Week 5: Cloud Reference Architecture Flashcards

1
Q

Enabling technology vs capability

A

–There is a difference between enabling technologies (such as virtualization) and the capabilities or features that are required for a cloud
–A specific capability may be achieved by alternative technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cloud Essential Characteristics

A
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The cloud model won’t work for the consumer without ___ and without the ___

A

reliable network connectivity, right bandwidth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In security terms, reliability is a synonym of ___

A

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SPI Model

A

SaaS, PaaS, IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The three service models represent

A

The three service models represent three broad classes of capabilities that reside on top of physical cloud infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cloud Security Alliance has taken the following view

A

“IaaSis the foundation of all cloud services, with PaaSbuilding upon IaaS, and SaaSin turn building upon PaaS…. In this way, just as capabilities are inherited, so are information security issues and risk. It is important to note that commercial cloud providers may not neatly fit into the layered service models. Nevertheless, the reference model is important for relating real-world services to an architectural framework and understanding the resources and services requiring security analysis”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

It is important to make two points about the NIST Cloud Model

A

A customer or tenant can have greater security control over more resourcesas one moves from SaaSto PaaSand again from PaaSto the IaaSservice model

A customer or tenant can achieve greater security control over more resourceswhen moving from a Public cloud to a community cloud and again from a community cloud to a Private cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IaaS Abstraction

A

IaaSdoes not typically expose actual hardware or networking layers to the tenant of the service

These underlying resources are abstracted for the consumer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PaaS Abstraction

A

PaaSabstracts infrastructure to a greater extentand generally presents middleware containers that are tailored for categories of usage, such as development

These containers provide tools to simplify application development and limit application interactions with the underlying systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SaaS Abstraction

A

SaaSabstracts even further and generally exposes narrow-functionality software-based services such as Customer Relationship Management (CRM) or e-mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Control in Deployment Model

A

Similar to how different service models have an impact on the extent of control over security, the deployment model also impacts the degree of control over security

The degree of control that a tenant or customer has in a public cloud is minimal

The tenant organization has maximum control with a private cloud

The degree of control will vary for community and hybrid clouds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Private vs Public Cloud

A

When considering how to secure public versus private cloud architectures, the security concerns are more different than common

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Community clouds can be viewed as special cases of private cloudswhere organizational control is delegated to a proxy

A

the principles in securing it vary greatly from those of a publiccloud hosted externally by a third party
• For example, a private cloud doesn’t have the data confidentiality and legality concerns that a public cloud might have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cloud Application Programming Interfaces (APIs)

A

Cloud Application Programming Interfaces (APIs)are mechanisms that abstract cloud implementation details and define an interface between a cloud service and other entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

proprietary APIs

A

Where proprietary APIs are used, possible lock-in benefits the providerby making it difficult to switch service providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Open and standards-based APIs

A

Open and standards-based APIs can more readily lead to an ecosystem of services built up by customers across cloud providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cross Platform-based APIs

A

Allow applications to use a single API regardless of the back-end cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cross Platform-based APIs

A

Allow applications to use a single API regardless of the back-end cloud

20
Q

Infrastructure-as-a-Service Examples

A
  • Amazon’s Elastic Compute Cloud (EC2)
  • Rackspace’s Cloud Offerings
  • IBM’s BlueCloud
21
Q

Platform-as-a-Service Examples

A
  • Google’s AppEngine

* Windows’AzureServices platform

22
Q

Public clouds can be formed by service providers wishing to build out a __and lease pieces of it to a variety of clients

A

high-capacity infrastructure

23
Q

In public cloud, data might..

A

become comingled on common storage devices

This makes identity, access control, and encryption very important

There is a certain amount of inherent trustby subscribers with their public cloud providers

24
Q

In its simplest definition, a public cloud exists ____ to its end user and is generally available with little restriction as to who may pay to use it

A

externally

25
In contrast to a public cloud, a private cloud is ___hosted
internally Although there is no comingling of data or sharing of resources with external entities, different departments within the organization may have strong requirements to maintain data isolationwithin their shared private cloud Organizations deploying private clouds often do so utilizing virtualization technology within their own data centers
26
Private Cloud Security
Some of the security concerns of a public cloud may not apply to private clouds However, private does not necessarily mean more secure In a private cloud, considerations such as securing the virtualization environment itself must still be addressed, whereas in a public cloud, you would rely on the provider to do so
27
Advantage of private cloud
The true advantage of a private cloud is that the provider has interest in making the service interface match the tenant needs
28
Community cloud
Community clouds allow multiple independent entities to gain the cost benefits of a shared nonpublic cloud whileavoiding security and regulatory concerns that might be associated with using a generic public cloud This model has tremendous potential for entities that are subject to identical regulatory, compliance, or legal restrictions
29
Hybrid Clouds
Hybrid clouds could be formed when an organization builds out a private cloud and wishes to leverage public or community clouds in conjunction with its private cloud for a particular purpose
30
Hybrid Cloud Example
An example of a hybrid cloud could be a web portalwhere its core infrastructure is private to the company, but certain components are hosted externally - like streaming video or image caching Certain requirements can prevent hybrid clouds from being fully adopted by an organization - like financial organization, who may not be able to meet compliance regulations if customer data is hosted at an external site
31
Software-as-a-Service
SaaSdelivers software or, more generally, applications to its end user The end user doesn’t usually need to understand or be concerned with the supporting infrastructure and simply utilizes an application
32
Software-as-a-Service Examples
For instance, Salesforce.com provides a Customer Relationship Management (CRM) SaaS Google’s GMAILor Yahoo Mail provide email services Even former premise-based software-only solutions like Microsoft Share Pointare now available as SaaSonline, via a Web browser
33
Platform-as-a-Service
PaaS providers usually - deliver a bundling of software and infrastructure in the form of a programmable container - provide a cloud for end users to host their own developed applications or services With PaaS, the service is the entire application environment - PaaS includes the computing platform as well as the development stack In both cases, the end user receives an environment from the provider (a container) that is ready to host user-developed applications/services
34
Platform-as-a-Service Examples
Google’s App Engine platform Salesforce.com’sForce.complatform
35
Infrastructure-as-a-Service
In general, IaaSdelivers virtualized resources, such as guest virtual machines (ready to load an operating system), storage, or database services The tenant interacts with IaaSclouds as he would interact with an IT department to setup the IT infrastructure –This is the virtual equivalent to physically deploying servers, storage, etc. Typically, end users have the ability to manage their infrastructure at the operating system level, but outsource as-a-service the details of managing and maintaining the servers, switching, routing, firewalling, and connectivity concerns
36
Infrastructure-as-a-Service Examples
Amazon’s Web Servicesor RackSpace’sCloud Servicesare prime examplesof IaaSproviders
37
There are two most common and generally accepted ways of forming clouds
Virtualization Formed Clouds | Application/Service Formed Clouds
38
Virtualization Formed Clouds
Clouds that are formed using virtualization technology such as from VMware, the open source community (Xen, Virtualbox), Citrix, and Microsoft
39
Application/Service Formed Clouds
Clouds that are formed not necessarily using virtualization or virtual machines –The applications or services they provide are written inherently to be cloud based 39
40
Virtualization has several key attributes, which also happen to be key attributes of cloud computing
Sharing of Infrastructure - A single physical server can run multiple virtual servers, allowing for economies of scale Scalability and Elasticity - If physical infrastructure is abstracted and made available as virtual resources, adding or releasing capacity can be performed quickly and in an automated manner Resiliency and Redundancy - Because the applications/operating systems are not physically married to a physical server, they are by their very nature portable Agility - Virtual servers can literally be created in a matter of seconds Location Independence - A server that is virtualized doesn’t have to exist only within a single data center and can be copied or moved to other data centers very quickly
41
The tradeoff to all of these virtualization benefits is the fact that with ___can come ___
more abstraction. greater complication
42
hypervisor
The hypervisor, or Virtual Machine Manager, presents to the guest (virtual) operating systemsa virtual operating platform and manages the execution of the guest operating systems Securing the hypervisor is one of the most actively investigated areas of cloud security
43
DaaSor Desktop-as-a-Service
Virtualization can exist all the way to the desktop level A user canuse a thin-client that basically provides input (keyboard/mouse) and output (monitor) to the cloud hosting the virtual desktop Similar principlesfor securing clouds apply for desktop virtualization
44
Using Applications/Services to Form Clouds
Applications can be developed to leverage the cloud by forming a cloud within their software architecture and not by simply running in a virtualized environment In other words, an application can form a cloud by applying the same concepts of virtualization to its own internal software architecture •sharing of infrastructure •scalability and elasticity •resiliency and redundancy
45
There are several compelling scenarios in which using cloud-based virtual servers is advantageous
Testing and Quality Assurance Web-based Application Hosting -Web applications suffer from peak demand issues Outsourcing Needs High-performance Computing Small Organizations
46
Virtualization Formed Private Clouds
High Availability/Business Continuity. As more applications and resources become virtualized, the virtualized environment itself needs to become highly available Scale. As information technology continues to modernize business and becomes more and more an essential part of operations, the demand on the infrastructure increases