CYBR2.Quizlet 2.2 Virtual Machines and Cloud Concepts (SYO-601) (43)
Virtualization: Purpose
Use a single physical machine for multiple simulated environments.
hybrid cloud
includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability
Docker
is a PaaS that uses virtualization to deliver software in packages called containers.
kernel
is software responsible for the operation of the system's processes, memory, storage, and other functions. Containers are similar to virtual machines, except virtual machines run full operating systems while containers run virtual execution environments that share a kernel.
Primary purpose of cloud computing
is to create a shared pool of resources
Hypervisor
is used to virtualize a system and manage virtual system resources
Creating a group
requires naming it and selecting a policy for it. Once this is done, users can be added to the group and access permissions can be configured.
Type 1 -Hypervisor
runs directly on the system hardware-Also known as Bare Metal Hypervisor. Include: Hyper-V (Microsoft), ESXI (VMware), Xenserver (Citrix) Proxmox
Type 2-Hypervisor
runs on a host operating system that provides virtualization services. Includes: Virtual Box (Oracle) Workstation (VMware Player) Parallels
IAM (Identity and Access Management) Overview
• Concept of user access management • Provides multi-user access • Provides functional boundaries for users
Virtual Local Area Networks (VLANs)
• Division of a network is necessary when managing more than one site. • Each site will have a range of addresses. • Allows for the creation of VPN connections between VLANs
Groups
• Group users with similar responsibilities. • Set access policies.
Containers
• Multiple containers can run on one machine. The hypervisor allows multiple VMs to run on a single machine. • Share the OS kernel with other containers. • Containers take up less space (typically tens of MBs). • Startup time is in milliseconds. • Require less memory space. • Process-level isolation, possibly less secure.
Cloud provider responsibilities:
• Physical infrastructure security • Virtualization platform security
Virtual Machines
• The hypervisor allows multiple VMs to run on a single machine. • Include a full copy of an operating system. • VMs take up more space (typically tens of GBs). • Startup time is in minutes. • Allocate required memory. • Fully isolated, more secure.
SaaS
• VAs provide a direct route when a quick setup is needed. • VAs avoid the need to redesign large applications.
Cloud customer responsibilities:
• Virtualized security controls (virtualized host encryption)
Software-Defined Networking (SDN)
• provides central network control plane management. • This is a good solution for working in a cloud environment. • Defined using software settings and APIs that support automation.
Users
* Creating users divides an organization into smaller entities and: • Enables more flexibility of development and management • Creates information independence
Data Center
- A collection of computing and networking devices. - Devices are placed in a centralized location for more powerful computing capability. - Devices are typically stacked in racks.
Virtualization
- the core of cloud computing - involves changing the mindset from physical to logical - is the ability to create logical resources called virtual systems within a single physical system
IaaS
- virtualized computer hardware - virtualized server hardware - virtualized networking devices
PaaS
- virtualized computer hardware with an operating system - used for enabling developers to build and test applications - provides a virtual platform (e.g., Android, MacOS, Windows) for you to use "as if" you had a device in front of you
Two main security layers
1. Security of the technology creating the virtualization (hypervisor) 2. Security of the virtual assets (VMs)
community cloud
A cloud that is open only to specific organizations that have common concerns.
The Five Nines
A term describing a service that is available 99.999% of the time.
Data Center & Disaster Recovery
AWS Disaster Recovery is a service that aims to reduce potential data loss and downtime.
Service Level Agreement (SLA)
An agreement between service provider and client regarding the provided service features and implementation.
snapshot
An instance of a particular state of a virtual machine that can be saved for later use.
Software virtualization
Creating virtual computer systems, apps, etc.
Network virtualization
Creation of logical networks via logical switches and routers.
Cloud Computing: Usage
Deliver a variety of resources to groups of users for various purposes
Virtualization: Usage
Deliver resources to specific users for particular use.
Memory virtualization
Grouping physical server memory in virtual memory pools.
Storage virtualization
Grouping storage devices in virtual storage entities.
Least Permissive Policy
If both allow and deny policies are configured simultaneously for a user, the least permissive policy will take precedence over the other.
Cloud Computing: Purpose
Pool and automate resources for on-demand use.
public cloud
Provides cloud services to just about anyone
Desktop virtualization
Providing desktop experiences from central servers.
Virtual Appliances
Software solution configured and installed on a virtual machine • Contribute to specific function optimization. • Create preconfigured OS, ready for use. • Commonly used Open Virtualization Format (OVF)
Elasticity
Storage, network bandwidth and computing capacity that can be increased or decreased
private cloud
a cloud that is owned and operated by an organization for its own benefit
Virtualization Types
can also be implemented in additional models, such as: • Network virtualization • Storage virtualization • Memory virtualization • Software virtualization • Data virtualization • Desktop virtualization
