SDN, hypervisors, VMs, fog computing

Software-Defined Networking (SDN)

A network architecture approach that enables the network to be intelligently and centrally controlled, or programmed, using software applications.

Control plane

Decides traffic prioritization and security.

Data plane

Handles actual traffic routing and access controls.

Management plane

Monitors network traffic and status.

Northbound API

Interfaces between SDN applications and the controller.

Southbound API

Interfaces between the controller and network devices.

How does SDN simplify network management?

By centralizing policy decisions and automating the configuration of devices through APIs, which reduces the hassle of setting it up manually.

What are the main benefits of SDN for large-scale networks?

Centralized management.

Simplified configuration.

Improved scalability and flexibility.

Enhanced security through consistent policy enforcement.

What is typically found in the control plane of SDN?

SDN controller

Policy management tools

Algorithms for traffic routing and prioritization

What is typically found in the data plane of SDN?

Physical and virtual switches

Routers

Firewalls

What is typically found in the management plane of SDN?

Monitoring tools for traffic and network performance

Applications for fault detection and resolution

Configuration management systems

Which SDN plane directly processes and forwards data packets through the network?

data plane

How does the management plane support network administrators?

By providing tools to monitor and analyze network performance, detect faults, and optimize configurations.

What plane is involved in tasks like traffic prioritization, quality of service (QoS), and routing strategies?

control plane

CSP

examples are AWS, Google cloud, microsoft azure, IBM cloud

Private cloud

wholly owned and operated by the organization

hosted private cloud

Private instance operated by a CSP but dedicated to a single customer

SaaS

examples are MS 365, MS Outlook

IaaS

A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers.

PaaS

Provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities. examples are the .net framework or java

SECaaS

A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security.

Type I Hypervisor (Bare Metal)

Runs directly on the host hardware and functions as the operating system

Type II Hypervisor (Hosted)

Runs as a software layer on an operating system (OS), like other computer programs. Installed on top of an OS as an application.

examples are virtual box, parallels, VMWare virtual machine

VDI (Virtual Desktop Infrastructure)

Company provides a "thin client" to the user where the desktop resides on a centralized server. Connection is made through a remote desktop

VDE (virtual desktop environment)

Users access virtual desktops hosted remote servers

Application virtualization

Hosting or streaming individual software applications on a server

examples are: XenApp, App-V, ThinApp

Container Virtualization

specialized version of Type II Hypervisor; allows services/applications to run within their own isolated cells/containers; don't have full OS but use kernel of host

VM escape

A timing attack that allows an attacker to access the host system from within a virtual machine and allows malware to jump from one VM to another.

VM Escape Protection

One way to protect is to keep hosts and guests up to date with current patches. Create security zones or DMZs as mitigation; the BEST way to prevent is to limit the ability of the host and the VM to share resources. If possible, they should not share any resources.

VM Sprawl Avoidance

A phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where the administrator can no longer manage them effectively.

A policy for developing and deploying VMs must be established and enforced. A system may even be brought up for a minute to test however, it remain up for years unsecured and unpatched

Monolithic client/server application

applications are all managed on a single, unified system and treating the network infrastructure like a large inseparable unit.

Service-oriented architecture (SOA)

A robust set of Web services built around an organizations processes and procedures.

Microservices

A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system.

Fog Computing

Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.

BaaS

provides the backend infrastructure for mobile and web applications such as data storage, user authentication, and APIs.

FaaS

function as a service, a cloud service model that supports server-less software architecture by provisioning runtime containers in which code is executed in a particular programming language

Cloud security access broker (CASB)

Mediate access to cloud services by enterprise users across all types of devices

Idempotence

A property of IaC that an automation or orchestration action always produces the same result, regardless of the component's previous state

Infrastructure as code (IaC)

The process of managing and provisioning computer data centers through machine-readable definition files, scripting, automation and orchestration rather than physical hardware configuration or interactive configuration tools. Reduces snowflakes and configuration drift

Which of the following BEST describes an SDN controller?

it is a networking protocol
it is a virtual networking device
it is hardware
it is software

it is software

Applications and services are intended for a specific organization or entity, such as the government are considered this type of cloud

hybrid
private
community
public

private

Out of the choices listed, which are considered Type II hypervisors? Select 3: 

Virtual Box
Microsoft Hyper-V
Citrix Xenserver
Parallels
VMWare Workstation
VMWare vSphere server

Parallels
VMWare Workstation
Virtual Box

This cloud service would use network hardware such as routers and switches

SaaS

WaaS

BaaS

IaaS

IaaS

Out of the choices listed, which best describes the function of a control plane in SDN?

building a routing table and dynamic routing table updates

Which of the following BEST describes the Physical SDN layer?

also known as the infrastructure layer

Type of hypervisor most likely used in a data center

Type I

Which SDN layer would be a load balancer that stop and starts VMs as a resource use increases?

application

Out of the choices listed, which best describes the function of a data plane in SDN?

forwarding traffic flows; encrypting traffic

OpenFlow is the most popular type of this type of software designed to separate a control plane from a data plane and provide for greater flexibility: 

SDN

When virtualization reaches the point where IT can not effectively manage it, this may happen. For example, a system is up for a minute to test but remains up for years unsecured.

VM Sprawl