Network+: Cloud Concepts
Reverse zone
A DNS zone in which IP address to hostname relations are stored. The DNS is queried for the hostname of a certain IP address.
Forward zone
A DNS zone in which hostname to IP address relations are stored.
Hybrid cloud
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
IPAM (IP Address Management)
A means of planning, tracking, and managing the IP addresses used in a network. Integrates DNS and DHCP so that each is aware of changes in the other. Can also control reservations in DHCP and track data, such as IP addresses in use, the devices an IP is assigned to at what time, and which user an IP was assigned to.
DHCP (Dynamic Host Configuration Protocol)
A network service that provides automatic assignment of IP addresses and other TCP /IP configuration information.
Pointer (PTR)
A pointer to the canonical name, which is used to perform a reverse DNS lookup, in which case the name is returned when the query originates with an IP address.
Internal DNS
A privately owned DNs server via third-party/cloud-hosted DNS.
IP helper
A superset DHCP relay. Forwards broadcasts for DHCP/BOOTP, TFTP, DNS, TACACS, the time service, and the NetBIOS name/datagram service.
TTL (Time to Live)
A value for the ping command that determines how many hops an IP packet can travel before being discarded.
Scope options
A way to configure DHCP to apply a specific IP address to a client.
MAC reservation
A way to configure DHCP to guarantee that a device with a certain MAC address always has the same IP address.
IP exclusion
A way to configure DHCP to withhold certain IP addresses from being assigned to client systems.
A (record)
An address record. This refers to one of three machines typically: the host sending data, the host receiving data, or an intermediary between the two (the next hop).
DHCP relay
An agent on the router that acts as a go-between for clients and the server. Useful when working with clients on different subnets.
AAA
Authentication is the process to determine whether someone is authorized to use the network—if the person can log on to the network. Authorization refers to identifying the resources a user can access after the user is authenticated. Accounting refers to the tracking methods used to identify who uses the network and what they do on the network.
PaaS (Platform as a Service)
Consumers can have control over the deployed applications, but they do not manage or control any of the underlying cloud infrastructure.
SaaS (Software as a Service)
Consumers can use the provider's applications and that they do not manage or control any of the underlying cloud infrastructure.
IaaS (Infrastructure as a Service)
Consumers do not manage or control the underlying cloud infrastructure, but now can be responsible for some aspects. Consumers can provision (is able to deploy and run) certain computing resources such as processing, storage, networks, operation systems, and applications.
External DNS
DNS capabilities provided by an ISP.
Connectivity methods
One of the most common is to use an IPsec, hardware VPN connection between your network(s) and the cloud providers. A dedicated direct connection is another, simpler, method.
Private cloud
Provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). Usually owned by the organization and acts as both the provider and the consumer. It has a security-related advantage in not needing to put its data on the Internet.
Public cloud
Provisioned for open use by the general public. May be owned, managed, and operated by a business, academic, or government organization, or some combination of them. Usually uses a pay-as-you-go model. Examples include webmail or online document sharing/collaboration.
Relationship between local and cloud resources
Redundancy that occurs from having data in more than one location (local and remote) can be wonderful when you need to recover data, but problematic when you want to make sure you are always working with the most recent version. To minimize problems, be sure that files are kept current, and synchronization between local and remote files is always running.
Canonical Name (CNAME)
Stores additional hostnames, or aliases, for hosts in the domain. Specifies an alias or nickname for a canonical hostname record in a Domain Name Service (DNS) database. Gives a single computer multiple names (aliases).
Mail Exchange (MX)
Stores information about where mail for the domain should be delivered.
IPv4 Address (A)
Stores information for IPv4 (32-bit) addresses. It is most commonly used to map hostnames to an IP address for a host.
IPv6 Address (AAAA)
Stores information for IPv6 (128-bit) addresses. It is most commonly used to map hostnames to an IP address for a host.
Name Server (NS)
Stores information that identifies the name servers in the domain that store information for that domain.
DNS (Domain Name System)
The Internet's system for converting alphabetic names into numeric IP addresses.
Lease time
The amount of time assigned by DHCP that a client can hold an IP address.
Text (TXT)
This field was originally created to carry human-readable text in a DNS record, but that purpose has long since passed. Today, it is more common that it holds machine-readable data, such as SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail).
Service Locator (SRV)
This is a generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
NTP (Network Time Protocol)
UDP 123. An Internet protocol that enables synchronization of computer clock times in a network of computers by exchanging time signals.
Security implications
Ultimately the organization is accountable for the security and privacy of the service. Unnecessary services should be disabled. Patches and firmware updates should be kept current. Log files should be carefully monitored. Encryption, VPN routing/forwarding, backups, and access control should be used.
