Cloud Software Development Final Exam Review

NIST definition of cloud computing

A model for ubiquitous, convenient, on-demand network access to shared configurable resources that can be rapidly provisioned/released with minimal management effort.

Cloud model is composed of what?

Five essential characteristics, three service models, four deployment models.

Cloud infrastructure (big picture)

Hardware + software that enables essential cloud characteristics.

Physical layer

Hardware resources: server, storage, network components.

Abstraction layer

Software across physical layer that manifests essential characteristics.

5 design principles in review

Scalability; high availability/fault tolerance; cost optimization; automation/DevOps; serverless.

AWS (per notes)

Largest/most widely adopted; wide range of services (compute/storage/databases/ML/analytics).

Azure (per notes)

Strong Windows Server/Active Directory integration; popular for hybrid solutions.

Google Cloud (per notes)

Strong AI/ML + data analytics/big data focus.

Virtualization (definition)

Abstracts hardware resources to create VMs so multiple OSs run on one server.

Hypervisor role

Manages resource allocation between hardware and VMs.

Containers (definition)

Package apps to run consistently across environments; app is abstracted from environment.

VMs vs containers: overhead

VMs higher overhead (full OS per VM); containers share host OS/kernel.

VMs vs containers: isolation

VMs more isolation; containers less (shared kernel).

VMs vs containers: compatibility

VMs can run any OS; containers must match host OS + runtime.

Docker (what it is)

Tool to run apps in containers; packages app + dependencies into standardized unit.

Docker benefits

Portability; scalability; isolation.

Docker drawbacks

Learning curve; performance overhead.

Container characteristics

Self-contained; isolated; independent; portable.

Container vs image

Container is runnable instance of an image.

Image definition

Package with files/binaries/libs/configs needed to run a container.

Image immutability

Once created, can't modify; rebuild or add layers.

Image layers

Each layer is a set of filesystem changes.

Dockerfile steps

Base image (FROM), install deps, copy source, configure final image.

FROM scratch

Creates minimal images.

OCI purpose

Open standards for container formats and runtimes.

OCI specs

runtime-spec; image-spec; distribution-spec.

Registry vs repository

Registry stores/manages images; repository is a collection of related images inside a registry.

Monolithic architecture

Tightly coupled processes running as a single service.

Monolith scaling issue

If one process spikes, entire architecture must scale.

Microservices architecture

App built as independent services/components.

Microservices communication

Well-defined interfaces using lightweight APIs.

REST meaning

Representational State Transfer; architecture style for web services.

SOAP vs REST (what they are)

SOAP protocol; REST architecture style.

SOAP vs REST (operation vs data)

SOAP exposes operations; REST exposes data.

SOAP vs REST (formats)

SOAP XML only; REST supports XML/JSON/plain text/HTML.

SOAP vs REST (state/scaling)

SOAP stateful, hard to scale; REST stateless, easy to scale.

CRUD stands for

Create, Retrieve, Update, Delete.

HTTP method mapping (per slides)

GET=Retrieve; POST=Update; PUT=Create; DELETE=Delete.

PUT to create when?

Only when client controls part of URI (client can assign URIs).

Postman (purpose)

Tool to build/test/modify APIs; supports many HTTP methods and environments.

Orchestration process steps

Write config; scheduler chooses host; monitor/manage lifecycle + auto-heal.

Kubernetes control plane

Manages nodes; exposes APIs to deploy/manage containers' lifecycles.

Kubernetes node definition

Worker machine (VM/physical) that runs pods and provides CPU/memory.

Node components

Kubelet; container runtime; kube-proxy.

Kubelet role

Ensures pods run properly + communicates with control plane.

kube-proxy role

Manages networking rules within node and across cluster.

Pod definition

Smallest deployable unit; 1+ closely coupled containers.

Pod provides

Shared storage (volumes), IP, container communication, run info.

Pod vs node vs cluster

Pod=smallest unit; node=runs pods; cluster=nodes + control plane.

Ingress purpose

Exposes HTTP/HTTPS routes from outside cluster to inside services.

Rancher purpose

Manages Kubernetes; centralizes authentication and RBAC.

Serverless definition

Run code without provisioning/managing servers; CSP manages servers.

Serverless billing + idle cost

Pay per execution; idle cost zero (scales to zero).

When serverless is beneficial

Event-driven, highly variable workloads; instant scaling needs.

Favor serverless criteria examples

Stateless tasks; rapid prototyping; dynamic traffic.

Favor containers/VMs criteria examples

Long-running processes; OS-level customization; in-memory caching needs.

Function-oriented pattern

High-frequency stateless requests; scales independently.

Event-driven pattern

Decouples services using topics/queues for integration.

BFF pattern

Tailors APIs to specific clients (mobile/web variations).

Saga pattern

Long workflows; orchestration with compensation.

Queue-based load leveling

Absorbs spikes; processes at consistent pace.

Strangle pattern

Gradually replace legacy without full rewrite.

Monitoring definition

Continuous inspection for bottlenecks/errors/downtime.

Logging definition

Record events/activities for debugging and behavior analysis.

Common container logging

Write to stdout/stderr.

Why native logging can fail

Crashes/evictions/node death can make logs hard to access.

Cluster-level logging approaches

Node-level agent; sidecar; push logs to backend.

OpenMetrics

Metrics wire format; metrics are snapshots (not logs/events).

DevOps definition

Collaboration + automation between dev and ops to streamline delivery.

CI principles

Frequent commits; automated builds; automated testing; immediate feedback.

CD principles

Automated deployment; continuous testing; incremental changes; rollback.

DevSecOps definition

Security testing integrated across SDLC; shared responsibility dev/sec/ops.

Shared responsibility model

Provider secures infrastructure; customer secures apps/data/user access.

IAM definition

Controls user validation and resource access; "new perimeter" in cloud security.

User provisioning

Create digital identity + access privileges; ideally automated by rules.

RBAC vs ABAC vs PBAC

Roles vs attributes vs granular policy with user+context attributes.

Authentication vs authorization

Who you are vs what you can access.

OIDC vs OAuth (per slides)

OIDC for authentication; OAuth 2.0 framework for authorization.

Identity federation

IdP authenticates; RP manages authorization; consolidates user mgmt.

SAML

XML assertions between IdP and RP (authn/attributes/authz).

IDaaS

API mediating auth flow; CIAM/workforce/B2B IAM classes.

CAS

SSO protocol only for authentication; authorization handled separately.