Cloud

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Default deny

- Default = not giving access to something

product fit - vendor evaluation

- Does the product meet business requirements - Usability: is product intuitive - Dig into vendor (strong reputation, financially viable, past litigation)

Security - vendor evaluation

- Encryption (is data encrypted where it is stored/transit, are backups encrypted, who controls the keys) - Incident response (what happens in security incident, documented playbooks?, 24/7 security operations center) - Access management (will service integrate with control system, does it have multifactor authentication, what level of control do you retain in application) - User management (how are new users created, role-based access control?, what happens to user data if removed)

architecture - vendor evaluation

- Is the system well- architected - Where is the underlying infrastructure - Will it scale as needed - Are there any points of failure - Durability/reliability (multiple data centers, how is data backed up) - How will it integrate with our other services - How can we get our data out if we want to leave

least privilege

- Unless explicitly need to have access you shouldn't have it

business case - vendor evaluation

- Upfront and recurring costs - How will price change over time - Duration (how long do you expect to need it, will you eliminate other services?) - Negotiating (lowering price, modifying contract, extending term, bartering case studies, references)

legal - vendor evaluation

- What jurisdiction governs the relationship - Compliance issues (depending on industry you need to know what regulations you're bound by) - Who is indemnifying whom?

support - vendor evaluation

- When is support available - Who is providing support - Who may access support - Service level agreements should be part of contract

AWS position

- clear pioneer -2006 - huge geographical footprint and marketshare - breadth and innovation of services

cloud storage costs

- object storage much less expensive than block storage in cloud -object storage costs only incurred when used (no wasted space as with block storage)

window of exposure

- you want the least time between bug created until seen and fixed

cloud networking

-Cloud networking is highly virtualized and customizable. -In a traditional data center, virtual LANs (VLANs) separate systems of differing security levels. -Cloud providers use virtual private clouds (VPCs) and similar concepts for the same purpose. -Cloud providers will bring fiber directly into your data center.

Snapshots

-Contain a copy of all data stored on a disk image. -can do this while it's running -back up disk volumes -can take a snapshot of amazon machine images and build from there (AMIs)

IP Addresses

-Uniquely identify systems -DNS: worldwide service that translates IP #s to words -each numerical group in IP address can go from 0-255 -the direction: computers is source and server is destination

AMI

-amazon machine images -provide images to create a new server.

Common impediments to cloud computing

-don't want to change a previously working system -employee unfamiliarity with the cloud

magnitude of data stored

-each person around 2 terabytes -ND has about 10 terabytes -in world all time before 2003: .005 zettabytes 2012: 1 zettabyte 2013: 1.8 zettabytes

Use cases where cloud might not be appropriate

-need data very quickly -tons of data -infrastructure is competitive advantage

risks we face operating in the cloud?

-network very important (has to always be there) -cyber attacks -compliance violations -bunch of different stuff so we have to prioritize

Simple Storage Service (S3)

-provides object storage. -Data is stored as objects in folders, known as S3 buckets. -S3 buckets must have globally unique names. -highly durable storage (eleven nines; 100 billion objects you'll lose one a year) -EBS snapshots stored here -a little more difficult to access data because it doesn't natively talk to operating system -can host files on the web directly out of here (don't need a server)

storing server state

-stored in disk -can install new hard drive to increase space -has to be done when server is not running

data centers needs

-ton of water to keep machines cool -tons of electricity

Let's Build a Windows Server

-use remote desktop application you have on your computer -can then pick any operator you want **need to keep key pair or you'll never get in

big three cloud providers

1. AWS 2. Microsoft Azure 3. Google cloud platform

key tenets of cyber security?

1. Availability 2. Confidentiality 3. Integrity

cloud database options

1. Build databases on virtualized servers • Requires installing/configuring databases • Resembles on-premises operations • Requires customer management of servers and databases 2. Use a managed database service • Request database from cloud provider using platform of choice • Transfer maintenance responsibility to the cloud provider • Incurs additional costs 3. Use a cloud-native database platform • Allows use of relational databases, key-value stores, graph database, and other options designed to maximize infrastructure advantages • Offers high degree of cloud optimization • Places management burden on the provider • May require retooling of existing applications

Risk management strategies

1. Risk avoidance (changes organization business practices ex. Relocating datacenter to reduce flood risk) 2. Risk transference (shifts the impact to another organization ex. Insurance) 3. Risk mitigation (reduces likelihood or impact ex. Implementing flood diversion system) 4. Risk acceptance

why virtualize

1. access to software regardless of os 2. cost effective 3. efficient use of computing resources 4. servers more reliable than computers

three steps in Identity and Access Management

1. identification 2. authorization 3. authentication

Assessing and rating risk

1. likelihood 2. impact

EBS storage classes

1. solid state drive general purpose ssd provisioned IOPS 2. Hard disk drive -EBS drives are provisioned in large blocks that are reserved at the time of provisioning. -And your storage is always immediately available to your servers -You pay for what you provision, not what you use. -EBS volume needs to be in same availability zone as your server -3 nines (less durable than S3)

S3 storage classes

1. standard 2. standard infrequent access 3. S3 intelligent tiering 4. glacier (very cheap but longer retrieval times) you pay for storage and data transfers *can automate storing lifecycle

Vulnerability Patching Process

1.Software vendor learns of a vulnerability. 2. Developers analyze the issue and develop a patch. 3. Software vendor releases the patch to customers. 4. Customers apply the patch to remediate the vulnerability.

aws snowball

80 tb snowcone 8 tb snowmobile up to 100 petabytes

Cloud Computing (NIST Definition)

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Which one of the following units of data is the largest? A. Zettabyte B. Petabyte C. Gigabyte D. Terabyte

A. Zettabyte

According to Garther, ___ is the leading provider of IaaS services.

AWS

Vertical Scalability

Adding resources to one machine to accommodate additional work.

Block Storage

Allocates a large chunk of storage for access as a disk volume managed by the operating system. -OS knows how to talk to it classes -magnetic -solid state Elastic Block Store (EBS) provides disk volumes.

Cloud Orchestration

Automates cloud management

Which of the following is not an example of a server role? C. Database D. Application B. Waiter A. Mail

B. Waiter

characteristics of cloud computing?

C. On-demand D. Ubiquitous A. Convenient

Which of the following is not a physical component of a server? B. Memory D. Network A. CPU C. Recall

C. Recall

Which one of the following cloud services provides the least expensive storage option? A. S3 Reduced Redundancy D. S3 Standard B. S3 Infrequent Access C. S3 Glacier

C. S3 Glacier

machine learning model builder optimization

CPU very important

Multifactor Authentication

Combines authentication techniques from two or more of the authentication categories

Which one of these computing services is not an example of cloud computing? B. Building a web server in AWS D. Installing a database server in your data center A. Accessing your GMail account C. Storing files in Dropbox

D. Installing a database server in your data center

Cloud Computing (his definition)

Delivering computing resources to a remote customer over a network.

Cloud servers use ____ to store their state.

Disk

Horizontal Scalability

Distributing additional work across more than one machine • Ability to add resources at each layer of a system • Requires a load balancer to manage distribution of work • Can require application reconfiguration • Can require software changes • Increases system complexity

What type of processor is highly optimized for use in machine learning applications?

GPU

The name you choose for an S3 bucket must be unique ( )

Globally

Vertical Scaling Steps in the Cloud

Identify bottleneck • Identify new server instance type • Shut down server • Select new instance type • Start server

Google Cloud Platform

Late start — 2012 • Distant #3 in market share • Very strong in analytics • Oracle licensing issues

Why scale vertically? and why not?

Monolithic applications • Legacy software • No code changes necessary • Easy to do • Can be accomplished quickly why not: systems have to be down for a little not elastic

Vulnerability Scanning

Probes systems for known security issues -inspector tool

Port Scanning

Probes systems for open ports

Which one of the following tools provides a secure graphical interface to connect to a Windows server?

Remote Desktop Connection

When determining the cost of using S3 storage, you need to be concerned about the costs of:

Stored data and data transfer

Object Storage

Stores files as individual objects managed by the cloud service provider -traditional software does not know how to talk to it (most computing environments need both types of storage) classes -high availability -archival S3 provides object storage.

Identity and Access Management

The set of controls and processes that ensure computer systems have a consistent method to identify the entities authorized to access systems and resources, and ensure that only authorized access occurs

vertical scaling AWS

Vertical Constraints: • Compute • Memory • Network • Storage take down instance create larger instance

Let's Build a linux Server

You use SSH (secure shell) to connect to virutal linux server

firewalls

act as security guards, blocking unwanted network traffic -If the firewall receives traffic not explicitly allowed by a firewall rule, then that traffic must be blocked.

security groups

allow us to modify firewall rules for our EC2 instances.

In AWS, scaling programmatically can be accomplished by ______ scaling

auto

what is cyber security?

balancing: 1. confidentiality 2. integrity 3. availability

Both ____ and object storage are availabe from cloud IaaS providers.

block

Burstable instances

build up CPU credits for times of peak use. t-series • Vertical scaling without downtime • Limited to CPU only • Limited to T4, T3, T3a, and T2 instance types

What class of AWS instances allow you to store up CPU credits for use at a later time?

burstable instances

performance monitoring

can monitor cpu, memory, storage, network -can set up alerts based on thresholds -can specify actions to do when capacity overflows

physical differences between servers

cpu, memory (RAM), storage (disks), network optimize for what you need

AWS glue

crawls your data, builds a data catalog, performs data preparation, data transformation, and data ingestion to make it easy to analyze

According to the shared responsibility model, the customer retains operational responsibility for _______, regardless of I/P/SaaS layer.

data

( ) is the acronym used to describe the AWS service that provides the cloud equivalent of physical hard drives?

elastic block storage

Stopping a cloud server destroys it in an irrevocable way. T/F

false

CPU bursting is available in all AWS EC2 instance families T/F

false The ability to CPU burst is only availabe in the T2, T3a, and T3 instance families.

FTP

file transfer protocol

server roles

generally have a single purpose examples: • Web server • Mail server • Database server • Application server • File server can have multiple areas of access (anywhere in the world)

Adding resources dynamically without impacting end users is best accomplished by _________ scaling.

horizontal

Distributing additional work to 3 new machines is an example of ________ scalability.

horizontal

The ( ) allows multiple virtual machines to operate on a single physical machine.

hypervisor

Which one of the following is the baseline rule for all firewall implementations?

implicit deny

IaaS

infrastructure as a service - least structured - offers customers access to basic building blocks (networking, storage) customer responsible for: Data, application, os not responsible for: data center, hardware

aws beanstalk

is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker

Which cloud computing layer requires the greatest amount of technical knowledge and skill to use?

laaS

private IP ranges

large: 10.0.0.0 - 10.255.255 medium: 172.16.0.0 - 172.31.255.255 small: 192:168.0.0

network ports

like apartment numbers, guide traffic to the correct final destination. - Port 21: file transfer protocol (FTP) - Port 22: Secure shell (SSH) - Port 3389: remote desktop protocol (RDP) - Ports 137, 138, 139: NetBIOS anywhere source: Anywhere: 0.0.0.0/0, ::/0

how do you optimize a web server?

lots of network potential, CPU capacity

The hallmark of the public cloud is

multitenency a single instance serves multiple customers

is cloud always the best

no -extremely low latency requirements -very large, costly instances -infrastructure is your competitive advantage

Lambda

offers serverless computing capacity.

Elastic Compute Cloud (EC2)

offers virtualized servers

Making the decision between on-premises and cloud (pros and cons of each)

on premise pro: -Do not have to pay an outside cloud provider -Usually a system you know well/already invested a lot in -if you have a ton of data or need it very quickly that could be expensive or not even possible from the cloud con: -all data in one place -do not have the same scalability so most likely more expensive -transition to the cloud can be hard

inspector

performs vulnerability scans of virtual servers.

PaaS

platform as a service - Providers offer customers the ability to deploy applications on the providers' infrastructure customer responsible for: data, application

AWS global infastructure

regions --- availability zone -- has at least one data center

In AWS, ( ) take the place of firewall rules, allowing administrators to control access to EC2 resources.

security groups

( ) are the user-controlled backup mechanism for EC2 servers.

snapshots

SaaS

software as a service -Providers offer customers access to fully functioning applications operated by the provider. -least involved -still responsible for data

three authentication factors

something you have something you are something you know

authentication factors

something you know something you are something you have

how do you optimize a database server?

storage important

how do you optimize a file server?

sufficient storage, fast storage, sufficient bandwidth for network applications

what is risk a combination of?

threat and vulnerability

Cloud services require physical data centers. T/F

true

What type of hypervisor requires a host operating system?

type 2

managing risk

ven diagram of vulnerability and threats with risk in the middle

Adding resources to a single machine is an example of ________ scalability.

vertical

A ( ) is the cloud equivalent of a VLAN in a physical data center.

virtual private cloud

cloud compute

virtualized servers run in cloud data centers

Which one of the following is an example of a cloud-based desktop virtualization service?

workspaces

What type of processor is most commonly used for Windows and Linux servers?

x86, intel processors

storage concerns

• Cost • Accessibility (location and speed) • Durability • Geographic Diversity • Privacy Data Storage Unit

Cloud Adoption Strategies

• Development and test environments (lower risk doesn't involve customers) • Batch processing (not creating new data just transforming it in some way also lower risk) • Burst capacity (if you need additional space put some in the cloud) • Cloud First (default now: why can't I put this in the cloud) • Cloud Native (new company starts in cloud with no transition - grows quickly) • Disaster recovery and business continuity (don't have all eggs in one basket - but data in more than one data center) also one of the big reasons for cloud first

Microsoft Azure position

• Late start — 2012 • Huge existing customer base • Licensing advantages for Windows shops • Some reliability issues

Cloud Computing Essential Characteristics

• On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service

web services

• Port 80: Hypertext Transfer Protocol (HTTP) • Port 443: Secure HTTP (HTTPS

Network Load Balancer (NLB)

• Routes traffic based on low-level network protocols. • Scales to millions of requests per second. has less context/does less work just uses network variables (IP addresses & ports) to direct

Application Load Balancer (ALB)

• Routes user requests to multiple EC2 instances. • Allows for path- and host-based routing. components: Load Balancer • Entry point for user requests. Listener • Uses rules to map user requests to services in target groups. Target Group • Contains multiple EC2 instances.

autoscaling

•Based on a launch configuration (machine image) • Identify scaling thresholds based on resource utilization • Monitor usage based on defined thresholds • Trigger scaling action when appropriate

Server Actions

•Starting a server boots it up ("turns it on") • Restarting a server reboots it ("resets") • Stopping a server shuts it down ("turns it off") • Terminating a server destroys it ("throws it away")


Kaugnay na mga set ng pag-aaral

Psychology Test 3 (Chapters 6, 7)

View Set

AP Macro prgress check unit 2: MCQ

View Set

Foundations of Nursing - Unit 6 Exam

View Set

Chapter 27/35- Disorders of the Bladder and Lower Urinary Tract

View Set

Chem: Unit 3: Atomic Concepts - castle learning

View Set