10B). CHAP 9 - CLOUD COMPUTING/GRID COMPUTING/PEER-TO-PEER COMPUTING:
J6. A Community Cloud: "two or more organizations pool their resources to create a cloud environment that they then share"
1). A Community Cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. 2). This may allow for some cost savings compared to accessing private or public clouds independently.
L3. EXAM ESSENTIALS: Define CASB.
1). A cloud access security broker (CASB) is a security policy enforcement solution 2). A CASB may be installed on-premises, or it may be cloud based.
N2. The Cloud Shared Responsibility Model: "the security responsibility line of demarcation between the client & cloud service provider"
1). A concept that when an organization uses a cloud solution, there is a division of security and stability responsibility between the provider and the customer.
I4. A Hosted Solution:
1). A deployment concept where the organization must license software and then operates and maintains the software provided by the vendor. 2). Pays for all of it whether it is used or not.
J5. A Hybrid Cloud: "mixture of private and public cloud components"
1). A mixture of private and public cloud components. 2). For example, an organization could host a private cloud for exclusive internal use but distribute some resources onto a public cloud for the public, business partners, customers, the external sales force, and so on.
J2. A Private Cloud is a service: "a cloud service within a corporate network and isolated from the internet"
1). A private cloud is a cloud service within a corporate network and isolated from the internet. 2). The private cloud is for internal use only.
D3. EXAM ESSENTIALS: Know about the type I hypervisor.
1). A type I hypervisor is a native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.
E3. EXAM ESSENTIALS: Know about the type II hypervisor.
1). A type II hypervisor is a hosted hypervisor. 2). In this configuration, a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.
J3. A Virtual Private Cloud is a service: "cloud service offering provides isolated subsection of public/external cloud for exclusive internal use by an organization"
1). A virtual private cloud is a service offered by a public cloud provider that provides an isolated subsection of a public or external cloud for exclusive use by an organization internally. 2). In other words, an organization outsources its private cloud to an external provider.
A3. EXAM ESSENTIALS: Understand the risks associated with cloud computing and virtualization.
1). Cloud computing and virtualization, especially when combined, have serious risks associated with them. 2). Once sensitive, confidential, or proprietary data leaves the confines of the organization, it also leaves the protections imposed by the organizational security policy and resultant infrastructure. 3). Cloud services and their personnel might not adhere to the same security standards as your organization.
B2. Cloud Computing:
1). Cloud computing is a natural extension and evolution of virtualization, the internet, distributed architecture, and the need for ubiquitous access to data and resources. 2). However, it does have some issues, including privacy concerns, regulation compliance difficulties, use of open-versus closed-source solutions, adoption of open standards, and whether or not cloud-based data is actually secured (or even securable).
A2. EXAM ESSENTIALS: Understand cloud computing.
1). Cloud computing is the popular term referring to a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. 2). Cloud computing is often thought of as Internet-based computing.
F2. Cloud Storage: "using storage capacity provided by a cloud vendor"
1). Cloud storage is the idea of using storage capacity provided by a cloud vendor as a means to host data files for an organization. 2). Cloud storage can be used as form of backup or support for online data services. 3). Cloud storage may be cost effective, but it is not always high speed or low latency. 4). Most do not yet consider cloud storage as a replacement for physical backup media solutions but rather as a supplement for organizational data protection. 5). Additionally, using cloud storage may involve additional risk because your organization's data is residing on equipment in another facility and under third-party control.
O2. Grid Computing: "groups a significant number of processing nodes to work toward a specific processing goal"
1). Grid computing allows geographically disparate systems to dynamically join and leave a network focused on a single task. By taking part in this infrastructure, systems with free CPU cycles can take part in a distributed effort for a single cause. 2). It's a form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal. 3). Members of the grid can enter and leave the grid at random intervals.
J4. A Public Cloud: "single platform that is shared among many different customers"
1). Is a cloud service that is accessible to the general public, typically over an internet connection. 2). In the public cloud computing model, the vendor builds a single platform that is shared among many different customers. 3). Also known as the shared tenancy model.
P2. Peer-to-peer (P2P) Technologies: "networking and distributed application solutions that share tasks and workloads among peers"
1). Peer to Peer Peer-to-peer (P2P) technologies are networking and distributed application solutions that share tasks and workloads among peers. 2). This is similar to grid computing; the primary differences are that there is no central management system and the services provided are usually real time rather than as a collection of computational power. 3). Common examples of P2P include many VoIP services, such as Skype, BitTorrent (for data/ file distribution), and Spotify (for streaming audio/ music distribution).
B3. Cloud Computing Concerns:
1). Privacy Concerns 2). Regulation Compliance difficulties 3). Use of Open-Versus Closed-Source Solutions 4). Adoption of Open Standards - and whether or not cloud-based data is actually secured (or even securable).
H5. Identity as a Service (IDaaS):
1). Provides capabilities such as account provisioning, management, authentication, authorization, reporting, and monitoring.
M3. EXAM ESSENTIALS: Understand SECaaS.
1). Security as a service (SECaaS) is a cloud provider concept in which security is provided to an organization through or by an online entity.
C5. Guest OSs:
1). The OSs running within a hypervisor-supported virtual machine.
O3. Grid Security Issues: "content of each work packet 📦 is potentially exposed to the world 🌍"
1). The biggest security concern with grid computing is that the content of each work packet is potentially exposed to the world. 2). Many grid computing projects are open to the world, so there is no restriction on who can run the local processing application and participate in the grid's project. 3). This also means that grid members could keep copies of each work packet and examine the contents. 4). Thus, grid projects will not likely be able to maintain secrecy and are not appropriate for private, confidential, or proprietary data.
C4. Host OS: "The computer running the hypervisor"
1). The computer running the hypervisor is known as the host OS.
C3. EXAM ESSENTIALS: Understand Hypervisors:
1). The hypervisor, also known as the virtual machine monitor (VMM), is the component of virtualization that creates, manages, and operates the virtual machines.
C2. The Hypervisor: "creates, manages, and operates the virtual machines"
1). The hypervisor, also known as the virtual machine monitor (VMM), is the component of virtualization that creates, manages, and operates the virtual machines. 2). The computer running the hypervisor is known as the host OS, and the OSs running within a hypervisor-supported virtual machine are known as guest OSs. Also known as the VIRTUAL MACHINE MONITOR (VMM), is the component of virtualization that: 1). Creates 2). Manages, and 3). Operates the Virtual Machines.
13. On-Premise Solutions:
1). Traditional deployment concept in which an organization owns the hardware, licenses the software, and operates and maintains the systems on its own usually within their own building.
M2. Security as a Service (SECaaS): "security as a service, kinda like SaaS, or IDaaS, only with Security"
A cloud provider concept in which security is provided to an organization through or by an online entity. 1). Security as a service (SECaaS) is a cloud provider concept in which security is provided to an organization through or by an online entity. 2). The purpose of SECaaS solutions are to reduce the cost and overhead of implementing and managing security locally. 3). SECaaS often implements software-only security components that do not need dedicated on-premises hardware. 4). SECaaS security components can include a wide range of security products, including: >. authentication, >. authorization, >. auditing/ accounting, >. anti-malware, >. intrusion detection, >. compliance and >. vulnerability scanning, >. penetration testing, and >. security event management.
I5. A Cloud Solution:
A deployment concept where an organization contracts with a third-party cloud provider. The provider owns, operates, and maintains the hardware and software. The organization pays a monthly fee (often based on a per-user multiplier) to use the solution.
L2. Cloud Access Security Broker (CASB): "security policy enforcement tool to detect access to, and usage of, cloud-based services"
A new class of security tools known as cloud access security brokers (CASB) can detect access to, and usage of, cloud-based services. These tools give the organization more visibility into its sanctioned and unsanctioned use of cloud services. Many CASB systems, in cooperation with cloud services, can be used to control the use of cloud services. 1). A security policy enforcement solution that may be installed either on-premises or in the Cloud. 2). It's goal is to ENFORCE and ENSURE that PROPER SECURITY MEASURES are IMPLEMENTED BETWEEN a CLOUD SOLUTION and a CUSTOMER ORGANIZATION.
K2. Use Snapshot For Data Recovery In Virtual Environments:
Backups of virtual machines. They offer a quick means to recover from errors or poor updates.
E2. Type II Hypervisor (or a Hosted Hypervisor): "hypervisor installed as another software application"
Deployed on OS/Desktop Hypervisor. 1). In this configuration, there is a standard regular OS present on the hardware, 2). The hypervisor is installed as another software application. Often used in relation to DESKTOP DEPLOYMENTS Where guest OSs offer safe sandbox areas to test new code, allow the execution of legacy applications, support apps from alternate OSs, and provide the user with access to the capabilities of a host OS.
H3. Platform as a service (PaaS): "customer only provides application code for execution on a vendor-supplied computing platform"
In a Platform as a Service (PaaS) environment, the vendor takes on responsibility for the operating system, but the customer writes and configures any applications. >. Platform as a service (PaaS) is the concept of providing a computing platform and software solution stack as a virtual or cloud-based service. >. Essentially, this type of cloud solution provides all the aspects of a platform (that is, the operating system and complete solution package). The primary attraction of PaaS is the avoidance of having to purchase and maintain high-end hardware and software locally. DETAILS: 1). The vendor takes on responsibility for the operating system. 2). The customer provides their own software. 3). The customer writes and configures applications. 4). The customer provides all application code for execution on the vendor-supplied computing platform. Primary value: "AVOIDING HAVING TO PURCHASE and MAINTAIN HIGH-END HARDWARE & SW LOCALLY".
H2. Software as a service (SaaS): "vendor takes on responsibility for the development and implementation of the application"
In a Software as a Service (SaaS) environment, the vendor takes on responsibility for the development and implementation of the application while the customer merely configures security settings within the application. >. Software as a service Software as a service (SaaS) is a derivative of PaaS. SaaS provides on-demand online access to specific software applications or suites without the need for local installation. >. In many cases, there are few local hardware and OS limitations. SaaS can be implemented as a subscription service (for example, Microsoft Office 365), a pay-as-you-go service, or a free service (for example, Google Docs). DETAILS: 1). The vendor takes on responsibility for the development and implementation of the application 2). The customer merely configures security settings within the application. 3). Provides on-demand online access to software applications without the need for local installation. 4). In many cases, there are few local hardware and OS limitations. 5). Implemented as a subscription service a pay-as-you-go service, or a free service.
H4. Infrastructure as a service (IaaS):
In an Infrastructure as a Service (IaaS) cloud computing model, the customer retains responsibility for managing operating system and application security while the vendor manages security at the hypervisor level and below. >. Provides not just on-demand operating solutions but complete outsourcing options. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/ filtered internet connectivity. >. Ultimately, IaaS allows an enterprise to scale up new software or data-based services/ solutions through cloud systems quickly and without having to install massive hardware locally. DETAILS: 1). The customer retains responsibility for managing operating system and application security 2). The vendor manages security at the hypervisor level and below. 3). The customer provides their own software. 4). Provides not just on-demand operating solutions but complete outsourcing options. 5). Allows an enterprise to scale up new software or data-based services/ solutions through cloud systems
F4. Host Elasticity:
Means additional hardware hosts can be booted when needed and then used to distribute the workload of the virtualized services over the newly available capacity.
F3. Elasticity: "the flexibility of virtualization & cloud solutions to expand & contract based on need"
Refers to the flexibility of virtualization and cloud solutions to expand or contract based on need. In relation to virtualization. 1). Elasticity refers to the flexibility of virtualization and cloud solutions to expand or contract based on need. 2). In relation to virtualization, host elasticity means additional hardware hosts can be booted when needed and then used to distribute the workload of the virtualized services over the newly available capacity. 3). As the workload becomes smaller, you can pull virtualized services off unneeded hardware so it can be shut down to conserve electricity and reduce heat.
P3. Peer-to-peer (P2P) Security Concerns: "pirate copyrighted materials/eavesdrop on distributed content/lack of central control"
Security concerns with P2P solutions include: 1). A perceived inducement to pirate copyrighted materials, 2). The ability to eavesdrop on distributed content, 3). A lack of central control/ oversight/ management/ filtering, and the potential for services to consume all available bandwidth.
G2. 😇😐😫. Cloud ☁️ Service Offerings Customer Responsibility:
The cloud service offerings in order from the case where the customer bears the least responsibility to where the customer bears the most responsibility are: 1). Software as a Service (SaaS) LEAST RESPONSIBILITY 😇 2). Platform as a Service (PaaS) MEDIUM RESPONSIBILITY 😐 3). Infrastructure as a Service (IaaS) MOST RESPONSIBILITY 😫 1). 😇 In a Software as a Service (SaaS) environment, the vendor takes on responsibility for the development and implementation of the application while the customer merely configures security settings within the application. 2). 😐 In a Platform as a Service (PaaS) environment, the vendor takes on responsibility for the operating system, but the customer writes and configures any applications. 3). 😫 In an Infrastructure as a Service (IaaS) cloud computing model, the customer retains responsibility for managing operating system and application security while the vendor manages security at the hypervisor level and below.
I2. X As A Service:
There are many other "X as a service" offerings available in the marketplace, each with its own potential vulnerabilities and advantages. Different cloud computing companies may define or label their services differently than others. Thus, it is important to carefully compare and contrast providers with what features and options are available from each.
D2. Type I Hypervisor (Native, bare metal): "hypervisor installs directly on hardware where host OS would normally be"nice
Type I Hypervisor (Native, bare metal): "hypervisor installs directly on hardware where host OS would normally be"nice