(Week 4) - Lesson 7D - Network Application & Storage Services
Hybrid
A cloud computing solution that implements some sort of hybrid public/private/community/hosted/onsite/offsite solution.
Infrastructure as a Service (IaaS)
A computing method that uses the cloud to provide any or all infrastructure needs. This is a cloud computing offering in which a vendor provides users access to computing resources such as storage, networking, and servers. Organizations use their own platforms and applications within a service provider's infrastructure. Is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Rather than purchase these components and the Internet links they require, you rent them on an as-needed basis from the service provider's data center.
Software as a Service (SaaS)
A licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. This allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools (such as Microsoft Office 365). This provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service provider.
What is meant by a public cloud?
A solution hosted by a third party and shared between subscribers (multi-tenant). This sort of cloud solution has the greatest security concerns.
Private
Cloud infrastructure that is completely private to and owned by the organization. This type of cloud could be on-premise or offsite relative to the other business units.
Proxy
Each client must be configured to contact the cloud service via a CASB proxy. The problems with this approach are that not all cloud applications have proxy support, and users may be able to evade the proxy and connect directly.
What is a Cloud Access Security Broker?
Enterprise management software mediating access to cloud services by users to enforce information and access policies and audit usage.
What type of cloud solution would be used to implement a SAN?
Infrastructure as a Service (IaaS)
The interface between the CASB software, the cloud service, and users/devices can be created in several ways:
Proxy & API
API
The CASB software uses the cloud provider's []. This depends on the [] supporting the range of functions that the CASB and access and authorization policies demand.
What is the key difference between purchasing cloud web server instances and a virtual hosted server?
The cloud instances should offer better elasticity - being able to provision and pay for peak resources as needed, rather than trying to anticipate demand and provision for peak resources at the outset.
Community
This is where several organizations share the costs of either a hosted private or fully private cloud. This is usually done in order to pool resources for a common concern, like standardization and security policies.
Rapid Elasticity
This means that the cloud can scale quickly to meet peak demand.
What are the main options for implementing connections to a cloud service provider?
You can use the Internet and the provider's web services (possibly over a VPN) or establish a direct connection for better security and performance. A direct connection could be established by co-locating resources in the same data center or provisioning a direct link to the data center.
Service Level Agreement (SLA)
a commitment between a service provider and a client. Particular aspects of the service - quality, availability, responsibilities - are agreed between the service provider and the service user.
Cloud Storage
a type of SaaS where the vendor provides reliable data storage and backup.
Security as a Service (SECaaS)
an outsourced service wherein an outside company handles and manages your []. At its most basic, the simplest example of [] is using an anti-virus software over the Internet.
Cloud Access Security (CASB)
enterprise management software designed to mediate access to cloud services by users across all types of devices.
Pay-per-use
implies a measured service, so that the customer is paying for the CPU, memory, disk, and network bandwidth resources they are actually consuming, rather than paying a monthly fee for a particular service level.
On-Demand
implies that the customer can initiate service requests and that the cloud provider can respond to them immediately.
Cloud Computing
is a service that provides on-demand resources—server instances, data storage, databases, or applications—over a network, typically the Internet. a means of transferring responsibilities from the organization's own infrastructure and, therefore, some of the risks.
Document Management
marking, and versioning to ensure that data is not updated or overwritten with an older version
Resource Pooling
means that the hardware making up the cloud provider's data center is not dedicated or reserved to a single customer account.
Platform as a Service (PaaS)
provides resources somewhere between SaaS and IaaS. A typical [] solution would provide servers and storage network infrastructure (as per IaaS) but also provide a multi-tier web application/database platform on top. This platform could be based on Oracle® or MS SQL or PHP and MySQL. is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection. Like IaaS, [] includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. [] is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating. This platform would not be configured to actually do anything. Your own developers would have to create the software (the CRM core‑commerce application) that runs using the platform. The service provider would be responsible for the integrity and availability of the platform components, but you would be responsible for the security of the application you created on the platform.
The Cloud
the hardware and/or software hosting the service—will be offsite relative to the organization's users.
The simplest way of interfacing with a cloud service:
to use the provider's website or application programming interface (API) over the Internet. This type of connection can also be implemented as a virtual private network (VPN).
Insider Threat
where the [] are administrators working for the service provider.
Some of the functions of Cloud Access Security Broker (CASB):
• Enable single-sign on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider. • Scan for malware and rogue or non-compliant device access. • Monitor and audit user and resource activity. • Mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices.
Public (or Multi-Tenant)
• Hosted by a third party and shared with other subscribers. This is what many people consider cloud computing to be. As a shared resource, there are risks regarding performance and security.
Hosted Private
• Hosted by a third party for the exclusive use of the organization. This is more secure and can guarantee a better level of performance, but it is correspondingly more expensive.