CompTIA A+ 220-1001: Lesson 11 - Implementing Client-Side Virtualization & Cloud Computing

NIST Five Characteristics of Cloud Computing

* On-demand self service - Consumers can provision services on the fly without interaction with service provider personnel. * Broad network access - Services are available over networks using standard clients, including workstations, laptops, tablets, and smart phones. * Resource pooling - Multiple customers share the service provider's resources in a multi-tenant model. Resources are dynamically assigned as they are needed without regard to where the customer or the resource are located. However, a customer can request resources from a specific location at the country, state, or datacenter level. Resources include memory, storage, processing, and network bandwidth. * Rapid elasticity - Resources are automatically provisioned to scale up or down as resources are required by the customer. * Measured service - Resources are measured through metering on a per use basis. The metering measurement is based on the type of resource such as storage, processing, bandwidth, or active users. The metering mechanism should be accessible to the customer via a reporting dashboard, providing complete transparency in usage and billing.

Benefits of Cloud Computing

* Rapid elasticity - The cloud can scale quickly to meet peak demand without losing performance. * On-demand, Pay-per-use, and Measured Service - The customer can initiate service requests and the cloud provider can respond to them immediately. This also allows the user to pay only for what they use, where they can use more services for the duration of a project, then release them back to the hosting provider when the project is finished. * Resource pooling and virtualization - the hardware making up the data center is not dedicated to or reserved for a particular customer account. Layers of virtualization in the cloud architecture allow the provider to provision more CPU, memory, disk, or network resources using management software, rather than having to physically allocate them on a data center floor.

3 Components of a Virtual Platform

1. Computers - the platform or host for the virtual environment. There may be multiple computers networked together. 2. Hypervisor or Virtual Machine Monitor (VMM) - manages the virtual machine environment and facilitates interaction with the host hardware and network. 3. Guest Operating Systems or Virtual Machines (VMs) - operating systems installed under the virtual environment. The number of operating systems is generally only restricted by hardware capacity. The type of guest operating systems might be restricted by the type of hypervisor.

Rogue VM

A VM that has been installed without authorization. System management software can be deployed to detect rogue builds. A concern is rogue developers or contractors installing backdoors or "logic bombs" within a machine image.

Type 1 hypervisor

A bare metal virtual platform installed directly onto the computer and manages access to the host hardware without going through a host OS. Examples include: VMware ESX Server, Microsoft Hyper-V, Citrix XEN Server. Hardware only needs to support the base system requirements for the hypervisor plus resources for the type and number of guest OSs that will be installed. Linux supports virtualization through Kernel-based Virtual Machines (KVM). KVM is embedded in the Linux kernel.

Symmetric Multiprocessing (SMP)

A condition where two or more physical CPUs that share a common OS and memory execute instructions simultaneously.

Software as a Service (SaaS)

A different model of provisioning software applications. Rather than purchasing software licenses for a given number of seats, a business would access software hosted on a supplier's servers on a pay-as-you-go or lease arrangement (on-demand). Virtual infrastructure allows developers to provision ondemand applications much more quickly than previously. The applications can be developed and tested within the cloud without the need to test and deploy on client computers. Perhaps the most well-known SaaS example is the Salesforce® Customer Relationship Management (CRM) service. Other notable SaaS examples are the Zoho suite of applications, Google's applications suite, and Microsoft's Office 365 suite.

Type 2 hypervisor

A hypervisor application that is installed onto a host operating system. Examples include: VMware Workstation, Oracle VirtualBox, Parallels Workstation. Software must work on the host OS.

Infrastructure as a Service (IaaS)

A means of provisioning IT resources such as servers, load balancers, and Storage Area Network (SAN) components quickly. Rather than purchase these components and the Internet links they require, you rent them on an as-needed basis from the service provider's data center. In an IaaS arrangement, you are typically billed based on the resources you consume, much like a utility company bills you for the amount of electricity you use. IaaS is a bare bones service offering. You will need to configure the components and build the platform on top. Examples of IaaS include Rackspace's CloudServers offering, in which you rent a virtual server running an operating system of your choice. You then install the applications you need onto that virtual server. Other examples include Amazon's Elastic Compute Cloud (EC2) service and Amazon's Simple Storage Service (S3).

Application Virtualization

A more limited type of Virtual Desktop Infrastructure (VDI). Rather than run the whole client desktop as a virtual platform, the client either accesses a particular application hosted on a server or streams the application from the server to the client for local processing.

Virtual Network

A network configured by virtualization software and used by VMs for network communication. Among the hardware devices emulated will be one or more network adapters. The number of adapters and their connectivity can typically be configured within the hypervisor. Within the VM, the virtual adapter will look exactly like an ordinary NIC and is configurable in the same way. Protocols and services can be bound to it and an IP address can be assigned to it. The VMs and vSwitches can be contained within a single hardware platform so that no actual network traffic is generated. Instead, data is moved from buffers in one virtual machine to another.

Second-Level Address Translation (SLAT)

A processor feature which improves the performance of virtual memory when multiple VMs are installed. Intel implements SLAT as a feature called Extended Page Table (EPT). AMD implements SLAT as a feature called Rapid Virtualization Indexing (RVI). Most virtualization software requres a CPU with virtualization support enabled and performance of the VMs will be impaired if virtualization is not supported in the hardware. Some cheaper CPU models ship without the feature and sometiems the feature is disabled in the system firmware.

Cloud File Storage

A variety of cloud file storage services are available. These services might be integrated into the Windows File Explorer, or they might have their own dedicated synchronization app, or both. OneDrive® is one cloud file storage service. All Office 365 users receive dedicated storage space for their account. Personal and business OneDrive accounts are separate, but can be linked. OneDrive is integrated into the Windows File Explorer and also has a dedicated OneDrive app that can be installed. OneDrive can also be accessed through a browser. Dropbox™ is another file storage service that can be accessed in the same types of ways. Other cloud file storage services that can be synchronized between all of a user's devices include iCloud® from Apple® and Google Drive™. In addition to allowing a single user to synchronize content between all of their own devices, the user can also share the cloud storage content with other users. In this case, multiple users can simultaneously access the content to work collaboratively, or they can access it at different times. Each user's changes are typically marked with a flag or color highlighting to indicate who made changes to what content.

Virtual NIC

A virtual machine includes a virtual NIC. There still needs to be a physical NIC to get the thin client computer onto the network.

Amazon Machine Image (AMI) Operating Systems

AMIs are preconfigured with an ever-growing list of operating systems. The operating systems currently avalailable to use with your Amazon EC2 (Elastic Cloud Compute) instances include: Red Hat Enterprise Linux OpenSolaris Fedora Windows Server Amazon Linux AMI Gentoo Linux SUSE Linux Enterprise Oracle Enterprise Linux Ubuntu Linux Debian

Cloud-based Network Controller

Allows you to register and monitor some of these different component networks, clients, and servers. Cloud-based network controllers (and network controllers in general) depend on Software Defined Networking.

Amazon EC2 Software

Amazon EC2 enables partners and customers to build anc ustomize AMIs with software based on your needs. Amazon EC2 offers Iaas (Linux or Windows machine images) and Paas (database and application development environments). A small sampling includes: ~ Databases IBM DB2 IBM Informix Dynamic Server Microsoft SQL Server Standard MySQL Enterprise Oracle Database 11g ~ Batch Processing Hadoop Condor Open MPI ~ Web Hosting Apache HTTP IIS/Asp.net IBM Lotus Web Content Management IBM WebSphere Portal Server ~ Application Development Environments IBM sMash JBoss Enterprise Application Platform Ruby on Rails ~ Application Servers IBM WebSphere Application Server Java Application Server Oracle WebLogic Server ~ Video Encoding & Streaming Wowza Media Server Pro Windows Media Server

Cloud Computing

Any environment where software (Software as a Service and Platform as a Service) or computer/network resources (Infrastructure as a Service and Network as a Service) are provided to an end user who has no knowledge of or responsibility for how the service is provided. Cloud services provide elasticity of resources and pay-per-use charging models. Cloud access arrangements can be public, hosted private, or private (this type of cloud could be onsite or offsite relative to the other business units).

Client-side Virtualization

Any solution designed to run on "ordinary" desktops or workstations. Each user will be interacting with the virtualization host directly. Desktop virtual platforms, usually based on some sort of guest OS hypervisor, are typically used for testing and development. * Virtual labs - create a research lab to analyze viruses, worms, and Trojans. Contained within the guest OS, they cannot infect the researcher's computer or network. * Support legacy software applications - if the host computers have been upgraded, software may not work well with the new operating system. The old OS can be installed as a VM and the application software accessed using the VM. * Development environment - test software applications under different operating systems and/or resource constraints * Training - lab environments can be set up so learners can practice using a live operating system and software without impacting the production environment. At the end of the lab, changes to the VM can be discarded so the original environment is available again.

Intel VT-x & AMD-V

CPUs that have built special instruction set extensions to facilitate virtualization.

Hybrid Cloud Model

Cloud computing solutions that implement some sort of hybrid public/private/community/hosted/on-site/off-site solution. For example, a travel organization may run a sales website for most of the year using a private cloud but "break out" the solution to a public cloud at times when much higher utilization is forecast. Google's Gov Cloud is another example. This cloud can be used by government branches within the U.S., but it is not available to consumers or businesses

National Institute of Standards and Technology (NIST)

Created a standardized definition for cloud computing. This allows consumers to more easily compare services and deployment models from different vendors if they all use the same definition. The NIST definition states: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Container Virtualization

Dispenses with the idea of a hypervisor and instead enforces resource separation at the operation system level. The OS defines isolated containers for each user instance to run in. Each container is allocated CPU and memory resources, but the processes all run through the native OS kernel. These containers may run slightly different OS distributions but cannot run guest OSs of different types (Windows, Ubuntu in a RedHat Linux for example). One of the best-known container virtualization products is Docker (docker.com). Containerization is also being widely used to implement corporate workspaces on mobile devices.

Server-side Virtualization

For server computers and applications, the main use of virtualization is better hardware utilization through server consolidation. A typical hardware server may have resource utilization of about 10%. This implies that you could pack the server computer with another 8 or 9 server software instances and obtain the same performance.

Private Cloud Model

In this model, the cloud infrastructure is completely private to and owned by the organization. In this case, there is likely to be one business unit dedicated to managing the cloud while other business units make use of it. This type of cloud could be on-site or off-site relative to the other business units. An on-site link can obviously deliver better performance and is less likely to be subject to outages (loss of an Internet link, for instance). On the other hand, a dedicated off-site facility may provide better shared access for multiple users in different locations.

VM Escaping

Malware running on a guest OS jumping to another guest or to the host. Keeping the hypervisor code up to date with patches reduces the chance for critical vulnerabilities being exploited.

Hypervisors

Manages the virtual machine environment and facilitates interaction with the host hardware and network. Hypervisor's main functions include: - Emulation - emulates exclusive access to resources such as the CPU, System Memory, Storage Devices, and Peripherals. Facilitates access to them to avoid conflicts between the guest OSs. The VMs must be provided with drivers for the emulated hardware components. - Guest OS support - Hypervisor may be limited in terms of the different types of guest OSs it can support. Virtualization is often used to install old OSs and modern OSs. - Assigning resources to each guest OS - Data is saved to virtual disk image files - Configuring networking - Hypervisor will be able to create virtual network environments where all the VMs can communicate. - Configuring security - ensures that guests are contained and cannot access other VMs or the host except through authorized mechanisms. This is important to prevent data leaking from one VM to another, to prevent one VM from compromising others, and prevent malware from spreading to the host.

Virtualization

Multiple operating systems can be installed and run simultaneously on a single computer. Separates the elements of the computing environment (the applications, operating system, programs, documents, and more) from each other and from the physical hardware by using an additional software layer to mediate access. Can provide flexibility and scalability for organizations where the costs for hardware and software and the IT infrastructure needed to maintain them both continue to increase.

Software Defined Networking (SDN)

Network access devices--access points, switches, routers, and firewalls--can be configured using software programs and scripts.

Virtual Switches (vSwitches)

Perform the same function as Ethernet switches, except they are implemented in software to guest OSs rather than hardware.

Platform as as Service (PaaS)

Provides resources somewhere between SaaS and IaaS. A typical PaaS solution would provide servers and storage network infrastructure, but also provide a multi-tier web application/database platform on top, in contrast to Infrastructure as a Service. This platform might be based on Oracle® or MS SQL or PHP and MySQL™. As distinct from SaaS, though, this platform would not be configured to actually do anything. Your own developers would have to create the software, such as the CRM or e-commerce application, that runs using the platform. The service provider would be responsible for the integrity and availability of the platform components, but you would be responsible for the security of the application you created on the platform. An example is Rackspace's CloudSites offering, in which you rent a virtual web server and associated systems such as a database or email server. Amazon's Relational Database Service (RDS) enables you to rent fully configured MySQL and Oracle database servers.

Mean Time Between Failure (MTBF)

The number of hours the manufacturer expects that a component will run before experiencing some sort of hardware problem. In VMs, running the host at a constantly high level of utilization could decrease the MTBF. If hardware is subjected to greater than expected loads, it may fail more often than expected.

Virtual Desktop Environment (VDE)

The virtual workspace where all of the *aaS is performed by the server.

Public (or multi-tenant) Cloud Model

This model is hosted by a third-party and shared with other subscribers. This is what many people understand by cloud computing. As a shared resource, there are risks regarding performance and security

Hosted private Cloud Model

This model is hosted by a third-party for the exclusive use of one organization. This is more secure and can guarantee a better level of performance, but is correspondingly more expensive. The OpenStack project (openstack.org) is one example of a technology you could use to implement your own cloud computing infrastructure.

Off-Site Email Applications

Traditionally, most organizations set up and configured their own email server. With cloud computing, the email server can be another off-site service. It might be something like Gmail™ or Yahoo!® Mail. It also might be part of a Office 365 Business Premium, which includes the Exchange email server service. Using an off-site email application to access these off-site email services makes it easier for users to access their mail from multiple devices and locations such as their laptop, desktop, tablet, and smart phone. The mailbox is synchronized so that no matter which device the mail is accessed from, the account accurately indicates which messages have been read, unread, deleted, or moved to other folders.

VM Sprawl

Uncontrolled deployment of more and more VMs.

Virtual Desktop Infrastructure (VDI)

Using a VM as a means of provisioning corporate desktops. In a typical VDI, desktop computers are replaced by low-spec, low-power thin client computers. When the thin client starts, it boots a minimal OS, allowing the user to log on to a VM stored on the company server or cloud infrastructure. The user makes a connection to the VM using some sort of remote desktop protocol (Microsoft Remote Desktop or Citrix ICA, for instance). The thin client has to find the correct image and use an appropriate authentication mechanism. There may be a 1:1 mapping based on machine name or IP address, or the process of finding an image may be handled by a connection broker

Virtual Application Streaming

When implemented, a small piece of the application is typically installed on the end user device. This is just enough of the application for the system to recognize that the application is available to the user. When the user accesses the application, additional portions of the application code are downloaded to the device. Many users only use a small portion of the features available in an application. By downloading only the portions that are being used, the streaming goes quickly, making the user unaware in most cases that the application is being streamed. If additional features are accessed from the application menu, the supporting code for those features is then downloaded. The administrator can configure the streaming application to remove all of the downloaded code, or they can configure it to retain what has been downloaded so it will be faster to load the application the next time the user wants to use it.

Community Cloud Model

With this model, several organizations share the costs of either a hosted private or fully private cloud.

Storage Area Network (SAN)

a high-speed network with the sole purpose of providing storage to other attached servers.