2.2 - Summarize virtualization and cloud computing concepts. Flashcards
IaaS (Infrastructure as a service)
-AKA HaaS (Hardware as a Service)
->Outsource ur equipment
-ur still responsible 4 the mgmt + sec
-ur data is out there, but more within ur ctrl
-Web server providers
-AWS, MS Azure, Google Cloud Platform (GCP)
-allows customers to purchase + interact wth basic building blocks of a tech infra
->include: computing, storage, nets
-customers
->have flexibility to config + manage those services to meet own business needs
->doesn’t have to worry about the mgmt of underlying hardware BUT have the ability to customize components
-provider
->has to implement sec ctrls that prevent customers from eavesdropping on each other or interfering wth each others use of the infra environ
PaaS (Platform as a service)
-No servers, no software, no maintenance team, no HVAC
->Someone else handles the platform
->u handle the development
-u don’t have direct control of;
->data, people, or infrastructure
->trained sec professionals r
watching ur stuff -> Choose carefully
Put the building blocks together
– Develop ur app from what’s
available on the platform (salesforce)
-builds + manages infra + offers execution environ
-execution environ may include;
->code libraries, services, tools that facilitate code execution
SaaS (Software as a service)
-on demand software
-no local installation
-central mgmt of data + apps
-complete app offering (no development work required)
-provider
->responsible 4 everything from op of data center to performance mgmt of the app
-customer
->only responsible 4 limited config of the app itself/selection of what data to use wth it/access ctrls to limit access to that idea
XaaS (Anything as a service)
-broad description of all cloud models
->Use any combination of the cloud
-Services delivered over the Internet
->Not locally hosted or managed
-Flexible consumption model
->No large upfront costs or ongoing licensing
-IT becomes more of an operating model
->And less of a cost-center model
->Any IT function can be changed into a service
-X indicates nature of specific service (SaaS, IaaS, etc)
Public (cloud models)
Community (cloud models)
Private (cloud models)
Hybrid (cloud models)
Cloud service providers
Managed service provider (MSP)/ managed security service provider (MSSP)
On-premises vs. off-premises
Fog computing
Fog
->A cloud that’s close to your data
->Cloud + Internet of Things - Fog computing
-A distributed cloud architecture
->Extends the cloud
-Distribute the data and processing
->Immediate data stays local -> No latency
->Local decisions made from local data
->No bandwidth requirements
->Private data never leaves -> Minimizes security concerns
-Long-term analysis can occur in the cloud - Internet
only when required
Edge computing
-Process application data on an edge server
-Close to the user
-Often process data on the device itself
->No latency, no network requirement
->increased speed and performance
->Process where the data is
Thin client
Containers
Microservices/API
Software-defined networking (SDN)
Software-defined visibility (SDV)
Serverless architecture
Services integration
Resource policies
Transit gateway
Virtual machine (VM) sprawl avoidance
-It becomes almost too easy to build instances -> can get out of hand quickly (VMs sprawled everywhere)
-ur not sure which VMs r related to which apps
-becomes difficult to deprovision
-when IaaS usrs create virtual service instances -> forget/abandon them -> accrue costs + sec issues over time
Prevention
-Formal process
-detailed documentation
->should have info on every virtual object
VM escape protection
-VM = self contained
-escape is when break out of the VM + interact wth host OS/hardware
-Once u escape the VM, u have great ctrl
->ctrl the host/ctrl other guest VMs
-would be a huge exploit
->Full ctrl of the virtual world
-perp has access to one virtual host then gets access to intrude on resources assigned to a different VM
-hypervisor supposed to prevent this type of access by restricting VMs access to only resources assigned to that machine
->allows process running on the VM to escape hypervisor restrictions
