Chapter 7: Operations Elements Flashcards
What need Cloud Data Centers to be?
Cloud data centers have to be robust and resilient to all types of threats.
Cloud Data Centers need to be robust and resilient against what types of threats?
Cloud data centers have to be robust and resilient to all types of threats:
- from natural disasters
- hacking attacks
- to underlying infrastructure and utilities failures.
What does designing and building your own data center facility allows you to choose?
Designing and building your own facility allows you to choose:
- location
- services
- design elements
that fit your organizational needs.
When organizations consider buid vs buy decisions for data center space, they will often consider what kind of items?
- Cost of the facility or cost to lease space over time
- if the organization may scale up or down (in terms of size or requirements)
- Whether they can be more efficient in terms of:
- power
- heating and cooling
- staffing over time
in their own facility or one they rent - Whether there are specific security controls or requirements that fit a build or buy model better.
- whether they have the ability or expertise to staff a datacenter
Cloud Service Providers pick data center locations for what kind of reasons?
the availability of inexpensive (or at least lower cost) electricity
- the ability to get high-speed connectivity for the facility
- the likelihood of natural disasters
- likelihood of political stability
- how challenging it will be to provide temperature control inside of the facility
- how close the location is to other data centers they may operate in the area
Data center resilience focuses on a broad range of infrastructure and systems components, including utilities like: … ?
- electrical
- water
- connectivty
- heating and cooling
- Staffing
- elements to handle failures (generators, fuel storage, fire suppression systems
What is a key concern for data center design?
Ensuring that data centers have both reliable and sufficient power is a key concern for data center design.
What 3 critical items at the provider and external infrastructure levels need to be considered?
- Can the data center be connected to multiple grids?
- Are there distinct physical paths for power?
- Is there enough power for the expected load that the data center will create?
What are Uninterruptible power supplies?
Power infrastructure for the data center itself is also important. Uninterruptible power supplies that provide battery-based or flywheel-based power are commonly used in data center designs to cover brief power outages.
What are generators for?
Generators are typically used to provide power during longer outages, and they need to be powerful enough o keep the data center running.
Generators themselves are typically deployed in redundant designs to ensure that a single generator not working doesn’t stop the data center from functioning. Multiple-generator designs also allow generators to be removed from service for maintenance cycles during longer emergencies.
What 5 tasks should be performed to ensure communications redundancy?
- identify their current and likely future bandwidth needs
- Ensure connectivity to their potential data center locations from more than one internet service provider (ISP), a concept the CCSP Outline (Candidate Information Bulletin) calls multi-vendor pathway connectivity
- Ensure that those ISPs do not have shared upstream dependencies
- Assess connectivity paths for environmental dangers and single points of failure
- Design internal systems and networks to support redundant connectivity and resilience.
What are three categories of controls?
- physical
- administrative
- logical/technical.
Data Center: Physical Access to Devices: Entry and Egress should be …?
- controlled
- monitored
- logged
How many Tiers does the Data Center - Uier Classification System have?
- Tier 1
- Tier 2
- Tier 3
- Tier 4
Uptime Institute’s Tier Classification System:
The system describes four tiers from Tier 1 to Tier 4, each with increasing requirements for what kind of thigns?
- maintenance
- power
- cooling
- fault tolerance
What are the requirements for a Tier 1 Data Center?
A Tier 1 data center is the basic infrastructure required to support an organization that wants to conduct IT operations. Tier 1 has the following requirements:
- an uninterruptible power supply (UPS) system for line conditioning and backup purposes
- An area to house IT systems
- Dedicated cooling systems
- A power generator for extended electrical outages
They are also expected to have redundancy for:
- chillers,
- pumps,
- UPS devices,
- and generators
but are likely to have to shut down for maintenance activities.
What are the requirements for a Tier 2 Data Center?
Tier 2 facilities provide more redundancy than Tier 1 facilities, including the following:
- Generators and UPS devices
- Chillers and cooling units
- Pumps
- Fuel tanks and other fuel storage
Unlike Tier 1 facilities, Tier 2 facilities are intended to ensure that critical operations are not interrupted due to planned maintenance.
What are the requirements for a Tier 3 Data Center?
The Tier 3 design is known as a “concurrently maintainable site infrastructure.”
As the name indicates, the facility features both the redundant capacity components of a Tier 2 build and the added benefit of multiple distribution paths where only a sole path is needed to serve critical operations at any given time.
What are the requirements for a Tier 4 Data Center?
Tier 4 data centers are the highest level described by the Uptime Institute.
They have independent and physically isolated systems providing redundancy and resiliency at both the component and distribution path levels, ensuring that events that compromised one system would not take out the redundant system.
Tier 4 data centers are not disrupted if there is a planned or unplanned event, although the Uptime Institute notes that planned maintenance may increase the risk of an outage if the remaining redundant systems are compromised while the maintenance is in progress.
In addition, Tier 4 data centers are designed around fault tolerance for components, so a system that fails will not result in a failure of a service.
What are the two elements of data center logical design that you need to be aware of?
- tenant partitioning
- Access Control
What is data center - logical design - tenant partitioning?
The first is tenant partitioning. Commercial data centers and hosting providers often have multiple tenants in the same physical space, requiring methods to partition tenants.
Partitioning may occur at the rack or cage level, where a locked rack or cage is used to separate tenants and provide physical security.
Name 7 virtualization Concepts?
- Distributed resource scheduling
- Dynamic optimization
- Maintenance Mode
- High availablity
- Containerization
- Ephemeral computing
- serverless
What is distributed resource scheduling?
Distributed resource scheduling, which focuses on providing resources to virtual machines to ensure they can meet performance service level requirements. It also allows migrations of systems to other underlying infrastructure during maintenance and includes monitoring and management capabilities.
In short, distributed resource scheduling is the ability to manage resources across a cluster or environment in a way that optimizes reliable and consistent service delivery.
What is Dynamic Optimization?
Dynamic optimization is a term used to describe an optimization process that assesses performance or other factors and takes action to meet desired targets.
Dynamic optimization relies on real-time data and defined goals or objectives to determine configuration and resource changes required to meet those goals.
What is Maintenance Mode?
Maintenance mode in virtualization environments allows hosts to be removed from a cluster in a safe way to allow for system or hardware maintenance.
Maintenance mode transfers running guest operating systems to other nodes in a cluster, then marks the system as being in maintenance mode, allowing needed work to be performed.
Describe High Availability
High availability, or HA, is a major driver in the adoption of both virtualized and cloud-hosted systems and services. As part of that, the availability of guest operating systems is a key feature of virtualization environments.
Explain Containerization
Containerization places an application or service, along with all of the libraries and components it needs, together in a form that can be run on an underlying environment.
Explain Ephemeral computing
Ephemeral computing is a key concept in many environments. It leverages the ability to quickly stand up virtual systems, then to shut them down when they are no longer needed to meet demand.
Explain serverless
Serverless technology replaces constantly running servers with code that runs when needed. Cloud services that provide serverless functionality charge on an as-used basis, allowing for efficient use of resources.
What do you need to do to make sure that your hypervsior has appropriate levels of security?
In order to provide appropriate levels of hypervisor security, you should make sure hypervisors are:
- configured
- updated
- patched
to vendor standards und use industry best practices.
Common elements of this type of effort include:
- restricting use of superuser accounts,
- requiring multifactor authentication
- using logging and alerting capabilities to monitor for improper or malicious use
- designing access to hypervisor and management planes to limit access to authorized users.
In addition, controls like encrypting virtual machines, using secure boot for the underlying hardware, and performing regular audits of configurations and systems are all important.
What is Instance Isolation?
Each virtual machine, whether it is a cloud instance or a VM guest operating system, should be logically isolated from the others with appropriate logical controls.
That means limitations on access to other systems as well as the internet, firewalls or security group-based controls, security at the hypervisor layer to ensure that virtual machines can’t access resources assigned to others, and similar protections.
What is Host Isolation?
All underlying hosts must also be both physically and logically isolated from one another as much as possible.
They will obviously still be connected to the network and so will potentially be able to be connected, so those connections should be minimized and secured as much as possible.
Moreover, network monitoring should be thorough and detailed, such that any host-escape activity would be immediately recognized and a response would result.
Why are most storage devices clustered in groups?
To provide:
- increased performance,
- flexibility
- reliability
What are the two types of clustered storage architecture?
- tightly coupled
- loosely coupled
Storage: What is tightly coupled architecture?
In the tightly coupled architecture, all the storage devices are directly connected to a shared physical backplane, thus connecting all of them directly.
Each component of the cluster is aware of the others and subscribes to the same policies and rulesets.
A tightly coupled cluster is usually confined to more restrictive design parameters, often because the devices might need to be from the same vendor in order to function properly.
Although this may be a limiting factor, a tightly coupled architecture also enhances performances as it scales: the performance of each element is added to the overall performance of the cluster, allowing greater and greater power as it increases in size.
Storage: What is loosely coupled architecture?
A loosely coupled cluster, on the other hand, allows for greater flexibility.
Each node of the cluster is independent of the others, and new mnodes can be added for any purpose or use as needed. They are only logically connected and don’t share the same proximate physical framework, so they are only distantly physically connected through communication media.
Performance does not necessarily scale, however, because the nodes don’t build on one another.
But this might not be an important facet of the storage architecture, since storage commands and performance requirements are fairly simple.
What are the two general ways to create data proteciton in a cloud storage cluster?
- RAID (redundant array of independent disks)
- Data dispersion
Both options provide a level of resiliency - that is, a reasonable amount of assurance that although the physical and/or logical environment might be partially affected by detrimental occurrences (outages, attacks, and so on), the overall bulk of data will not be lost permanently.
What is RAID?
In most RAID configurations, all data is stored across the various disks in a method known as striping. This allows to be recovered in a more efficient manner because if one of the drives fails, the missing data can be filled in by the other drives.
In some RAID schemes, parity bits are added to the raw data to aid in recovery after a drive failure.
