elasticity and scalability—where elasticity refers to automatic resource adjustment and scalability involves manually increasing capacity—will help clarify how organizations can effectively manage their cloud resources.
Scalability
Scalability is the ability of a system, network, or application to handle an increasing amount of workload or to accommodate growth without sacrificing performance. In cloud computing, scalability refers to the capacity to increase or decrease resources, such as processing power, storage, or network bandwidth, based on demand.
For the exam, you should know that there are two main types of scalability: vertical and horizontal. Vertical scalability, or “scaling up,” involves adding more power (CPU, RAM) to an existing server, while horizontal scalability, or “scaling out,” involves adding more servers or instances to distribute the workload. Scalability is crucial for organizations to ensure they can support growth or fluctuating workloads effectively, especially during peak usage times. Understanding the difference between scalability and elasticity is important, as scalability focuses on the overall system’s capacity to grow, while elasticity emphasizes the automatic adjustment of resources in response to demand.
Security implications
Security implications refer to the potential risks and challenges associated with implementing and managing systems, especially in cloud computing and network environments. These implications can arise from various factors, including architecture, access controls, and data management.
For the exam, you should know that security implications can include data breaches, unauthorized access, and compliance issues. In cloud environments, organizations may face risks related to shared resources in multitenant architectures, making it essential to ensure proper isolation and encryption of data. Additionally, the use of APIs and third-party services can introduce vulnerabilities if not adequately secured. It’s also critical to consider identity and access management, as improper user permissions can lead to data exposure or misuse.
Understanding the security implications helps organizations design robust security policies, implement best practices, and choose appropriate security tools to mitigate risks. Familiarity with frameworks like the NIST Cybersecurity Framework or the CIA Triad (Confidentiality, Integrity, Availability) can guide effective security strategies in cloud and network environments.
