Virtualization and Cloud Security

Hybrid cloud

Combines elements from private, public, and community cloud structures. The elements are not joined together, instead they are "used" together.

XaaS:

Everything/Anything as a service. a general category of services related to cloud computing and remote access

IaaS:

Infrastructure as a service. delivers IT infrastructure like compute, storage, and network resources on a pay-as-you-go basis over the internet

Community cloud:

It is a type of cloud where several organizations with a COMMON INTEREST share a cloud environment for the specific purposes of the shared endeavor. Ex. local public entities and key local firms may share a community cloud dedicated to serving the interest of community initiatives.

VM escape protection

It is where software, either malware or an attacker, escapes from one VM to the underlying OS. Once the VM escape occurs, the attacker can attack the underlying OS or resurface in a different VM. When tou examine the problem from a logical point of view, both VMs use the same RAM, the same processors, and so forth; the difference is one of timing and specific combinations.

Serverless architecture

It simplifies a lot of things and adds significant capabilities. By specifying the resources needed in terms of processing power, the cloud provider can spin up the necessary resources. a way to build and run applications and services without having to manage infrastructure. A WAY TO DEVELOP AND RUN APPLICATIONS AND SERVICES WITHOUT OWNING AND MANAGING AN INFRASTRUCTURE. SERVERS ARE STILL USED, BUT THEY ARE OWNED AND MANAGED "off-premises)

On-prem vs. off-prem

On-premises means the system resides locally in the building of the organization. Whether it's a VM, storage, or even a service, if the solution is locally hosted and maintained, it is referred to as "on-premises." Off-premises or "hosted" services refer to having the services hosted somewhere else, commonly in a shared environment. Using a third party for hosted services provides you a set cost based on the amount of those services you use.

PaaS:

Platform as a service. Offering of computing platform in the cloud. a complete cloud environment that includes everything developers need to build, run, and manage applications—from servers and operating systems to all the networking, storage, middleware, tools, and more

SaaS:

Software as a service. The offering of software to end users from within the cloud. Rather than installing software on client machines, SaaS acts as software on demand, where the software runs from the cloud. You do not need to manage everything except your username and password.

Cloud models:

There are many cloud deployment models. There are pros and cons to cloud-based computing. For each use, the economic factors may differ. To save money, "renting" space in the cloud makes sense.

CSPs (cloud service providers)

They come with different price points, service levels, and different offerings. There are mega-cloud providers, Amazon, Google, Microsoft, and Oracle, which have virtually no limit to the size they can scale to when needed.

Type II

They run on top of a host operating system. In the beginning of the virtualization movement, Type II hypervissors were most popular. These are designed for limited number of VMs, typically running in a desktop or small server environment.

Type I

Type I hypervisors run directly on the system hardware. They are referred to as a native, bare-metal, or embedded hypervisor in typical vendor literature. These hypervisors are designed for speed and efficiency, as they do not have to operate through another OS layer. Examples include KVM (kernel-based VM, a Linux implementation). THE INTERFACE BETWEEN A VM and the HOST MACHINE HARDWARE. HYPERVISORS COMPRISE THE LAYER THAT ENABLES VIRTUALIZATION

Private cloud

Used if your organization is highly sensitive to sharing resources. They are reserved resources used only by your organization-your own little cloud within the cloud. This setup is more expensive but carries less exposure and allows your organization to have more control over their security, processing, and handling of data that occurs within your cloud.

Fog computing

Using someone else's computers. A distributed form of cloud computing, in which the workload is performed on a distributed, decentralized architecture.Moves some of the work into the local space to manage latency issues. technology that extends cloud computing and services to the edge of an enterprise's network. It allows data, applications, and other resources to be moved closer to, or even on top of, end users (ex. phones)

VM sprawl avoidance

VM sprawl is when an organization loses control over its virtual machine environment due to rapid and uncoordinated VM creation which can lead to a slow environment. requires proactive management and the implementation of strategies to control the proliferation of virtual machines

Network appliance

a highly specialized hardware device placed on a network to provide security by filtering and inspecting network traffic based on defined security policies ex. switching, hub, bridge, router, gateway, modem, repeater, and access point

Software-Defined Networking (SDN)

a network architecture where the control plane and the data plane are seperated. THis allows for networking hardware to be under programmatic control, even while processing data. a network management technique that centralizes control of network appliances in software

Transit gateway

a network connection that is used to interconnect virtual private clouds (VPCs) and on-premesis networks. Using transit gateways, organizations can define and control communication between resources on the cloud provider's network and their own infrastructure.

Containers

a package of software and its everything to help them run — such as code, system tools, settings, and libraries — that can run reliably on any operating system and infrastructure A FORM OF OS VIRTUALIZATION. THEY ARE A PACKAGED-UP COMBINATION OF CODE AND DEPENDENCIES THAT HELP APPLICATIONS RUN QUICKLY IN DIFFERENT COMPUTING ENVIRONMENTS

microservices

a small, autonomous service that performs a single, well-defined function within a larger application architecture. It operates independently with its own codebase, database, and deployment process. Consider a video sharing platform: Video Upload Service: Handles user video uploads

Software-Defined visibility (SDV)

an extension of a system's physical infrastructure as code idea for the network visibility problem.

API

application programming interface, which consists of a set of definitions and protocols that allows software components to communicate

Edge computing

computing performed at the edge of a network. Edge computing has been driven by network vendors who have processing power on the network and wish new markets rather than just relying on existing markets. It is similar to fog computing in that it is an addition to existing computing architectures-one that is designed for speed. BRINGS PROCESSING CLOSER TO THE EDGE OF THE NETWORK, WHICH OPTIMIZES WEB APPLICATIONS AND IoT DEVICES

Services integration

the connection of infrastructure and software elements to provide specific services to a business entity. Connecting processing, storage, databases, web communications, and other functions into an integrated comprehensive solution is the goal of most IT organizations.

Infrastructure as Code

the use of machine-readable definition files as well as code to manage and provision computer systems. Infrastructure as code allows the management of physical hardware configurations to be done automatically.

Virtualization

used to enable a computer to have moire than one OS present and, in many cases, operating at the same time. Technology that you can use to create virtual representations of servers, storage, networks, and other physical machines. Virtual software mimics the functions of physical hardware to run multiple virtual machines simultaneously on a single physical machine.

Public cloud:

A cloud service that is rendered over a system open for public use. The depth and level of these restrictions will be a lot less in public cloud.

Managed Service Provider (MSP) / Managed security service provider (MSSP)

A company that remotely manages a customer's IT infrastructure. MSSP does the same thing as a third party that manages security services. For each of these services, the devil is in the details. The scope of the engagement, what is in the details of the contract, is what is being provided by the third party, and nothing else. For example, if you don't have managing backups as part of the contract, either you do it yourself or you have to modify the contract.

Thin client

A lightweight computer, with limited resources, whose primary purpose is to communicate with another machine.