Quiz 3

Operating Systems

Software that manages computer hardware and provides services for computer programs.

Hardware

Physical components of a computer system that can be seen and touched.

Virtualization Architectures

Creating a virtual layer using software to mimic hardware for running applications.

Cloud Computing Architecture

Utilizes operating systems, hardware, and virtualization to enable services over the internet.

Virtual Machine

Software-based emulation of a physical computer that runs applications independently.

Operating System Architecture

The structure of an operating system that sits between computer and network hardware and users, providing an interface for application software to utilize hardware capabilities.

Architecture Dependent Code

Code within an operating system that connects software to underlying hardware, allowing direct interaction with the hardware and requiring adjustments when transitioning between different hardware architectures.

Dynamic Link Libraries

Modules within an operating system necessary to leverage hardware capabilities and support applications, providing reusable components for multiple applications.

Kernel Interface

The component of an operating system that connects user space (applications, window manager, libraries) to the kernel, enabling access to hardware capabilities.

Privilege Levels

Different levels of privilege within an operating system, with the kernel having the highest privilege, followed by drivers, the operating system shell, and users, to ensure system security and prevent harmful actions.

Process

The basic unit of work in an operating system, representing a running program with all necessary resources, which can spawn threads to execute tasks in parallel.

Thread

A subunit of a process that can be executed independently in parallel, with a multi-threaded process capable of spawning multiple simultaneous threads to improve performance.

Intel 64 bit architecture

The dominant architecture in personal computers and low-end servers, widely used in cloud computing for large-scale infrastructures.

CPU

Central Processing Unit, the core component of a computer system that executes instructions.

Input Output Controller

Connects the CPU to peripherals like hard drive controllers and graphic interface cards.

System Memory

Memory connected to the CPU for storing data and instructions.

Cache

Storage within the CPU for data and instructions to be used next, with different levels for efficiency.

Multi-core CPU

CPUs with multiple cores that allow for parallel processing of tasks.

Execution Units

Components within the CPU that run threads created by processes.

Threads

Individual sequences of instructions that can be executed independently, allowing for parallel processing.

Process

A unit of work in the operating system, created when launching an application and executed on the CPU architecture.

Operating System

Software that manages computer hardware and software resources, including running processes on the CPU.

Virtualization

Simulating hardware using software to create virtualized versions of CPU, memory, storage, and networking.

Virtual Machine

A virtual computer running on top of virtualized hardware, allowing the installation of an operating system and running applications.

Virtualization Software

Specialized software that creates virtualized hardware on top of physical hardware, enabling the creation of virtual machines.

Cloud Computing

Utilizing virtualization as a fundamental capability to build cloud services, where virtual machines run applications on virtualized hardware.

Hardware Layer

The physical components of a computer system, including CPU, memory, storage, and networking capabilities.

Operating System Layer

Software that manages hardware resources and provides services for applications to run on top of the hardware layer.

Application Software

Programs designed to perform specific tasks or functions on a computer system, running on top of the operating system layer.

Shared Storage

Storage resources accessible by multiple virtual machines, typically connected to a storage array or storage area network.

Maximum Capability

The limit of virtualized hardware capabilities imposed by the underlying physical hardware, minus the overhead required by the virtualization software.

Architecture

The structure of virtual machines, consisting of hardware, operating system, and applications, with the same layout across different virtual machines.

Virtualization Efficiency

Virtualization allows for more efficient use of hardware by creating virtual machines that match specific needs, avoiding overprovisioning.

Dynamic Resource Allocation

Virtualization enables the dynamic allocation of resources to virtual machines based on workload demands, optimizing performance.

Encapsulation

Virtual machines can be encapsulated into single files, including hardware, OS, and applications, making them portable and easy to duplicate or move between physical servers.

High Portability

The encapsulation of virtual machines makes them highly portable, allowing for quick migration between physical servers and balancing workloads efficiently.

Business Benefits

Virtualization provides operational efficiency, the ability to run multiple OSs, and the flexibility to clone or move virtual machines, enhancing data center management and resilience.

Full Virtualization

A type of virtualization where each instance of an operating system and its applications runs on a separate virtual machine on top of virtualized hardware.

Hypervisor

The Virtual Machine Manager that serves as the interface between virtualized hardware and the underlying physical hardware, managing guest operating systems on a host.

Bare Metal Virtualization

A type of virtualization where a hypervisor runs directly on the hardware without the need for an underlying operating system, commonly used in cloud computing.

Hypervisor Baseline Functions

Core capabilities defined by the National Institute of Standards and Technology for hypervisors, including execution isolation for virtual machines and device emulation.

Privileged Operations

Operations within an operating system that require a high level of privilege, such as kernel mode, which must be managed securely by the hypervisor.

Resource Allocation

The ability of the hypervisor to allocate resources among virtual machines, adjusting resource distribution based on the needs of each virtual machine.

Virtual Network Interfaces

Interfaces created by the hypervisor to connect virtual machines to an underlying network, allowing virtual machines to communicate with each other if needed.

Hypervisor

Software that enables the creation and management of virtual machines on physical hardware.

Virtual Machine

A software-based emulation of a physical computer that operates and executes programs like a physical machine.

Virtual Infrastructure

The virtualized layer created by connecting hypervisors across multiple physical machines to optimize hardware utilization.

Mesh Network

A high-speed network where multiple devices or nodes are interconnected, allowing for efficient communication and data transfer.

Abstraction

The process of hiding complex underlying details and presenting only the necessary information to users or applications.

Data Center

A facility that houses computer systems and associated components, such as storage and networking systems, for managing and storing data.

Cloud Computing

The delivery of computing services, including servers, storage, databases, networking, software, and analytics, over the internet to offer faster innovation, flexible resources, and economies of scale.

Virtualization Security Challenges

When virtualizing systems, it introduces security challenges due to shared virtualization layers, potentially allowing processes to escape virtual machines and compromise the underlying hypervisor.

Isolation of Virtual Machines

Virtual machines are logically isolated from each other, but sharing a common virtualization layer can lead to security risks if a process breaches the isolation and gains access to other virtual machines.

Sandboxing

Sandboxing involves isolating guest operating systems to prevent unauthorized access to resources, injecting malware, or causing denial of service attacks between virtual machines.

Monitoring Guest Operating Systems

Hypervisors must constantly monitor guest operating systems to detect and control malicious activities, ensuring security within the virtualized environment.

Network Security

Implementing security policies, firewalling, identity and access management, and access restrictions within virtual machines to secure network traffic going in and out of the guest operating system.

Hardware Assisted Virtualization

Running a hypervisor on an underlying CPU architecture that supports virtualization in hardware, providing better memory management controls to prevent attacks like buffer overflow attacks.

Device Driver Signing

Enforcing quality checks or signing for device drivers added to virtual machines or the hypervisor to prevent unstable drivers from potentially crashing the system.

Privileged Accounts Management

Limiting the number of users with admin or root level privileges on the hypervisor, integrating high privileged accounts with identity and access management systems, and enforcing privilege escalation controls.

Remote Access Security

Limiting remote access to the hypervisor to prevent potential attack vectors, tightly controlling backup accounts with remote access capabilities, and ensuring remote access is not part of day-to-day operations.

Patch Management

Implementing a good patch management system to keep the hypervisor up to date with the latest security updates.

Default Deny Principle

Applying the principle of default deny within the hypervisor's firewall by explicitly defining allowed ports and protocols while denying everything else to enhance security.

Logging and Monitoring

Logging all activities within the hypervisor for forensic analysis, establishing a secure channel to transfer log information to an external storage system, and monitoring for anomaly detection in real-time.

Management Network Segmentation

Utilizing a separate management network for managing devices, ensuring the hypervisor management interface is on the management network to enforce traffic controls and limit access to authorized systems.

Virtualization

The process of creating a virtual version of something, such as virtual machines, by abstracting hardware capabilities.

Enabler of Cloud Computing

Virtualization is considered an enabler of cloud computing as it allows for the creation of large pools of hardware resources.

Pooled Infrastructure

The goal of virtualization in cloud computing is to create a pooled infrastructure, including CPU, memory, storage, and network capabilities.

Building Block for Cloud Environment

Virtualization serves as a fundamental building block for most cloud environments by abstracting hardware resources.

Rapid Scaling

Virtualization provides the ability to rapidly scale resources, a crucial capability needed in cloud computing environments.

Allocation by Cloud Layer

While virtualization creates the pool of resources, it is the cloud layer that determines how these resources are allocated, delivered, and presented to consumers.