Chapter 3 Flashcards
Infrastructure as a Service (IaaS)
A cloud computing service model that provides computing resources on demand, such as storage, servers, networking, and virtualization.
Platform as a Service (Paas)
A cloud computing model that provides a complete environment for developers to build, test, deploy, and manage applications. PaaS allows developers to focus on their code without having to worry about the underlying infrastructure, such as servers, storage, and networking.
Software as a Service (SaaS)
A cloud-based software delivery model that allows users to access software through the internet on a subscription basis
Hybrid Cloud
Using more than one cloud provider. Adds additional flexibility but also adds complexity to the system. Most cloud provider systems do not talk to each other directly, so manual configuration of things like authentication, Firewalls, and server settings may be needed. Cloud providers use different security monitoring systems, as well as different logging terminology.
Data Leakage
Data stored in the cloud often needs to traverse the public internet which exposes it to attackers
Infrastructure as Code
Code architecture exists that allows you to define a cloud infrastructure such as servers, network, and applications. This allows you to reduce the human error that can occur manually creating the infrastructure. Also allows you to modify and create versions of the infrastructure.
Function as a Service (FaaS)
Applications can be separated into individual autonomous functions. Each function performs a small part of the application. These functions are commonly event triggered, and can be built in real time as the event is triggered.
Monolithic Applications
One big application that does everything you need. This is the traditional way of writing applications. One single executable is handling all user interface, logic, and data input and output. This makes the application take up a lot of storage space and have a large codebase.
Application Programming Interface (API)
Allows programs to access code written elsewhere.
Microservice
Uses APIs to create multiple smaller programs that handle discrete parts of an application. If one of the microservices goes down the rest will continue to work.
Air Gap
Physically separating devices. If one device is compromised it wont compromise the other.
Virtual Local Area Networks (VLANs)
A logical segmentation that allows the segmentation of data on the same device.
Software Defined Networking (SDN)
Splitting functions into separate logical units to extend the functionality and management of a single device. Separates the control functions from the forwarding functions. 3 layers of SDN architecture: Infrastructure Layer, Control layer, Application layer.
Infrastructure Layer
Data plane. Process the network frames and packets. Forwarding, trunking encrypting, NAT.
Control Layer
Manages the actions of the infrastructure layer. Routing tables, session tables, NAT tables. Dynamic routing protocol updates
Application Layer
Management Plane. Configures and manages the device. SSH, browser, API
Advantages of Cloud based Infrastructure
Security is centralized and costs less. No on site hardware or data center to secure. A third party handles everything.
Virtualization
Allows you to run many different operating systems on the same hardware. Each application instance has its own operating system, which adds overhead and complexity.
Containerization
A segmentation that contains everything you need to run an application, including code and dependencies. A standardized unit of software.
Container
An isolated process that is a self contained system. Apps can’t interact with each other.
Container image
A standard for portability. Lightweight and uses the host kernel. Secure separation between applications
Internet of things (IOT)
Devices that are integrated into your network. Smart devices, sensors, wearable tech. Convenient but often not very secure.
Supervisory Control and Data Acquisition System (SCADA)
Used to monitor the status of large scale industrial equipment. Requires extensive segmentation, no access from the outside. Many SCADA systems are incredibly secure.
Industrial Control Systems (ICS)
used to network together large pieces of machinery.