Virtualizatrion Concepts Flashcards
OBJ 4:2 Given a scenario, select and install storage devices
Virtualization
host computer installed with a hypervisor that can be used to install and manage multiple guest operating systems or virtual machines. (VMs)
Type 1 Hypervisor
Type I Hypervisor (Bare Metal)
Runs directly on the host hardware and functions as the
operating system.
Type II Hypervisor
Runs within the normal operating system
Virtualization
Ensure that each virtual machine runs its own copy of an operating
system
Server-based (Terminal services)
Server-based solution that runs the application on servers
in a centralized location
Client-based (Application streaming)
Client-based solution that allows an application to be
packaged up and streamed directly to a user’s PC
Containerization
Type of virtualization applied by a host operating system to provision an
isolated execution environment for an application
● Docker
● Parallels Virtuozzo
● OpenVZ
Containerization Vulnerabilities 1
When a physical server crashes, all the organizations hosted on that same server are affected
Containerization Vulnerabilities 2
An organization’s failure to secure the virtual environments hosted on a shared
server poses a security risk for the other organizations
How to minimize risk to physical servers from being overwhelmed?
Set up virtual servers in the cloud with proper failover, redundancy, and
elasticity
What can be another vulnerability to VMs from attackers?
Hosting all VMs on the same type of hypervisor can also be exploited
how to mitigate the risk associated with using the same type hypervisor?
How should an organization minimize the risk of attack when using a single platform hypervisor?
The organization should utilize -
● Proper configurations
● Patched and up-to-date hypervisor
● Tight access control
What is the purpose of hypervisors?
Manages the distribution of the physical resources of a server to the VMs
● Type I
o Bare metal
● Type II
o Hosted
What is the purpose of Container Based Virtualization (Containerization)
▪ Each container relies on a common host OS as the base for each
container
▪ Container-based virtualization has less resources because it doesn’t
require its own copy of the OS for individual container
Purpose for Hyperconverged Infrastructure?
Allows for the full integration of the storage, network, and servers
without hardware changes
Purpose for Application Virtualization?
Encapsulates computer programs from the underlying OS on which they
are executed
Purpose for Virtual Desktop Infrastructure (VDI)
Hosts desktop OSs within a virtualized environment hosted by a
centralized server or server farm
Purpose for Sandbox?
An isolated environment for analyzing pieces of malware
Purpose for Cross-Platform Virtualization?
Allows for the testing and running of software applications for different
operating systems
● Emulation - System imitation
● Virtualization - New “physical” machine
Questions to ask when considering VM?
Should I virtualize?
Questions ? Traditional VMs, or Containerization?
What are the risk vs rewards towards each decision.
Hypervisor
Manages the distribution of the physical resources of a server to the VMs
Type I Hypervisor
Bare metal
Type II Hypervisor
Hosted
Container-Based Virtualization (Containerization)
▪ Each container relies on a common host OS as the base for each
container
▪ Container-based virtualization has less resources because it doesn’t
require its own copy of the OS for individual container
Hyperconverged Infrastructure
Allows for the full integration of the storage, network, and servers
without hardware changes
Application Virtualization
Encapsulates computer programs from the underlying OS on which they
are executed
Virtual Desktop Infrastructure (VDI)
Hosts desktop OSs within a virtualized environment hosted by a
centralized server or server farm
Sandbox
An isolated environment for analyzing pieces of malware
Cross-Platform Virtualization
Allows for the testing and running of software applications for different
operating systems
● Emulation - System imitation
● Virtualization - New “physical” machine
Resource Requirements
Focus on four main areas - CPU and Virtualization Extensions, Storage, System Memory, and Networking.
Resource Requirements - Second Level Address Translation (SLAT)
Improves the performance of virtual memory when running multiple
virtual machines on a single physical host
Resource Requirements - Second Level Address Translation (SLAT) - Intel
Extended Page Table (EPT)
Resource Requirements - Second Level Address Translation (SLAT) - AMD
Rapid Virtualization Indexing (RVI)
Resource Requirements - CPU - x86
32-bit processor
32-bit operating system can only access 4GB of RAM
Resource Requirements - CPU - x64
16 exabytes of RAM
32-bit processor cannot run a 64-bit application
Resource Requirements - CPU - ARM
Reduced instruction set and computer architecture in a computer
processor
Resource Requirements - System Memory
Amount of physical memory installed on a physical server
Barebones Windows installation takes 20-50 gigabytes of space
Linux installation takes 4-8 gigabytes of space
Mac environment takes 20-40 gigabytes of space
Resource Requirements - Networking - NIC teaming configuration allows multiple cards for higher speeds
CPU, processor, and capabilities
System memory
Networking
Storage
Security Requirements VM Escape
Threat attempts to get out of an isolated VM and send commands to the
underlying hypervisor
▪ VM escape is easier to perform on a Type II hypervisor than a Type I
hypervisor
Verified always Patched
Verify always Up to date
Security Requirements VM Hopping
Threat attempts to move from one VM to another on the same host
Security Requirements VM Hopping
VM to VM
Security Requirements VM Escape
VM to hypervisor or host OS
▪ Up to date
▪ Patched
▪ Securely configured
Security Requirements Sandbox
Separates running processes and programs to mitigate system failures or
software vulnerabilities
Security Requirements Sandbox Escape
Occurs when an attacker circumvents sandbox protections to gain access
to the protected OS or other privileged processes
o Patched
o Up to date
o Strong endpoint software protection
o Limited extensions or add-ons
Security Requirements Live Migration
Migrates the virtual machine from one host to another while it is running
▪ Ensure that live migration only occurs on a trusted network or utilizes
encryption
Security Requirements Data Remnants
Leftover pieces of data that may exist in the hard drive which are no
longer needed
● Encrypt virtual machine storage location
● Destroy encryption key
Security Requirements VM Sprawl
VM Sprawl
NIC Teaming Configuration
Allows multiple cards for higher speeds
Cloud Computing
The practice of using a network of remote servers hosted on the Internet
Characteristics of the Cloud - High Availability
Services experience very little downtime when using the cloud
▪ Availability is the percentage of uptime versus downtime
Characteristics of the Cloud - Scalability
Ability to increase the number of items in a system at a linear rate or less
than a linear rate
Characteristics of the Cloud - Vertical Scaling (Scaling Up)
Increasing the power of the existing resources in the working
environment
Characteristics of the Cloud - Horizontal Scaling (Scaling Out)
Adding additional resources to help handle the extra load being
experienced
Characteristics of the Cloud - Rapid Elasticity
The ability to quickly scale up or down
● Elasticity is the system’s ability to handle changes to demand in
real time
Characteristics of the Cloud - Metered Utilization
Being charged for a service on a pay per use basis.
The benefit of using the cloud is that most things are done on a metered
basis.
Characteristics of the Cloud - Measured Services
▪ Charging is based upon the actual usage of the service being consumed
▪ Measured services are charged based on the actual usage of the service
being consumed
Characteristics of the Cloud - Shared Resources
The ability to minimize the costs by putting VMs on other servers.
▪ Shared resources is pooling together all the hardware to make a cloud provider.
Characteristics of the Cloud - File Synchronization
The ability to store data that can spread to other places depending on the configuration.
Cloud Deployment Models -Public Cloud
Systems and users interact with devices on public networks, such as the
Internet and other clouds
Cloud Deployment Models -Public Cloud
Systems and users interact with devices on public networks, such as the
Internet and other clouds
Cloud Deployment Models -Public Cloud
Systems and users interact with devices on public networks, such as the
Internet and other clouds
Cloud Deployment Models - Private Cloud
Systems and users that only have access with other devices inside the
same private cloud or system
Cloud Deployment Models - Hybrid Cloud
Combination of private and public clouds
Cloud Deployment Models - Community Cloud
Collaborative effort where infrastructure is shared between several
organizations from a specific community with common concerns
Cloud Deployment Models - Multitenancy
The ability for customers to share computing resources in a public or
private cloud
Cloud Deployment Models - Single-Tenancy
Assigns a particular resource to a single organization
Cloud Service Models - On-Premise Solution
▪ The need to procure hardware, software, and personnel necessary to run
the organization’s cloud
▪ On-premise solution allows the ability to control all the physical and
logical access to servers
Cloud Service Models - Hosted Solution
Third-party service provider that provides all the hardware and facilities
needed to maintain a cloud solution
Cloud Service Models
On-Premise, SaaS, PaaS, IaaS
On- Premise Cloud Model
On-premise software is installed locally, on your business’ computers and servers, where cloud software is hosted on the vendor’s server and accessed via a web browser.
SaaS Cloud Model
Software as a Service - Software as a Service (SaaS) is a method for delivering software applications over the Internet, on demand and typically on a subscription basis. With SaaS, Cloud Service Providers (CSPs) host and manage the application software and underlying infrastructure, and handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually by a web browser on their phone, tablet, or PC.
PaaS Cloud Model
Platform as a Service - a cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications. PaaS is designed to make it easier for developers to quickly create applications (e.g., web, mobile apps), without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development.
IaaS Cloud Model
Infrastructure as a Service - The most basic category of commercial cloud computing services. With Infrastructure as a Service (IaaS), you rent IT infrastructure - servers and virtual machines (VMs), storage, networks, operating systems - from a cloud provider.
IaaS is an instant computing infrastructure, provisioned and managed over the Internet. Quickly scale up and down with demand, and pay only for what you use.
IaaS helps you avoid the expense and complexity of buying and managing your own physical servers and other datacenter infrastructure. Each resource is offered as a separate commercial service component, and you only need to rent a particular one for as long as you need it. The cloud computing service provider manages the infrastructure, while you purchase, install, configure, and manage your own software - operating systems, middleware, and applications.
Virtual Desktop Infrastructure (VDI) -Virtual Desktop Infrastructure (VDI)
Hosts desktop OSs within a virtualized environment hosted by a
centralized server or server farm
Virtual Desktop Infrastructure (VDI) - Server
Performs all the application processing and data storage
Virtual Desktop Infrastructure (VDI) - Centralized Model
Hosts all the desktop instances on a single server or server farm
Virtual Desktop Infrastructure (VDI) - Hosted Model/ Desktop as a Service (DAAS)
Maintained by a service provider and provided to the end user as a
service
Virtual Desktop Infrastructure (VDI) - Remote Virtual Desktop Model
Copies the desktop image to a local machine prior to being used by the
end user
Cloud Storage Services - Cloud Storage Application
Amount of space on a cloud-based server as file storage
Cloud Storage Services - File Synchronization
The ability to synchronize from different devices using a single account
Cloud Storage Services - Content Delivery Network (CDN)
Network of servers that locates the nearest server to minimize delay or
download time
Software Defined Network (SDN)- Software
Software-Defined Networking (SDN)
▪ Enables the network to be intelligently and centrally controlled, or
programmed, using software applications
● Can be changed automatically by the network itself using
automation and orchestration
● Software Defined Network (SDN) - Application Layer
Focuses on the communication resource requests or information about
the network as a whole
Software Defined Network (SDN) - Control Layer
Uses the information from the applications and decides how to route a
data packet on the network
Software Defined Network (SDN) - Infrastructure Layer
Contains the network devices that receive information about where to
move the data
Software Defined Network (SDN) - Management Plane
Used to monitor traffic conditions and the status of the network
● Provides a layer of abstraction between the devices and the
control and data flow that happen on the network
