Cloud Computing Concepts

What is Saas, IaaS, and Paas? Explain what each one does.

All three are types of cloud computing services

Saas - Software as a Service

• software that is delivered over the internet and acessed via a web browser — no installation needed on your local computer

• runs on the providers cloud servers, not locally

• provider hosts all the hardware, software, security, and maintenance

• examples: Google workspace (Docs, Gmail), Microsoft 365, Dropbox, Zoom, Salesforce

• note: even though some apps like outlook can be installed locally it’s still considered to be on the cloud since it’s licensing and update, data syncs, are all managed over the could and need internet connection

PaaS - Platform as a Service

• a cloud platform that gives developers tools to build, test, and deploy apps without managing the underlying infrastructure. A virtual environment to develop and test applications without the cost or administration of a physical platform. Cloud based virtual desktop environments is part of this and can also be part of IaaS.

• runs on the cloud but is accessed remotely through a browser, remote desktop connection, or command line tools

• the provider manages the servers, storage, networking, and development tools

• examples: Google App Engine, Microsoft Azure App Services, Amazon Web Services Elastic Beanstalk

IaaS - Infrastructure as a Service

• cloud based virtualized resources—like servers, networking and storage—rented on demand. Provides infrastructure hardware components that are normally present in a traditional on-premises data center. Access hardware only when you need it.

• runs in the cloud but customer installs and manages their own software (OS, apps)

• provider hosts the physical server and data centers but customer controls the OS and applications

• examples: Amazon Web Services (EC2), Microsoft Azure, Google cloud Platform, Digital Ocean

What are the four types of clouds?

Public cloud:

• offers applications and storage space to the general public over the internet. Can be free web-based email services and pay-as-you-go business class services.

• very low cost

• Public cloud space providers: Google, Microsoft, Rackspace, and Amazon

Private:

• Designed with the needs of an individual organization in min. Security administrator has more control over the data and infrastructure. Resources are located behind a firewall.

Hybrid:

• somewhere between public and private. Both dedicated servers located within the organization and cloud servers from a third party form the collective network. More confidential data is kept in-house

Community:

• also a mix between private and public but multiple organizations can share the public portion.

What is the difference between measured services and metered utilization?

Measured services means the provider monitors the services rendered (such as cloud services) in order to properly bill the customer and make sure the customer’s use of services is being handled in the most efficient way

Measured services often works in conjunction with metered utilization, which is when an organization has access to virtually unlimited resources and pays only for the resources that are used.

What is rapid elasticity?

the ability to build or extend a cloud-based network quickly and efficiently

What is high availability (HA)?

For any on-demand services this means the cloud should be available in real time and whenever you need it (24/7); it should always be on

What is file synchronization in the context of the cloud?

File synchronization is of paramount importance when dealing with the cloud it could mean something basic such as email or basic document synchronization with SaaS or something a little more in depth such as database synchronization, or even synchronization of entire virtual desktops across the cloud with PaaS

note: synchronization should be monitored and tested periodically to make sure it’s working as expected

What is virtual desktop infrastructure (VDI)?

Virtual desktop infrastructure allows for multiple virtual desktops for multiple users to be hosted by a service (either the cloud or on-premises)

What is a hypervisor?

A hypervisor is software (sometimes firmware) that lets you create and run virtual machines (VMs) on a single physical computer. It manages and isolates multiple operating systems running on the same physical machine

• functions as a virtual traffic controller, managing multiple “computers” (virtual machines) running on one real machine

• divides physical system resources (CPU, RAM, disks) among virtual machines

• isolates the VMs OS from others

• manages starting, stopping, and saving the state of the VMs

What are the differences between virtualization and emulation?

Virtualization:

• runs multiple real systems on the same hardware

Emulation:

• imitates a system’s hardware/software on different hardware (not the actual hardware it’s supposed to run on).

• an example would be x86 or x64 simulating ARM

• much slower (more overhead)

What are the two types of hypervisors?

Type 1 (bare-metal or native): runs directly on the physical hardware, no regular operating system like Windows underneath. The hypervisor is the first thing that boots up when you turn on the machine. It controls the hardware directly, such as CPU, memory, storage, network, and creates and manages virtual machines

• faster and more efficient (no OS layer)

• more secure because of fewer parts = fewer vulnerabilities

• requires a proper server and costlier

Type 2 (hosted): runs on top of an existing OS (like Windows, macOS, or Linux). You need an OS and then will open the app that runs virtual machines inside your OS (some examples of apps are virtualbox, Hyper-V, or VMware workstation)

• easy to install

• slower than type 1

• less secure

What are the types of hypervisors used in Microsoft?

Microsoft Hyper-V is a type 2 hypervisor which can be installed on a typical windows client computer.

Another type 2 hypervisor is VMware Workstation

Oracle VirtualBox is also another well knows type 2 hypervisor

In order for it to work it needs the following

• virtualization needs to be enabled in the BIO/UEFI

• Hyper-V needs to be turned on in Windows Features by going to

  • control panel/all control panel items/programs and features/ then clicking the turn windows features on or off. Then you need to restart your computer

• typing systeminfo in the command prompt will tell you the requirements for HyperV

• In Hyper-V you will need to create a virtual hard drive and install an OS in .iso format

• In Hyper-V the virtual hardware for the VM can be configured in the settings section, and the network connections can be configured in the virtual switch manager.

What file type does Hyper-V and VMware use?

Hyper-V uses .vhdx extension. Not compatible with VMware.

while VMware uses the .vmdk file extension. Not compatible with Hyper-V.

Oracle VirtualBox uses the .vdi file extension but can also use the .vmdk for compatibility with VMware.

should you use more than 50% of the actual host’s cpu when creating a virtual machine?

no otherwise it will cause the VM and host to compete for the cpu

how many GB’s of Ram does a VM commonly require?

2GBs of RAM but more is suggested

When creating a VM there are generally three or four options for network connections, what are they and what does each mean?

Bridged Networking: a type of network configuration where a VM or a device is connected directly to the physical network as if it were a physical device itself.

• acts like a separate physical device on the same network as the host

• VM or virtual interface gets its own IP address from the physical network (usually via DHCP)

• shares same network as host, not isolated or behind NAT, other devices on that network will be able to communicate with it and vice versa

• not very safe, can be exposed to the LAN or internet

Network address translation (NAT): a type of network configuration where the VM (guest) has access to the external network but has a separate IP address on a private network, on a different subnet. The VM shares the host’s access to the external network like the internet, through IP translation. To the outside world, traffic appears to come from the host’s IP.

• host machine: 192.168.1.100

• VM (NAT): 10.0.2.15

• When the VM sends traffic to the internet, the hypervisor translates the source IP to the host’s IP (e.g., 192.168.1.100) — this is NAT

• cons: devices on the same LAN cannot communicate, therefore can’t be used as a server unless you use port forwarding

Host-only networking: Creates a private network between the host machine and VM, no other devices on the physical LAN or internet can access the VM, the VM also can’t access the internet unless advanced routing or bridging is set up. Only the host machine and other VMs on the same host-only network can communicate with it

• Step 1: create host-only network

• host PC gets a virtual IP address on host-only network adapter (not main LAN IP)

• VM gets its own private IP address from that same virtual network adapter

• these addresses are on a separate subnet from main LAN

No networking: The VM has no network connection at all. No virtual network adapter, no IP address, means it cannot communicate with the host machine, other VMs, LAN, and the internet. Used for secure/isolation purposes mostly.

Will a VM run okay with one virtual processor (a single core)?

Yes, but multiple cores are often recommended.

If there is a connection from the VM to the hosting OS, and the VM has a vulnerability that is exploited, can the exploit carry over to the host?

Yes, any network connection such as mapped network drive, browsing connection and so on can be a security concern. Which is why you might need to monitor and disable any unused or unnecessary network connections between VM’s and between VMs and the host.

Can you select the type of virtual storage drive connection for a VM?

Yes, you can choose between SCSI, SATA, and IDE.

What is it called when a VM is configured to use all of the space that was assigned to a virtual drive? What is it called when it’s configured to use only what it needs?

Static configuration

Dynamic configuration

What can you do to avoid issues that arise from using multiple different type 2 hypervisors?

• if using VMware and virtual box have users use the same file extension .vmdk, run the same OS at the same version level

• have users use cloud or container based system

• create an organized library of VM images using thrid party software like a virtual machine life cycle management tool to enforce how VMs are created, used, deployed, and archived

• In general type 1 hypervisors are a better option in combination with virtualization management software packages such as Microsoft System Center Virtual Machine Manager or VMware vCenter Server

What is the basic component required for running a container?

The basic component required for running a container is a OS Kernel.

Does a container require a lot of virtual hardware?

No

In most container systems, can you run multiple containers on top of a single OS?

Yes, unlike VM’s which are used to run an entire OS, a container typically runs only a single application or sometimes even a couple of applications. This helps create an excellent isolation between applications.

What are the benefits of using a container like docker?

It’s main benefit is that it packages applications in containers, allowing them to be portable from one system to another?

• docker is installed on host computer

• create containers and download very basic OS images that can be housed in those containers

• container can be far less resource intensive than a VM

  • Docker is a PaaS product, platform as a service

What is a sandbox?

A sandbox can be any environment created for development, testing, or training that is isolated from any production servers and isolated operating system that the sandbox is running on.

• note, development servers shouldn’t even be on the same network as a production server

• Sandboxes should be run in a development environment not in production

• a sandbox can be run on a physical server, in a virtual machine, as a container, or as a specially programmed software

• runs clean and new every time it’s run. Therefore, any programming or tests that were done previously in the sandbox are discarded, allowing for a consistent environment every time a sandbox runs