Section 8 - Virtualisation Concepts Flashcards
What is at the heart of cloud computing
Virtualisation
What is virtualisation the heart of
cloud computing
What does the keyword “summarise” refer to when answering a question
Understand meaning, consolidate that info and answer the q
What is containerization a newer form of
Virtualisation
What is the newer form of virtualisation called
containerization
Explain virtualisation
Host computer installed with a hypervisor that can be used to install and manage multiple guest operating system or virtual machines
Explain Type 1 Hypervisor (bare metal)
Runs directly on the host hardware and functions as the OS (e.g. hyperV)
The hypervisor is the OS
Type II Hypervisor
runs within the normal OS
When running a VM what must you ensure in regard to OS
That you run the VM’s OS as its own copy
What do terminal services refer to
server-based
what does application streaming refer to
client-based
Explain terminal services
server-based solution that runs the application on servers in a centralized location (e.g. Microsoft’s RDP)
Explain application streaming
Client-based solution that allows an application to be packaged and streamed directly to a user’s PC (e.g. Microsoft’s App-V)
What is containerization
Type of virtualisation applied by a host OS to provision an isolated execution environment for an application
Examples of containerization
docker, parallels virtuozzo, OpenVZ
in the case of server failure what is recommended as a backup
setting up virtual serverS in the cloud with proper failover, redundancy, elasticity
What can also be done to prevent exploitation in terms of hypervisors
Not hosting all VMs on the same type of hypervisor (Oracle, VMware etc)
Why is containerization considered secure
because it provides resource segmentation and separation at the OS level
When moving over to virtualization and cloud computing what are some dangers
1) If the physical server crashes, all the orgs hosted on that same server are affected
2) An org’s failure to secure the virtual envs hosted on the shared server poses a security risk for the other orgs
To mitigate risk to our server what should be done
1) proper config
2) patched and up-to-date hypervisor
3) tight access control
What does a hypervisor do
manages the distribution of the physical resources of a server to the VMs
What type of hypervisor does bare metal refer to
Type I
What type of hypervisor does Hosted refer to
Type II
Adv of container-based virtualisation
Has less resources because it doesn’t require its own copy of the OS for individual containers
What does Hyperconverged Infrastructure allow for
Full integration of the storage, network, and servers without hardware changes
What does application virtualisation do
Encapsulates computer programs from the underlying OS on which they are executed
Explain virtual desktop infrastructure (VDI)
Hosts desktop OSs within a virtualized environment hosted by a centralized server or server farm
What’s a sandbox
An isolated environment for analysing pieces of malwre
What does cross-platform virtualization allow for
testing and running of software applications for different OSs
What is Emulation
system imitation
what is virtualization (3 words)
New “physical” machine
What is Intel’s version of virtualisation called?
VT-x
What is AMD’s version of virtualisation called
AMD-V
What does Second Level Address Translation (SLAT) do
Improves the performance of virtual memory when running multiple VMs on a single physical host
What is a feature of modern CPUs that enhances the performance of virtual memory and get better performance out of CPU
Second Level Address Translation (SLAT)
What is Intel’s version of SLAT called
Extended Page Table (EPT)
What is AMD’s version of SLAT called
Rapid Virtualization Indexing (RVI)
x86 refers to
32-bit processor
x64 refers to
64-bit processor
Define ARM processor
reduced instruction set and computer arch in a computer process (modern macs - M1,M2)
Type of processors
x86(32bit), x64(64bit), ARM
Disadvantage of ARM
Can’t natively host OS that don’t use ARM-based processors
What is system memory
Amount of physical memory installed on a physical server
Typically how much space does a Barebones Windows installation take
20-50 Gigabytes, 40-50 recommended as you’re most likely going to install thing
Linux installation space
4-8 gigabytes
Mac environment space
20-40 Gigabytes
What is the use of multiple network cards called
NIC Teaming Configuration
What does NIC teaming config allow for
use of multiple cards for higher speeds
What are the 4 areas you want to consider when it comes to resource requirement
CPU capabilities, System memory, Storage, Networking
What is a VM Escape
Threat attempts to get out of an isolated VM and send commands to the underlying hypervisor
Which Type hypervisor is easier to perform a VM Escape on
Type II
What is VM Hopping
Threat attempts to move from one VM to another on the same host
VM hopping (3 words)
VM to VM
VM Escape (6 words)
VM to hypervisor or host OS
What can we do to prevent VM Escape/Hopping
Make sure our hypervisor is:
1)up to date
2)patched
3)securely configured
What is a sandbox escape
Occurs when an attacker circumvents sandbox protections to gain access to the protected OS or other privileged process
How to prevent sandbox escape
make sure:
1)Patched
2)uptodate
3)strong endpoint software protection
4)Limited extensions/addons
What are data remnants
leftover pieces of data that may exist in the hard drive that are no longer needed
What is a VM sprawl
uncontrolled deployment of virtual machines
What concerns must we also attend to with VMs
live migration, data remnants
What must we ensure with live migration
Only occurs on a trusted network or utilizes proper encryption
What must we need to prevent exploitation of data remnants
Encrypt VM storage location & destroy the encryption key
