SE4455 Final (Unit 5-8) Flashcards
1
Q
Name 4 cloud management mechanisms
A
remote admin system
resource management system
SLA management system
Billing management system
2
Q
How does the remote admin system interface with underlying management systems?
A
Via APIs
3
Q
What are the two types of remote admin system portals?
A
usage & administration
self-service
4
Q
What does the usage & administration portal do?
A
centralized management controls of different cloud resources
5
Q
Which remote admin portal provides IT resource usage reports?
A
Usage and admin portal
6
Q
What does the self-service portal do?
A
shopping portal: allows consumers to search list of cloud services & resources
7
Q
Why do remote admin systems use standard APIs?
A
- consumer can create own administration console and reuse it with multiple cloud providers
8
Q
What does VIM stand for
A
Virtual Infrastructure manager
9
Q
What does the VIM do?
A
manages multiple virtual resources and hypervisors across multiple physical servers
10
Q
What is the name of the repository in a resource management system?
A
VM image repository
11
Q
What does the VM image repository store?
A
Virtual resource templates to create pre-built instances (virtual server images)
12
Q
Replication, load balancing, and failover systems are tasks performed by which cloud management system?
A
resource management system
13
Q
What are the 2 forms of access for resource management system
A
- externally through a usage and administration portal
2. internally through the native user interface provided by VIM
14
Q
What are the 2 components of the SLA management system?
A
SLA manager
quality-of-service measurements repository
15
Q
What mechanisms are used to collect SLA data?
A
SLA monitors
16
Q
SLA monitor agents intercept messages between who?
A
cloud consumer
cloud service
17
Q
What are the 2 components of a billing management system?
A
pricing & contract manager
pay-per-use measurement repository
18
Q
What does encryption help counter?
A
eavesdropping
malicious intermediary
insufficient authorization
overlapping trust boundaries
19
Q
Symmetric key encryption is also known as ___
A
private/secret key encryption
20
Q
Asymmetric key encryption is also known as ___
A
public key encryption
21
Q
Which method of encryption is faster?
A
symmetric
22
Q
What security does private key encryption offer?
A
integrity and non-repudiation (not confidentiality)
23
Q
What security does public key encryption offer?
A
confidentiality only
24
Q
What is the underlying encryption protocol for HTTP?
A
SSL and TLS
25
Does TLS use asymmetric or symmetric encryption?
Both
asymmetric for key exchange, then symmetric
26
T/F: RSA is a symmetric encyption cipher
False: asymmetric
27
T/F: AES is a symmetric encryption cipher?
True
28
T/F: hashing is non-reversible
True
29
What threats does hashing mitigate?
malicious intermediary
insufficient authorization
30
What security does digital signature provide?
authentication
integrity
non-repudiation
31
Digital signatures require ___ and ___ to be created
hashing
| asymmetrical encryption
32
What does PKI stand for?
Public key infrastructure
33
What does PKI associate?
public keys with corresponding key owners
34
PKI relies on the use of ____
digital certificates
35
Who usually signs a digital certificate?
3rd party certificate authority
36
What does IAM stand for?
Identity and access management
37
What does IAM counter?
insufficient auth
DoS
overlapping trust boundaries
38
What are the four components of IAM?
authentication
authorization
user management
credential management
39
What does the authentication component of IAM include?
```
username + passwords
digital signatures and certificates
biometrics
voice/face recognition
IP addresses
```
40
What does the authorization component of IAM include?
defines granularity for access controls
41
What does the user management component of IAM include?
```
admin capabilities
(create access groups, reset passwords, manage privileges)
```
42
What does the credential management component of IAM include?
establishes identities and access control rules for user accounts
43
What does SSO stand for?
Single sign-on
44
In SSO, who authenticates the consumer?
security broker
45
What security threat does SSO directly counter?
none!
46
What is the purpose of SSO?
enhance usability of distributed resources
47
When a security broker authenticates a consumer, what is established?
A security context (authentication token), which is persistent while the consumer accesses other cloud services
48
How are cloud-based security groups segmented?
According to security policies
49
T/F: cloud-based resources can be assigned to more than one logical cloud-based security group
true (assigned to at least one)
50
What does cloud-based security groups help counter?
DoS
insufficient auth
overlapping trust boundaries
51
What is hardening?
process of stripping unneccessary software to limit vulnerabilities
52
What are some examples of hardening?
remove redundant programs
close server ports
disable services
internal root account, guest access
53
What is a hardened virtual server image?
a template for a virtual server instance that has been hardened
54
What does hardened virtual server images counter?
DoS
insufficient auth
overlapping trust boundaries
55
Does workload distribution architecture reduce over or under-utilization?
both!
56
Workload distribution architecture supports distributed ____ (3 types)
virtual servers
cloud storage devices
cloud services
57
Name the workload distribution architecture mechanisms
```
load balancer
virtual server mechanisms
cloud storage device mechanism
audit monitor
cloud usage monitor
hypervisors
logical network perimeter
resource cluster
resource replication
```
58
What are the different resource pool types?
```
physical server
virtual server
storage
network
CPU
memory
```
59
What type of server can CPU pools be allocated to?
Both physical and virtual servers
60
What are sibling pools?
Sub pools comprised of subset of resources of parent pool (different resources and quantity)
61
What are nested pools?
sub pools comprised of same resources as parent but in fewer quantities
62
What are the resource pooling architecture mechanisms?
```
audit monitor
cloud usage monitor
hypervisor
logical network parameter
pay-per-use monitor
remote admin system
resource management system
resource replication
```
63
What is the role of the hypervisor in a resource pooling architecture?
provide virtual servers with access to resource pools
64
How does dynamic scalability architecture work?
predefined scaling conditions trigger dynamic allocation of resources from resource pools
65
What are the different types of dynamic scaling?
dynamic horizontal scaling
dynamic vertical scaling
dynamic relocation
66
What mechanism is used by dynamic horizontal scaling?
resource replication
67
What is dynamic relocation?
When an IT resource is relocated to a host with more capacity
68
What mechanisms are used in dynamic scalability architecture?
```
automated scaling listener
resource replication
cloud usage monitor
hypervisor
pay-per-use monitor
```
69
What type of IT resource does elastic resource capacity architecture use to handle fluctuating processing requirements?
CPUs and RAM
70
What is an intelligent automation engine?
Signaled by the scaling listener to execute workflow logic scripts
71
What does a workflow logic script do?
signals hypervisor to allocate more resources from resource pools
72
What are the mechanisms used by elastic resource capacity architecture?
cloud usage monitor
pay-per-use monitor
resource replication
73
Service load balancing architecture is a variation of what other architecture?
workload distribution architecture
74
Service load balancing architecture is geared specifically for scaling ____
cloud service implementations
75
In service load balancing architecture, the load balancer is positioned in either __ or ___
external
built-in (in the host server)
76
What does cloud bursting architecture mean?
on-premise IT resources "burst out" into cloud when capacity reached
77
T/F: In cloud bursting architecture, the cloud resources are deployed only when capacity of on-premise resources is reached
F: they are redundantly pre-deployed
78
What type of resource is replicated in cloud bursting architecture?
on premise
79
Cloud bursting architecture implements the dynamic scaling by adding and
releasing ___
cloud resources to on-premise environment
80
How is a cloud consumer charged in non elastic dick provisioning?
charged by disk capacity, not actual storage consumption
81
What technology does elastic disk provisioning architecture use for dynamic allocation?
think disk technology
82
How does elastic disk provisioning architecture use resource replication?
convert dynamic thin-disk storage into static thick-disk storage
83
What is a storage service gateway?
External interface to cloud storage devices, redirects consumer requests when location of requested data has changed
84
In redundant storage architecture, how is availability increased?
primary cloud storage device is replicated to secondary cloud storage device
85
T/F: storage replication can be used to replicate both partial and entire LUNs
T
86
Here is a fun list of the 10 specialized cloud mechanisms:
1. Automated Scaling Listener
2. Load Balancer
3. SLA Monitor
4. Pay-Per-Use Monitor
5. Audit Monitor
6. Failover System
7. Hypervisor
8. Resource Cluster
9. Multi-Device Broker
10. State Management Database
87
Here is a fun list of why adam is a loser:
1. he watches the national in the morning ALONE
2. he still plays captin crunch video games
3. he didn't have sheets for the first 20 years of his life
4. he probably wont have sheets after university
5. he is (ga)me craz(y)
88
What is an automated scaling listener?
Tracks communications for dynamic scaling purposes
89
T/F: VIM generally runs the automated scaling listener
F: The Hypervisor generally runs the automated scaling listener, then the hypervisor commands VIM to scale based on needs
90
T/F: When scaling-up using the automated scaling listener, the virtual server might have to migrate
True
91
T/F: When scaling-down using the automated scaling listener, the virtual server might have to migrate
False
92
What are the objectives of a load balancer?
- Optimize IT resource usage
- Avoid overloading
- Maximize throughput (the goal remember!?)
Overall: Increases performance
93
What does a load balancer do?
Balance workloads across the could's IT resources
94
What are the 3 types of Workload Distribution Functions?
1. Asymmetric Distribution
2. Workload Prioritization
3. Content-Aware Distribution
95
What is an Asymmetric Distribution?
Larger workloads issued higher processing capacity
96
What is a Workload Prioritization?
Workload distributed based on priority, and are scheduled, queued, then discarded
97
What is a Content-Aware Distribution
Requests distributed to IT resources based on the content of the request
98
Four ways a load balancer can exist:
1. Multi-layer network switch
2. Dedicated hardware appliance
3. Dedicated software system (server OS)
4. Service agent (cloud management software)
99
What is an SLA Monitor?
- Monitors runtime performance of cloud services
| - Ensures fulfillment of contractual QoS requirements published in SLA
100
What are the two types of SLA Monitors?
1. SLA Monitor Polling Agent
| 2. SLA Monitoring Agent
101
T/F: SLA monitor polling agent responds to physical and virtual failures
True
102
T/F: SLA monitoring agent only responds to physical failures
True
103
When does an SLA monitor polling agent log a PS_Timeout?
Physical server polling timed out
104
When does an SLA monitor polling agent log a PS_Unreachable?
Physical server polling timed out 3 times in a row
105
When does an SLA monitor polling agent log a PS_Reachable?
unavailable server responds to polling again
106
When does an SLA monitoring agent log a VM_unreachable?
VIM cannot reach VM
107
When does an SLA monitoring agent log a VM_Failure?
VM failed and is unavailable
108
When does an SLA monitoring agent log a VM_Reachable?
VM is reachable
109
Define a Pay-Per-Us Monitor
- Measures cloud IT resource usage with pre-defined pricing parameters
- Generates usage logs stored in a DB
110
Which of these is not a TYPICAL way to calculate billing fees:
a) request / response message quantity
b) Data volumes
c) Upgrade logs
d) Usage period
c) Upgrade logs is not a typical way...
the others are typical, and the one I removed was " Bandwidth consumption" is the other typical way
111
Define an Audit Monitor
- Keeps track of all login requests and location based access
- collects "audit tracking data" for networks, regulation, and contract obligation purposes
112
T/F: Audit Monitors are implemented as monitoring agents?
True
113
T/F: Audit monitor only stores failed login attempts?
False, Audit monitor stores both failed and successful login attempts along with security credentials
114
Define a Failover System
A resource replication mechanism using clustering technology to provide redundant implementation
115
What does a failover system accomplish?
Increased the reliability and availability of IT resources
116
What are the 2 circumstances failover systems are used in?
1. Mission critical programs
| 2. Reusable services that introduce single point of failure
117
What are the two basic configurations of failover systems?
1. Active-Active
| 2. Active-Passive
118
T/F: An active-active failover system needs a router?
False, and active-active failover system needs a load balancer
119
T/F: An active-passive failover system needs a router?
True
120
Define a hypervisor in a specialized cloud mechanism context
Hypervisor is a mechanism administered by a VIM used to generate the virtual instance of a physical server
121
How many hypervisors can you have for every physical server?
1:1, you can only have 1 hypervisor for every physical server
122
How many virtual servers can you have for every hypervisor?
1:*, you can have many virtual servers under the same hypervisor
123
What is a resource cluster?
-Groups multiple IT resource instances to operate as a single IT resource
124
Geographically diverse resources can improve:
1. allocation and usage
| 2. increased computing capacity, load balancing and resource availability
125
T/F: High speed dedicated networks or cluster nodes are necessary for communication?
True
126
What are the 3 types of resources clusters (BASED ON RESOURCE TYPE)?
1. Server cluster
2. Database cluster
3. Large Dataset Cluster
127
T/F: cluster management programs run as operating systems
False: Cluster management programs run as distributed middleware
128
What are the two types of resource clusters (BASED ON CLUSTER MECHANISM)?
1. Load Balanced Cluster (active-active failover)
| 2. High Availability (HA) Cluster (active-passive failover)
129
What is a multi-device broker?
Used to overcome incompatibilities between cloud services and consumers (e.g. mobile --> cloud communication)
130
What are the transformation levels related to multi-device broker?
1. transport protocol layer
2. messaging protocol layer
3. storage protocol layer
4. Data schema / data model protocols layer
131
What is a state management database?
A storage device used to temporarily persist state data, acting as an alternative to caching data
132
What is the benefit of a state management database?
- Programs off-load state data to database to reduce runtime memory consumption
- creates more scalable software
