2.2 - Virtualization and Cloud Computing Concepts Flashcards

1
Q

Iaas

A
  • Infrastructure as a service
  • Outsource your equipment
  • aka Hardware as a service (Haas)
  • Cloud provider will give you a system that has a CPU, storage, networking connectivity
  • You are still responsible for OS on up (effectively be responsible for data security).
  • Ex: you could choose to encrypt data
  • Ex: A webserver provider gives you a server but nothing else, you still have to load the OS and applications and then you pay to have the system running in the cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Saas

A
  • Software as a service
  • Central management of data and applications all in the cloud
  • 3rd party manages software and application
  • On demand software, just have to log in
  • don’t have to maintain etc.
  • No local installation
  • Ex: email, payroll
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Paas

A
  • Platform as a Service
  • middle ground b/n Iaas and Saas
  • Get a platform that you can use to create your own application
  • You’re provided: OS, Infrastructure, some virtualization services (building blocks to write your own custom applications)
  • Usually 3rd party hosted, so they have access to all of your applications, data, and anything that makes up application
  • Think of it like the 3rd party is giving you the tools to create a modular application, you don’t have to build it from scratch
  • Advantages: Speeds up development and allows customization to your needs
  • Ex: SalesForce.com
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Xaas

A
  • Anything as a Service
  • Broad description of all cloud models
  • Any type of service provided over the cloud
  • Usually describes a set of services on a public cloud
  • Often describes a flexible consumption (pricing) model, pay for what you’re using instead of a large up front fee or ongoing licenses
  • Anything you’re doing in house, you could potentially outsource
  • Ex: IT becomes more of an operating model and less of a cost-center model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

On Premise model

A
  • You’re in charge of:
    1. Networking
    2. Storage
    3. Servers
    4. Virtualization
    5. OS
    6. Middleware
    7. Runtime
    8. Data
    9. Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Iaas model

A
  • Cloud provider in charge of:
    1. Networking
    2. Storage
    3. Servers
    4. Virtualization
  • You’re in charge of:
    5. OS
    6. Middleware
    7. Runtime
    8. Data
    9. Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Paas model

A
  • Cloud provider in charge of:
    1. Networking
    2. Storage
    3. Servers
    4. Virtualization
    5. OS
    6. Middleware
    7. Runtime
  • You’re in charge of:
    8. Data
    9. Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Saas model

A
  • Cloud provider in charge of:
    1. Networking
    2. Storage
    3. Servers
    4. Virtualization
    5. OS
    6. Middleware
    7. Runtime
    8. Data
    9. Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cloud billing

A
  • Can be a flat fee
  • Can be based on use (more data, more cost)
  • Still need staff to manage cloud, may be a dev team, prob have operational support
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MSP

A
  • Managed Service Provider
  • Handle many aspects of technology for clients
  • May also be a cloud service provider (but not all cloud service providers are MSPs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MSP Support

A
  • Role of the MSP
  • Network connectivity management
  • backups and disaster recovery
  • Growth management and planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MSSP

A
  • Managed Security Service Provider
  • Niche of MSP
  • Focus on IT Security
  • Ex: Firewall management
  • Ex: Patch management, security audits
  • Ex: Emergency response
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

On premise cloud

A
  • Your applications are on local hardware
  • Your servers are in your data center in your building
  • “on prem”
  • Everything located in our building (ex: HVAC, servers etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Off-premise cloud

A
  • Your servers are not in your building
  • They may not even be running your hardware
  • Usually a specialized computing environment
  • Usually has lots of redundancy built in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Public Cloud

A
  • Available to anyone over the internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Community model

A
  • Several organizations that share the same goal might pool resources and share to create their own cloud services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Private Cloud

A
  • Internal, in own data center

- Only you have access to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Hybrid

A
  • mix of public and private
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cloud Computing

A
  • Instantly available computing power
  • Massive data storage capacity
  • Fast implementation
  • Changed the costs involved in deployment
20
Q

Disadvantages of Cloud computing

A
  • Latency (if the cloud is far away)
  • Limited bandwidth
  • Difficult to protect data
  • Requires Internet/network connectivity
21
Q

Edge Computing

A
  • Over 30 B IoT devices on the internet
  • Devices with very specific functions
  • When process application data on an edge server
  • Close to the user
  • Don’t have to go to the internet (don’t have to worry about latency, connectivity)
  • Speed should be at the local speed of network
  • All collecting data on your network (that feed into decisions)
  • Ex: Climate control, garage door opener.
22
Q

Fog

A
  • A distributed cloud architecture
  • Extends the cloud
  • A cloud that close to your data
  • Cloud + IoT
  • Might want to take some data into the cloud and leave some locally
  • This means we can keep sensitive data on local network and only send non sensitive into the Fog
23
Q

Diagram of Fog

A
  1. Cloud / Data Centers
  2. Fog/ Nodes (ex: Realtime data processing, data caching). Could gather other car user’s info to aggregate for example. Data can move from Fog into the Cloud.
  3. IoT - cars, power lines, wind turbines
    - This set up allows for an efficient cloud computing experience.
24
Q

Designing the Cloud

A
  • On- demand computing power
  • Elasticity - Scale up or down as needed
  • Applications also scale, access from anywhere
  • Planning is key
25
Q

Thin Client

A
  • Instead of a full blown computer
  • Local device allows you to connect a keyboard, mouse, screen which then connects to desktop in the cloud (so it doesn’t need a lot of cpu or memory)
  • Has just enough computing power to connect to a desktop in the Cloud
  • This has a big network requirement since everything happens across the wire
  • aka VDI (Virtual Desktop Infrastructure
  • aka Daas (Desktop as a Service)
26
Q

Virtualization

A
  • Allows us to run many different OS on the same device
    1. Infrastructure
    2. Hypervisor (Management OS that allows all the OS that sit on top of it)
    3. Individual Guest OS / Virtual Machines
  • In this configuration, virtualization is ‘expensive’ b/c it has to run each guest operating system
  • solution: containerization
27
Q

Containerization

A
  • Contains everything you need to run an application
  • Code and dependencies
  • Standardized unit of software
    1. infrastructure
    2. Host Operating System
    3. Docker
    4. Individual apps sit on top of it (Apps in individual contains, apps can’t see other containers). They are moveable to create additional instances
  • Container software like docker. So don’t need separate guest OS.
  • Relatively light way to deploy, uses the host kernel
28
Q

Virtualized vs Container

A
  • Virtualized: Individual Guest OS (relatively expensive)

- Containerized: 1 container software and individual apps

29
Q

Microservices

A
  • Microservices uses APIs
  • Takes individual pieces of application and breaks them out into individual services
  • Usually an API gateway that manages the pathway b/n the client and the microservices
  • If need to add a new feature, just need to add a new microservice
  • Can just scale the microservices that you need
  • Resilient - outages are contained (entire app doesn’t fail)
  • Allows much tighter data security controls
30
Q

Monolithic Architecture

A
  • One large application that does everything (b/n the DB and the client)
  • Contains all the decision making processes (user interface, business logic, data input / output)
  • Creates additional complexity, code challenges (esp if need to update only one part of it)
  • Not very efficient
  • Opposite of microservices
31
Q

Serverless Architecture

A
  • Allows you to take the OS out of the picture
  • Preform individual task based on the functions that are called by the application
  • Faas
32
Q

Faas

A
  • Function as a Service
  • Applications are separated into individual, autonomous functions
  • Developer still creates the server-side logic
  • runs in a stateless compute container
  • Often run by a third party
  • Allows us to have compute container only as needed (built and torn down as people are using the server)
  • Can be event triggered and ephemeral (could only run for one event)
33
Q

Stateless Compute Container

A
  • Processors that are designed to respond to our API requests
  • part of Faas
34
Q

VPC

A
  • Virtual Private Cloud
  • a pool of resources created in a public cloud
  • As you build more apps, might build more VPCs to contain them, effectively creating different clouds for each app
  • Challenge - getting all of users (wherever they may be) to access each instance that could be running in any cloud
  • Provide access through Transit Gateway
35
Q

Transit Gateway

A
  • “Router in the cloud”
  • Connect VPCs with a transit gateway and users to VPCs
  • Provides us with connectivity we need to connect all users
36
Q

Resource Policies

A
  • Assigning permissions to cloud resources
  • Not very easy, everything is in constant motion
  • In Azure, you can configure which resources can be provisioned by users and in what region
  • In Amazon, you can specify the resource and what actions can be taken in an IP range
  • In Amazon, you can specify a list of users who can access a resource
37
Q

SIAM

A
  • Service Integration and Management
  • Could have different types of clouds in use (amazon, azure, rack space)
  • Use SIAM to manage this
  • Multisourcing creates the need for SIAM
  • All clouds work differently (ex: deploying, monitoring)
  • SIAM allows you to bring all these into a single view and provides a signal business facing IT org
38
Q

Multisourcing

A
  • Part of SIAM

- Deploying applications to multiple providers (Amazon, azure, etc..)

39
Q

Infrastructure as Code

A
  • Describe the infrastructure in code
  • Define servers, network, and applications as code
  • Modify the infrastructure and create versions (same way you version application code)
  • Ex:
    all:
    hosts:
    mail.example.com:
    children:
    webservers:
    hosts:
    foo.example.com:
    bar.example.com:
    dbservers:
    hosts:
    one.example.com:
    two.example.com:
  • can then reuse the code (description) to build other application instances, which will be identical
  • important concept for cloud computing (build a perfect version each time!)
40
Q

SDN

A
  • Software Defined Networking
  • Networking devices have two functional planes of operation: control plane and date plane
  • Control plane - handles management, config of device
  • Data plane handles the actual operation
  • Ex: Router, control plane, allows you to configure and set up router, and data plane which performs the actual router forwarding
  • Allows you to configure device without affecting what happens when forwarding
  • It’s agile, important for cloud computing
  • Centrally managed (“single pane of glass”)
  • Programmatically configured, no human intervention
  • Open standards / vendor neutral
41
Q

SDN Security

A
  • Ex: you have multiple webservers you want to talk to each other and go to a load balancer which can access the internet and you wan to protect your data
  • You could install an SDN (Software Defined Networking software) as an internal firewall for the webservers and another one b/n the load balancer and the internet
  • all software based
42
Q

SDV

A
  • Software Defined Visibility
  • Need to monitor traffic to secure the data
  • allows us to install and monitor next gen firewalls, web app firewalls, SIEM (Security Information and Event Management)
  • Data is encapsulated and encrypted - VXLAN (Virtual Extensible LAN) and SSL / TLS
  • has to understand new technologies
  • picture a lot of graphs and charts that allow us to monitor traffic
43
Q

VXLAN

A
  • Virtual Extensible LAN
44
Q

VM sprawl Avoidance

A
  • Deploying instances in cloud is easily
  • Need to consider recovering instances
  • Need to deprovision when no longer needed.
  • Don’t want to get to a point where you don’t know which VMS are related to which applications (really difficult to deprovision)
  • Need a formal process for provisioning and deprovisioning
  • Should be able to track every virtual object from creation to deprovisioning
45
Q

VM Escape Protection

A
  • Virtual machine is self-contained
  • Attack type allows someone on a VM to gain access to another VM
  • Significant exploit b/c VMs should not share access
  • rare (one example Pwn2Own competition)