Essential Concepts Flashcards
What is RPO?
Recovery point objective
Maximum amount of data (time) that can be lost during a disaster recovery situation before that loss will exceed what the organisation can tolerate.
- how much data (MAX TIME) a business can lose
- worst case = time between successful backups
- more freq backups = more cost = lower rpo
What is RTO?
Recovery time objective
Maximum tolerable length of time that a system can be down after a failure or disaster occurs.
- Recovery time begins at the moment of failure
- Recovery time ends at the moment system is operational
- How long restore time a business can tolerate
- reduce via planning, monitoring, notification, spare hardware, etc.
What is HA?
- High Availability (HA) - minimise any outages
- maximising systems online time
- expressed in percentage of uptime 99.9% 8.77h per year downtime
- aims to ensure an agreed level of operational performance
- usually uptime, for higher than normal period
- SYSTEM DESIGNED TO PREVENT OUTAGES AS OFTEN AS POSSIBLE
- When system fails components can be quickly replaced
What is FT?
- Fault-Tolerance (FT) - operate through failure
- property that enables a system to continue operating properly in the event of the failure of some of its components
- For example to add redundant components would solve faults
Difference from resilience is that fault tolerance is that, services continue working fully even when some parts of it has failed.
What is DR?
- Disaster Recover (DR) - when HA and FT does not work
- a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human induced disaster
- what to do when system has an outage
- Pre-planning and DR process
- Periodic DR testing to make sure everything works
What is shared responsibility model?
Customer - responsible for security IN the cloud
1. customer data
2. platform, application, identity, access management
3. Operating system, network and firewall configuration
4. client side data encryption (CSE), server side data encryption (SSE), Networking Traffic protection (encryption, integrity, identity)
AWS - responsibility for the security OF the cloud
1. software to provide underlying componentes
2. compute, storage, database, networking
3. regions, az, edge locations
4. hardware, global infrastructure
What is CSE?
Client Side Encryption
Data is encrypted on the client before it is sent to the server. Enc key is managed by client.
Server cannot access customer data.
What is SSE?
Server Side Encryption
Data is encrypted when saved on the server and decrypted when data is read from server.
What is data encryption at rest?
Data at-rest refers to inactive data not moving between devices or networks and tends to be stored in data archives.
- When data is saved on disk it is encrypted
- When data is read from the disk data is decrypted
What is data encryption in transit?
Data in-transit is moving between devices or two network points
- Data is encrypted before sent over the network
- Data is decrypted when received from the network
- Uses public private keys to initiate the communication
What is IAAS and what layer it is?
Infrastructure as a service.
-It is O/S layer.
- Customer chooses their own O/S.
What is PAAS and what layer it is?
Platform as a service.
- It provides all services for running your code.
- Docker is PAAS
What is SAAS and what layer it is?
Service as a software.
- It is Application layer.
- Users consume an application
What is DC Hosted and what layer it is?
Data center Hosted.
- It is facility layer.
- Clients rent servers (hardware)
What is On-Premises and what layer it is?
On Premises is inhouse hardware.
- owns all the layers.
- Provides networking, facilities and hardware
