Domain 3 Flashcards
Software-defined Networking
. Decisions concerning where traffic is filtered or sent and actual forwarding of traffic are completely separate from each other
. Cloud provider can build management tools that allow staffers using web portals or cloud administrative interfaces to make changes to the network with having to log into the actual network components or have the command knowledge of a network administrator.
Computing
. Computing and processing capabilities are defined as the CPU and memory (RAM) of the system and components.
. Within a cloud environment, considering resource pooling and multi-tenancy, the computing capabilities become far more complex in both planning and management.
Reservations
. Minimum resources that is guaranteed to a customer within a cloud environment.
Limits
. are put in place to enforce maximum utilization of the memory or processing by a cloud customer.
. done at a virtual machine level or a comprehensive level for a customer.
. Limits can be hard or fixed or flexible and change dynamically
Shares
. used to mitigate and control customer requests for resources allocations in case the environment does not have the current capability to provide these resources.
. share works by prioritizing hosts using a weighting system that is defined by the cloud provider.
. in times of high utilization systems uses automated scoring of each host based on its share value to determine which hosts get access to the limited resources available.
Type 1 Hypervisors
. Specifically written and tuned to run on top of the bared metal and provide the hosting environment.
. Tied directly into the underlying hardware
Type 2 Hypervisors
. Runs under a host operating system.
. Hypervisor no longer has direct interaction and control over the underlying hardware.
. Security concerns concerns within the underlying operating system can impact the HV as well.
. extra vigilance required securing both the HV and the host because of added complexity.
Storage
Volume Storage: configured as a typical hard drive and the file systems that it serves
Object Storage: data is stored on a separate from the application and access occurs via APIs and network requests or a web interface.
- utilizes a flat system and assigns files and object a key value that is then used to access them.
- unique values, often opaque, is used to access data versus using traditional filename nomenclature.
- allows provider to focus dedicated resources on managing as object storage system for optimizing storage performance and security.
- used for virtual machine images
Management plane
. allows the provider to manage the environment and all hosts within it from a central location.
. VM can be provisioned with appropriate resources allocated to them, such as network configuration, processing, memory and storage.
. Start and stop virtual hosts and services.
. functions are typically exposed as a series or remote call and function executions or exposed as a set of APIs.
Recovery Service Level
The percentage of the total typical production service level that needs to be restored to meet BCDR objectives in the case of the failure.
Business Continuity/ Disaster Recovery Strategy
Define Scope Gather Requirements Analyze Assess Risk - Load capacity of DR site - Migration of services - Legal and contractual issues Design Implement the Plan Test the Plan Report and Revise
SOC SSEA
- SOC 1: Financial Reporting
- SOC 2:
Type 1- Review of the design of control
Type 2- How the controls are implemented and maintained or their function.
- Rarely shared outside of the organization.
SOC 3:
- Assertion that the audit was conducted and the target organization passed it.
Seal of Approval.
Cloud Carrier
The ISP between the cloud customer and provider.
VM Guest Escape
Might be able to access other virtualized instances on the same host.
VM Host Escape
Might be able to least the host device to access other devices on the network.
- unlikely, results from egregious failures of hardware.
