Week 5: Cloud Reference Architecture Flashcards

1
Q

Enabling technology vs capability

A

–There is a difference between enabling technologies (such as virtualization) and the capabilities or features that are required for a cloud
–A specific capability may be achieved by alternative technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cloud Essential Characteristics

A
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The cloud model won’t work for the consumer without ___ and without the ___

A

reliable network connectivity, right bandwidth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In security terms, reliability is a synonym of ___

A

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SPI Model

A

SaaS, PaaS, IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The three service models represent

A

The three service models represent three broad classes of capabilities that reside on top of physical cloud infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cloud Security Alliance has taken the following view

A

“IaaSis the foundation of all cloud services, with PaaSbuilding upon IaaS, and SaaSin turn building upon PaaS…. In this way, just as capabilities are inherited, so are information security issues and risk. It is important to note that commercial cloud providers may not neatly fit into the layered service models. Nevertheless, the reference model is important for relating real-world services to an architectural framework and understanding the resources and services requiring security analysis”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

It is important to make two points about the NIST Cloud Model

A

A customer or tenant can have greater security control over more resourcesas one moves from SaaSto PaaSand again from PaaSto the IaaSservice model

A customer or tenant can achieve greater security control over more resourceswhen moving from a Public cloud to a community cloud and again from a community cloud to a Private cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IaaS Abstraction

A

IaaSdoes not typically expose actual hardware or networking layers to the tenant of the service

These underlying resources are abstracted for the consumer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PaaS Abstraction

A

PaaSabstracts infrastructure to a greater extentand generally presents middleware containers that are tailored for categories of usage, such as development

These containers provide tools to simplify application development and limit application interactions with the underlying systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SaaS Abstraction

A

SaaSabstracts even further and generally exposes narrow-functionality software-based services such as Customer Relationship Management (CRM) or e-mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Control in Deployment Model

A

Similar to how different service models have an impact on the extent of control over security, the deployment model also impacts the degree of control over security

The degree of control that a tenant or customer has in a public cloud is minimal

The tenant organization has maximum control with a private cloud

The degree of control will vary for community and hybrid clouds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Private vs Public Cloud

A

When considering how to secure public versus private cloud architectures, the security concerns are more different than common

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Community clouds can be viewed as special cases of private cloudswhere organizational control is delegated to a proxy

A

the principles in securing it vary greatly from those of a publiccloud hosted externally by a third party
• For example, a private cloud doesn’t have the data confidentiality and legality concerns that a public cloud might have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cloud Application Programming Interfaces (APIs)

A

Cloud Application Programming Interfaces (APIs)are mechanisms that abstract cloud implementation details and define an interface between a cloud service and other entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

proprietary APIs

A

Where proprietary APIs are used, possible lock-in benefits the providerby making it difficult to switch service providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Open and standards-based APIs

A

Open and standards-based APIs can more readily lead to an ecosystem of services built up by customers across cloud providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cross Platform-based APIs

A

Allow applications to use a single API regardless of the back-end cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cross Platform-based APIs

A

Allow applications to use a single API regardless of the back-end cloud

20
Q

Infrastructure-as-a-Service Examples

A
  • Amazon’s Elastic Compute Cloud (EC2)
  • Rackspace’s Cloud Offerings
  • IBM’s BlueCloud
21
Q

Platform-as-a-Service Examples

A
  • Google’s AppEngine

* Windows’AzureServices platform

22
Q

Public clouds can be formed by service providers wishing to build out a __and lease pieces of it to a variety of clients

A

high-capacity infrastructure

23
Q

In public cloud, data might..

A

become comingled on common storage devices

This makes identity, access control, and encryption very important

There is a certain amount of inherent trustby subscribers with their public cloud providers

24
Q

In its simplest definition, a public cloud exists ____ to its end user and is generally available with little restriction as to who may pay to use it

A

externally

25
Q

In contrast to a public cloud, a private cloud is ___hosted

A

internally

Although there is no comingling of data or sharing of resources with external entities, different departments within the organization may have strong requirements to maintain data isolationwithin their shared private cloud

Organizations deploying private clouds often do so utilizing virtualization technology within their own data centers

26
Q

Private Cloud Security

A

Some of the security concerns of a public cloud may not apply to private clouds

However, private does not necessarily mean more secure

In a private cloud, considerations such as securing the virtualization environment itself must still be addressed, whereas in a public cloud, you would rely on the provider to do so

27
Q

Advantage of private cloud

A

The true advantage of a private cloud is that the provider has interest in making the service interface match the tenant needs

28
Q

Community cloud

A

Community clouds allow multiple independent entities to gain the cost benefits of a shared nonpublic cloud whileavoiding security and regulatory concerns that might be associated with using a generic public cloud

This model has tremendous potential for entities that are subject to identical regulatory, compliance, or legal restrictions

29
Q

Hybrid Clouds

A

Hybrid clouds could be formed when an organization builds out a private cloud and wishes to leverage public or community clouds in conjunction with its private cloud for a particular purpose

30
Q

Hybrid Cloud Example

A

An example of a hybrid cloud could be a web portalwhere its core infrastructure is private to the company, but certain components are hosted externally - like streaming video or image caching

Certain requirements can prevent hybrid clouds from being fully adopted by an organization - like financial organization, who may not be able to meet compliance regulations if customer data is hosted at an external site

31
Q

Software-as-a-Service

A

SaaSdelivers software or, more generally, applications to its end user

The end user doesn’t usually need to understand or be concerned with the supporting infrastructure and simply utilizes an application

32
Q

Software-as-a-Service Examples

A

For instance, Salesforce.com provides a Customer Relationship Management (CRM) SaaS

Google’s GMAILor Yahoo Mail provide email services

Even former premise-based software-only solutions like Microsoft Share Pointare now available as SaaSonline, via a Web browser

33
Q

Platform-as-a-Service

A

PaaS providers usually

  • deliver a bundling of software and infrastructure in the form of a programmable container
  • provide a cloud for end users to host their own developed applications or services

With PaaS, the service is the entire application environment
- PaaS includes the computing platform as well as the development stack

In both cases, the end user receives an environment from the provider (a container) that is ready to host user-developed applications/services

34
Q

Platform-as-a-Service Examples

A

Google’s App Engine platform

Salesforce.com’sForce.complatform

35
Q

Infrastructure-as-a-Service

A

In general, IaaSdelivers virtualized resources, such as guest virtual machines (ready to load an operating system), storage, or database services

The tenant interacts with IaaSclouds as he would interact with an IT department to setup the IT infrastructure
–This is the virtual equivalent to physically deploying servers, storage, etc.

Typically, end users have the ability to manage their infrastructure at the operating system level, but outsource as-a-service the details of managing and maintaining the servers, switching, routing, firewalling, and connectivity concerns

36
Q

Infrastructure-as-a-Service Examples

A

Amazon’s Web Servicesor RackSpace’sCloud Servicesare prime examplesof IaaSproviders

37
Q

There are two most common and generally accepted ways of forming clouds

A

Virtualization Formed Clouds

Application/Service Formed Clouds

38
Q

Virtualization Formed Clouds

A

Clouds that are formed using virtualization technology such as from VMware, the open source community (Xen, Virtualbox), Citrix, and Microsoft

39
Q

Application/Service Formed Clouds

A

Clouds that are formed not necessarily using virtualization or virtual machines
–The applications or services they provide are written inherently to be cloud based
39

40
Q

Virtualization has several key attributes, which also happen to be key attributes of cloud computing

A

Sharing of Infrastructure - A single physical server can run multiple virtual servers, allowing for economies of scale

Scalability and Elasticity - If physical infrastructure is abstracted and made available as virtual resources, adding or releasing capacity can be performed quickly and in an automated manner

Resiliency and Redundancy - Because the applications/operating systems are not physically married to a physical server, they are by their very nature portable

Agility - Virtual servers can literally be created in a matter of seconds

Location Independence - A server that is virtualized doesn’t have to exist only within a single data center and can be copied or moved to other data centers very quickly

41
Q

The tradeoff to all of these virtualization benefits is the fact that with ___can come ___

A

more abstraction. greater complication

42
Q

hypervisor

A

The hypervisor, or Virtual Machine Manager, presents to the guest (virtual) operating systemsa virtual operating platform and manages the execution of the guest operating systems

Securing the hypervisor is one of the most actively investigated areas of cloud security

43
Q

DaaSor Desktop-as-a-Service

A

Virtualization can exist all the way to the desktop level

A user canuse a thin-client that basically provides input (keyboard/mouse) and output (monitor) to the cloud hosting the virtual desktop

Similar principlesfor securing clouds apply for desktop virtualization

44
Q

Using Applications/Services to Form Clouds

A

Applications can be developed to leverage the cloud by forming a cloud within their software architecture and not by simply running in a virtualized environment

In other words, an application can form a cloud by applying the same concepts of virtualization to its own internal software architecture
•sharing of infrastructure
•scalability and elasticity
•resiliency and redundancy

45
Q

There are several compelling scenarios in which using cloud-based virtual servers is advantageous

A

Testing and Quality Assurance

Web-based Application Hosting -Web applications suffer from peak demand issues

Outsourcing Needs

High-performance Computing

Small Organizations

46
Q

Virtualization Formed Private Clouds

A

High Availability/Business Continuity. As more applications and resources become virtualized, the virtualized environment itself needs to become highly available

Scale. As information technology continues to modernize business and becomes more and more an essential part of operations, the demand on the infrastructure increases