CompTIA A+ 220-1001 Chapter 7

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Hypervisor Security

- a virtual platform introduces an additional layer for the attention of security analysts= hypervisor. hypervisor software is subject to patches and security advisories. As virtual platforms grows, hypervisors will increasingly be the target of attacks. Another issue= VM escaping. =malware running on a guest OS jumping to a dif guest/host.vital to keep the hypervisor code up-to-date with patches.

CLOUD-BASED NETWORK CONTROLLERS

- allows you to register/monitor some or all component networks, clients, and servers. - depend on Software Defined Networking (SDN).

CLIENT-SIDE VIRTUALIZATION

- designed to run on normal desktops/workstations. - Each user directly = interacting w/ virtualization host - typically used for testing and development: • Virtual labs—create a research lab to analyze viruses, and Trojans. As the malware is contained =cannot infect the researcher's computer or network. •Support legacy software applications— old software may not work well w/ new OS. old OS = installed as VM and the app software accessed using VM •Development environment—test software apps under different OS and/or resource constraints. • Training— learners practice using live OS and software without impacting the production environment. changes to the VM can be discarded so the OG environment is available again

Guest OS Security

- each guest OS must be patched/protected against viruses/trojans. patching each VM = performance problems so usually a new image = patched/tested then deployed to the production environment. -Running security soft on guest OS = perform probs Solutions are being developed. - host antivirus software will NOT detect viruses on guest OS. - developing/testing/deploying images = 1st major security concern = problem of rogue VMs - rogue VM = installed without authorization. uncontrolled growth of more and more VMs I= VM sprawl. - easier to add a guest image to a server than it is to plug a new hardware server into the network! - System manag software =detect rogue builds. - management 4 developing machine images needs 2 be tightly monitored. - VM's should conform 2 app-specific temp w/ min config needed to run that app. - Images shouldn't b developed in any environment w/ potential malware/malicious code. - big concern = rogue developers installing backdoors or "logic bombs" within a machine image. - criminal staff = easy 2 conceal code w/in VM disk images, potential 2 be very destructive.

Hypervisor

- manages VM environment, facilitates interaction w/ host hardware & network. main functions of the hypervisor •Emulation— hypervisor emulates resources (CPU, memory) & facilitates them 2 avoid conflicts w guest OS's. need drivers for emulated hardware -Guest OS support—hypervisor limited in types of guest OS it can support. Note: macOS can also be installed as a VM. This breaks the terms of Apple's EULA if the hardware platform is not itself an Apple PC. •Assigning resources to each guest OS—if host comp has 4gb memory, guest comp 1 needs 1GB = 3GB left to assign. each guest OS will take up disk space on the host. Data is saved to virtual disk image files. •Configuring networking—a hypervisor creates a virtual network environment where all the VMs can communicate. also used 2 create network shared by the host and by VMs on the same host and on other hosts. Enterprise virtual platforms allow the configuration of virtual switches and routers. •Configuring security—ensures guests cannot access other VMs or the host except when authorized. prevents data "leaking" from one VM to another, to prevent one compromised VM from compromising others, and to prevent malware from spreading One basic distinction that can be made between virtual platforms is between host and bare metal methods of interacting with the computer hardware.

Infrastructure as a Service (IaaS)

- means of provisioning IT resources such as servers, load balancers, and Storage Area Network (SAN) components quickly. Rather than purchase, you rent them from service provider's data center. In IaaS arrangement, u r typically billed based on the resources you consume IaaS is a bare bones service offering. You \need to config the components/build the platform on top. Ex.) IaaS include Rackspace's Cloud Servers where you rent a virtual server running an OS of your choice.

Virtualization

- multiple OS can run on one computer at the same time a virtual platform requires at least three components: •Computer(s)—the platform or host for the virtual environment. even mult computers •Hypervisor or Virtual Machine Monitor (VMM)—manages the virtual machine environment and facilitates interaction with host hardware and network. •Guest operating systems or Virtual Machines (VMs)—OS's installed under the virtual environment. The # of OS's is restricted by hardware.. guest OS's might be restricted by the type of hypervisor. - guest OSs can be networked together/share data directly through hypervisor, but not common bc security reasons

BENEFITS OF CLOUD COMPUTING

- savings in the cost of infrastructure and support, energy cost savings, rapid deployment, and allowing the customer to make their own choices, very flexible - main benefit = cloud provides rapid elasticity - This means that the cloud can scale quickly to meet peak demand. On-demand -customer can initiate service requests and cloud provider responds immediately. measured service. - ability to control a customer's use of resources through metering resource pooling and virtualization. - providers can provision resources fast. - Resource pooling - the hardware making up the cloud provider's data center is not reserved 2 specific use - The layers of virtualization used in the cloud architecture allow the provider to provision more CPU, memory, disk, or network resources using management software - security can be compromised

PaaS

- somewhere between SaaS and IaaS. typical PaaS solution will provide servers/storage network infrastructure & also provide a multi-tier web app/database platform. platform might b based on Oracle, MS SQL, PHP or MySQL - distinct from SaaS, this platform wouldn't be config to actually do anything. Your developers would have to create the software, (CRM or e-commerce application) 4 platform - service provider responsible 4 integrity and availability of platform components, but u r responsible for the security of the apps you created on the platform. ex.) is Rackspace's CloudSites =you rent a virtual web server and associated systems such as a database or email server. Amazon's Relational Database Service (RDS) enables you to rent fully configured MySQL and Oracle database servers.

PROCESSOR SUPPORT AND RESOURCE REQUIREMENTS

- special instruction set 4 virtualization in CPU's. Intel's =VT-x (Virtualization Technology) AMD =AMD-V. - Second Level Address Translations (SLAT) - CPU feature which virtualization benefits from. SLAT improves the performance of virtual memory when multiple VMs are installed. Intel implements SLAT as a feature = Extended Page Table (EPT), AMD = Rapid Virtualization Indexing (RVI). - Most virtualization software requires a CPU with virtualization support enabled or = bad performance.. -sometimes feature is disabled in the system firmware. - check cpu 2 confirm it supports VT-X or AMD-V and SLAT Multiple CPU resources—through Symmetric Multiprocessing (SMP). or HyperThreading—will greatly benefit performance - Windows 7 installed on comp with 1GB+ memory per guest comp. - typical Windows VM guest comp installation might require 20 GB. More space required if you want to preserve snapshots. snapshot= state of a disk at a particular point-in-time. useful if you want to be able to roll back changes made to the VM during a session. Note: In an enterprise environment, no constrained by the local disk resources .Disk images could be stored in a high-speed Storage Area Network (SAN).

OFF-SITE EMAIL APPLICATIONS

-most organizations configured their own email server. -W/cloud computing, email server can be another off-site service. It might be Gmail™ or Yahoo!® Mail. It also might be Office 365 Business Premium, which makes it easier for users to access their mail

VIRTUAL APPLICATION STREAMING

-the app installed on end user device. . By downloading only portions being used, the streaming goes quickly, making the user unaware that the app is being streamed. -admin can config the streaming app to remove all of the downloaded code, or configure it to be faster to load the app

Cloud Computing

= any sort of IT infrastructure provided to the end user where end user is not responsible for anything. National Institute of Standards and Technology (NIST) created standardized definition "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, apps, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." NIST identifies five characteristics 4 cloud computing On-demand self service - Consumers can provision services on the fly without interaction with service provider personnel. Broad network access - Services are available over networks using standard clients, including workstations, laptops, tablets, and smart phones. Resource pooling - Multiple customers share the service provider's resources in a multi-tenant model. Resources are dynamically assigned as they are needed without regard to where the customer or the resource are located. However, a customer can request resources from a specific location at the country, state, or data- center level. Resources include memory, storage, processing, and network bandwidth. Rapid elasticity - Resources are automatically provisioned to scale up or down as resources are required by the customer. Measured service - Resources are measured through metering on a per use basis. The metering measurement is based on the type of resource such as storage, processing, bandwidth, or active users. The metering mechanism should be accessible to the customer via a reporting dashboard, providing complete transparency in usage and billing.

VIRTUAL NIC

A VM includes a virtual NIC. also need a physical NIC to get the thin client computer onto the network. These adapters don't have to connect to same network. physical NIC might be isolated to a network provisioning the VDI solution. The virtual NIC from virtual desktop would connect to the corporate data network and to the Internet.

Application virtualization

Application virtualization limited type of VDI. Rather than run whole client desktop as a virtual platform, the client either accesses a particular app hosted on a server or streams the app from the server to client for local processing. - This enables programmers/app admins to ensure app is always updated with latest code. Most app virtualization solutions are based on Citrix XenApp. Microsoft has developed an App-V product within its Windows Server range.

CLOUD SERVICE OPTIONS

As well as the ownership model (public, private, hybrid, or community), cloud services are often differentiated on the level of sophistication provided. These models are referred to as Something as a Service (*aaS), where the something can refer to infrastructure, network, platform, or software IaaS, SaaS, PaaS

Client Platforms

Cloud-based apps often deployed for phones, tablets, laptops, desktops. Typically, the app uses the same base code for all platforms, but has additional features better supported 4 computers. features = same across all client platforms; By streaming an app or running it in the cloud, much of the memory and storage requirements are eliminated on the client.

HOST-BASED HYPERVISOR

In a guest OS (or host-based) system, the hypervisor application, known as a Type 2 hypervisor, is installed onto a host OS. host-based hypervisors include VMware Workstation and Parallels Workstation. The hypervisor software must support the host OS.

COMMON CLOUD MODELS

Public or multi-tenant - hosted by a third-party and shared w/other subscribers. common understanding of cloud computing.performance and security risks. Hosted private - hosted by a third-party exclusive organization use. more secure, better performance, more expensive. Private - private, owned by the organization. one business unit dedicated cloud while other business use it. on-site = better performance and is less likely to be subject to outages. off-site facility = better shared access for multiple users in dif locations. Community -several organizations share the costs of a hosted private/gully private cloud. Hybrid - public/private/community/hosted/on-site/off-site solution. Google's Gov Cloud is another example. This cloud can be used by government branches within the U.S., but it is not available to consumers or businesses.

SERVER-SIDE VIRTUALIZATION

SERVER-SIDE VIRTUALIZATION For server computers and applications, - main use of virtualization= better hardware utilization through server consolidation. A typical hardware server may have resource utilization of about 10%. = you could pack the server computer with another 8- 9 server software instances = same performance.

BARE METAL HYPERVISOR

Type 1 hypervisor - installed directly onto computer, manages access 2 host hardware w/o going through a host OS. Examples include VMware ESX® Server, Microsoft's Hyper-V®, and Citrix's XEN Server. - hardware needs 2 support base sys requirements 4 hypervisor plus resources 4 type & # of guest OS's. Linux® supports virtualization via kernel-based Virtual Machine (KVM). KVM is embedded in the Linux kernel.

VIRTUAL DESKTOPS

Virtual Desktop Infrastructure (VDI) - using VM to provision corporate desktops. comps replaced by low spec/power thin client comps. When client starts, boots a minimal OS, so user cam log on to a VM stored on the company server or cloud. user connects to the VM using a remote desktop protocol (Microsoft Remote Desktop or Citrix ICA, ).thin client finds correct image and uses an authentication mechanism. There may be a 1:1 mapping based on machine name/IP address, or connection broker may handle finding an image. Virtual Desktop Environment (VDE) - all app processing/data storage stored here. The thin client only has to be displaying screen image/playing audio, transfer mouse, key commands, video, and audio info over network. -data stored on server or cloud = easier to back up/desktop VMs= easier to support/troubleshoot They - better locked against unsecure user practices . VDI=easier for company to offload their IT infrastructure to third-party services company. -disadvantage= server/network failure = unusable 4 clients

VIRTUAL NETWORKS

Where multiple VMs are running on a single platform, virtualization provides a means for these VMs to communicate with each other and with other computers on the network—both physical and virtual—using standard networking protocols. - guest OS running in each virtual machine is presented with an emulation of a standard hardware platform including 1+ network adapters. hypervisor can config # of adapters and their connectivity. - Within the VM, the virtual adapter will look exactly like an ordinary NIC and will be configurable in exactly the same way. protocols/services can be bound to it +can be assigned an IP address. - hypervisor implement network connectivity by means of1+ virtual switches (or vSwitches using VMware's terminology). = perform the same function as Ethernet switches, except implemented in software rather than hardware. - hypervisor configured connectivity between virtual network adapters in guest VM and virtual switches. - similar to connecting patch cables between real computers and switches. Multiple VMs may be connected 2 same virtual switch or to separate switches. # of virtual switches supported by hypervisors varies - VMs + virtual switch can b contained in single hardware platform = 0 actual network traffic. data is moved from buffers in 1 VM to another. - possible 2 config connectivity between host comp's physical NIC & the virtual switches. = a bridge between the virtual switches within host platform and physical switches on the network, allowing frames to pass between physical and VMs and between the VMs and the host. For example, in Microsoft's Hyper-V virtualization platform, three types of virtual switch can be created: •External—binds 2 host's NIC to allowVM to communicate on the physical network. •Internal—creates switch usable only by VMs on the host + host itself. •Private—creates switch usable only by VMs. They can't use the switch to communicate with the host. - connecting virtual switches in microsoft's Hyper V hypervisor. most switches = private, only VM have access. selected virtual switch = share host network adapter = communication b/t VM + Host = allows VM 2 use physical network 2 access internet. Note: host must support high bandwidth, high availability network link 2 interact w/ real network. Any failure of physical link will affect multiple VMs.

CONTAINER VIRTUALIZATION

enforces resource separation at OS level instead of hypervisor. The OS defines isolated containers for each user instance to run in. Each container is allocated CPU/memory resources, processes run through native OS kernel. These containers cannot run guest OSs of different types (no Windows/Ubuntu® in a RedHat® Linux® container) containers might run separate app processes, variables/libraries required by the app process are added to the container. best-known container virtualization products I= Docker - Containerization used to implement corp workstations on mobile devices.

Host Security

host represents a single point of failure for multiple guest OS instances. If host cpu crashes, guest comps = ****ed. - running the host at a constantly high level of utilization = decrease the Mean Time Between Failure (MTBF) of its components. MTBF # of hours a component is expected 2 run for b4 hardware issue. -successful Denial of Service (DoS) attack on a host machine,= far more damage to the server infrastructure. most hypervisors support a disk snapshots feature. Snapshots allow the user to revert to the saved image after making changes. This can be misused to perform DoS by causing the undo files to grow to the point where they consume all the available disk space on the host.

Software as a Service (SaaS)

model of provisioning software apps. Rather than purchasing software licenses a business would access software hosted on a supplier's servers on a pay-as-you-go or lease arrangement . allows developers to provision on- demand apps quickly. The apps can be developed within the cloud without testinh/deploying deploy on client computers. example is the Salesforce® Customer Relationship Management (CRM) service. Google's applications suite, and Microsoft's Office 365 suite.

Software Defined Networking (SDN)

network access devices—access points, switches, routers, firewalls—can be configured using software programs and scripts.

INTERNAL AND EXTERNAL SHARED RESOURCES

networks provide pool of resources for use by servers/clients. file servers provide disk storage resources 2 clients in form of shared folders. Servers use shared disk storage in the form of Storage Area Networks (SANs).


Set pelajaran terkait

Practice quiz: branching and merging

View Set

Anatomy and Physiology Chapter 1 Atlas A

View Set

AWS Cloud Practitioner Quiz - Udemy course credit to...

View Set

U.S. History: Unit 4 Civil War Begins

View Set