Virtualization and Cloud Computing concepts

Question 1

Cloud models

Answer 1

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Infrastructure as a service (IaaS)
Platform as a service (PaaS)
Software as a service (SaaS)
Anything as a service (XaaS)
Public
Community
Private
Hybrid

Question 2

Infrastructure as a service (IaaS)

Answer 2

A computing method that uses the cloud to provide any or all infrastructure needs.

A means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Rather than purchase these components and the Internet links they require, you rent them on an as-needed basis from the service provider’s data center.

Question 3

Platform as a service (PaaS)

Answer 3

A computing method that uses the cloud to provide any platform-type services.

Provides resources somewhere between SaaS and IaaS. A typical PaaS solution would provide servers and storage network infrastructure (as per IaaS) but also provide a multi-tier web application/database platform on top.

Question 4

Software as a service (SaaS)

Answer 4

A computing method that uses the cloud to provide application services to users.

A different model of provisioning software applications. Rather than purchasing software licenses for a given number of seats, a business would access software hosted on a supplier’s servers on a pay-as-you-go or lease arrangement (on-demand). Virtual infrastructure allows developers to provision on-demand applications much more quickly than previously.

Question 5

Anything as a service (XaaS)

Answer 5

Expressing the concept that most types of IT requirements can be deployed as a cloud service model.

Question 6

Public

Answer 6

A cloud that is deployed for shared use by multiple independent tenants.

Question 7

Community

Answer 7

A cloud that is deployed for shared use by cooperating tenants.

Question 8

Private

Answer 8

A cloud that is deployed for use by a single entity.

Question 9

Hybrid

Answer 9

public/private/community/hosted/onsite/offsite solution. For example, a travel organization may run a sales website for most of the year using a private cloud but break out the solution to a public cloud at times when much higher utilization is forecast.

Question 10

Managed service provider (MSP)/managed security service provider (MSSP)

Answer 10

Third-party provision of security configuration and monitoring as an outsourced service.

A means of fully outsourcing responsibility for information assurance to a third party. This type of solution is expensive but can be a good fit for an SME that has experienced rapid growth and has no in-house security capability.

Question 11

On-premises vs. off-premises cloud computing

Answer 11

An onsite link can obviously deliver better performance and is less likely to be subject to outages (loss of an Internet link, for instance). On the other hand, a dedicated offsite facility may provide better shared access for multiple users in different locations.

Question 12

Fog computing

Answer 12

Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.

Question 13

Edge computing

Answer 13

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Question 14

Thin client

Answer 14

A thin client is a computer that runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored.

Question 15

Containers

Answer 15

Each cell or container is allocated CPU and memory resources, but the processes all run through the native OS kernel. These containers may run slightly different OS distributions but cannot run guest OSes of different types (you could not run Windows or Ubuntu in a RedHat Linux container, for instance). Alternatively, the containers might run separate application processes, in which case the variables and libraries required by the application process are added to the container.

Question 16

Microservices/API

Answer 16

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Application programming interfaces (APIs). The service API is the means by which external entities interact with the service, calling it with expected parameters and receiving the expected output.

Question 17

Infrastructure as code

Answer 17

Software-defined networking (SDN)
Software-defined visibility (SDV)

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

Question 18

Software-defined networking (SDN)

Answer 18

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

Question 19

Software-defined visibility (SDV)

Answer 19

APIs for reporting configuration and state data for automated monitoring and alerting.

Question 20

Serverless architecture

Answer 20

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Question 21

Services integration

Answer 21

Services integration refers to ways of making these decoupled service or microservice components work together to perform a workflow. Where SOA used the concept of a enterprise service bus, microservices integration and cloud services/virtualization/automation integration generally is very often implemented using orchestration tools.

Question 22

Resource policies

Answer 22

As with on-premises systems, cloud storage resources must be configured to allow reads and/or writes only from authorized endpoints. In the cloud, a resource policy acts as the ACL(Access Control List) for an object. In a resource policy, permissions statements are typically written as a JavaScript Object Notation (JSON) strings. Misconfiguration of these resource policies is a widely exploited attack vector. For example, the following policy uses the “any” wildcard (*) to assign both actions (read and write) and principals (accounts) to a storage object. The type of policy breaks the principle of least privilege and is highly unsecure:

“Statement”:[ {

“Action”: [

“*”

],

“Effect”: “Allow”,

“Principal”: “*”,

“Resource”: “arn:aws:s3:::515support-courses-data/*”

}]

Question 23

Transit gateway

Answer 23

In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

Question 24

Virtualization

Answer 24

Virtual machine (VM) sprawl avoidance
VM escape protection

The process of creating a simulation of a computing environment, where the virtualized system can simulate the hardware, operating system, and applications of a typical computer without being a separate physical computer.

Question 25

Virtual machine (VM) sprawl avoidance

Answer 25

A guest operating system installed on a host computer using virtualization software (a hypervisor), such as Microsoft Hyper-V or VMware.

Question 26

VM escape protection

Answer 26

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.