2.2 Summarize virtualization and cloud computing concepts.

Question 1

Summarize INFRASTRUCTURE AS A SERVICE(IAAS) in Cloud models

Answer 1

IaaS is sometimes called hardware as a service(HaaS). It is a cloud model where you outsource your equipment. You’re still responsible for the management and for the security. Your data is out there but it is more within your control.

Question 2

Summarize PLATFORM AS A SERVICE(PAAS) in Cloud models

Answer 2

It is a hybrid choice between infrastructure and software as a service. There are no servers, no software, no maintenance team, no HVAC. Someone else handles the platform, you handle the development. You don’t have direct control of the data, people, or infrastructure. There are trained security professionals that are watching your stuff. Make sure you choose carefully. Put the building blocks together by developing your app from what’s available on the platform.

Question 3

Summarize SOFTWARE AS A SERVICE(SAAS) in Cloud models

Answer 3

SaaS is an on-demand software that needs no local installation. You don’t need to manage anything. There is a central management of data and applications so your data is out there. It is a complete application offering. No development work required. An example would be Google Mail.

Question 4

Summarize ANYTHING AS A SERVICE(XAAS) in Cloud models

Answer 4

Anything as a service(XaaS) is a broad description of all cloud models. It can use any combination of the cloud. These can be services delivered directly over the internet. There is a flexible consumption model that has no large upfront costs or ongoing licensing. IT becomes more of an operating model and less of a cost-center model. Any IT function can be changed into a service.

Question 5

Summarize a PUBLIC CLOUD

Answer 5

A public cloud are services available to everyone over the internet.

Question 6

Summarize a COMMUNITY CLOUD

Answer 6

A community cloud is a solution for those who can’t quite afford to have their own services running on their hardware so this cloud solution is comprised of several organizations that share the same resources.

Question 7

Summarize a PRIVATE CLOUD

Answer 7

It is a cloud service that is internal to your datacenter that you only have access to.

Question 8

Summarize a HYBRID CLOUD

Answer 8

A mixture of public and private cloud services.

Question 9

Summarize CLOUD SERVICE PROVIDERS

Answer 9

They are the ones that are providing the cloud services to us. Whether it be SaaS, PaaS, IaaS, etc. These Cloud Service Providers will usually charge a flat fee or based on the amount of usage you need. The more data you need to utilize, the more it will cost. You still manage the processes through internal staff, a developmental team, and an operational support team.

Question 10

Summarize MANAGED SERVICE PROVIDER(MSP)/MANAGED SECURITY SERVICE PROVIDER(MSSP)

Answer 10

MSPs can also be cloud service providers, but not all cloud service providers are MSPs. They provide support with Network connectivity management, backups and disaster recovery, and growth management and planning.

MSSPs are a niche of MSPs that provide firewall management, patch management, security audits, and emergency response plans.

Question 11

Summarize on-premise vs off-premises cloud computing

Answer 11

On-premises refers to your applications being on the local hardware, and servers are in your data center in your building.

Off-premises mean your servers are not in your building. They may not even be running on your hardware. These usually mean a specialized computing environment.

Question 12

Summarize FOG COMPUTING

Answer 12

Fog computing uses a cloud that’s close to your data. It is comprised of the cloud and IoT devices. It is a distributed cloud architecture that extends the cloud. You can have immediate data stays local - no latency. local decisions made from local data - no bandwidth requirements. Private data never leaves and this will minimize security concerns. Long-term analysis can occur in the cloud - internet only when required.

Question 13

Summarize EDGE COMPUTING

Answer 13

It is computing that is done all on the local device that is directly accessed by the user. It will often process data on the device itself. No latency, no network requirement. You are in charge of processing where the data is, instead of it being processed in the cloud.

Question 14

Summarize THIN COMPUTING

Answer 14

It is a device with just enough computing power to allow access to the cloud infrastructure. Applications usually run on a remote server. It is sometimes referred to as a virtual desktop infrastructure(VDI), Desktop as a service(DaaS). It needs minimal operating system on the client with no huge memory or CPU needs. There is the requirement of network connectivity.

Question 15

Summarize CONTAINERS

Answer 15

Containers contain everything you need to run an application. It is code and has dependencies. It is a standardized unit of software. It is an isolated process in the sandbox. Application containers can’t interact with each other. It is lightweight a standard for portability.

Question 16

Summarize MICROSERVICES/API

Answer 16

Microservices break up the monolithic applications and allows for ease of use and many other pros. Microservices often have APIs that work together to act as the application. It is scalable because you can scale the microservices that you need. It is resilient so outages are contained, and security and containment is built in.

Question 17

Summarize INFRASTRUCTURE AS CODE

Answer 17

Infrastructure as code (IaC) means to use preset definition files as opposed to manual configurations to set up servers. IaC prevents accidental vulnerabilities due to flawed server configurations.

Question 18

Summarize SOFTWARE-DEFINED NETWORKING (SDN)

Answer 18

Software-defined networking (SDN) enables centralization of portions of the routing and switching (such as creating and maintaining routing tables), which can then be rapidly pushed to routers and switches that only handle the packets and frames. Current SDN boxes employ security features that can rapidly respond automatically to attacks such as DDoS attacks.

Question 19

Summarize SOFTWARE-DEFINED VISIBILITY(SDV)

Answer 19

By applying software (called APIs in this area) to every (or at least most) devices on the network—including end nodes—any part of the network is now visible to your defensive tools. Any device can detect and respond to an attack. SDV all but removes potential blind spots on your network. Most SDV solutions are proprietary and only seen on larger, more secure networks.

Question 20

Summarize SERVERLESS ARCHITECTURE

Answer 20

Serverless Architecture can also be called a function as a service(FaaS). This means that apps are separated into individual. autonomous functions. It also means you can remove the operating system from the equation. The developer still creates the server-side logic. This means that is runs in a stateless compute container. It may be event triggered and temporary. It is managed by a third-party so all OS security concerns are at the third-party level.

Question 21

Summarize SERVICES INTEGRATION

Answer 21

You need to be able to integrate services easier and allow for cohesion with all these services together. Service Integration and Management(SIAM). There are many different service providers which is the result of multisourcing. Each provider works differently and different tools and processes are needed as well. SIAM is the integration of these diverse providers and help to provide a single business-facing IT organization.

Question 22

Summarize RESOURCE POLICIES

Answer 22

Resource policies means to assign permissions to cloud resources which is not the easiest task and everything is in constant change and motion.

Question 23

Summarize TRANSIT GATEWAY

Answer 23

Users can use a transit gateway to help provide access to virtual private clouds which are a pool of resources created in the public cloud. Think of a transit gateway as a virtual router. In order to make it secure, you need connect to it with a VPN.

Question 24

Summarize VIRTUALIZATION

Answer 24

Virtualization is when many different operating systems on the same hardware. Each application instance has its own operating system. This adds overhead and complexity. It also can be super expensive.

Question 25

Summarize VIRTUAL MACHINE (VM) SPRAWL AVOIDANCE

Answer 25

VM sprawl is the out-of-control creation of VMs outside your security control. VM sprawl is a huge problem without a simple answer other than good monitoring. Network administrators need to implement policies or practices for VM sprawl avoidance.

Question 26

Summarize VM ESCAPE PROTECTION

Answer 26

VM escape takes place when a user inside a VM finds a way to break out (escape) the VM and somehow get into the underlying hypervisor/host operating system. Network security people need to know the problem and implement, as much as possible, VM escape protection. On the good side, VM escape exploits terrify the IT world and, once detected, are very quickly patched. On the downside, there is no anti-VM escape tool.