A+ 220-1201 Core 1: Virtualization and Cloud Computing

4.1: Explain virtualization concepts including the purpose of virtual machines, desktop virtualizations, containers, hypervisors, and requirements. Additionally, 4.2, summarize cloud computing concepts like common cloud models and cloud characteristics.

What is virtualization?

Virtualization is a technology that enables the creation of virtual environments from a single physical machine.


OR

Virtualization is a host computer installed with a hypervisor to manage multiple guest OSs or VMs

Virtualization can be achieved through…

Virtual machines and containers

What’s the difference between traditional virtualization (VMs) and containers?

VMs require individual OS installations, which means greater resource consumption wheras containers share the host OS, reducing storage and processing needs.

While containers save resources, tehy introduce a shared OS vulnerability.

What is a hypervisor?

What are its types?

A hypervisor is virtualization software installed on hardware known as bare bones or bare metal.

A hypervisor distributes resources such as CPU, memory, and storage to VMs


Type 1 (bare metal) and type

What is a type 1 hypervisor?

A hypervisor (bare metal) that runs natively on hardware as the OS. Fast and more efficient

Ex: Hyper V, ESXi

What is a type 2 hypervisor?

A hypervisor that runs on top of an existing OS

Ex: VMWare, virtual box

What does each virtual machine need?

IT needs its own OS, updates, security patches, and hot fixes

Application Virtualization Model:

What is server-based application virtualization known as?

And what is it?

terminal services

Applications run on servers in a centralized location and are accessed through remote client protocols (Microsoft RDP or Citrix ICA) 

Application Virtualization Model: 

What is client-based application virtualization known as? 

And what is? 

Application streaming 

Applications are packaged and streamed to a user’s PC 

It operates in a sandbox environment isolated from the user’s OS 

Ex: Microsoft App-V, Netflix, Google Docs

What are two benefits of virtualization?

1. Enhanced security of on-premise and cloud servers

2. Reduced need for additional power, space, and cooling in server rooms and decreases physical architecture in IT operations

Virtualization is foundational to cloud-based server operations. 

How does virtualization support application virtualization?

Through terminal services or application streaming

What is containerization?

A type of virtualization applied by a host OS to provision isolated execution environments for applications


Unlike traditional virtual machines, containers share the same host OS kernel

Containerization is primarily used for…

.server environments rather than end-user systems 

What are key features of containerization?

Shares the host OS kernel across containers 

Provides unique user space for each container Wha

What are three benefits of containerization?

1. Resource efficiency

   1. Reduced storage and processing power requirements compared to VMs b/c containers share the same host OS kernel

2. Logical isolation

   1. Containers are isolated from each other by default unlike virtual network is used for communication intracontainers

3. Security advantages

   1. enforces resource segmentation and separation at the OS level

What are risks of containerization? 

1. Shared OS risk 

   1. If host OS is compromised, all contaienrs are exposed

2. Multi-Tenancy Risks

   1. multiple organizations’ data may reside on the same physical server

      1. → crash caused by one organization might impact others

      2. Poor security in one virtual environment might impact another

   2. Dependency on shared physical infrastructure

   3. overloaded physical server resources affecting performances

How can we mitigate risks when employing containerization? 

1. Security measures 

   1. configure, manage, and audit user access

   2. ensure virtual environments are patched and use antivirus

   3. implement access control measures

2. Performance Optimization

   1. Set up failover, redundancy, and elasticity

   2. Monitor network performance and physical server resource usage

   3. Distribute the load across multiple physical services

What does virtualization enable?

1. Hyperconverged infrastrucutre

   1. Integrated storage, networks, and servers

   2. Management from a single interface without hardware changes

2. Application virtualization

   1. allows running legacy applications on modern OS

   2. Enable cross platform software execution

3. VDI 

4. Sandboxing 

5. Cross Platform Virtualization

6. TRaining and lab environments

7. Emulation

What is VDI?

Virtual Desktop Infrastructure 

Centralized desktop management and enhanced security through non persistent environments

Provides full desktop OS to users from a centralized server 

Non-persistent desktops enhance security by restting user logoff or daily 

What is emulation?

Live translating or well simulating different hardware environments in real time.


Used for running software designed for different processors

How does emulation differ to virtualization?

Emulation is slower and mainly used when you’re running software meant for a different hardware whereas virtualization is high-speed, using actual hardware and limited to compatible processor types while running on a different OS.

Emulation is pretending it’s something else and translating instructions. Virtualization is bound by hardware processing requirements

What are the resource requirements for virtualization?

Four primary resource areas: CPU, memory, storage, and networking

What are the CPU resource requirements for virtualization?

1. Depending on the processor )Intel or AMD) you need virtualization technology

2. Enablement of virtualiation extensions in BIOS or UEFI for optimal performance

3. Second Level Address Translation (SLAT)

   1. improves virtual memory performance

   2. Intel - EPT or extended page table

   3. AMD - RVI or rapid virtualization indexing

4. Multi core processors, hyper threading, or multiple physical processors to improve virtualization experience

5. In terms of processor types, you want something that has a lot of RAM, so not x86 bit (32 bit), x64 and ARM processors would be good

What are the System memory (RAM) resource requirements for virtualization?

More RAM, the better for more support for VMS 

• Host OS memory requirements 

  • macOS

    • 8GB

  • Windows OS

    • 408 GB

What are the storage resource requirements for virtualization?

• We need a lot of disk space for OS and applications

• Storage needs

  • Windows - 20-50 GB

  • Linux - 4-8 GB

  • macOS - 20-40GB

What are the Networking resource requirements for virtualization?

Because VMs share the physical network interface of the host device, network performance depends on teh speed of the network interface card (NIC) 

• The speed of the NIC is divided bandwidth with multiple VMs 

• 1 Gbps or 10 Gbps NIC is better throughput for multiple VMS 
  

• NIC Teaming

  • Combines multiple NICs for higher bandwidth (two 1 Gbps, NICs = 2Gbps total)

Virtual Machine Attacks: 

1. Virtual Machine Escapes 

2. Virtual Machine Hopping

3. Sandbox Escapes 

What does “Virtual Machine Escapes” refer to?

An attack where a threat actor escapes an isolated VM to access the underlying hypervisor

Exploits vuln in hypervisor code to gain control of physical resources

More common in Type 2 hypervisors due to reliance on host OS

Prevention:

• Keep guest OS, host OS, and hypervisor patched and updated

• use secure configurations for hypervisor and virtual machines

What does “Virtual Machine Hopping” refer to?

An attack where a threat actor moves from one VM to another on the same host

Exploits hypervisor vulns or misconfigs to bypass isolation

Focus is moving between VMs, not accessing hypervisor or host OS

Prevention:

• Update and patch hypervisor

• Follow best practices for securely configuring guest OS and hypervisor

What does “Sandbox Escapes” refer to?

Attack where a threat actor circumvents sandbox protections to access privileged systems

Prevention:

• Keep software and OS updated

• Use strong endpoint protection solutions

• Limit browser extensions and add-ons

What is a VM Sprawl? 

What are some risks? 

How can we prevent them?

A VM Sprawl is an uncontrolled deployment of VMs without proper management 

Risks: 
- lack of security updates and anti-malware on rogue VMs 
- increased vulnerability to attacks, including VM escapes or hopping 

Prevention: 
- enforce change control processes 
- regularly audit and manage VM deployments 

How do live migrations and data remnants pose a security risk?

Live migrations occur when VMs can be moved between hosts over a network.

- The concern here is data exposure during an unencrypted migration and potential integrity compromise via on-path attacks 

- We can prevent this by encrypting VM images before migration and ensuring mgiration occurs over trusted and secure networks 


Data remnants occur when residual data is left after VMs are deprovisioned. 

This opens up risk to unauthorized access to sensitive data and you can prevent this by encrypting VM storage locations and destroying encryption keys when decommissioning VMs. 

Define cloud computing

the practice of using a network of remote servers hosted on the internet

What does virtual desktop infrastructure or VDI enable?

allows user to host the desktop workstation in the cloud and access it using a web browser

Characteristics of cloud computing

1. Shared vs Dedicated Resources

2. Metered Utilization

3. Elasticity

4. Availability

5. FIle Synchronization

6. Multitenancy

Explain the differences between shared resources and dedicated resources

Shared resources

• Multiple customers use the same physical infrastructure, such as servers or storage

• Resources are isolated using virtualization
  
  Dedicated resources

• Reserved exclusively for one customer

• better performance, security and customization

Define metered utilization

Operates on a pay as you go model 

• Costs based on actual usage

When it comes to metered utilization, explain the difference between ingress and egress

Ingress refers to data entering the cloud, typically for free while egress refers to data leaving the cloud, which incurs charges

How can we reduce egress costs when it comes to metered utilization?

Optimize file transfers and compress data

Use content delivery networks (CDNs)

Monitor data transfer patterns and review pricing models

In terns of cloud computing, what does elasticity refers to? 

How does it benefit the company?

Elasticity refers to resources being able to scale up or down dynamically based on demand. 

It reduces costs by eliminating the need to purchase hardware for peak loads 

What does availability refer to when it comes to cloud computing?

How can we ensure availability?

Availability ensures access to data and applications at any time


Ensure availability via redundancy via data replication across servers and data centers and geographic distribution (maintain operations during regional outages)

When it comes to availability, what do service level agreements (SLAs) refer to?

Guranteed uptime translating to minimal downtime annually

Define file synchronization and list the pros and cons

File synchronization refers to updating files across multiple devices in real time. 

Pros: facilitates team collaboration with real time access to shared documents 

Cons or considerations: can consume significant bandwidth and relies on steady internet connectivity 

Define multitenancy. What are some of its pros?

Multiple customers share the same physical infrastructure while maintaining isolated environments

Improves cost efficiency by maximizing resource utilization

What are security measures of multitenancy?

Resource quotas, monitoring, and strict isolation to prevent interference between tenants

List the four types of cloud deployment models

1. Public cloud 

2. Private cloud

3. Hybrid cloud

4. Community cloud

Describe the public cloud model.

List examples, pros, and cons

WIthin a public cloud model, resources are provided by service providers over the internet. Best for organizations prioritizing cost-efficiency and scalability

Ex: Google Drive, AWS, Azure

Pro:

• Cost effective and quick to deploy

• best for cost savings and general accessibility

Cons:

• Security considered less robust compared to other models

Describe a private cloud model

List examples, pros, and cons

Within a private cloud model, resources are exclusive to a single organization because it’s designed, implemented and operated internally

Example: US Government’s GovCLoud

Pros: offers higher security and control. Ideal for organizations prioritizing security 

Con: expensive to build and maintain

Describe a hybrid cloud model

A hybrid cloud model combines public and private cloud features. Sensitive data is stored in the private cloud for enhanced security while public cloud is used for less critical tasks. 

It requires strict rules for data segregation and security 

Balancing sensitive data protection with cost effectiveness 

Describe a community cloud model

In a community cloud model, resources are shared among multiple organizations with common needs. Common in industries with shared goals like research or education

Pros: reduced costs by pooling resources

Cons: security challenges b/c of differing controls among organizations and risks of inheriting security vulnerabilities from other connected organizations

What are the three cloud service models? 

1. Software as a service (SaaS) 

2. Platform as a service (PaaS)

3. Infrastructure as a service (IaaS)

Describe SaaS and its benefits

SaaS is a solution provided by the service provider. The service provider takes care of hardware (networking, storage, servers, virtualization) and software (SO, middleware, runtime, data processing, and applications) stuff. Best for orgs requiring ready-to-use applications

Ex: Microsoft Office 365, Google Workspace, TurboTax)

Pros:
- fully managed by the provider, accessible via a web browser

- includes manage software applications)

Describe PaaS and its benefits

PaaS has hardware, networking, storage, OS, middleware, and runtime provided by the provider. Suited for developers created customized applications

Whereas the users are responsible for creating application code and managing data processing

Ex: AWS Development platforms

Benefits: Includes shared resources, elasticity, high availability, and file synchronization

- Includes middlware and runtime environments (databases and webservers)

Describe IaaS and benefits

The provider provides IT resources such as servers, load balancers, storage, and virtualization. Best for organizations requiring control over OS and applications on virtualized hardware 

Users manage OS, middleware, runtime, and applications 

Ex: AWS EC2 for custom server setups 

Benefits: dynamic allocation of resources, reduced long-term hardware commitments 

- focused on hardware and virtualization layer
- includes hardware resources with or without a basic OS 

What is a VDI?

Describe it

Virtual Desktop Infrastructure

IT’s a virtualization technology that hosts desktop operating systems on a centralized server or server farm. It separates the personal computing environment from the user’s physical computer. The environment is accessible from various devices (client, web browser) and the processing occurs on the remteo server, note the local device

Local devices are just a connection point. Minimal local processing is required

Benefits of VDI

• Device flexibility

  • works across various devices without hardware dependency

• Centralized management

  • simplified patching, updates, and maintenance

• Cost efficiency

  • redueces need for on-prem IT infrastrucutre

  • managed by third part providers

Cons of VDI

1. Depdency on network connectivity

2. limited local processing (reliant on remote servers)

3. outage risk

List the models of VDI implementation

1. Centralized model

2. Hosted Model (DaaS - Desktop as a service)

3. Remote Virtual Desktop Model

Describe the centralized model for VDI implementation

Desktop instances are hosted on a single server or server farm

Describe the hosted model for VDI implementation

Maintained by a service provider and delivered as a service

Ex:

• Amazon Workspaces

• VMWare Horizon

• Citrix Zen Desktop

Describe the virtual desktop model for VDI Implementation

Desktop images are copied to a local machine for offline use

- Reduces bandwidth requirements and dependency on constant network connectivity

What are cloud storage services?

Onlien platforms that provide users with remote storage space to save, access, and manage files over the internet

What are cloud storage applications? 

What are some examples and features of them?

They are platforms that offer cloud-based storage space for files, accessible via web browsers, computer applications, or mobile devices 

Ex: dropbox, google drive, one drive 

Features: Acessibel from various devices and free/paid plains

Define content deliver networks (CDNs)

What is the purpose of a content delivery network?

When would we use a CDN?

CDNs are networks of distributed servers that store copies of files to deliver content to users from the nearest server location.

CDNs reduce latency by minimizing the physical distance between the user and the server, enhancing download and streaming speeds.

You would use a CDN for media streaming platforms and file-sharing services to ensure seamless user experience