Section 3 Provisioning and Migrating Cloud Resources

Resource allocation

The appropriate central processing unit/graphics processing unit, memory, storage, and network connectivity to support the application's performance, availability, and security requirements

Advantages of Virtualization

Cloud computing makes it far easier to scale—manually or automatically—compute resources to satisfy these requirements

Virtual CPU (vCPU)

Virtualized CPU assigned to a virtual machine that uses capacity from a physical CPU.

Input/Output (I/O)

Refers to the sending and receiving of information between a computer and other devices.

What is the primary element of Infrastructure as a Service (IaaS) solutions?

Server virtualization

hypervisor

Software or firmware that creates and manages virtual machines on the host hardware.

A management layer between the physical server hardware and the virtual machines (VMs) configured on that hardware

Type 1 hypervisors

Run directly on the server’s hardware

Cloud service providers (CSPs) offer Type 1 hypervisors on bare metal hardware, permitting cloud administrators to build VMs within the structure

Type 2 hypervisors

Run as an application within the server’s host operating system

Common for workstation or developer deployments and less common for production servers

oversubscription

Allows administrators to allocate more resources to VMs than the host system has available

Advantage is higher density and better resource utilization, as long as not all VMs consume their maximum resources simultaneously

The VMs cannot use more resources than the host provides

Virtual machine (VM) instances

A virtualized computing environment that runs on a physical server. It functions like a separate computer with its own operating system, CPU, memory, and storage, but it is hosted on a hypervisor that allows multiple VMs to run on the same physical machine

Typically when can you resize an instance and why should you?

Must be offline during the process

May need to resize instances based on misconfigurations, unanticipated growth, or to optimize costs

Multi-threading

A system's ability to divide tasks among multiple CPU cores, allowing several functions to be managed simultaneously

Provisioning vCPUs for VMs means calculating the CPU cores and selected threads, how is that done?

The AWS formula for this calculation is:

vCPU = number of cores x number of threads

For example, the f1.2xlarge image contains eight vCPUs. That is a combination of two threads per core, with four cores. The f1.4xlarge vCPU default is 16, with eight cores and two threads per core

Pass-through GPUs

A virtualization configuration that provides a virtual machine with direct access to GPU resources, bypassing the hypervisor.

For example, you can select an Ubuntu Linux platform with an NVIDIA GPU for cloud-based gaming

What is clock speed?

A common performance measurement for CPUs

What is the easiest way to configure virtual machines (VMs) for RAM-intensive applications and services?

Like Virtual CPU (vCPU) configurations, cloud service providers (CSPs) allocate RAM to various instance types

(AWS) Elastic Compute (EC2)

AWS service providing secure and scalable access to compute capacity.

When can Sysadmins change the instance type?

While the instance is powered off to resize the amount of memory or vCPU configuration in the AWS Management Console

Data Retention

The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.

What is a bucket?

Refers to a storage resource. These resources have various attributes that affect their capabilities, cost, features, and configurations

Cloud administrators control access to it

Cloud service providers offer many kinds of buckets. Here are a few general characteristics:

Identified by a globally-unique name

Stored at a specified geographic location (usually near the resources consuming storage)

Pricing is based on storage type, capacity, accessibility speed, outbound network data transfers, etc.

Scalable as requirements change

Offers compliance features for data retention, security, accessibility, etc.

Storage buckets

Basically, anything that must store information in cloud environments needs a specified storage location

EX. Static website files, Applications that generate stored data, Log files, such as from load balancers or websites

web application firewalls

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

Virtual private network (VPN)

A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

To isolate network segments, cloud network administrators can create what?

Virtual LANs (VLANs)

Cloud virtual machines (VMs) utilize one or more what?

Virtual network interface cards (NICs) to communicate with other resources

Virtual network interface cards (NICs)

Adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link.

Have Internet Protocol (IP) address assignments, routing capabilities, and more

Hyperconverged virtualization

Tightly-knit combination of CPU, memory, storage, and network subsystems that cannot be managed separately.

Hyperconverged deployments

Use off-the-shelf hardware, making them ideal for private clouds and organizational data centers

Hyperconverged solutions

Are easier to deploy and maintain because the entire structure is managed as a single unit.

This is simpler than specifying individual CPU, Graphics Processing Unit (GPU), memory, storage, and network components

Legal

Investigate legal requirements for your data and cloud resources, especially in the context of privacy

Regulatory

Consider any regulatory requirements that pertain to your industry. Examples include HIPAA, Sarbanes-Oxley, GDPR (European Union), and PCI DSS

Nation-specific

Data sovereignty and regulation vary by nation, so if your company operates internationally, ensure you meet the requirements for each country. Examples include FedRAMP, ITAR, and EAR

Business rules

Larger enterprises often have a set of business rules and mission statements within which they operate, and you must be careful to keep your cloud services within those boundaries

Local data center services

City and county regulations may govern your private cloud data center in terms of pollution, energy efficiency, power consumption, renewable resources, noise, and other areas

Proprietary business information

Your company's internal workings, including data transfers, financial information, business processes, and more must be secured

Intellectual Property

The company's proprietary designs and applications require protection from outside exposure to competitors

Customer availability to resources

Your customers assume they will have access to web, database, support, and other services on demand. Cloud services help ensure this access by using redundancy, scalability, and CDNs to provide data.

Service availability to resources

Microservices and web/database servers often require tight integration that assumes the availability of all components. Tools like server clusters help ensure this access

Capital expenditures (CapEx) versus operating expenses (OpEx)

Cloud services change how IT spending works and is budgeted. Spending might fluctuate based on scaling and service consumption

Optimized services

Optimization greatly impacts budgeting, allowing businesses to use their resources more efficiently

Reporting

Resource metering and auditing provide visibility for consumption and use, allowing organizations to understand how their resources are spent

An organization needs to periodically adjust the resources allocated to their VMs based on changing business requirements and performance data.

According to the document, what is the BEST approach for the sysadmin to manage these adjustments in AWS?

Change the instance type while the instance is powered off to resize memory or vCPU configurations

A cloud administrator is creating instances for databases that data scientists will use to manage big data analytics.

What is the best type of optimization the administrator should consider for these instances?

Memory-optimized

physical machine to virtual machine (P2V)

The practice of converting a physical server to a virtual machine.

virtual machine to virtual machine (V2V)

The practice of converting a virtual machine to another virtual machine, often for the purpose of migrating platforms

virtual machine to physical machine (V2P)

The practice of converting a virtual machine to a physical server

On-Premises-to-Cloud Migration

The process of moving applications, data, and workloads from an on-premises data center to a cloud environment (public, private, or hybrid cloud)

Cloud-to-Cloud Migration

Occur when your organization has decided to consolidate cloud services from several providers into one or when leaving one CSP entirely in favor of another

General steps for Cloud-to-Cloud Migration

1. Create any necessary Identity and Access Management (IAM) identities and permissions.

2. Establish a virtual private network (VPN) connection between the other provider and GCP.

3. Configure network access requirements for AWS.

4. Create necessary cloud extensions.

5. Install migration packages for Linux or Windows virtual machines (VMs).

6. Test the migration.

7. Migrate in distinct groups, testing after each.

Cloud-to-On-Premises

This type of migration could occur due to changing security or industry regulation concerns or unanticipated costs.

The company may have decided that business processes or expenditures were not benefitting from cloud service

The four phases of the cloud migration process are what?

Assess, plan, implement, and optimize the deployment

Assessment

Understanding what services and applications exist and which are candidates for migration.

Planning

The planning phase of your migration

Implementation

The actual transfer of data, services, and servers to the cloud. The implementation is likely accomplished in phases

Optimization and security

Optimization of services and processes to ensure they are functioning as efficiently, securely, and cost-effectively as possible.

What are the three types of virtualization migrations?

• Physical machine to virtual machine (P2V)

• Virtual machine to physical machine (V2P)

• Virtual machine to virtual machine (V2V)

What are the three types of P2V migrations?

Manual, semi-automatic, automatic

Manual

The administrator creates a virtual machine (VM), installs an operating system (OS) and applications, and copies data

Semi-automatic

A migration tool assists with some aspects of migration, such as hardware specifications and data migration

Automatic

A migration tool manages the entire process

In general, migration tools accomplish these three general steps

1. The migration tool saves the physical server’s configuration and data as a snapshot.

2. The VM manager, whether hosted locally or in the cloud, allocates compute, storage, and network resources.

3. The migration tool loads the snapshot into the new VM

Reasons to migrate VMs between virtualization platforms

• Test or development work is done on one platform and production occurs on another.

• Converting the organization’s standard hypervisor from one vendor to another.

• Testing VMs on different hypervisors.

• Migrating between CSPs that support different hypervisors

Virtual to Virtual Migrations

The process of moving a virtual machine (VM) from one virtualized environment to another, either within the same cloud/on-premises infrastructure or between different platform

Rehosting ("Lift and Shift"

Moving applications to the cloud without modifications

Fastest and easiest migration.

Replatforming ("Lift, Tinker, and Shift")

Making small optimizations to applications during migration (e.g., switching databases or OS versions) while maintaining the core architecture

Refactoring (Rearchitecting)

Redesigning applications to be cloud-native by leveraging microservices, serverless computing, and scalable cloud features

Requires significant development time and may be quite expensive

Rearchitect

The application will be entirely rearchitected to be cloud-ready

Retaining ("Revisit")

Keeping certain applications on-premises or in a private cloud due to compliance, latency, or security concerns

These applications may be legacy but essential to business processes

Retiring

The Application is retired and not replaced

Repurchase (drop and shop)

The application is retired and replaced by a modern, cloud-ready application

Very common for legacy applications that cannot run in virtualized or cloud-based environments

Hybrid

Mix of any of the other six types

Vendor lock-in

Occurs when the cost (whether time, money, or resources) is too high to switch from the current cloud service provider (CSP) to a different desired provider

data gravity

Refers to the size of stored data causing decisions around applications, services, CSPs, and other concerns to be made with the data as the critical factor

Vendor lock-in concerns:

• Service quality degrades for support, infrastructure performance, and available tools.

• A change to available product offerings moves the service away from your core business requirements.

• The vendor price increases

Data migration variables

Cost, time, available tools, security

Data integrity

Means ensuring data has not changed unexpectedly, such as during a network transfer

Block storage

Typically expensive but fast and efficient. Data is divided into chunks and may be distributed across various storage media

File storage

Simple and not very scalable. It is inexpensive, relies on the computer’s filesystem, and is often used for basic file servers

Services like Network File System (NFS) or Common Internet File System (CIFS) provide network accessibility

Object storage

Very efficient for reading but not for writing tasks and is not suitable for databases. It is very scalable and cost-effective

ex. Saving backup logs in Azure Blob Storage, allowing retrieval through API calls without needing a traditional file system

Networking Considerations: Bandwidth

Ensure plenty of low-latency bandwidth is available

Networking Considerations: Availability

Confirm reliable, 24x7 Internet access. Consider a second Internet service provider (ISP) to eliminate a single point of failure

Networking Considerations: Security

Lots of confidential traffic will move across the network connection between your employees and the cloud. Use strong network encryption to protect this information

Networking Considerations: Virtual private cloud (VPC)

Cloud networking enables restricted communication between virtual networks. For example, your cloud-hosted developer network could be isolated from your cloud-hosted production network

Networking Considerations: Access control

Design an access control mechanism for cloud network administration. Managing network services is a different skill set from system or application administration

Networking Considerations: IP addressing

Design an IP addressing scheme for your cloud network resources to manage and control communications

What best describes how virtual machine instance sizes and types are optimized?

Performance, Cost, Function

A company lost a government contract because they chose a cloud option that did NOT fulfill the requirements for a project.

Which cloud option did the company NOT choose?

Private

A server architect is planning a cloud migration and is defining a given problem that software or services are expected to meet.

Which of the following will best assist the architect in this process?

Solutions requirement

Which of the following is a characteristic of cloud computing defined by the National Institute of Standards and Technology (NIST)?

On-demand self-service

A healthcare startup is developing a new telemedicine application that requires high availability and scalability. The startup has a small IT team and wants to focus on developing the application rather than managing the underlying infrastructure.

Which cloud service model should they choose?

Platform as a Service (PaaS)

A company has tasked a team of engineers with validating a cloud application in a staging environment. This team works together with the development team to ensure the code does what is expected. If an engineer finds any issues, they are sent back to the development team to fix them.

What part of the application lifecycle is this?

Quality assurance

How would engineers reconfigure memory for a server instance using AWS?

Change the instance type