Week 5: Cloud Reference Architecture

Question 1

Enabling technology vs capability

Answer 1

–There is a difference between enabling technologies (such as virtualization) and the capabilities or features that are required for a cloud
–A specific capability may be achieved by alternative technologies

Question 2

Cloud Essential Characteristics

Answer 2

On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service

Question 3

The cloud model won’t work for the consumer without ___ and without the ___

Answer 3

reliable network connectivity, right bandwidth

Question 4

In security terms, reliability is a synonym of ___

Answer 4

availability

Question 5

SPI Model

Answer 5

SaaS, PaaS, IaaS

Question 6

The three service models represent

Answer 6

The three service models represent three broad classes of capabilities that reside on top of physical cloud infrastructure

Question 7

Cloud Security Alliance has taken the following view

Answer 7

“IaaSis the foundation of all cloud services, with PaaSbuilding upon IaaS, and SaaSin turn building upon PaaS…. In this way, just as capabilities are inherited, so are information security issues and risk. It is important to note that commercial cloud providers may not neatly fit into the layered service models. Nevertheless, the reference model is important for relating real-world services to an architectural framework and understanding the resources and services requiring security analysis”

Question 8

It is important to make two points about the NIST Cloud Model

Answer 8

A customer or tenant can have greater security control over more resourcesas one moves from SaaSto PaaSand again from PaaSto the IaaSservice model

A customer or tenant can achieve greater security control over more resourceswhen moving from a Public cloud to a community cloud and again from a community cloud to a Private cloud

Question 9

IaaS Abstraction

Answer 9

IaaSdoes not typically expose actual hardware or networking layers to the tenant of the service

These underlying resources are abstracted for the consumer

Question 10

PaaS Abstraction

Answer 10

PaaSabstracts infrastructure to a greater extentand generally presents middleware containers that are tailored for categories of usage, such as development

These containers provide tools to simplify application development and limit application interactions with the underlying systems

Question 11

SaaS Abstraction

Answer 11

SaaSabstracts even further and generally exposes narrow-functionality software-based services such as Customer Relationship Management (CRM) or e-mail

Question 12

Security Control in Deployment Model

Answer 12

Similar to how different service models have an impact on the extent of control over security, the deployment model also impacts the degree of control over security

The degree of control that a tenant or customer has in a public cloud is minimal

The tenant organization has maximum control with a private cloud

The degree of control will vary for community and hybrid clouds

Question 13

Private vs Public Cloud

Answer 13

When considering how to secure public versus private cloud architectures, the security concerns are more different than common

Question 14

Community clouds can be viewed as special cases of private cloudswhere organizational control is delegated to a proxy

Answer 14

the principles in securing it vary greatly from those of a publiccloud hosted externally by a third party
• For example, a private cloud doesn’t have the data confidentiality and legality concerns that a public cloud might have

Question 15

Cloud Application Programming Interfaces (APIs)

Answer 15

Cloud Application Programming Interfaces (APIs)are mechanisms that abstract cloud implementation details and define an interface between a cloud service and other entities

Question 16

proprietary APIs

Answer 16

Where proprietary APIs are used, possible lock-in benefits the providerby making it difficult to switch service providers

Question 17

Open and standards-based APIs

Answer 17

Open and standards-based APIs can more readily lead to an ecosystem of services built up by customers across cloud providers

Question 18

Cross Platform-based APIs

Answer 18

Allow applications to use a single API regardless of the back-end cloud

Question 19

Cross Platform-based APIs

Answer 19

Allow applications to use a single API regardless of the back-end cloud

Question 20

Infrastructure-as-a-Service Examples

Answer 20

• Amazon’s Elastic Compute Cloud (EC2)
• Rackspace’s Cloud Offerings
• IBM’s BlueCloud

Question 21

Platform-as-a-Service Examples

Answer 21

• Google’s AppEngine

* Windows’AzureServices platform

Question 22

Public clouds can be formed by service providers wishing to build out a __and lease pieces of it to a variety of clients

Answer 22

high-capacity infrastructure

Question 23

In public cloud, data might..

Answer 23

become comingled on common storage devices

This makes identity, access control, and encryption very important

There is a certain amount of inherent trustby subscribers with their public cloud providers

Question 24

In its simplest definition, a public cloud exists ____ to its end user and is generally available with little restriction as to who may pay to use it

Answer 24

externally

Question 25

In contrast to a public cloud, a private cloud is ___hosted

Answer 25

internally

Although there is no comingling of data or sharing of resources with external entities, different departments within the organization may have strong requirements to maintain data isolationwithin their shared private cloud

Organizations deploying private clouds often do so utilizing virtualization technology within their own data centers

Question 26

Private Cloud Security

Answer 26

Some of the security concerns of a public cloud may not apply to private clouds

However, private does not necessarily mean more secure

In a private cloud, considerations such as securing the virtualization environment itself must still be addressed, whereas in a public cloud, you would rely on the provider to do so

Question 27

Advantage of private cloud

Answer 27

The true advantage of a private cloud is that the provider has interest in making the service interface match the tenant needs

Question 28

Community cloud

Answer 28

Community clouds allow multiple independent entities to gain the cost benefits of a shared nonpublic cloud whileavoiding security and regulatory concerns that might be associated with using a generic public cloud

This model has tremendous potential for entities that are subject to identical regulatory, compliance, or legal restrictions

Question 29

Hybrid Clouds

Answer 29

Hybrid clouds could be formed when an organization builds out a private cloud and wishes to leverage public or community clouds in conjunction with its private cloud for a particular purpose

Question 30

Hybrid Cloud Example

Answer 30

An example of a hybrid cloud could be a web portalwhere its core infrastructure is private to the company, but certain components are hosted externally - like streaming video or image caching

Certain requirements can prevent hybrid clouds from being fully adopted by an organization - like financial organization, who may not be able to meet compliance regulations if customer data is hosted at an external site

Question 31

Software-as-a-Service

Answer 31

SaaSdelivers software or, more generally, applications to its end user

The end user doesn’t usually need to understand or be concerned with the supporting infrastructure and simply utilizes an application

Question 32

Software-as-a-Service Examples

Answer 32

For instance, Salesforce.com provides a Customer Relationship Management (CRM) SaaS

Google’s GMAILor Yahoo Mail provide email services

Even former premise-based software-only solutions like Microsoft Share Pointare now available as SaaSonline, via a Web browser

Question 33

Platform-as-a-Service

Answer 33

PaaS providers usually

• deliver a bundling of software and infrastructure in the form of a programmable container
• provide a cloud for end users to host their own developed applications or services

With PaaS, the service is the entire application environment
- PaaS includes the computing platform as well as the development stack

In both cases, the end user receives an environment from the provider (a container) that is ready to host user-developed applications/services

Question 34

Platform-as-a-Service Examples

Answer 34

Google’s App Engine platform

Salesforce.com’sForce.complatform

Question 35

Infrastructure-as-a-Service

Answer 35

In general, IaaSdelivers virtualized resources, such as guest virtual machines (ready to load an operating system), storage, or database services

The tenant interacts with IaaSclouds as he would interact with an IT department to setup the IT infrastructure
–This is the virtual equivalent to physically deploying servers, storage, etc.

Typically, end users have the ability to manage their infrastructure at the operating system level, but outsource as-a-service the details of managing and maintaining the servers, switching, routing, firewalling, and connectivity concerns

Question 36

Infrastructure-as-a-Service Examples

Answer 36

Amazon’s Web Servicesor RackSpace’sCloud Servicesare prime examplesof IaaSproviders

Question 37

There are two most common and generally accepted ways of forming clouds

Answer 37

Virtualization Formed Clouds

Application/Service Formed Clouds

Question 38

Virtualization Formed Clouds

Answer 38

Clouds that are formed using virtualization technology such as from VMware, the open source community (Xen, Virtualbox), Citrix, and Microsoft

Question 39

Application/Service Formed Clouds

Answer 39

Clouds that are formed not necessarily using virtualization or virtual machines
–The applications or services they provide are written inherently to be cloud based
39

Question 40

Virtualization has several key attributes, which also happen to be key attributes of cloud computing

Answer 40

Sharing of Infrastructure - A single physical server can run multiple virtual servers, allowing for economies of scale

Scalability and Elasticity - If physical infrastructure is abstracted and made available as virtual resources, adding or releasing capacity can be performed quickly and in an automated manner

Resiliency and Redundancy - Because the applications/operating systems are not physically married to a physical server, they are by their very nature portable

Agility - Virtual servers can literally be created in a matter of seconds

Location Independence - A server that is virtualized doesn’t have to exist only within a single data center and can be copied or moved to other data centers very quickly

Question 41

The tradeoff to all of these virtualization benefits is the fact that with ___can come ___

Answer 41

more abstraction. greater complication

Question 42

hypervisor

Answer 42

The hypervisor, or Virtual Machine Manager, presents to the guest (virtual) operating systemsa virtual operating platform and manages the execution of the guest operating systems

Securing the hypervisor is one of the most actively investigated areas of cloud security

Question 43

DaaSor Desktop-as-a-Service

Answer 43

Virtualization can exist all the way to the desktop level

A user canuse a thin-client that basically provides input (keyboard/mouse) and output (monitor) to the cloud hosting the virtual desktop

Similar principlesfor securing clouds apply for desktop virtualization

Question 44

Using Applications/Services to Form Clouds

Answer 44

Applications can be developed to leverage the cloud by forming a cloud within their software architecture and not by simply running in a virtualized environment

In other words, an application can form a cloud by applying the same concepts of virtualization to its own internal software architecture
•sharing of infrastructure
•scalability and elasticity
•resiliency and redundancy

Question 45

There are several compelling scenarios in which using cloud-based virtual servers is advantageous

Answer 45

Testing and Quality Assurance

Web-based Application Hosting -Web applications suffer from peak demand issues

Outsourcing Needs

High-performance Computing

Small Organizations

Question 46

Virtualization Formed Private Clouds

Answer 46

High Availability/Business Continuity. As more applications and resources become virtualized, the virtualized environment itself needs to become highly available

Scale. As information technology continues to modernize business and becomes more and more an essential part of operations, the demand on the infrastructure increases