Cloud and the Datacenter (1.2, 1.7, 1.8 & 2.1) Flashcards
Virtual Network Devices
o Major shift in the way data centers are designed, fielded, and operated ▪ Virtualization is everywhere ● Virtual Servers ● Virtual Routers ● Virtual Firewalls ● Virtual Switches ● Virtual Desktops ● VoIP ● Cloud Computing ● Software-Defined Networking
Virtual Servers
▪ Allows multiple virtual instances to exist on a single physical server Considerable cost savings for an IT budget
▪ Allows for consolidation of physical servers
▪ Multiple NICs increase bandwidth available
Hypervisor
▪ Specialized software that enables virtualization to occur
▪ Hypervisor is the software that emulates the physical hardware
▪ Also called a Virtual Machine Monitor (VMM)
▪ Examples ● VMWare ESXi ● Microsoft Hyper-V ● Virtual Box ● VMWare Workstation
Virtualized Storage Solutions
▪ Network Attached Storage (NAS)
● Disk storage is delivered as a service over TCP/IP
▪ Storage Area Network (SAN)
● Specialized LAN designed for data transfer/storage
● Transfers data at block level with special protocol
● Fibre Channel (FC)
o Special purpose hardware providing 1-16 Gbps
● Fibre Channel over Ethernet (FCoE)
o Removes need for specialized hardware
o Runs over your Ethernet networks
● iSCSI (IP Small Computer System Interface)
o Lower cost, built using Ethernet switches (<10 Gbps)
o Relies on configuration allowing jumbo frames over the network
Infiniband (Virtualized Storage)
▪ Switched fabric topology for high-performance computing
▪ Very high throughput (>600 Gbps) with very low latency (0.5 μsec)
▪ Direct or switched connection between servers and storage systems
Virtual Firewalls and Routers
▪ To fully virtualize your network, you will need a firewall and router
▪ Manufacturer’s offer virtualized versions of their most popular devices
▪ Virtualized routers and firewalls provide the same features as their physical counterparts
Virtual Switches
▪ Overcomes the problem of all virtual servers being on one broadcast domain
▪ Layer 2 control provides VLANs and trunking
▪ Provides Quality of Service and security
Virtual Desktops
▪ User’s desktop computer is run in browser
▪ Used from web, laptop, tablet, or phone
▪ Easier to secure and upgrade for the admins
Software-Defined Networking (SDN)
▪ Provides the administrator with an easy-to-use front end to configure physical and virtual devices throughout the network
▪ All the configurations are automatically done
▪ Provides administrator and overview of the entire network
Voice over IP (VoIP)
o Voice over IP (VoIP)
▪ Digitizes voice traffic so that it can be treated like other data on the network
▪ Uses the SIP (Session Initiation Protocol) to setup, maintain, and tear down calls
▪ VoIP can save a company money and provide enhanced services over a traditional PBX solution
VoIP Topology
User’s desktop computer is run in browser
Virtual Private Branch Exchange (PBX) and VoIP
▪ Ability to outsource your telephone system
▪ Utilizes VoIP to send all data to provider, then provider connects it to telephone system
Cloud Computing
o Cloud Computing
▪ Private Cloud
● Systems and users only have access with other devices inside the same private cloud or system
▪ Public Cloud
● Systems and users interact with devices on public networks, such as the Internet and other clouds
▪ Hybrid Cloud
● Combination of private and public
▪ Community Cloud
● Collaborative effort where infrastructure is shared between several organizations from a specific community with common concerns
Models of Cloud Computing
▪ Network as a Service (NaaS)
▪ Infrastructure as a Service (Iass)
▪ Software as a Service (SaaS)
▪ Platform as a Service (PaaS)
Network as a Service (NaaS)
▪ Allows outsourcing of the of a network to a service provider
▪ Hosted off-site at the service provider’s data center and the customer is billed for usage
▪ Charged by hours, processing power, or bandwidth used like utility services
▪ Amazon’s VPC or Route 53 offerings
Infrastructure as a Service (IaaS)
▪ Allows outsourcing of the infrastructure of the servers or desktops to a service provider
▪ Hosted off-site at the service provider’s data center and the customer is billed for usage
▪ Charged by hours, processing power, or bandwidth used like utility services
▪ Examples
● Amazon Web Services (AWS)
● Microsoft’s Azure
Software as a Service (SaaS)
▪ User interacts with a web-based application
▪ Details of how it works are hidden from users
▪ Examples:
● Google Docs
● Office 365
Platform as a Service (PaaS)
▪ Provides a development platform for companies that are developing applications without the need for infrastructure
▪ Dion Training uses PaaS for our courses
▪ Examples:
▪ Pivotal
● OpenShift
● Apprenda
Desktop as a Service (DaaS)
▪ Provides a desktop environment that is accessible through the Internet in the form of a cloud desktop or virtual desktop environment
● Virtual Desktop Infrastructure (VDI)
Elasticity
▪ Attempts to match the resources allocated with the actual amount of resources needed at any given point in time
▪ Elasticity is focused on meeting the sudden increases and decreases in the workload
Scalability
▪ Handles the growing workload required to maintain good performance and efficiency for a given software or application
● Elasticity
o Short-term addition or subtraction of resources
● Scalability
o Long-term planning and adoption
Vertical Scaling (Scaling Up)
▪ Increasing the power of the existing resources in the working environment
Horizontal Scaling (Scaling Out)
▪ Adding additional resources to help handle the extra load being experienced
● Vertical- Scalability
● Horizontal- Elasticity
▪ Scaling out provides more redundancy and results in less downtime
Multitenancy
▪ Allowing customers to share computing resources in a public or private cloud
● Better storage/access
● Better use of resources
● Lower overall cost
▪ Multitenancy might cause your data to be hosted on the same physical server as another organization’s data
● When an organization crashes a physical server, all of the organizations hosted on that same server are affected
● An organization failing to secure its virtual environments hosted on a shared server poses a security risk for the other organizations hosting on that same server
▪ Set up virtual servers in the cloud with proper failover, redundancy, and elasticity
● Complex passwords
● Strong authentication
● Strong encryption
● Strong policies
Virtual Machine (VM) Escape
▪ Occurs when an attacker breaks out of one of the isolated VMs and begins to directly interact with the underlying hypervisor
▪ Host virtual servers on the same physical server as other VMs in the same network
Infrastructure as Code (IAC)
o Enables managing and provisioning of infrastructure through code instead of through manual processes
▪ Virtual machines
▪ Virtual devices
▪ Scripted automation and orchestration
Orchestration
o Process of arranging or coordinating the installation and configuration of multiple systems
▪ Lower costs
▪ Speed up deployments
▪ Increase security
Snowflake Systems
o Any system that is different from the standard configuration template used within your organization’s IaC architecture
o Keeping things consistent and using carefully-developed and tested scripts
Virtual Private Network (VPN)
Establishes a secure connection between on-premises network, remote offices, client devices, and provider’s global network
● Amazon Web Services- Direct Connect Gateway
● Microsoft Azure- Azure Private Link
Private-Direct Connection
▪ Extends preexisting, on-premise data center into the provider’s network to directly connect to your virtual private cloud network (Overall, Private is superior, but more expensive than a VPN)
Datacenter
▪ Any facility that businesses and other organizations use to organize, process, store, and disseminate large amounts of data
Types
▪ Three-tiered hierarchy ▪ Software-defined networking ▪ Spine and leaf architecture ▪ Traffic flows ▪ On-premise versus hosted datacenters
Benefits
▪ Performance
▪ Management
▪ Scalability
▪ Redundancy
Software-Defined Networking (SDN)
▪ Enables the network to be intelligently and centrally controlled, or programmed, using software applications
▪ Application Layer
● Focuses on the communication resource requests or information about the network as a whole
▪ Control Layer
● Uses the information from the applications and decides how to route a data packet on the network
▪ Infrastructure Layer
● Contains the network devices that receive information about where to move the data and then performs those movements
● Provides a layer of abstraction between the devices and the control and data flow that happen on the network
▪ Management Plane
● Used to monitor traffic conditions and the status of the network
Architectures
▪ Spine and Leaf Architecture
● An alternative type of network architecture that focuses on the communication within the datacenter itself
● Spine and leaf architecture can give faster speeds and lower latency
● This architecture can be used in combination with the standard three-tiered hierarchy
● North-South
o Traffic that enters or leaves the data center from a system physically residing outside the datacenter
o Northbound is data leaving the datacenter
o Southbound is data entering the datacenter
● East-West
o Refers to data flow within a datacenter
● On-premise
o A traditional, private data infrastructure usually located in the same building as the main offices
● Co-located
o A datacenter environment owned by another company
● Cloud-based
o Migrating company data out of own server and datacenters and into a cloud service provider’s servers and datacenters.
