Lesson 7
rogue vm
is one that has been installed without authorization.
hypervisor security
there are few significant exploits, but hypervisor software is subject to patches and security advisories like any other software
Internal
creates a switch that is usable only by VMs on the host and the host itself.
measured service
The provider's ability to control a customer's use of resources through metering. The customer is paying for the CPU, memory, disk, and network bandwidth resources they are actually consuming rather than paying a monthly fee for a particular service level.
Virtual networks
Where multiple virtual machines are running on a single platform, virtualization provides a means for these VMs to communicate with each other and with other computers on the network—both physical and virtual—using standard networking protocols. Adaptors and connectivity and be typically configured with hypervisor.
cloud based network controller
allows you to register and monitor some (or perhaps all) of these different component networks, clients, and servers
Second Level Address Translations (SLAT)
its a process feature that improves the performance of virtual memory when multiple VMs are installed. Intel implements SLAT as a feature called Extended Page Table (EPT) and AMD calls it Rapid Virtualization Indexing (RVI)
Virtualization
means that multiple operating systems can be installed and run simultaneously on a single computer. it can provide for centralized administration and management of all the resources being used throughout the organization. the applications must all share a common OS environment. Some computers were configured with two or more operating systems and could choose the one to load at boot time (multiboot).
guest os support
the hypervisor may be limited in terms of the different types of guest operating systems it can support. Virtualization is often used as a means of installing old OSs, such as MS-DOS or Windows 9x, as well as modern versions of Windows and Linux.
Computer
the platform or host for the virtual environment. Optionally, there may be multiple computers networked together.
vm sprawl
uncontrolled deployment of more and more VMs
National Institute of Standards and Technology (NIST)
created a standardized definition for cloud computing. This allows consumers to more easily compare services and deployment models from different vendors if they all use the same definition. The NIST definition states: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
Private
creates a switch that is usable only by the VMs. They cannot use the switch to communicate with the host.
Container virtualization
dispenses with the idea of a hypervisor and instead enforces resource separation at the operating system level. The OS defines isolated containers for each user instance to run in. Each container is allocated CPU and memory resources, but the processes all run through the native OS kernel.
Emulation
each guest OS expects exclusive access to resources such as the CPU, system memory, storage devices, and peripherals. The hypervisor emulates these resources and facilitates access to them to avoid conflicts between the guest OSs. The VMs must be provided with drivers for the emulated hardware components.
host security
in a virtual platform is that the host represents a single point of failure for multiple guest OS instances. For example, if the CPU on the host crashes, three or four guest VMs and the application services they are running will suddenly go offline
External
binds to the host's NIC to allow the VM to communicate on the physical network.
Type 1 hypervisor
A bare metal virtual platform means that the hypervisor is installed directly onto the computer and manages access to the host hardware without going through a host OS.
cloud service options
As well as the ownership model (public, private, hybrid, or community), cloud services are often differentiated on the level of sophistication provided. These models are referred to as Something as a Service (*aaS), where the something can refer to infrastructure, network, platform, or software. Like Iaas (Infrastructure as a Service (IaaS)), Software as a Service (SaaS), and paas
Client-side virtualization
Client-side virtualization refers to any solution designed to run on "ordinary" desktops or workstations. Each user will be interacting with the virtualization host directly. Desktop virtual platforms, usually based on some sort of guest OS hypervisor, are typically used for testing and development: virtual labs, support legacy software applications, development environment, and training.
virtual platform requires at least three components:
Computer, Hypervisor or Virtual Machine Monitor (VMM), Guest operating systems or Virtual Machines (VMs)
Main function of hypervisor
Emulation, guest os support, Assigning resources to each guest OS, Configuring networking, Configuring security
Microsoft's Hyper-V virtualization platform, three types of virtual switch can be created:
External, internal, private
server-side virtualization
For server computers and applications, the main use of virtualization is better hardware utilization through server consolidation. A typical hardware server may have resource utilization of about 10%. This implies that you could pack the server computer with another 8 or 9 server software instances and obtain the same performance.
emulating
Implementing Client Virtualization and Cloud Computing
Type 2 hypervisor
In a guest OS (or host-based) system, the hypervisor application is itself installed onto a host operating system.
Virtual Desktop Environment (VDE)
Means that a user's desktop environment is stored remotely on a server, rather than on a local PC or other client computing device.
guest os security
Note: Ordinary antivirus software installed on the host will NOT detect viruses infecting the guest OS. Scanning the virtual disks of a guest OS from the host could cause serious performance problems. Each guest OS must be patched and protected against viruses and Trojans like any other OS. Patching each VM individually has performance implications, so in most environments, a new image would be patched and tested then deployed to the production environment. Running security software (antivirus and intrusion prevention) on each guest OS can cause performance problems.
What's the basic distinction between virtual platforms?
One basic distinction that can be made between virtual platforms is between host and bare metal methods of interacting with the computer hardware.
resource pooling
Resource pooling means that the hardware making up the cloud provider's data center is not dedicated to or reserved for a particular customer account
software defined networking
SDN means that network access devices—access points, switches, routers, and firewalls—can be configured using software programs and scripts.
Mean Time Between Failure (MTBF)
The MTBF is the number of hours the manufacturer expects that a component will run before experiencing some sort of hardware problem.
cloud provides rapid elasticity?
This means that the cloud can scale quickly to meet peak demand.
vm escaping
This refers to malware running on a guest OS jumping to another guest or to the host. As with any other type of software, it is vital to keep the hypervisor code up-to-date with patches for critical vulnerabilities.
cloud
generally refers to any sort of IT infrastructure provided to the end user where the end user is not aware of or responsible for any details of the procurement, implementation, or management of the infrastructure. Its internal workings are a "cloud"; the end user is only interested in and pays for the services provided by the cloud.
Application virtualization
is a more limited type of VDI. Rather than run the whole client desktop as a virtual platform, the client either accesses a particular application hosted on a server or streams the application from the server to the client for local processing. This enables programmers and application administrators to ensure that the application used by clients is always updated with the latest code.
virtual application streaming
is implemented, a small piece of the application is typically installed on the end user device. This is just enough of the application for the system to recognize that the application is available to the user. When the user accesses the application, additional portions of the application code are downloaded to the device.
The VM's "hard disk"
is stored as an image file on the host. Most hypervisors use a "dynamically expanding" image format that only takes up space on the host as files are added to the guest OS.
Hypervisor or Virtual Machine Monitor (VMM)
manages the virtual machine environment and facilitates interaction with the host hardware and network.
Guest operating systems or Virtual Machines (VMs)
operating systems installed under the virtual environment. The number of operating systems is generally only restricted by hardware capacity. The type of guest operating systems might be restricted by the type of hypervisor.
Virtual desktop infrastructure (vdi)
refers to using a VM as a means of provisioning corporate desktops. In a typical VDI, desktop computers are replaced by low-spec, low-power thin client computers.