Cloud Computing Final Chapter Review Sheets

Capacity Planning

Capacity Planning

The process of determining how much can be produced to meet future demands, with strategies like lead, lag, and match.

Lead capacity planning strategy

adds capacity before the demand increases

Lag capacity strategy planning

adds capacity after the demand increases, when the IT resource reaches full strategy

Match capacity planning strategy

adds capacity incrementally to align closely with demand changes

Cost Reduction

Strategies aimed at lowering IT expenses and aligning IT costs with business performance.

Organizational Agility

The ability of an organization to effectively respond to internal and external changes for success.

scaling

IT resources need _____ beyond predictions to adapt to business changes.

Clustering

Interconnected IT resources functioning as one system to decrease system failure rates and enhance availability.

Grid computing

Distributed computing system that connects multiple computers to work together on solving complex problems.

Virtualisation

Creates virtual instances of physical IT resources

Cloud

A remote IT resource provision environment that can be privately owned and offers metered access.

Scaling

The ability of IT resources to handle increased or decreased usage demands through horizontal and vertical scaling.

Horizontal scaling

(out and in) adding or removing identical resources

Vertical scaling

(up and down) increasing or decreasing resource capacity

Cloud Service

Any IT resource within a cloud made remotely accessible and offered through published APIs.

On-premise

IT resources located within an organization's premises that can interact with cloud-based resources.

Mitigation

Using legal contracts and SLAs to reduce risks and address potential issues in cloud computing.

Data Compliance

Following rules on data storage, access, and security to ensure compliance and benefit from cost-effective usage features.

Defined Roles

Specific responsibilities assigned to individuals and organizations within the cloud computing ecosystem.

Cloud provider

An organization/entity that offers cloud-based IT resources and services to customers

Cloud consumer

Any organization/individual that utilizes cloud-based IT resources provided by a cloud provider.

Cloud Service Owner

The legal entity/person who holds ownership rights over a particular cloud service

Cloud Resource Administrator

Individuals/organizations tasked with managing and administering cloud-based IT resources

Cloud Auditor

An external entity responsible for conducting independent assessments of cloud environments to evaluate security controls, privacy impacts, and performance

Cloud Broker

An intermediary entity that manages and negotiates cloud services on behalf of cloud consumers, providing services such as service intermediation, aggregation, and arbitrage

Cloud Carrier

A provider of wire-level connectivity between cloud consumers and cloud providers, often assumed by network and telecommunication providers

Organisational boundary

The extent to which an organization extends its trust into the cloud environment when utilizing cloud-based IT resources.

Characteristics of organizational boundary

on-demand usage, measured usage, ubiquitous access, multitenancy, resiliency, elasticity, resource pooling

Cloud Delivery Models

Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) models for cloud services.

Infrastructure-as-a-Service (IaaS)

Provides virtualised computing resources over the internet

Platform-as-a-Service (PaaS)

Provides a platform allowing customers to develop, run, and manage applications without dealing with the underlying infrastructure.

Software-as-a-Service (SaaS)

Delivers software applications over the internet on asubscription basis

Cloud Deployment Models

Public, Private, Community, and Hybrid Cloud models based on ownership, size, and access characteristics.

Public cloud

A cloud environment accessible to the general public, owned and operated by a third-party cloud provider.

Private cloud

A cloud environment owned and operated by a single organization, providing centralized access to cloud resources within the organization.

Community Cloud

Similar to a public cloud, but with access restricted to a specific community of cloud consumers, often sharing common interests or requirements

Hybrid Cloud

Combines multiple cloud deployment models, such as public and private clouds, to meet specific business needs and requirements

Variations

Different configurations/architectures within cloud deployment that offer additional flexibility and customization options for cloud computing environments

Virtual Private Cloud

A self-contained cloud environment hosted and managed by a public cloud provider, exclusively available to a cloud consumer

Inter-Cloud

An architecture cloud deployment model connecting two or more clouds

Cloud Computing

Relies on network connectivity for accessing IT resources, with most clouds being Internet-enabled for ubiquitous access.

Internet Service Provider (ISP)

A company that provides individuals/organizations with access to the Internet and related services like email, web hosting, and online storage.

Tier 1, Tier 2, Tier 3

Different levels of network providers in the Internet topology, with Tier 1 being international cloud providers overseeing vast networks.

Tier 1

International cloud providers overseeing vast networks; cloud consumers and providers can establish direct connections through tier 1 providers

Tier 2

Includes large regional providers interconnected with Tier 1

Tier 3

Includes local ISPs linked to Tiers 2 and 1

Packet Switching

Connectionless method fundamental for data transmission, where routers process and forward packets individually to manage network traffic efficiently.

Latency

Time for a packet to travel, increases with nodes and loads

Quality of Service (QoS)

Operates on a "best effort" basis, affected by latency and dynamic routing, impacting packet speeds based on network conditions.

Dynamic routing

Impacts packet speeds, and varies with network conditions

Virtualization

Process of creating virtual versions of computers and networks to simplify IT by abstracting physical resources into virtual components for easier allocation and control.

Transport Layer Protocol

Includes TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) for standardized communication guiding data packets across the Internet.

Virtualisation layer

Operational tools based on virtualisation platforms.

Hypervisor

Virtualization software managing virtual machines and resources, essential for allocation and usage management, on the physical (hardware) layer

Multitenant Technology

Allows multiple users to access the same application logic simultaneously, ensuring user isolation, data security, and scalability.

Tenants can customise

user interface, business process (rules & logic), data model (include, exclude, rename fields), access control rights

Multitenant applications ensure

user isolation, data tier isolation , data security, recovery, scalability, application upgrades, metered usage

Web Services

Utilized for complex web-based service logic, with SOAP-based services using WSDL, XML Schema, SOAP, and UDDI for defining APIs and messaging formats.

REST services

Web services that use standard HTTP methods to access and manage resources, making it easy to interact with cloud applications.

Service Agents

Catch messages during runtime to enable dynamic event-driven operations and service integration.

Kind of service agents

active and passive agents

Active Agent

Modify messages

Passive Agent

Read messages for monitoring

Service Middleware

Evolved from MOM platforms, includes ESB for service brokerage and routing, and orchestration platforms for workflow execution within cloud environments.

Containerisation

Packaging apps for easy and consistent running.

Container architecture

Container, container engine, container build file, container image, pods

Container

Light-weight software packages that have all of the necessary elements to run in any cloud environment. It is an executable instance of a container image

Container engine

A specialised software for container management

Container build file

Specifies application requirements

Container image

An unchangeable, read-only image used for container deployment.

Pods

Groups of containers that share resources and the same IP address, allowing multiple isolated applications to run together.

Information Security

Involves techniques, technologies, regulations, and behaviors to protect computer systems and data

3 terms that measure security

1. Confidentiality - to ensure that information is accessible only to those authorized toaccess it.

2. Integrity - to ensure that the information is accurate and complete and has not been tampered with.

3. Availability - to ensure that authorized users have access to the information and associated assets when needed.

3 terms to measure insecurity

1. Vulnerability - a weakness in the system that can be exploited by threats.

2. Threat - a potential cause of an unwanted incident, which may result in harm to a system or organization.

3. Risk - the potential for loss/damage/destruction of an asset as a result of a threat exploiting a vulnerability

3 terms to establish safeguards to improve security

1. Security Measures - countermeasures to prevent or respond to threats.

2. Security Mechanisms - components of defensive frameworks protecting IT resources.

3. Security Policies - a set of rules and regulations for security and define implementation and enforcement of security measures

Threat Agent

Entities that are capable of carrying out attacks

Types of threat agents

Anonymous attack, trusted attack, malicious service agent, malicious insider

Anonymous Attacker

Attacks from outside the cloud trusted boundary.

Trusted Attacker

Misuses authorized access inside the cloud trusted boundary.

Malicious Service Agent

External cloud service provider that messes with cloud traffic.

Malicious Insider

Past employee that causes harm with pre-existing cloud access.

Common threats in cloud-based environments

Traffic eavesdropping, malicious intermediary threat, resource overload, insufficient authorisation, overlapping trust boundaries, virtualisation attacks, container attacks, DoS (Denial of Service) attacks

Traffic Eavesdropping

Occurs when a malicious service agent sneakily listens in on data going to or within the cloud to steal information.

Malicious Intermediary Threat

Occurs when a malicious service agent sneakily reads and modifies messages

Resource Overload

Excessive demands on virtual servers leading to service outages.

Insufficient Authorization

Occurs when wrong or broad access allows attackers to get into protected data

Virtualization Attacks

Exploiting vulnerabilities in the virtualization layer to gain unauthorized access and lets attackers take control and see confidential data

Container Attacks

Exploiting vulnerabilities and tampering in containerized applications (in the software that controls containers)

Overlapping trust boundaries

In a multi-tenant cloud environment can lead to data leakage and unauthorized access across different tenants

Denial of Service (DoS) Attacks

Occurs when too many requests overwhelm the cloud, making it crash and causing major trouble

Potential errors

flawed implementations, security policy disparity, contracts & SLAs, risk management

Logical Network Perimeter

A virtual boundary to isolate cloud-based IT resources from the wider communication network

Why is the Logical Network Perimeter implemented?

To isolate IT resources in a cloud from non-authorised users, non-users, cloud consumers and to control the bandwidth available to isolated IT resources

Key components (devices) used in the Logical Network Perimeter

Virtual firewall (active filter of network traffic to and from isolated network) and virtual network (utilised VLANS that isolates the network environment within the data centre infrastructure)

Virtual Server

A form of virtualisation software imitating a physical server

Cloud storage device mechanism

A storage system designed for cloud use, where capacity is allocated in fixed increments.

Cloud storage levels

blocks, files, datasets, objects

Files

A cloud storage level that is a collection of data grouped into files located in folders

Blocks

The lowest level of cloud storage closest to the hardware; the smallest unit of data individually accessible

Dataset

A cloud storage level that is a sets of data are organized into a table-based, delimited, or record format.