cloud and virtualizationrowdysites.msudenver.edu/~fustos/cis3500/pdf/chapter15.pdf · 11 cloud and...

.

CIS 3500 1

Cloud and Virtualization

Chapter #15:

Architecture and Design

Chapter Objectives

n Explore virtualization concepts

n Become familiar with cloud concepts

Cloud and Virtualization2

Cloud and Virtualization

n Virtualization and cloud services are becoming common

enterprise tools to manage

n costs

n capacity

n resources

n complexity

n risk


Hypervisor

n V ir t u a l i z a t io n t e c h n o lo g y e n a b le s a c o m p u t e r t o h a v e m o r e t h a n o n e O S a n d

o p e r a t in g a t t h e s a m e t im e

n I t i s a n a b s t r a c t io n o f t h e O S la y e r

n T o e n a b le v i r t u a l i z a t io n , a h y p e r v is o r i s e m p lo y e d

n A h y p e r v is o r s a r e a lo w - le v e l p r o g r a m s t h a t a l lo w m u l t ip le o p e r a t in g s y s t e m s

t o r u n o n a s in g le h o s t c o m p u t e r

n T h e y u s e a t h in la y e r o f c o d e t o a l lo c a t e r e s o u r c e s in r e a l t im e – t h e y c o n t r o l

I / O s a n d m e m o r y m a n a g e m e n t : s e p a r a t io n o f s o f t w a r e a n d h a r d w a r e

n H o s t m a c h in e a n d h o s t O S - g u e s t m a c h in e a n d g u e s t O S

n T y p e I a n d T y p e I I h y p e r v is o r s


.

CIS 3500 2

Type I

n Type I hypervisors run directly on the system hardware

n Native, bare-metal, or embedded hypervisors

n They are designed for speed and efficiency – no additional OS layer

n KVM (Kernel-based Virtual Machine, a Linux implementation),

Xen (Citrix Linux implementation),

Microsoft Windows Server Hyper-V (Windows OS core)

VMware’s vSphere/ESXi platforms

n They come with management tools


Type II

n Type II hypervisors run on top of a host operating system

n Oracle’s VirtualBox and VMware’s VMware Player

n These are designed for limited numbers of VMs, typically

running in a desktop or small server environment


Application Cells/Containers

n A hypervisor enables multiple OS instances to coexist

n The concept of application cells/containers is similar

n Container holds the portions of an OS that it needs

n But have separate memory, CPU, and storage threads so they will not

interact with each other

n Multiple instances of an application or different applications share a

host OS with virtually no overhead

n It is the evolution of the VM concept to the application space

n This eliminates the differences between a development, test, or

production environmentCloud and Virtualization7

VM Sprawl Avoidance

n You can lose track of a VM

n VMs basically are files that contain a copy of a working

machine’s disk and memory structures

n Creating a new VM is a simple process

n As the number of VMs grows over time, sprawl can set in

n Can be avoided through naming conventions and proper

storage architectures

n VMware can manage, locate and use resources when required


.

CIS 3500 3

VM Escape Protection

n One concern is VM escape, where escapes from one VM to

the underlying OS

n VMs use the same RAM, the same processors, and so forth

n Large-scale VM environments have specific modules

designed to detect escape and provide VM escape

protection to other modules


Cloud Storage

n Cloud storage: computer storage provided over a network

n One of the characteristics is transparency to the end user

n This improves usability, performance, scalability, flexibility,

security, and reliability

n Security is a particular challenge: how to allow data to be

stored outside your enterprise and yet remain in control

n The common answer is encryption

n Apple iCloud, Microsoft OneDrive, and Dropbox


Cloud Deployment Models

n Cloud deployment models: internal and external

n Big scale from Google and Amazon

n The promise of cloud computing is improved utility

n Platform as a Service,

Software as a Service, and

Infrastructure as a Service


SaaS

n Software as a Service (SaaS) is the offering of software to

end users from within the cloud

n SaaS acts as software on demand, and runs from the cloud

n Advantages: updates can be seamless to end users, and

integration between components can be enhanced

n Microsoft Office 365 and Adobe Creative Suite


.

CIS 3500 4

PaaS

n Platform as a Service (PaaS): computing platform in the

cloud

n Multiple sets of software can be delivered

n PaaS offerings generally focus on security and scalability


IaaS

n Infrastructure as a Service (IaaS) is a virtual solution for

computing

n Rather than building data centers, IaaS allows firms to

contract for utility computing as needed

n IaaS is specifically on a pay-per-use basis, scalable directly

with need

n You can even rent supercomputers


Private

n Private clouds are essentially reserved resources used only

for the organization—your own little cloud within the cloud.

n This service will be more expensive, but it should also carry

less exposure

n Better defined security, processing, handling of data


Public

n Public cloud is rendered over a system that is open for

public use

n There is little operational difference between public and

private cloud architectures

n Security ramifications can be substantial

n Services separate users with security restrictions, the depth

and level of these restrictions, will be significantly less in a

public cloud


.

CIS 3500 5

Community

n A community cloud system for several organizations with a

common interest

n They share a cloud environment for the specific purpose

n Community initiatives

n Cost-sharing mechanism for specific data-sharing initiatives


Hybrid

n A hybrid cloud: elements are combined from private,

public, and community cloud structures

n They can be used together:

n sensitive information can be stored in the private cloud

n issue-related information can be stored in the community

cloud


On-Premise vs. Hosted vs. Cloud

n On-premises: the system resides locally

n VM, storage, or even services

n locally hosted and maintained

n advantage: organization has total control, high connectivity

n disadvantage: requires local resources, not as easy to scale

n Hosted services: the services hosted somewhere else

n provides a set cost based on the amount you use

n advantage: costs, especially when scale is included


VDI/VDE

n Virtual desktop infrastructure (VDI) and virtual desktop environment

(VDE): hosting of a desktop environment on a central server.

n VDI: all the components needed to set up the environment

n VDE: what the user sees, the actual user environment

n User “machine” and all of its data are persisted in the server

environment

n Users can use a wide range of machines, even mobile phones, to

access their desktop and perform their work

n Tremendous security advantages because all data resides on servers

inside the enterprise, in the data centerCloud and Virtualization20

.

CIS 3500 6

Cloud Access Security Broker

n Cloud access security brokers (CASBs): security policy

enforcement between cloud service providers and their

customers to maintain and enforce security policies

n CASBs belong to the broader category of managed security

service providers (MSSPs)

n CASB vendors provide a range of security services designed

to protect cloud infrastructure and data


Security as a Service

n Security as a Service: outsourcing security functions

n Advantages: scale, costs, and speed

n Security is a complex, wide-ranging cornucopia of technical

specialties, all working together to provide appropriate risk reductions

n Technically savvy security pros, experienced management, specialized

hardware and software, fairly complex operations –any or all of this

can be outsourced

n Specializations in network security, web application security, e-mail

security, incident response services, infrastructure updates


Stay Alert!

There is no 100 percent secure system, and

there is nothing that is foolproof!

cloud and virtualizationrowdysites.msudenver.edu/~fustos/cis3500/pdf/chapter15.pdf · 11 cloud and...

Documents