CYBR2.Quizlet 2.2 Virtual Machines and Cloud Concepts (SYO-601) (43)

Virtualization: Purpose

Use a single physical machine for multiple simulated environments.

hybrid cloud

includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability

Docker

is a PaaS that uses virtualization to deliver software in packages called containers.

kernel

is software responsible for the operation of the system's processes, memory, storage, and other functions. Containers are similar to virtual machines, except virtual machines run full operating systems while containers run virtual execution environments that share a kernel.

Primary purpose of cloud computing

is to create a shared pool of resources

Hypervisor

is used to virtualize a system and manage virtual system resources

Creating a group

requires naming it and selecting a policy for it. Once this is done, users can be added to the group and access permissions can be configured.

Type 1 -Hypervisor

runs directly on the system hardware-Also known as Bare Metal Hypervisor. Include: Hyper-V (Microsoft), ESXI (VMware), Xenserver (Citrix) Proxmox

Type 2-Hypervisor

runs on a host operating system that provides virtualization services. Includes: Virtual Box (Oracle) Workstation (VMware Player) Parallels

IAM (Identity and Access Management) Overview

• Concept of user access management • Provides multi-user access • Provides functional boundaries for users

Virtual Local Area Networks (VLANs)

• Division of a network is necessary when managing more than one site. • Each site will have a range of addresses. • Allows for the creation of VPN connections between VLANs

Groups

• Group users with similar responsibilities. • Set access policies.

Containers

• Multiple containers can run on one machine. The hypervisor allows multiple VMs to run on a single machine. • Share the OS kernel with other containers. • Containers take up less space (typically tens of MBs). • Startup time is in milliseconds. • Require less memory space. • Process-level isolation, possibly less secure.

Cloud provider responsibilities:

• Physical infrastructure security • Virtualization platform security

Virtual Machines

• The hypervisor allows multiple VMs to run on a single machine. • Include a full copy of an operating system. • VMs take up more space (typically tens of GBs). • Startup time is in minutes. • Allocate required memory. • Fully isolated, more secure.

SaaS

• VAs provide a direct route when a quick setup is needed. • VAs avoid the need to redesign large applications.

Cloud customer responsibilities:

• Virtualized security controls (virtualized host encryption)

Software-Defined Networking (SDN)

• provides central network control plane management. • This is a good solution for working in a cloud environment. • Defined using software settings and APIs that support automation.

Users

* Creating users divides an organization into smaller entities and: • Enables more flexibility of development and management • Creates information independence

Data Center

- A collection of computing and networking devices. - Devices are placed in a centralized location for more powerful computing capability. - Devices are typically stacked in racks.

Virtualization

- the core of cloud computing - involves changing the mindset from physical to logical - is the ability to create logical resources called virtual systems within a single physical system

IaaS

- virtualized computer hardware - virtualized server hardware - virtualized networking devices

PaaS

- virtualized computer hardware with an operating system - used for enabling developers to build and test applications - provides a virtual platform (e.g., Android, MacOS, Windows) for you to use "as if" you had a device in front of you

Two main security layers

1. Security of the technology creating the virtualization (hypervisor) 2. Security of the virtual assets (VMs)

community cloud

A cloud that is open only to specific organizations that have common concerns.

The Five Nines

A term describing a service that is available 99.999% of the time.

Data Center & Disaster Recovery

AWS Disaster Recovery is a service that aims to reduce potential data loss and downtime.

Service Level Agreement (SLA)

An agreement between service provider and client regarding the provided service features and implementation.

snapshot

An instance of a particular state of a virtual machine that can be saved for later use.

Software virtualization

Creating virtual computer systems, apps, etc.

Network virtualization

Creation of logical networks via logical switches and routers.

Cloud Computing: Usage

Deliver a variety of resources to groups of users for various purposes

Virtualization: Usage

Deliver resources to specific users for particular use.

Memory virtualization

Grouping physical server memory in virtual memory pools.

Storage virtualization

Grouping storage devices in virtual storage entities.

Least Permissive Policy

If both allow and deny policies are configured simultaneously for a user, the least permissive policy will take precedence over the other.

Cloud Computing: Purpose

Pool and automate resources for on-demand use.

public cloud

Provides cloud services to just about anyone

Desktop virtualization

Providing desktop experiences from central servers.

Virtual Appliances

Software solution configured and installed on a virtual machine • Contribute to specific function optimization. • Create preconfigured OS, ready for use. • Commonly used Open Virtualization Format (OVF)

Elasticity

Storage, network bandwidth and computing capacity that can be increased or decreased

private cloud

a cloud that is owned and operated by an organization for its own benefit

Virtualization Types

can also be implemented in additional models, such as: • Network virtualization • Storage virtualization • Memory virtualization • Software virtualization • Data virtualization • Desktop virtualization