S13-Cloud & Datacenter Flashcards
What are some Benefits of Cloud Computing?
- High Availability
- Scalability
- Elasticity
- Metered Utilization
- shared Resources
- File Sync
High Availability
Service experience very little downtime
Scalability
Ability to expand a system at a linear rate
Elasticity
Ability to quickly scale up or down in response to fluctuating demand
Metered Utilization
Being Charged for a service on a Pay per use Basis
Shared Resources
Ability to minimize the costs by putting VMs on other servers
File Sync
Ability to store data which can then spread to other places depending on config
in terms of Scalability What are 2 ways you can scale?
- Vertical Scaling (Scaling up)
- Horizontal Scaling (Scale out)
Vertical Scaling
Increasing the power of existing resources in the working environment
Horizontal Scaling
Adding additional resources to help handle the extra load
what is the Difference between a metered and Measured service?
Metered
- you are paying based on actual usage
Measured
- Paying for a certain amount of quantity upfront
On - Premise Solution
All necessary components to run an Organization’s cloud need to be acquired, installed and configured.
Hosted Solution
Third Party service provider, provides all the resources needed to maintain a cloud solution
What is Multitenancy?
Hosted Solution provides service to several different orgs using the same hardware, but logically separates each.
What are some things to consider when choosing a Hosted Solution?
- Authentication Mechanisms
- Redundancy & Fault tolerance
- Storage location and region legality
What are the 3 main cloud service models?
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
What is SaaS?
“Software as a Service”
a cloud-based software delivery model where a provider hosts and manages applications, and users access them over the internet
- Full solution w/ Hosted Application Software
What are some SaaS examples?
Microsoft Office 365, Goggle Drive, Turbo Tax, Dropbox, Netflix etc.
What is PaaS?
“Platform as a Service”
provides a ready-to-use platform for developing, deploying, and managing applications.
- Hardware Infrastructure solution
- Infrastructure Software Solution (Middleware, Runtime, OS)
PaaS Examples
AWS, Azure App Service, Google Cloud Platform (GCP)
what is IaaS?
“Infrastructure as a Service”
a cloud computing model where a third-party provides on-demand access to virtualized infrastructure, including compute, storage, and networking resources
- Hardware focused Infrastructure solution
IaaS Examples
Microsoft Azure Machines, Google Compute Engine, AWS EC2
What are the 6 types of Cloud Deployment Models?
- Public
- Private
- Hybrid
- Community
- Multi-Tenancy
- Single-Tenancy
Public
Service Provider makes resources available to end users over the internet
Eg. Google Drive
Private
a cloud computing environment exclusively used by a single organization
Eg. AWS GovCloud (US)
Hybrid
Combination of private and Public clouds
Single-Tenancy
Assigns a particular resource to a single Organization
Community
Collaborative infrastructure shared between several organizations with common service needs
Multi-Tenancy
Allows Customers to share computing resources in a public or private cloud
Virtual Private Network (VPN)
an encrypted connection over the internet from a device to a network
What is a Private-Direct Connection?
establishes a dedicated, secure link between a user’s network and a cloud service provider’s data center, bypassing the public internet
Why a Private direct Connection over a VPN?
Private direct offers faster speeds & better performance
- Multiple VPCs
- Better Redundancy
- Higher cost
What Components make up cloud security?
What is a VPC?
“Virtual Private Cloud”
A private cloud environment built on top of a public cloud infrastructure.
What is IAC?
“Infrastructure as Code”
the practice of managing and provisioning IT infrastructure by using computer code instead of manual configuration or manual steps.
What are some features and core components of VPC?
- Subnets
- Route Tables
- Internet Gateways
- Network Address Translation Gateways
- Network access Control lists
- Security Groups
- VPC Peering
- VPC Endpoints
- VPN connections
Subnet (Vpc)
logical network segment that divides the VPC into smaller, isolated networks. can have Public and Private subnets
Route Table
Contains a set of rules (routes), that determine where network traffic is directed within the VPC network
Internet Gateway
a horizontally scaled, redundant, and highly available VPC component that allows communication between your Virtual Private Cloud (VPC) and the public internet
Network Address Translation (NAT) Gateway
a managed service that enables instances in private subnets to connect to the internet by translating the private IP addresses of these instances to a public IP address,
Network Access Control List (ACL)
VPC Feature that acts as a firewall, controlling traffic in and out of one or more subnets
How does a Network ACL behave?
Like a stateless firewall:
examines each network packet independently, without maintaining a record of previous connections.
Security Groups
an instance level, virtual stateful firewall that controls inbound and outbound traffic for resources within a VPC
How does a Security Group behave?
Like a Stateful Firewall:
monitors and tracks the state of ongoing network connections to make decisions about which packets to allow through
VPC Peering
A networking connection between 2 VPCs that enables routing traffic between them privately
VPC Endpoints
virtual devices that provide secure, private connectivity between resources within a Virtual Private Cloud (VPC) and specific AWS services, without requiring public IP addresses or traversing the internet.
What are some VPC advantages?
- Mixing Products from different Vendor
- Faster network development
- Automation and Policy Management
Network Function Virtualization (NFV)
a networking approach that virtualizes network functions (like firewalls or load balancers) instead of relying on dedicated hardware appliances
What 3 main components are needed for NFV?
- NFV Infrastructure
- Management and Network Orchestration
- Virtual Network Functions
NFV Infrastructure
All the hardware and virtual resources needed for deploying, managing, and executing VNFs
Management and network Orchestration (MANO)
Oversees the lifecycle management of the VNFs, and orchestrates the resources across the NFVI
Virtual Network Functions (VNFs)
Software implementations of network functions previously bound to hardware devices.
What are the advantages of NFV?
- Flexibility and Rapid deployments
- Cost efficiency
NFV drawbacks
- Need for security
- Complex
- Installation
Software Defined Network (SDN)
Networking that uses software-based controllers or APIs to communicate with underlying hardware infrastructure and direct traffic on a network
What are the 3 parts of a typical network architecture?
- Control Plane
- Data Plane
- Management Plane
Control Plane
Carries the traffic that provides the signals to an from a router. Decides traffic priority and how its secured
- Decides where data goes
Data Plane
(Forwarding plane) Carries user traffic on the network
- Moves the Data
Management Plane
Administers the routers and switches inside the network and monitors traffic conditions and the status of the network
Advantages of an SDN
- Flexibility
- Speed and Agility
- Automation
- Security
SDN Drawbacks
- Single Point of failure
- High Vulnerability
What are the 3 main types of SDNs?
- Open SDN
- Hybrid SDN
- SDN Overlay
Open SDN
SDN that relies on open-source technology
Hybrid SDN
Network that employs traditional SN protocols to operate itself
SDN Overlay
a virtual network built on top of an existing physical network infrastructure,
Software-Defined Wide Area Network (SD-WAN)
Virtually optimizing WAN connections to efficiently route traffic between remote sites, data centers, and cloud environments
- Software based WAN architecture
Virtual Extensible Local Area Network (VXLAN)
Network Virtualization technology that addresses the limitations posed by traditional network infrastructures
How does a VXLAN work
Encapsulates L2 Ethernet frames within Layer 3 UDP packets
What is included in a VXLAN packet?
- 24-bit VXLAN Network Identifier (VNI)
How many Identifiers can VXLAN support?
- 16 million +
What are the 2 primary VXLAN components?
- VXLAN Tunnel End Points
- VXLAN Segments
VXLAN Tunnel End Points (VTEPs)
Encapsulates and de-encapsulates Ethernet frames into VXLAN packets
VXLAN segments
Layer 2 network overlaid onto a Layer 3 network that is then identified by a unique 24-bit VNI
VXLAN Benefits
- Scalability (supports 16 mil V-networks)
- Flexibility (extend L2 networks across different data centers and clouds)
- Improved Utilization (Optimizes traffic flows)
VXLAN Drawbacks
- Complex
- Latency
- Configuration
Secure Access Secure Edge (SASE)
a cloud-based framework that combines network and security functions into a single service.
Security Service Edge (SSE)
Subset of SASE that focuses on Security services to protect access between users, devices, and the cloud
Secure Web Gateway (SWG)
Used to inspect and filter unwanted Software and Malware from user-initiated web and internet traffic.
Cloud Access Security Broker (CASB)
Border device between cloud service consumers and providers to monitor activity and enforce security Policies
Zero Trust Network Access (ZTNA)
Designed on the principle that trust is not a default for any user or device, inside or outside the organization’s network
