Application Deployment and Security Flashcards
Describe Deployment Environment
The development environment is where you do your coding, and in most cases it bears only a passing resemblance to the final environment — typically just enough for you to deal with fundamental aspects of your infrastructure, such as containers or cloud networking. You’ll likely use an IDE or other tool to make deployment easier.
Describe testing environment
An environment for testing the code with mock resources
Describe Staging environment
The stage where it should resemble the production environment
Describe Production environment
where end users interact with it. At this point it’s been tested multiple times, and should be error free. The production environment itself must be sized and constructed to handle expected traffic, including surges that might come seasonally or with a particular event.
Describe the Bare metal deployment model
Installing software directly onto the target computer
Describe the Virtual Machine Deployment model
Virtual computers within your computer where the host is the physical computer
Describe what a hypervisor is
software that creates and manages VMS
Describe container based infrastructure
a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another
Describe Serverless Computing deployment model
a cloud computing execution model in which the cloud provider allocates machine resources on demand, taking care of the servers on behalf of their customers
Describe On-premise infrastructure
any system thats literally within the confines of your building
Describe Private cloud
a system that provides self-service provisioning for compute resources, networking, and storage.
What does the cloud provide
self-service access to computing resources, such as virtual machines, containers, and even bare metal, which means that users can log into a dashboard or use the command line to spin up new resources themselves, rather than waiting for IT to resolve a ticket
What is the cloud referred to as
IaaS
Describe a Public Cloud
Cloud Infrastructure that is managed by a public cloud provider
Describe hybrid cloud
is the combination of two different types of clouds. Typically, hybrid cloud is used to bridge private cloud and public cloud within a single application.
What are some advantages of hybrid cloud
You can use the private aspect for security and the public for more resources
Describe edge cloud
the computational processing of sensor data away from the centralized nodes and close to the logical edge of the network, toward individual sources of data.
What is Docker
a format that wraps a number of different technologies to create what we know today as containers.
What is a namespace in Docker
isolate different parts of the running container. For example, the process itself is isolated in the pid (process ID) namespace, the filesystem is isolated in the mnt (mount) namespace, and networking is isolated in the net namespace.
What is a control group in Docker
cgroups, are a standard linux concept that enables the system to limit the resources, such as RAM or storage, used by an application.
What is a Union File System in Docker
UnionFS, are file systems that are built layer by layer, combining resources.
What are the steps for creating a container
Either create a new image using docker build or pull a copy of an existing image from a registry using docker pull. (Depending on the circumstances, this step is optional. See step 3.)
Run a container based on the image using docker run or docker container create.
The Docker daemon checks to see if it has a local copy of the image. If it does not, it pulls the image from the registry.
The Docker daemon creates a container based on the image and, if docker run was used, logs into it and executes the requested command.
In order to create a container-based deployment what do you need
Dockerfile
What is a Docker file
a text document that contains all the commands a user could call on the command line to assemble an image
Describe Continous integration
continually merge your changes with the main branch of the existing application so that any given change set is small and the potential for problems is low
Describe Continuous Delivery
the process of performing development in sprints that are short enough that the code is always in a deployable state.
Describe rolling upgrade
changes are periodically rolled out in such a way that they don’t impact current users; nobody should have to “reinstall” the software.
Describe Canary pipeline
the new version is rolled out to a subset of users (or servers, depending on the architecture). If these users experience problems, the changes can be easily rolled back. If these users don’t experience problems, the changes are rolled out to the rest of production.
Describe Blue-green deployment
an entirely new environment is created with the new code on it, but the old environment is held in reserve. If users on the new environment experience problems, traffic can be diverted back to the original environment. If there are no problems within a specific amount of time, the new environment becomes the production environment and the old one is retired to be used for the next change.
Describe a Load balancer
it takes requests and “balances” them by spreading them out among multiple servers. For example, if you have 10 servers hosting your web application, requests will come first to the load balancer, which will then parcel them out among those 10 hosts.
Describe Persistent sessions
a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session,
Describe Round robin Load balancing
the server simply sends each request to the “next” server on the list.
Describe Least connection Load balancing
Sends requests to the server that is the least busy
Describe IP hash
The load balancer makes a decision based on a hash
Describe the Blue-green deployment
Sends traffic to the blue environment if it is busy sends it to the green evironment
Describe canary deployment
starts by diverting a small fraction of your traffic to the blue environment. A load balancer can then increase the amount of traffic diverted to the blue environment until either issues are detected and traffic goes back to the old environment or all servers and users are on the new environment, and the old one is retired or used for the next push.
What is a Reverse Proxy
make sure responses look like they all come from the same server
What is data at rest
data being stored
what is data in flight or in motion
data being transferred from one server to another
Describe Two-way encryption
encrypt the data using a key, and then you can use that key (or a variation on it) to decrypt the data to get it back in “clear text.” You would use this for information you would need to access in its original form, such as medical records or social security numbers.
Describe One way encryption
an encrypted value without necessarily using a specific key, but you can’t unencrypt it. You would use that for information you don’t need to retrieve, just need to compare, such as passwords. For example, let’s say you have a user, bob, who has a password of munich. You could store the data as:
What is TLS (Transport Layer Security)
provides message authentication and stronger ciphers than its predecessor. Whenever possible you should be using TLS.
What is SQL injection
used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
What does SQL injection allow someone to do
allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
What are SQLmap and SQLninja an example of
Detection engines