Cloud computing

Explain the three key factors driving business strategy towards cloud computing

1. Capacity planning: determine and fulfill future demands of IT resources products and services. 2. Cost reduction: cost of acquiring new infrastructure and cost of ongoing ownership: personnel, upgrades, utility bills, security. 3. Organizational agility: adapt and evolve, this is the measure of an organization's responsiveness to changing needs and prioritizing.

What are the six major characteristics of cloud computing?

1. On-demand usage. 2. Ubiquitous access. 3. Multi-tenancy. 4. Elasticity. 5. Measured usage. 6. Resiliency

What are the four main characteristics of SLAs?

1. quantifiable 2. repeatable 3. comparable 4. easily obtainable

Compare and contrast the cloud deployment models.

A deployment model is a specific type of cloud environment defining ownership, size, and access. Public cloud is owned by a third-party. Commercialize cloud services. Community cloud is limited for access by a group of consumers let me share an ownership. Private cloud is owned by an individual organization and resides within the premises. The same organization is supposed to consumer and the provider. A hybrid cloud is a combination of two or more cloud appointment models.

Describe the characteristics of Hypervisor Clustering Architecture

A fail affecting a hypervisor can cascade to its VSs. This architecture establishes a cluster of hypervisors across mult physical servers. If a hypervisor fails, the hosted VSs can be moved to another physical server. A central VIM controls the hypervisor cluster. The VIM sends Heartbeats to the hypervisors to confirm operation. If heartbeats go unacknowledged, the VIM will initiate migration to move affected VSs.

What is a security threat?

A security threat is a potential security violation that can challenge defenses in an attempt to breach privacy and or cause harm. Exploit known weaknesses or vulnerabilities. A threat carried out is an attack

What is public key infrastructure?

A system of protocols, data formats, rules, and practices that enable large scale systems to securely use public key cryptography. Used to associate public keys with their corresponding key owners while enabling the verification of key validity. Relies on the use of digital certificates which are digitally signed data structures that bind public keys to certificate owner identities. Digital certificates are usually digitally signed by third-party certificate authority. Microsoft can act as their own certificate authority and issue certificates to their clients. Certificate authorities must build up their level of trust. Public key infrastructure is primarily Used to counter the insufficient authorization threat.

What are hardened virtual server images?

A virtual server is created from a template configuration called a virtual server image. Hardening is stripping unnecessary software from a system to limit vulnerabilities. Harding can also be removing redundant programs, closing unnecessary serve reports, disabling unused services, internal route accounts, and guest access. A hardened virtual server image is a template for a virtual server instance creating that has been subject to a hardening process. This will make the virtual server image more secure..

What is a hardened virtual server image?

A virtual server is created from a template configuration called a virtual server image. Hardening is stripping unnecessary software from a system to limit vulnerabilities. Harding can also be removing redundant programs, closing unnecessary serve reports, disabling unused services, internal route accounts, and guest access. A hardened virtual server image is a template for a virtual server instance creating that has been subject to a hardening process. This will make the virtual server image more secure..

What is a malicious service agent?

Able to intercept and forward the network traffic flowing within a cloud. Usually a service agent with compromised or malicious logic. May be an external program able to intercept and corrupt message contents.

What is insufficient authorization?

Access is granted to an attacker erroneously or to broadly and the attacker get access to IT resources normally protected. Often when the attacker gains direct access to an IT resources that were implemented under the assumption that they would only be accessed by trusted consumer programs.

What is an anonymous attacker?

An anonymous attack or is a non-trusted cloud consumer without permissions in the cloud. Usually an external software program. Launches network level attacks through public networks. They may have limited information on security policies and defenses. Often resort to committing acts like bypassing user accounts or stealing user credentials. Attacks attempted from outside a clouds boundary.

What are the four types of threat agents (just the names not the descriptions)?

Anonymous attacker malicious service agent trusted attacker a.k.a. malicious tenant malicious insider

What are the four main components of identity and access management?

Authentication, authorization, user management, credential management.

Why is authenticity important in cloud computing?

Authenticity is the characteristic of something having been provided by an authorized source. This concept encompasses non-repudiation, which is the inability of a party to deny or challenge the authentication of an interaction. Authentication in non-reputable interactions provides proof that these interactions are uniquely linked to an authorized source. For example a user may not be able to access a non-reputable file after its receipt without also generating a record of this access

What is a trusted attacker a.k.a. malicious tenant?

Authorized consumer with legitimate credentials that it uses to exploit access to cloud resources. Shares IT resources in the same cloud. Attempts to exploit legitimate credentials to target providers and tenants. Usually launch attacks from within trust boundaries. Abuse legitimate credentials or via appropriation of sensitive and confidential information. Use IT resources for a wide range of exploitation including hacking of weak authentication processes, breaking of encryption, spamming of email accounts, or launch common attacks like denial of service campaigns.

Explain the difference between Bare-Metal Provisioning Architecture vs Rapid Provisioning Architecture

Bare-Metal Provisioning Architecture: bare-metal servers are physical servers that don't have operating systems or software. This architecture establishes a system that utilizes this feature (option of installing remote management support in the servers ROM) w/ specialized service agents to discover & provision entire operating systems remotely. Uses these components: discovery agent, deployment agent, discovery section, management loader, deployment component. rapid provisioning architecture: provisioning is traditionally completed manually by admin. In cloud services, this is not adequate. This architecture automates the provisioning of a wide range of IT resources (either individually or as a collective). Uses an automated provisioning program, rapid provisioning engine, and scripts and templates. Resources used; server templates, server images, application packages, application packager, custom scripts, sequence manager, sequence logger, operating system baseline, application configuration baseline, deployment data store.

Describe the characteristics of Storage Workload Management Architecture

Cloud storage devices can be over or under utilized. This architecture enables LUNs (logical unit numbers) to be evenly distributed. Cloud storage devices are combined into a group. An automated scaling listener equalizes workloads among the group.

Explain the differences between clustering, grid computing, and virtualization (which are the three primary technology innovations that influenced & inspired cloud computing).

Clustering is a group of independent IT resources that are in connected and work as a single system. Grid Computing: resources that are organized into one or more logical pools. Much more loosely coupled and distributed then clustering. Virtualization is a tech platform used for the creation of virtual instances of IT resources. This allows physical IT resources to provide multiple virtual images of themselves so underlying processing capabilities can be shared. This severs the software hardware dependency.

Describe the characteristics of Resource Reservation Architecture

Concurrent access to shared IT resources can lead to a runtime exception called resource constraint. This occurs when two or more cloud consumers share an IT resource that does not have the capacity to accommodate the total processing requirements. Leads to degraded performance and rejections. Other types of conflicts occur when an IT resource is concurrently accessed by different consumers. Resource borrowing is where one pool can temporarily borrow IT resources from other pools. But if there is prolonged usage and the borrowed IT resource is not returned, there can be resource constraints. This architecture establishes a system where on f the following is set aside exclusively for a consumer: singe/portion/multiple IT resource.

Explain CIA and its role in cloud computing

Confidentiality integrity and availability of data. This is from an online search it's not in the book. Data needs to be accurate and reliable and not corrupted or changed. It needs to stay confidential and private to the consumer. Data must be available whenever needed for use.

What is a container attack?

Containerization introduces a lack of isolation from the host operating system level. Since Containers deployed on the same machine share the same operating system, security threats can increase. If host is compromised, all containers on the host maybe impacted.

What are some additional cost considerations besides up front costs and on-going costs? Explain each.

Cost of Capital: initial investment / raising req'd funds. Sunk costs: prior investments in on-prem IT resources. If sunk costs are high, you may not want to transition to cloud services. Integration costs: effort req'd to make current IT resources compatible w/ a new cloud platform. Locked-in costs: if a cloud imposes portability limitations, and you may want to move from one cloud provider to another, if a consumer is dependent on proprietary characteristics of a cloud environment, there are locked-in costs associated w/ the move.

What is user management in relation to identity and access management?

Creating new user identities and access groups, resetting passwords, defining password policies, managing privileges.

What is a digital signature?

Data authenticity and integrity through authentication and non-repudiation. A message is assigned a digital signature which is rendered invalid if the message experiences an unauthorized modification. Uses hashing and asymmetrical encryption.

Describe the security risks associated with the use of cloud computing

Data security responsibilities are shared with the cloud provider. There is an overlapping of trust boundaries. Vulnerabilities when consumers and providers don't have the same security framework. Increased exposure of data. An increased opportunity to attack IT resources and steal or damage business data.

What is authorization in relation to identity and access management?

Defined the correct granularity for access controls. Overseas relationships between identities, access control rights, and IT resource availability.

Describe the 4 main characteristics of SLAs

Each service quality metric is ideally defined using the following characteristics: • Quantifiable - The unit of measure is clearly set, absolute, and appropriate so that the metric can be based on quantitative measurements. • Repeatable - The methods of measuring the metric need to yield identical results when repeated under identical conditions. • Comparable - The units of measure used by a metric need to be standardized and comparable. For example, a service quality metric cannot measure smaller quantities of data in bits and larger quantities in bytes. • Easily Obtainable - The metric needs to be based on a non-proprietary, common form of measurement that can be easily obtained and understood by cloud consumers.

What is the role of encryption in cyber security?

Encryption is a digital coding system dedicated to preserving the confidential gallery and integrity of data. It is used to encode plain text data into a protected and on readable format. Commonly relies on a standardized algorithm called a cipher. Ciphertext is the encrypted data. Paired with a string of characters called and encryption key. The key decrypts the ciphertext back to plain text. This helps counter cloud security threats.

What is credential management in relation to identity and access management?

Establish identities and access control rules for defined user accounts, mitigating the threat of insufficient authorization.

When should horizontal and vertical scaling be chosen one versus the other?

Horizontal scaling scales out and in. Allocating or releasing IT resources of the same type. This is more common. Scaling horizontally increases compute capacity by adding instances of resources. Example add a virtual machine to your configuration. Vertical scaling is scaling up and down. When an IT resource is replaced by another with lower for higher capacity. Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. This is less common due to downtime and also more expensive

What is a malicious insider?

Human threat agents acting on behalf of provider. Abuse access privileges to cloud premises. Usually current or former employees or third parties with access to providers premises. Carries tremendous damage potential. May have administration privileges for accessing cloud consumer IT resources.

Compare and contrast the cloud delivery models

IAAS Infrastructure as a service provides for admin consumer control and full access to virtualize IT resources and possibly physical resources. PAAS Platform as a service has limited admin for the consumer and moderate control over relevant IT resources. SAAS Software as a service has usage-related configuration and access to front-end user interface.

Describe the characteristics of the Dynamic Scalability Architecture = horizontal scaling

IT resource instances are scaled out and in to handle fluctuating workloads. The auto scaling listener monitors requests and signals resource replication to initiate It resource duplications.

Describe the characteristics of the Dynamic Scalability Architecture = vertical scaling

IT resource instances are scaled up and down when there is a need to adjust the processing capacity of a single IT resource. Ex. An overloaded VS can have its memory dynamically increased or have a processing core added.

Describe the characteristics of the Dynamic Scalability Architecture = dynamic relocation

IT resource is relocated to a host w/ more capacity. EX: a DB may need to be moved from one storage device w/ 4 GB per sec to another storage device w/ 8GB / sec I/ capacity.

Virtualization attack

Inherent risk a consumer could abuse access to underlying Hardware when virtualization is used to share resources. This exploit run her abilities in the virtualization platform. With public clouds were a single physical IT resource is providing virtualized IT resources to multiple consumers, this attack and have significant repercussions.

Describe the network layer of the OSI model

Layer #3, routers operate here. You have IP address here. Decides which physical path the data will take.

Describe the transport layer of the OSI model

Layer #4. Decides how much information will be sent at one time. Transmits data using transmission protocols including TCP and UDP.

Describe the session layer of the OSI model

Layer #5 the communication session between two computers. Maintains connections and is responsible for controlling ports in sessions.

Describe the presentation layer of the OSI model

Layer #6 The operating system is here. Ensures that data is in a usable format and is where data encryption occurs.

Describe the application layer of the OSI model.

Layer #7 User is interacting here. Human computer interaction layer where applications can access the network services. HTTP, SMTP, FTP. An example is a Google Chrome page.

Explain the difference between lead, lag, and match strategy of capacity planning

Lead is adding capacity to an IT resource in anticipation of demand. Lag is adding capacity when at full capacity. Match is adding in small increments as demand increases.

Explain the difference between Load Balanced Virtual Instances Architecture vs Cloud Balancing Architecture

Load Balanced VS Instances Architecture: keeps cross-server workloads balanced between physical servers. You don't want under-utilized (constant waste) or over-utilized (performance challenges) physical servers. This architecture establishes a capacity watchdog system. Calculates VS instances & workloads & distributes processing across physical servers. This watchdog system is comprosed of a usage monitor, live VM migration program & a capacity planner. Fluctuations are reported to the capacity planner, which calculates computing capacities. If the planner decides to move a VS to another host, the VM migration programed is signaled to move the VS. Cloud Balancing Architecture: IT resources are load-balanced across mult clouds. Combo of the automated scaling listener (redirects requests) and failover system mechanisms (ensures redundant IT resources are capable of cross-cloud failover).

Why are MTSO and MTSR important metrics to consider in SLAs?

MTSO / Mean-Time to switchover metric: time expected to complete a switchover from a failure to a replicated instance in a different geographical area. Ex: 10 min avg. MTSR / Mean-Time System Recovery: time expected for a resilient system to perform a complete recovery from a sever failure. Ex: 120 min avg.

What is overlapping trust boundaries when it comes to security threats?

Malicious cloud service consumers can target shared IT resources with the intention of compromising consumers that share the same trust foundry.

What are the best practices and recommendations Cloud Consumers need to consider when documenting SLAs with CloudProviders

Mapping Business Cases to SLAs: · Working with cloud and on prem SLAs: · Understand the scope of an SLA: · Understand the scope of SLA monitoring: · Documenting Guarantees at appropriate granularity: · Defining penalties for non-compliance: · Incorporating non-measurable requirements: · Disclosure of compliance verification & management: · Inclusion of specific metric formulas: · Considering independent SLA monitoring: · Archiving SLA data: · Disclosing Cross-Cloud dependencies:

What are the three types of Storage options in cloud computing?

Network storage object storage database storage

Describe the usage cost metrics for cloud-based IT resources

Network usage: inbound & outbound traffic, & intra-cloud network traffic. Network cost metrics are determined by: static IP Address usage, network load-balancing, virtual firewall Server usage: VS allocation & resource reservation. Pay-per-use metrics in IaaS and Paas. Divided into on-demand VM instance allocation (pay-per-usage fees short term) & reserved VM instance allocation metrics (up-front reservation fees for using VSs over extended periods). On-demand VM instance allocation metric: uptime of VS, from VS start date to stop date, continuous & cumulative, Iaas & PaaS. Reserved VM instance allocation Metric; up-front cost for reserving a VS instance, from VS reservation start date to exp date, daily, monthly, yearly, Iaas, PaaS. Cloud storage device: storage capacity allocation. Generally chared by the amount of space allocated. On-demand storage allocation metric. Fees based on short time increments (ex: hourly). Another cost metric for cloud storage is I/O data transferred. On-demand storage space allocation metric: Duration & size of storage space in bytes, date of storage release to date of allocation, continuous, IaaS, Paas, Saas I/O Data transferred metric: amount of transferred I/O data, in bytes, continuous, IaaS, Paas. Cloud service usage: subscription duration, # of nominated users, # of transactions of cloud services and applications. Cloud service usage in SaaS environment metrics: Application subscription duration metric: duration of subscription, start date to exp date, daily, monthly, yearly, SaaS Number of Nominated Users metric: # of users w/ legit access, # of users, monthly/yearly, Saas Number of Transactions Users metric: # of xactions served by the cloud service, # of xactions, continuous, PaaS, Saas.

Explain the options available for storage in cloud computing.

Networks storage is legacy storage. Files, different sizes, different formats. Old files will overwrite the new ones. There is sub optimal searching an extraction. Also blocks storage. Object storage is web resources. A range of data and media types. REST or HTTP. Database storage supports a query language, standard API or admin user interface.

Can a cloud provider also act as the cloud auditor?

No. A cloud auditor is a third-party that conducts independent assessment of a cloud environment. Evaluates security, privacy, performance. Provides an unbiased assessment. Helps to strengthen trust with cloud consumers and providers. The provider cannot give an unbiased opinion.

Describe the six major characteristics of cloud computing

On-demand usage is unilateral access. Once configured usage is automated. Self-service. Ubiquitous access means it's widely accessible. Can require support for a range of devices, protocols, interfaces, security. Multi-tenancy is resource pooling. Different but isolated consumers. Elasticity is the automated ability to transparently scale IT resources out or in. Often a cord justification for cloud computing. Measured usage is keeping track of usage of IT resources. Statistics. Resiliency is a form of failover. Redundant resources. Increase reliability and availability of applications.

Explain the difference between organizational and trust boundaries

Organizational boundaries represent the physical scope of IT resources owned and governed by an organization. Trust boundaries are logical perimeters that encompass the IT resources trusted by an organization. It goes beyond the physical boundaries

What is denial of service?

Overloads IT resources to the point where they cannot function properly. Produce server degradation and or failure. Launched in one of the following ways. Workload is artificially increased with imitation messages or repeated communications. Ntwrk overloaded with traffic to reduce responsiveness and cripple performance. Multiple cloud service requests are sent each design to consume excessive memory and processing resources.

What are the seven layers of the open system interconnection model? (pew, dead ninja turtles smell particularly awful)

Physical datalink network transport session presentation application

Which resources are commonly targeted for resource pooling?

Physical servers, virtual servers, cloud service device pools, network / interconnect pools

What are cloud-based security groups?

Placing barriers between IT resources to increase data protection. Segmentation. Separate physical and virtual IT environments are created for different users and groups. The segmentation creates cloud-based security group mechanisms, determine through security policies. Networks are segmented into logical cloud-based security groups that form logical network parameters. Each resource is assigned at least one logical security group. Each security group has specific rules. So different security measures can be applied to different groups. These help limit unauthorized access to IT resources. Helps counter denial of service, insufficient authorization, overlapping trust boundaries, virtualization attack and container attack threats.

What are the four cloud deployment models?

Public cloud. Community cloud Private cloud. Hybrid cloud.

How does security policies influence security controls and security mechanisms?

Security policies are a set of security rules and regulations security policies also say how these rules and regulations are implemented and enforced. Security controls are counter measures to prevent or respond to security threats and to reduce or avoid risk security policy outlines counter measures this contains rules on how to implement a system or security plan for max protection. Security mechanisms or counter measures are typically described in terms of security mechanisms which are components comprising a defensive framework that protects IT resources information and services.

What are security risks

Security risks or possibility of loss or harm from performing an activity measured according to its threat level and the number of possible vulnerabilities. There are two metrics for risk one probability of a threat occurring to exploit vulnerabilities in the IT resource and to the expectation of loss upon the IT resource being compromised

What is the purpose of SLAs?

Service-level agreements (SLAs) are a focal point of negotiations, contract terms, legal obligations, and runtime metrics and measurements. SLAs formalize the guarantees put forth by cloud providers, and correspondingly influence or determine the pricing models and payment terms. SLAs set cloud consumer expectations and are integral to how organizations build business automation around the utilization of cloud-based IT resources.

Describe when it's appropriate to use Sibling Pools vs Nested Pools

Sibling resource pools are usually drawn from physically grouped IT resources (as opposed to IT resources spread out over different data centers). Sibling pools are isolated from one another so each consumer is only provided access to its respective pool. For nested pools, larger pools are divided into smaller pools that individually group the same type of IT resources together. Nested pools are used to assign resource pools to different departments or groups in the same cloud consumer organization. Nested pools are typically used to provision cloud services that need to be rapidly instantiated using the same type of IT resources w/ the same configuration settings.

Does single sign on pose a risk to cloud computing?

Single sign-on enables one cloud service consumer to be authenticated by a security broker, which established security context that is persisted while the consumer access as other cloud services or resources. Otherwise, the consumer would need to re-authenticate itself with every request. Enables independent cloud services to generate and circulate runtime authentication and authorization credentials. The single sign on security broker is useful when the consumer needs to access cloud services residing on different clouds. This doesn't really count or security threats, but enhances usability. update per teacher email: "Please consider that to increase security we rely on building layers. Take for example, how many entrances do you have to your home? And how many doors with locks do you have inside your home? If you want to protect the inner most part of your home, is it more secure to have a different key for every door or just have one key for all doors? Which approach is more user friendly?"

Describe the concept of scaling

The ability of an IT resource to handle increased or decreased usage demands

Describe the challenges associated with the use of cloud computing and cloud providers geographical allocation of IT resources

The consumer's operational governance can be limited due to control exercised by a cloud provider over its platforms. Portability, or switching cloud providers, of resources can be inhibited by dependencies upon proprietary characteristics imposed by cloud. Geographic allocation can be out of the consumers control when hosted by a third-party cloud provider. This can introduce legal and regulatory compliance concerns.

What is the impact of SLAs on Cloud Consumers and Cloud Providers?

The guarantees made by a cloud provider to a cloud consumer are often carried forward, in that the same guarantees are made by the cloud consumer organization to its clients, business partners, or whomever will be relying on the services and solutions hosted by the cloud provider. It is therefore crucial for SLAs and related service quality metrics to be understood and aligned in support of the cloud consumer's business requirements, while also ensuring that the guarantees can, in fact, be realistically fulfilled consistently and reliably by the cloud provider. The latter consideration is especially relevant for cloud providers that host shared IT resources for high volumes of cloud consumers, each of which will have been issued its own SLA guarantees.

What is the limit a virtual service that can be hosted on a physical server?

The number of instances on a given physical server can share is limited by its capacity. The VS each will have different configurations and limitations

Explain the difference between symmetric and asymmetric encryption

These are two forms of encryption. Symmetric encryption uses the same key for encryption and decryption. Asymmetric encryption uses two different keys, a private key and a public key. The disadvantage to asymmetric encryption is that it is slower.

What is identity and access management?

This encompasses components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems.

What are some of the considerations when hosting multi tenant at a cloud provider?

Usage isolation where one user doesn't affect others. Data security so tenants can access others info. Recovery back up and restore separately. Application upgrades need to happen separately. Scalability to accommodate usage and or an increase in tenants. Metered usage we're all are charge separately. Data tier isolation so database tables etc. are all isolated from other tenants. Multi tenants are typical for a software as a service platform

What is authentication in relation to identity and access management?

Username and password combinations are most common, but also can be digital signatures, certificates, fingerprint reader's, voice analysis, etc.

What is weak authentication?

Variant of insufficient authorization, results one week passwords or shared accounts are used.

How does virtualization technology facilitate the implementation of cloud computing?

Virtualization is the process of converting a physical IT resources into a virtual IT resource. You can virtualize servers, storage, networks, power. Provides Hardware independence, server consolidation, resource replication, and further supports resource pooling and elastic scalability. Hardware-based virtualization is more efficient.

What is vulnerability?

Vulnerability is a weakness can be exploited possible insufficient security controls or when security is overcome by an attack causes are configuration deficiencies security policy weakness user errors hardware or firmware flaws software bugs or poor security architecture

Explain why latency is a factor for a successful implementation of cloud services

Wait and see is also known as time delay. The amount of time it takes a packet to travel from one data node to another. Increases with every intermediary node. Internet latency is highly variable and unpredictable. Latency is critical for applications with a business requirement of swift response times. Latency influences quality of service and is heavily impacted by network congestion

What are some of the common web services used in cloud computing?

Web services like web browser clients. Web servers. Uses basic web technology like URL, HTTP, HTML, XML. Web apps are distributed application that use web-based technologies and relies on web browsers. They operate on a basic three tier model presentation layer application layer and date a liar.

What is traffic eavesdropping?

When data being transferred is passively intercepted by a malicious service agent for illegitimate information gathering purposes. It can easily go undetected for long periods of time.

What is malicious intermediary?

When messages are intercepted and altered, comprising the integrity of the message. Could also insert harmful data into the message before reaching out destination.

Describe the difference between encryption and hashing.

While encryption uses keys, hashing is a one way nonreversible data protection with no key for unlocking. An example is the storage of passwords. Hashing derives a hashing code from a message which is fixed length & smaller than original. The recipient of the message applies the same hash function to verify the message digest is identical to the one at accompanied the message.

Describe the physical layer of the OSI model

Wiring, patch panels, patch cords, cat five cables. 95% of problems happen here. Transmit raw bit stream over the physical medium.

Is storage technology and essential part of cloud computing?

Yes. Specialized storage systems maintain enormous amounts of digital information. Hard disk arrays- divide/replicate data. Input output cashing. Increase access time and performance. Hot-swappable hard disks no need to power down. Storage virtualization, fast data replication mechanisms like snap shotting and volume cloning. Encompass tertiary redundancy

Describe the characteristics of Cloud Bursting Architecture

a form of dynamic scaling that scales or "bursts out" on-premise IT resources into a cloud when capacity thresholds have been reached. After the cloud resources are no longer required, they are released and the architecture "bursts in" back to the on-premise environment. Allows consumers the option to use cloud based resources only to meet higher usage demands. The automated scaling listener determines when to redirect requests & resource replication is used to maintain synchronicity between on prem and cloud based resources.

What is redundant storage architecture

a secondary duplicate cloud storage device as part f a failover system. Synchronizes its data w/ data in pri cloud storage device. A storage service gateway diverts consumer requests to the secondary device then the pri fails.

Explain the differences between the following service metrics -

availability, availability rate metrics: % of up-time. Outage duration metric (max & avg continuous outage service-level targets. reliability, service reliability metrics: the probability that an IT resource can perform its intended function under pre-defined conditions w/out experiencing failure. How often the service performs as expected. May only consider runtime errors and exception conditions as failures. Mean-time between failures metric. reliability rate metric: overall reliability. More complicated. % of successful service outcomes. Measures effects of non-fatal errors & failures that occur during up-time periods. performance, service performance metrics: ability of an IT resource to carry out its functions w/in expected parameters. Measured using service capacity metrics. Common metrics: network capacity metric, storage device capacity metric, server capacity metric, web application capacity metric, instance starting time metric, response time metric, completion time metric. scalability, service scalability metrics: related to IT recource elasticity capacity, which is related to the max capacity that an iT resource can achieve, and measurements of its ability to adapt to workload fluctuations. Uses storage scalability (horizontal) metric, server scalability (horiz) metric, server scalability (vert) metric, resiliency service resiliency metrics:ability to recover from disturbances.In relation to SLA, based on redundant implementations & resource replication over different physical locations.The resiliency metrics can be applied in 3 different phases: design phase (how prepared systems & services are to cope w/ challenges), operational phase (diff in service levels before, during & after a downtime event or service outage), and recovery phase (rate at which the resource recovers from downtime).

What factors influences cloud services pricing models?

defined using templates. Specify unit costs according to metrics. These pricing models can change due to market competition, regulatory requirements, overhead during design/development/deployment & operation, & reducing expenses via resource sharing and data center organization. Prices are normally stable w/ major cloud providers. Pricing model variables include: Cost metrics & associated prices Fixed & variable rates definitions Volume discounts Cost & price customization options Price templates can vary depending on the cloud delivery model IaaS: price based on IT resource allocation & usage PaaS: network data xferred, VS & storage. Software configs, development tools, licensing fees SaaS: # of application modules in the subscription, # of consumers, # of xactions Additional Considerations: Negotiation: often open to negotiation. Especially if committing to higher volumes or longer terms. Payment Options: pre-payment & post-payment. Cost Archiving: track historical billing to generate reports to help ID usage & financial trends.

Explain the difference between Dynamic Scalability Architecture vs Elastic Resource Capacity Architecture

dynamic scalability architecture: predefined scaling conditions that trigger the dynamic allocation of IT resources from resource pools. Enable variable utilization as dictated by usage demand fluctuations. The automated scaling listener is configured w/ thresholds that dictate when new IT resources need to be added. Logic determines how many additional IT resources can be dynamically provided. Elastic Resource Capacity Architecture: dynamic provisioning of VS, using a system that allocated & reclaims CPUs and RAM in immediate response to fluctuating processing req of hosted IT resources. The following mechanisms are also part of this cloud architecture: cloud usage monitor, pay per use monitor. And resource replication.

dynamic failure detection and recovery architecture

establishes a watchdog system to monitor & respond to failure scenarios. Sends notifications when it cannot automatically resolve them itself. The watchdog performs the following 5 functions: watching, deciding upon an event, acting upon an event, reporting, & escalating. Actions of the watchdog: run a batch file, send a console message / text message / email message / SNMP trap, or logging a ticket.

What are the benefits of using Resource Pooling Architecture

identical IT resources are grouped (resource pools) and a system ensures they remain synchronized. Resource pool examples: physical server pools, VS pools, storage pools, network pools, CPU pools, memory pool. There are parent, sibling, and nested pools for organization. The following mechanisms are also part of this cloud architecture: audit monitor, cloud usage monitor, hypervisor, logical network perimeter, pay-per-use monitor, remote admin system, resource management system, & resource replication.

non-disruptive service relocation architecture

if a cloud service becomes unstable (due to things like high runtime usage demand, maintenance update, migration to new physical server host), cloud service requests can be rejected. This architecture triggers the duplication or migration of a cloud service implementation. This temporarily diverts to another hosting environment. Can occur in one of two ways: 1. A copy of the VS disks is created on destination host. If the VS disks are stored on a local storage device or non-shared remote stoage devices attached to the source host. After copy is created, both VS instances are synchronized and VS files are removed from the origin host. 2. If the VS files are stored on a shared device, ownership of the VS is just xferred to the destination physical server.

Zero Downtime Architecture

if a physical server fails, the availability of its VS can be affected. This architecture establishes a failover system that allows VSs to be moved to different physical server hosts. Assembles physical servers into a group. Controlled by a fault tolerance system

Describe the data link layer of the OSI model

layer #2. Switches talk to each other here. Defines the format of data on the network.

What are the cost components associated with the cloud services lifecycle?

often centered around the lifecycle phases of cloud services as follows: Cloud Service Design & Development Cloud Service Deployment Cloud service Contracting Cloud Service Offering Cloud Service provisioning Cloud Service operation Cloud Service Decommissioning

Describe Dynamic Scalability Architecture and what are the 3 types?

predefined scaling conditions that trigger the dynamic allocation of IT resources from resource pools. Enable variable utilization as dictated by usage demand fluctuations. The automated scaling listener is configured w/ thresholds that dictate when new IT resources need to be added. Logic determines how many additional IT resources can be dynamically provided. The following types of dynamic scaling are commonly used: dynamic horizontal scaling, dynamic vertical scaling, dynamic relocation

Describe the characteristics of Workload Distribution Architecture

reduces IT resource over and under-utilization during horizontal scaling using the load balancer. The load balancer provides runtime logic which evenly distributes workload. The workload distribution is dependent upon the sophistication of the load balancing algorithms and runtime logic. Can be applied to any IT resource: VS & cloud storage device mechanisms. The following mechanisms are also part of this cloud architecture: audit monitor, cloud usage monitor, hypervisor, logical network perimeter, resource cluster, & resource replication.

what is Workload Distribution Architecture?

reduces IT resource over and under-utilization during horizontal scaling using the load balancer. The load balancer provides runtime logic which evenly distributes workload. The workload distribution is dependent upon the sophistication of the load balancing algorithms and runtime logic. Can be applied to any IT resource: VS & cloud storage device mechanisms. The following mechanisms are also part of this cloud architecture: audit monitor, cloud usage monitor, hypervisor, logical network perimeter, resource cluster, & resource replication.

What is elastic disk provisioning architecture?

sometimes cloud consumers are billed on fixed-disk storage allocation. This architecture uses a dynamic storage provisioning system that ensures the cloud consumer is granularly billed for only the storage it actually uses.

What are the eight common cloud security threats?

traffic eavesdropping malicious intermediary Denial of service. Insufficient authorization Weak authentication Virtualization attack Overlapping trust boundaries Container attack

Explain the business considerations for on premise vs cloud-based IT resources costs

up-front costs: initial investments to fund iT resources. Obtaining, deploy, and administering them. These tend to be high. Paying for hardware, software, labor. For cloud resources, the up front costs are low. Ex of cloud up front costs are labor to assess and set up the cloud. on-going costs: expenses required to run & maintain IT resources. On-prem costs can vary but include licensing fees, electricity, insurance and labor. For the cloud, on-going costs vary but often excel on-prem on-going costs. Ex in cloud: virtual hardware leasing fees, bandwidth usage fees, licensing fees, and labor.

what is Service load balancing architecture

variation of the workload distribution architecture. Reared specifically for scaling cloud service implementations. Created redundant deployments of cloud services, w/ a load balancing system added. The duplicate cloud service implementations are organized into a resource pool, while the load balancer is either external or built-in to allow host servers to balance workloads themselves. The following mechanisms are also part of this cloud architecture: cloud usage monitor, resource cluster, and resource replication.

Describe best practices and recommendations Cloud Consumers need to consider when documenting SLAs with CloudProviders

· Mapping Business Cases to SLAs: ID necessary QoS reqmts for a given automation solution & link them to the guarantees expressed in the SLA's. Avoids misaligning of SLAs or deviations in SLA guarantees. · Working with cloud and on prem SLAs: cloud based QoS guarantees are usually superior to on-prem resources. Clouds have a vast infrastructure available. · Understand the scope of an SLA: the extent to which a guarantee applies. There are many architectural & infrastructure layers. · Understand the scope of SLA monitoring: SLAs should specify where monitoring is performed, where measurements are calculated, esp in relation to the clouds firewall. Monitoring w/in the cloud firewall in not always advantageous. · Documenting Guarantees at appropriate granularity: SLAs sometimes have broad guarantees. If a consumer has specific reqmts, that level of detail should be in the SLA. · Defining penalties for non-compliance: If the cloud provider doesn't provide the promised QoS w/in the SLA, recourse should be formally documented (compensation, penalties, reimbursement, etc) · Incorporating non-measurable requirements: some guarantees are not easily measured but should still be documented in the SLA. Ex: security & privacy reqmts. · Disclosure of compliance verification & management: SLA should state what tools and practices are used to carry out compliance checking, should also state any legal-related audition · Inclusion of specific metric formulas: Not only the metrics being used to measure should be in the SLAs, but also the formulas and calculations that the metrics are based upon. · Considering independent SLA monitoring: Cloud providers have sophisticated SLA management and monitors, but the consumer may chose to have a 3rd party to perform independent monitoring, esp if there are suspicious SLA guarantees. · Archiving SLA data: providers usually do this. If the provider intends to keep archived data after the consumer is leaving that particular cloud, this should be disclosed. The consumer may want to keep historical SLA data as well. · Disclosing Cross-Cloud dependencies: cloud providers may be leasing IT resources from other cloud providers. There is a loss of control over guarantees. The consumer should get disclosure that the leased IT resources may have dependencies beyond the environment of the cloud provider.