Cloud Computing Flashcards

Introduction to CompTIA Cloud Essentials+

• CompTIA Cloud Essentials+ is an entry-level certification that focuses on understanding cloud computing concepts.
• The certification is designed for professionals new to cloud computing or those seeking a foundational understanding.
• No prior IT certifications or experience are required to take this course.
• The course is divided into four domains:
  • 24% Cloud Concepts
  • 28% Business Principles of Cloud Environments
  • 26% Management and Technical Operations
  • 22% Governance, Risk, Compliance, and Security for the Cloud
• The certification exam consists of 70-75 multiple-choice questions.
• A score of at least 720 out of 900 is required to pass the exam.
• An exam voucher must be purchased to take the Cloud Essentials+ exam.
  • Vouchers can be purchased at store.comptia.org.
  • The voucher costs approximately 130 to $150.
  • A 10% discount is available at diontraining.com/vouchers.
• Tips for success:
  • Turn on closed captioning.
  • Adjust the playback speed as needed.
  • Join the Facebook group: facebook.com/groups/diontraining
  • Download and print the study guide.

Exam Tips for CompTIA Cloud Essentials+

• There are no trick questions on the exam.
• Pay attention to words in bold, italics, or all uppercase.
• Answer questions based on CompTIA Cloud Essentials+ knowledge, choosing the answer that is correct in the highest number of situations.
• Understand key concepts rather than memorizing terms word for word.

100% Pass Guarantee

• The course includes videos, a study guide, quizzes, hands-on labs, and practice exams.
  • A score of at least 80% is required to mark components as complete.
  • Practice exams are available at the end of the course, with explanations for correct and incorrect answers.
• A 60-Day 100% Pass Guarantee is available upon course completion.
• Questions can be directed to support@diontraining.com.

Cloud Principles

• Cloud Principles:
  • Elasticity: The ability of a system to adapt to changing workloads by adjusting resource allocation.
  • Self-service: Allows users to access and manage a system or service without third-party assistance.
  • Scalability: The ability of a system to handle increasing workloads by adding or removing resources.
  • Broad Network Access: The ability of a system to be accessed from various devices and locations.
  • Pay-as-you-go: A pricing model where users are charged based on resource consumption.
  • Availability: The ability of a system to function without interruption and provide access to resources.
• Cloud Computing Models:
  • SaaS (Software as a Service): Software applications are delivered over the Internet on a subscription basis.
  • IaaS (Infrastructure as a Service): Computing resources, including servers, storage, and networking, are delivered over the Internet.
  • PaaS (Platform as a Service): A platform for developing, running, and managing software applications is delivered over the Internet.
  • XaaS (Anything as a Service): Any service delivered over the Internet on a subscription basis.
• Cloud Deployment Models:
  • Public Cloud: Owned and operated by a third-party provider, available to the public over the Internet.
  • Private Cloud: Owned and operated by a single organization for its exclusive use.
  • Hybrid Cloud: A combination of public and private cloud services.
  • Community Cloud: Infrastructure and services are shared by a group of organizations with similar needs.
  • Multi-tenancy Cloud Deployment Model: Multiple customers share the same infrastructure and resources.
  • Single Tenancy Cloud Deployment Model: The customer has their own dedicated infrastructure and resources.
• Shared Responsibility Model: A framework defining the roles and responsibilities of the cloud service provider and the customer.

Characteristics of Cloud Computing

• Cloud Computing: The delivery of computing resources, such as servers, storage, and software, over the Internet.
  • Key characteristics: Elastic, Self-service, Scalable, Broad Network Access, Pay-as-you-go, Available.
• National Institute of Standards and Technology (NIST) SP 800-145:
  • Defines cloud computing and its characteristics.
  • Five characteristics of cloud computing:
    • On-demand Self-service: Users can easily provision computing resources without human interaction.
      • Major benefits: Saves time and money, allows for greater agility and flexibility.
    • Broad Network Access: Users can access cloud computing resources anywhere with an Internet connection.
      • Major benefits: Enables greater collaboration and mobility, provides better disaster recovery and business continuity planning options.
    • Resource Pooling: Cloud providers dynamically allocate and reallocate resources.
      • Major benefits: Saves on costs, allows for greater efficiency, enables scaling up and down as needed, beneficial in disaster recovery and business continuity planning.
    • Rapid Elasticity: Resources can easily scale up or down in response to demand changes.
      • Elasticity allows for quick response to demand changes.
    • Measured Service: Cloud providers track and bill users for consumed resources based on usage.
      • Major benefits: Allows for tracking and managing usage, provides greater transparency and flexibility, enables better cost control, enables businesses to optimize resource usage.

SaaS (Software as a Service)

• Software as a Service (SaaS): A cloud computing model that delivers software applications over the Internet on a subscription basis.
  • Provides users with a simple, intuitive interface and allows for easy integration with other software applications.
  • Benefits:
    • Cost-effective way of accessing software applications.
    • Software maintenance and upgrades are handled by the service provider.
    • Scalable solution.
    • Great flexibility.
    • Secure solution.
    • High level of automation for business functions.
    • Easy to use.
  • SaaS can automate a large range of processes, including:
    • Customer Relationship Management (CRM)
    • Human Resources Management
    • Accounting
  • Examples of SaaS:
    • Microsoft Office 365: A suite of productivity software, including Word, Excel, and PowerPoint.
    • Salesforce: A Customer Relationship Management (CRM) platform.
    • Zoom: A video conferencing platform.
  • Advantages of SaaS:
    • Cost-effective
    • Scalable
    • Flexible
    • Secure
  • SaaS is used for business applications like CRM, ERP, and personal applications.

IaaS (Infrastructure as a Service)

• Infrastructure as a Service (IaaS): A cloud computing service model that provides virtualized computing resources over the Internet.
  • Includes:
    • Servers
    • Storage
    • Networking
  • Main advantages:
    • Cost savings
    • Provides a more flexible and agile IT infrastructure
    • Allows organizations to avoid large upfront capital expenditures (CapEx)
    • Allows organizations to quickly add or remove resources as their needs change
  • Drawbacks:
    • Organizations are responsible for securing their own data and applications
    • Limitations of customization
    • Organizations are responsible for maintaining and patching their own software
    • Difficult to predict costs
  • Examples:
    • Amazon Web Services (AWS):
      • Offers a variety of IaaS services, such as Elastic Compute Cloud (EC2), Simple Storage Service (S3), Elastic Block Store (EBS), and Elastic File System (EFS).
    • Microsoft Azure:
      • Offers IaaS services like VMs that allow users to create and manage virtual machines to run their own applications and services.
      • Blob Storage (Object Storage)
      • Disk Storage (Block Storage)
      • Azure Kubernetes Service (AKS) (Deploy and manage apps)
    • Google Cloud Platform (GCP):
      • Offers IaaS services like Compute Engine, Cloud Storage, Persistent Disk, and Filestore.
  • Virtualized computing resources of IaaS:
    • Servers
    • Storage
    • Networking
    • VMs
    • Object Storage
    • Block Storage
    • File Storage

PaaS (Platform as a Service)

• Platform as a Service (PaaS): A cloud computing service model that provides a platform for users to develop, run, and manage web applications without the need to manage underlying infrastructure.
  • Companies using PaaS do not need to manage the underlying infrastructure.
  • PaaS typically includes a variety of tools and services, such as development frameworks, database management systems, and application hosting services.
  • Additional services include scalability, security, and monitoring.
  • PaaS providers are responsible for maintaining, updating, and scaling the platform.
  • Advantages:
    • Cost savings
    • Improves time-to-market
    • Improves scalability and flexibility.
  • Disadvantages:
    • Limited control over the underlying architecture
    • Vendor lock-in
    • Potential security and compliance issues
  • Organizations usually try to prevent vendor lock-in by using cross-platform tools.
  • PaaS providers have their own set of security measures and compliance requirements that might not be aligned with that of the organization.
  • Largest cloud service providers:
    • Amazon Web Services
    • Microsoft Azure
    • Google Cloud
  • Examples of PaaS services:
    • Elastic Beanstalk (AWS): Allows developers to easily deploy, run, and scale web applications and services, and supports a variety of programming languages, including Java, .NET, PHP, Node.js, and Python
    • Azure App Service (Microsoft Azure): Allows developers to build and deploy web applications and services on a fully managed platform, and supports a variety of programming languages, including .NET, Java, Node.js, Python, and PHP.
    • App Engine (Google Cloud): Allows developers to build, deploy, and scale web applications and services on a fully managed platform, and supports a variety of programming languages, including Java, Python, Go, and PHP.
  • Benefits of using PaaS:
    • Cost Savings
    • Improved Time-To-Market
    • Scalability
    • Flexibility
  • Drawbacks of using PaaS:
    • Limited control over the underlying infrastructure
    • Vendor lock-in
    • Potential security and compliance issues

XaaS (Anything as a Service)

• Anything as a Service (XaaS): A cloud computing service model that refers to any service delivered over the Internet, including software, infrastructure, and platform services.
  • XaaS is a broad term encompassing various "as a service" offerings, such as SaaS, IaaS, and PaaS.
  • The infrastructure, software, or platform needed to run the services does not need to be managed by the company using XaaS.
  • Services include:
    • Software
    • Infrastructure
    • Platforms
    • Desktop
  • Drawbacks:
    • Vendor Lock-in: Switching to a different provider can be difficult and time-consuming.
    • Limited ability to customize services
    • The cost can be higher than maintaining and managing in-house resources
  • Examples:
    • Elastic Container Service (ECS) by Amazon Web Services (AWS): A form of CaaS (Containerization as a Service) built on top of AWS’s underlying architecture, providing customers the ability to scale their applications quickly and easily.
    • Azure Functions by Microsoft Azure: A FaaS (Function as a Service) product, which is a serverless compute service that allows users to run event-triggered code without the need to provision or manage infrastructure.
    • GCP Cloud SQL by Google Cloud Platform (GCP): A DBaaS (Database as a Service) product allowing customers to easily create and manage SQL databases in the cloud.
  • Models:
    • Software as a Service (SaaS)
    • Infrastructure as a Service (IaaS)
    • Platform as a Service (PaaS)
    • Containerization as a Service (CaaS)
    • Function as a Service (FaaS)
    • Database as a Service (DBaaS)
    • Storage as a Service
    • Security as a Service
  • Pay-as-you-go structure offers advantages such as lower capital expenditures and greater business flexibility.

Deployment Models

• Six different types of cloud deployment models:
  • Public Cloud:
    • A third-party service provider makes resources available to end-users over the Internet.
    • Examples: AWS, Microsoft Azure, GCP
    • Benefits: Inexpensive, efficient, wide range of services and tools available.
    • Drawbacks: Less secure than private clouds, organizations have less control over the infrastructure.
  • Private Cloud:
    • A cloud computing environment dedicated to a single organization. Infrastructure, resources, and data are exclusively used by that organization and are not shared.
    • The organization is responsible for the design, implementation, and operation of cloud resources and servers.
    • Can be deployed on-premises or off-premises.
    • Advantages: Increased security and compliance, greater control over infrastructure and resources.
    • Disadvantages: Expensive to set up and maintain.
  • Hybrid Cloud:
    • Combines the benefits of public and private cloud options.
    • Some resources are developed and operated by the organization, while others are publicly available.
    • Strict rules need to be applied for what type of data is hosted in each portion of the hybrid cloud.
    • Advantages: Increased security and compliance, ability to scale resources quickly and easily, cost savings, and flexibility.
    • Disadvantages: Complex to set up and maintain; organizations need to invest in additional resources.
  • Community Cloud:
    • A cloud computing environment shared by a group of organizations with similar requirements.
    • The resources and costs are shared among organizations with common service needs.
    • Advantages: Increased security and compliance, ability to share costs and resources, and ability to collaborate and share expertise.
    • Disadvantages: Can be complex to set up and maintain; each organization needs to invest in additional resources.
  • Multi-tenancy:
    • The same resources are used by multiple organizations.
  • Single tenancy:
    • A single organization is assigned a particular resource.
    • Less efficient and more expensive than multi-tenancy models.

Shared Responsibility Model

• Defines the roles and responsibilities of the cloud service provider and the customer regarding security and compliance in the cloud.
• The cloud service provider is responsible for the security of the cloud.
• The customer is responsible for the security of their own data and applications running inside the cloud.
• Allows customers to take a more active role in securing their data and applications, rather than relying solely on the cloud service provider.
• Can reduce the cost of security as the customer is only responsible for securing their own data and applications.
• Difficulties:
  • Customers may not fully understand their responsibilities and properly secure their own data and applications.
  • Can create confusion about who is responsible for specific security tasks.
• Both the cloud service provider and the customer need to be aware of their respective responsibilities and ensure compliance with the relevant regulations.
• The shared responsibility model is widely adopted in the cloud computing industry.

Cloud Design

• Deployment Model Selection:
  • Public Cloud: Suited for organizations needing scalability and flexibility; owned and operated by third-party providers like AWS, Azure, and GCP.
  • Private Cloud: Suited for organizations needing high security and control for sensitive data and applications; owned and operated by a single organization.
  • Hybrid Cloud: Suited for organizations needing a balance of scalability, security, and control; a combination of public and private clouds.
  • Community Cloud: Suited for organizations with a common interest in shared services; operated by a group of organizations with a common interest.
  • Deployment model selection is not a one-time decision and can be changed as per the organization’s needs.
• Service Model Selection:
  • Infrastructure as a Service (IaaS): Suited for organizations that need access to virtualized computing resources; a cost-effective way for organizations to access computing resources offering scalability and flexibility.
  • Platform as a Service (PaaS): Suited for organizations that need a platform for developing, testing, and deploying applications; a cost-effective way for organizations to develop and deploy applications offering scalability and flexibility.
  • Software as a Service (SaaS): Suited for organizations that need access to software applications; a cost-effective way for organizations to access software applications offering scalability and flexibility.
  • Organizations are responsible for managing and maintaining the software applications
  • Organizations should consider their specific needs, such as scalability, security, and cost.
  • Service model selection is not a one-time decision and can be changed as per the organization’s needs.
  • Service models are an important aspect of cloud computing, and organizations must carefully consider the different options.

Scaling

• Scaling is the process of increasing or decreasing the resources of a cloud system to meet the changing needs of an organization.
  • Types of Scaling Metrics:
    • Vertical Scaling (Scaling Up or Down)
      • Involves increasing or decreasing the resources of a single server.
      • Easy to manage, cost-effective, can increase an individual node’s performance, efficient.
      • Suitable for workloads that require high performance.
    • Horizontal Scaling (Scaling Out or In)
      • Involves adding or removing servers from a system to increase or decrease resources.
      • Flexible to increase or decrease resources, but it is more complex and time-consuming to set up and manage.
      • More scalable, can handle more traffic, can add more nodes as demand increases, easy to balance between nodes’ workload.
      • Suitable for workloads that require a high degree of scalability and can handle additional nodes.
• When selecting a scaling strategy, organizations need to consider their specific needs such as scalability, cost, and ease of management.
• When choosing between horizontal and vertical scaling, we need to consider the expected growth rate and cost.

Redundancy

• Redundancy is the process of creating multiple copies of data or resources to ensure the availability and reliability of systems.
  • Redundancy helps ensure the continuity of operations, reduce downtime, and prevent data loss.
  • Types of Redundancies:
    • Data Redundancy: Duplication of data in multiple locations, such as storage devices or servers.
    • Hardware Redundancy: Use of multiple physical components, such as servers or storage devices.
    • Network Redundancy: Use of multiple network connections to ensure systems continue to operate during a network failure.
• Benefits of using Redundancy:
  • High Availability: Helps ensure that systems continue to operate when a failure occurs.
  • Fault Tolerance: Provides a backup in case of failures or errors, which helps to prevent data loss and minimize downtime.
  • Improved Performance: Provides a backup system in case of a failure.
  • Increased Resiliency: Provides a backup or secondary system in case of failures.
  • Improved Security: Helps improve the security of systems by providing a backup system in case of failures.

High Availability

• High Availability is the ability of a system to remain operational and accessible to users with minimal downtime.
  • Strategies that organizations can implement to achieve high availability:
    • Load Balancing: Distributes incoming traffic to multiple servers to ensure no single server is overwhelmed.
    • Failover: Involves having a secondary system take over in the event of a failure.
    • Disaster Recovery: Involves having a plan to recover from unexpected events such as natural disasters or cyber-attacks.
  • Key Benefits of using High Availability:
    • Minimized downtime
    • Improved performance
    • Increased resiliency
    • Improved security
    • Enhanced user experience
  • Key factors that affect the levels of high availability:
    • Network connections: Ensure multiple network connections are available.
    • Server and storage failures: Ensure multiple servers and storage devices are available.
    • Power outages: Ensure backup power sources are available.
    • Natural disasters: Ensure systems are designed to withstand natural disasters and backup systems are available.
• High availability can be changed based on the organization’s needs.
• High availability is achieved using redundant systems and network connections that can take over operations in case of a failure.

Disaster Recovery

• Disaster Recovery (DR) is the process of restoring IT systems, applications, and data after a disruption.
  • Several strategies that organizations can implement to achieve disaster recovery:
    • Backup and restore: Creates regular backups of data and applications and restores them in the event of a disaster.
    • Replication: Creates a second copy of the system and takes over in the event of a disaster.
    • Failover: Having a secondary system that can take over in the event of a disaster.
  • Disaster recovery ensures the system is available and accessible during a disaster.
  • Advantages of Disaster Recovery:
    • Scalability: Organizations can increase or decrease computing resources as needed.
    • Flexibility: Organizations can respond to changes in disaster recovery needs.
    • Cost Savings: Organizations can pay only for the resources they need.
    • Improved Data Protection: Organizations can recover from data loss or corruption more quickly.
  • Types of Disaster Recovery Strategies:
    • Hot Site: A fully-functional alternate location constantly maintained with the latest hardware, software, and data which provides real-time data replication and immediate access to critical applications and data during a disaster. Best suited for organizations with critical operations that require quick and seamless recovery and is often the most expensive option
    • Warm Site: A partially-functional alternate location with some infrastructure and equipment in place but doesn’t have all the latest hardware and software which warm sites provide partial infrastructure and data, allowing for recovery from a disaster in a shorter amount of time. A lower-cost alternative needing more preparation and planning.
    • Cold Site: A pre-prepared location with basic infrastructure (power and network connections) but without any hardware, software, or data which stores backups and snapshots of critical data and allows for data recovery during a disaster. This is the lowest cost option requiring the most preparation and planning with the longest recovery times.
• Organizations should consider their specific needs such as the availability, cost, ease of management, recovery time objectives, and overall disaster recovery strategy.
• Review and evaluate the disaster recovery plan to ensure it continues to meet the organization’s needs.

Recovery Objectives

• Recovery Objective is a desired state of an organization’s systems, applications, and data after a disaster or other disruption.
  • Recovery objectives are critical components of disaster recovery plans and play a crucial role in cloud-based designs.
  • Recovery Objectives:
    • Recovery Time Objective (RTO): Time it takes to recover critical systems and data after a disaster occurs.
    • Recovery Point Objective (RPO): Maximum amount of data that can be lost during a disaster.
    • Maximum Tolerable Downtime (MTD): Maximum amount of time that critical systems and data can be unavailable without causing significant harm to the organization.
  • Recovery objectives can be achieved through real-time data replication, backup and restore, and failover.
    *Low RTO and RPO use a hot Site.
    *High MTD but low RPO use a warm Site.
• Reviewing recovery objectives regularly ensures organizations remain in alignment with their needs and risk tolerance.

Cloud Networking

• Software Defined Networking (SDN):
  • An approach to networking that uses software-based controllers or APIs to communicate with underlying hardware infrastructure and direct traffic on a network.
  • Software-defined networks are part of a larger concept known as Infrastructure as Code.
  • Infrastructure as Code (IaC) includes infrastructure provisioning in which deployment of resources is performed by scripted automation and orchestration.
  • Portions of a Typical Network Architecture:
    • Control Plane: Responsible for carrying the traffic that provides the signals to and from a router, such as those used in information sharing and building routing tables.
    • Data Plane: Where the bulk of the network traffic resides and where the actual switching and routing of the traffic and the imposition of ACLs are implemented to provide some security.
    • Management Plane: Used to administer the routers and switches inside of the network, and used to monitor traffic conditions and the status of the network.
  • In a traditional or conventional network, these different planes all exist in a physical piece of hardware that implements these functions through firmware in that device.
  • Functions are incorporated into a virtualized device that focuses on a single plane’s function.
  • Advantages: Ability to mix and match products from different vendors, increased choices in network development, speed and agility
  • Fully automated deployment of a network within the cloud.
  • Essential for high velocity or high availability architectures.
  • Loss of connection to the SDN controller can cause the entire network to go down.
  • Types of Software Defined Networks:
    • Open SDN: Relies on open-source technology like OpenFlow, OpFlex, and OpenStack to operate.
    • Hybrid SDN: Employs traditional and SDN protocols to operate itself.
    • SDN overlay: A method of using software to create layers of network obstruction that can be used to run multiple separate and discrete virtualized network layers on top of the physical network.
  • Organizations may use SDN overlay to securely create logical peer-to-peer connections across a physical network device.

Firewalls

• Firewall: A security system that controls incoming and outgoing network traffic based on a set of rules and security policies.
  • Types of Firewalls:
    • Network Firewalls: Control incoming and outgoing traffic based on a set of rules and security policies at the network level.
      • Hardware-based or software-based.
      • Implement Virtual Private Networks (VPNs).
    • Host-based Firewalls: Control incoming and outgoing traffic based on a set of rules and security policies at the host or individual device level.
      • Protect a single device or provide an additional layer of security for a network.
    • Cloud-based Firewalls: Security system managed and controlled by a cloud provider, rather than by the organization itself.
    • Next-Generation Firewall: Advanced security system that provides additional features such as intrusion prevention, application control, and advanced threat protection.
  • Regularly review and evaluate the firewall strategy.

DNS (Domain Name System)

• Domain Name System (DNS):

  • Helps network clients find a website using human-readable hostnames instead of numeric IP addresses.

• Fully-Qualified Domain Name (FQDN):

  • A domain name that is under a top-level provider
  • Levels of DNS Hierarchy:
    • Root: The root name server answers requests in the root zone.
    • Top-Level Domain: Organizational hierarchy (.com, .net, .org) and the geographic hierarchy (.uk, .fr, .it).
    • Second-Level Domain: Sit directly below the top-level domain (diontraining.com)
    • Subdomain: Server underneath the second-level domain (www.diontraining.com)
    • Host: Most detailed level inside of the DNS hierarchy and refers to a specific machine
    • Different types of DNS records:
      AAAAACNAMEMXSOAPTRTXTSRV*NS

• DNS can be used internally or externally:

  • Internal DNS: Allows cloud instances on the same network to access each other using internal DNS names. Most cloud providers automatically create, update, and remove these internal DNS records.
  • External DNS: Records created around the domain names from a central authority and used on the public Internet

• Time-to-live (TTL): A setting that tells the DNS resolver how long to cache a query before requesting a new one.

• The DNS resolver (DNS cache) is located on your individual host.

• Lookup Method:
  *Recursive Lookup: DNS server communicates with several other DNS servers to hunt down the IP address and return to the client
  *Iterative Lookup: Each DNS server responds directly to the client with an address for another DNS server that may have the correct IP address.

  • DNS translates domain names into IP addresses, allowing users to access websites and other resources on the Internet.

Load Balancing

• Load Balancing: The process of distributing incoming traffic among multiple servers to ensure that no single server is overwhelmed.
  • Layer 4 Load Balancing:
    • Uses the transport layer (TCP/UDP) to distribute traffic among servers.
    • Relatively simple to configure and manage.
  • Layer 7 Load Balancing:
    • Uses the application layer (HTTP/HTTPS) to distribute traffic among servers.
    • Provides more granular control over traffic and can be used to implement advanced features.
  • Cloud-based Load Balancing:
    • Typically provided as a managed service and are fully integrated with other cloud services such as compute, storage, and databases.
  • DNS-based Load Balancing:
    • DNS-based load balancers work by returning the IP address of one of the servers when a client requests the IP address of the load balancer.
    • Relatively simple to configure and manage.
  • Load balancers are used to distribute traffic among servers.

Virtual Private Network (VPN)

• Virtual Private Network (VPN):
  • Extends a private network across a public network and enables users to send and receive data across shared or public networks.
  • Establish a secure tunnel using a VPN protocol in order to allow a secure connection for the user over an untrusted or public network.
  • VPNs can be configured in different ways:
    • Site-to-site to interconnect two sites and provide an inexpensive alternative to dedicated leased lines.
    • Client-to-site to send data from one single host, and connects it back to the headquarters’ office, instead of doing it from the site’s router to the headquarters’ router.
    • Full Tunnel VPN routes and encrypts all network requests through the VPN connection, regardless of where the destination or service is located.
    • Split Tunnel VPN divides the traffic and network requests and routes them to the appropriate connection or network.
    • Clientless used to create a secure, remote-access VPN tunnel using a web browser without requiring a software or hardware client
  • Secure Socket Layer (SSL) provides cryptography and reliability using the upper layers of the OSI model, specifically layers five, six, and seven.
    *Most Clientless VPNs are instead using Transport Layer Security (TLS) to provide secure web browsing over HTTPS
    *Datagram Transport Layer Security (DTLS) provides the same level of security as TLS, but operates a bit faster due to having less overhead in the UDP protocol itself
  • Most modern VPNs are IP Security (IPSec)
  • Used in virtual private networks to provide authentication and encryption of packets to create a secure encrypted communication path between two computers over an Internet Protocol-based network.

Direct Connection

• Direct Connect:
  • Cloud networking solution offered by major cloud providers that allows organizations to establish a dedicated network connection between their on-premise infrastructure and their cloud environment.
  • Important for organizations that require low-latency and high-bandwidth connectivity for critical applications and data transfers.
    *There are different variations of direct connect available for AWS, Azure, and GCP: AWS Direct Connect, Azure Direct Connect and GCP Direct Connect.
  • Benefits of using Direct Connect:
    • Improved performance - provides a dedicated connection with a high bandwidth, low latency, and reduced packet loss.
    • Increased security - eliminates the risk of security breaches by bypassing the public Internet.
    • Enhanced reliability - provides a dedicated and private connection with a higher level of reliability.
    • Cost savings - it can reduce the cost of data transfer between the organization’s data center and the cloud service provider.
    • Simplified management - eliminates the need for managing VPN connections and configuring security protocols.
  • Direct Connect is a critical solution for organizations that require low- latency and high-bandwidth connectivity between their on-premise and cloud environments.

Remote Access Types

• To support remote users, organizations need to provide them with the ability to remotely access the networks and all the resources.
  • Secure Shell
  • Remote Desktop Protocol
  • Virtual Network Computing Protocol
  • Virtual Private Network (VPN)
    • Allows the user to create an encrypted tunnel on an untrusted network such as the Internet, known as Remote Access VPN (Client-to-site VPN).
      *Encrypted with Advance Encryption System (AES).
      *
  • Secure Shell (SSH) is used to remotely access and configure servers and network devices over a text-based CLI and utilizes encryption for all network connections to protect data during transmission
  • Remote Desktop Protocol (RDP):
    • Proprietary protocol developed by Microsoft that allows admins and users to remotely connect to another computer using a graphical interface.
    • Provides for native encryption but not for authentication.
  • VNC (Virtual Network Computing)
  • Similar to RDP protocol but is platform-independent and normally operates over Port 5900
  • VNC server must be set up on the machine.
  • Biggest benefit of remote access is for our administrators *AWS and Azure remote app provides multi-factor authentication, transit, and data-at-rest encryption
    • AWS WorkSpaces is a cloud-based remote access solution offered by Amazon Web Services (AWS).
      • Provides users the ability to customize a virtual desktop, install applications, and run multiple operating systems
    • Microsoft Azure RemoteApp is a cloud-based remote access solution offered by Microsoft.
      • Applications can be accessed from of devices including Windows, Mac, iOS, and Android.
  • Many ways an end user can connect back to the enterprise network or cloud-based resources:
    • VPN
    • Secure Shell
    • Remote Desktop Protocol
    • Virtual Network Computing
    • Cloud-based Remote Access
    • HTTPS

Cloud Storage

• Cloud Storage:
  • Storage Features: Compression, Deduplication, Capacity on Demand
  • Storage Characteristics: Performance (Caching, Load balancing, Content Delivery Networks (CDNs)), Hot Storage, Cold Storage
  • Types of Storage: Object Storage, File Storage, Block Storage
  • Software-defined Storage
  • Content Delivery Network

Storage Features

• Cloud Storage: Data is stored on remote servers accessed over the Internet.
  • Compression:
    • Reduces the size of a file or data set, making it easier to store and transfer.
    • Advantage: Can save money on storage costs.
    • Disadvantages: Takes more processing power to compress and decompress the data and can lose the quality of some types of data, like images.
  • Deduplication:
    • Eliminates duplicate copies of data, reducing the amount of storage space needed.
    • Advantages: Reduces the amount of storage space required, which reduces storage costs, and makes the data transfer faster and more efficient.