Cloud Computing Mechanisms

Questions and Answers

What is the primary function of a Logical Network Perimeter in cloud computing?

• To physically isolate cloud data centers from external access.
• To provide unrestricted bandwidth to all cloud resources for optimal performance.
• To establish a virtual boundary, isolating network environments within the cloud. (correct)
• To control the physical cabling and network hardware within a cloud infrastructure.

In what way do cloud providers leverage virtual servers to enhance resource utilization?

• By bypassing physical servers entirely and relying on virtualized hardware.
• By sharing the underlying physical server among multiple cloud consumers, each with individual virtual server instances. (correct)
• By reallocating a virtual server instance every time the physical server reaches maximum load.
• By exclusively assigning a single physical server to each cloud consumer.

What is a key security concern associated with cloud storage devices?

• Ensuring the security, integrity, and confidentiality of data when entrusted to external cloud providers. (correct)
• Maintaining optimal cooling of the storage devices to prevent data loss.
• The lack of redundancy in cloud storage systems, leading to higher potential for data loss.
• The physical wear and tear on storage devices due to constant data access.

Within the context of cloud storage, how are 'Blocks' defined relative to other storage levels?

They are the lowest level of storage, closest to the hardware, and the smallest individually accessible unit of data. (A)

What is the primary responsibility of a Cloud Usage Monitor?

Collecting and processing IT resource usage data within the cloud environment. (D)

What outcome does resource replication aim to achieve in a cloud environment?

Enhancement of IT resource availability and performance. (B)

A ready-made environment in cloud computing is best described as which of the following?

A pre-defined, cloud-based platform with a set of pre-installed IT resources ready for use and customization. (B)

What functionality does a container provide in a cloud computing environment?

Facilitates running multiple isolated cloud services on a single server while accessing the same operating system kernel. (D)

What is the core function of an Automated Scaling Listener in cloud architecture?

To dynamically adjust cloud resources by monitoring communications and workload status. (B)

What does 'scaling-up' achieve within the context of an automated scaling listener?

The virtual server's capacity is doubled on its original physical host server. (B)

How does a load balancer contribute to horizontal scaling in cloud resources?

By balancing a workload across two or more IT resources, enhancing performance and capacity. (A)

Which of these accurately describes the function of 'Workload Prioritization' in workload distribution?

Workloads are scheduled, queued, discarded, and distributed based on their priority levels. (C)

What role does an SLA monitor fulfill in a cloud environment?

Monitoring runtime performance of cloud services to ensure compliance with QoS requirements in SLAs. (D)

What is the primary function of a Pay-Per-Use Monitor in cloud services?

Measuring cloud-based IT resource usage according to predefined pricing parameters for billing purposes. (A)

Within the operations of a pay-per-use monitor, what system processes the data collected to determine payment fees?

A billing management system (B)

What type of data is an Audit Monitor designed to collect in cloud environments?

Audit tracking data for networks and IT resources to support regulatory and contractual obligations. (C)

What is the primary purpose of a failover system in cloud computing?

To increase the reliability and availability of IT resources by automatically switching to redundant instances. (C)

In the context of failover systems, what is the key characteristic of an Active-Passive configuration?

A standby implementation is activated to take over processing from the unavailable IT resource. (C)

What is the fundamental purpose of a hypervisor in a virtualized infrastructure?

To generate virtual server instances from a physical server. (A)

What is the primary benefit of using a resource cluster in cloud computing?

To group multiple IT resource instances so that they can be operated as a single IT resource, increasing computing capacity and availability. (A)

Which description aligns with the purpose of a Multi-Device Broker in cloud services?

Facilitating runtime data transformation making a cloud service accessible to various cloud consumer programs and devices. (D)

What is the primary function of a State Management Database in cloud computing?

To temporarily persist state data for software programs. (B)

What is the main objective of a Remote Administration System in cloud computing?

Provides tools and user-interfaces for cloud resource administrators to configure and administer cloud-based IT resources remotely. (C)

What is the key function of a Usage and Administration Portal in a cloud environment?

Centralizing management controls to different cloud-based IT resources and providing IT resource usage reports. (D)

How does a Resource Management System contribute to the efficiency of cloud services?

By coordinating IT resources in response to management actions from cloud consumers and providers. (B)

What role does a Virtual Infrastructure Manager (VIM) play within a Resource Management System?

It coordinates server hardware to enable the creation of virtual server instances from expedient underlying physical servers. (D)

What primary function does an SLA Management System perform in cloud computing?

It provides features for the administration, collection, storage, reporting, and runtime notification of SLA data. (B)

What is the specific function of the Billing Management System in cloud operations?

Dedicated to the collection and processing of usage data as it pertains to cloud provider accounting and cloud consumer billing. (C)

What risk does encryption mitigate when applied to data in cloud environments?

Unauthorized and potentially malicious access to readable data (plaintext). (C)

How does asymmetric encryption differ from symmetric encryption?

Asymmetric encryption relies on two different keys (public and private) while symmetric encryption uses the same key for both processes. (D)

What is the main characteristic of Hashing as a data protection method?

It is a one-way, non-reversible form of data protection. (C)

How does a digital signature ensure data integrity and authenticity?

By assigning a digital signature to a message, which becomes invalid if the message experiences unauthorized modifications. Provides authentication and non-repudiation. (C)

What is the role of digital certificates within a Public Key Infrastructure (PKI)?

Digitally signed data structures that bind public keys to certificate owner identities. (D)

What aspects does Identity and Access Management (IAM) primarily control?

User identities and access privileges for IT resources, environments, and systems. (C)

What is the significance of Single Sign-On (SSO) in cloud security?

It enables one authenticated cloud service consumer to access other cloud services or cloud-based IT resources without re-authentication. (D)

How are cloud-based security groups typically created?

Through a cloud-based resource segmentation process according to security policies. (B)

What is the primary goal of Hardening a virtual server image?

To strip unnecessary software and limit potential vulnerabilities. (C)

Flashcards

Logical Network Perimeter

Establishes a secure boundary, isolating the network environment in a cloud.

Virtual Server

A software implementation that imitates a physical server.

Cloud Storage Device

Storage devices designed for cloud-based data needs.

Cloud Storage - Blocks

Lowest level of storage, closest to hardware, smallest accessible data unit.

Cloud Storage - Objects

Data and its associated metadata organized as web-based resources.

Cloud Usage Monitor

Tool responsible for gathering and interpreting IT resource usage data.

Resource Replication

Creates multiple instances of a single IT resource.

Ready-Made Environment

A pre-configured cloud platform with ready-to-use IT resources.

Container

Enables isolated cloud services to operate on same hardware.

Automated Scaling Listener

Monitors communications between consumers and cloud services for scaling.

Load Balancer

A service for balance workload over multiple IT resources for performance.

SLA Monitor

Monitors cloud services to ensure SLA fulfilment.

Pay-Per-Use Monitor

Measures IT resource usage based on pricing.

Audit Monitor

Collects audit tracking data for regulatory compliance.

Failover System

Automatically switches to redundant IT resource when failure occur.

Hypervisor

Virtualization foundation that generates virtual servers.

Resource Cluster

Combines multiple IT resource instances into one.

Multi-Device Broker

Facilitates runtime data transformation making cloud services available on multiple device.

State Management Database

A database temporarily stores software state data.

Remote Administration System

Provides tools for external cloud admins to configure IT resources.

Resource Management System

Coordinates IT resources responding to management actions.

Billing Management System

Dedicated to usage data collection for billing.

Encryption

Encodes plaintext data in an unreadable format.

Hashing

One-way data protection, non-reversible.

Digital Signature

Authenticity via authentication and non-repudiation.

Public Key Infrastructure (PKI)

Protocols enabling secure public key cryptography.

Identity and Access Management (IAM)

Controls user identities/access privileges.

Single Sign-On (SSO)

One login for multiple cloud services.

Cloud-Based Security Groups

Allocates resources to virtual machines.

Hardened Virtual Server Images

Enhance security by stripping unnecessary code and software.

Study Notes

Cloud Computing Mechanisms

• Cloud computing mechanisms involve emerging technologies.

Cloud Infrastructure Mechanisms

• Cloud infrastructure mechanisms are related to cloud computing mechanisms.

Logical Network Perimeter

• Isolation of network environment.
• Establishes a virtual network boundary.
• The logical network parameter is typically established via network devices that supply and control the connectivity of a data center.
• It is commonly deployed as virtualized IT environments.

Virtual Server

• Emulates a physical server.
• Cloud providers use it to share the same physical server with multiple cloud consumers by providing cloud consumers with individual virtual server instances.

Cloud Storage Device

• Represents storage devices that are designed specifically for cloud-based provisioning.
• Instances of these devices can be virtualized, similarly to how physical servers can spawn virtual server images.
• A primary concern related to cloud storage is the security, integrity, and confidentiality of data, which becomes more prone to being compromised when entrusted to external cloud providers and other third parties.

Cloud Storage Device - Storage Levels

• Files are collections of data grouped into files located in folders.
• Datasets are sets of data organized into a table-based, delimited, or record format.
• Blocks are the lowest level of storage that is closest to the hardware and is the smallest unit of data that is still individually accessible.
• Objects store data and associated metadata as web-based resources.

Cloud Usage Monitor

• The cloud usage monitor is responsible for collecting and processing IT resource usage data.

Three Common Agent-Based Implementations

• Monitor Agent resides along communication paths to transparently monitor and analyze dataflows.
• Resource Agent collects usage data by having event-driver interactions with specialized resource software.
• Polling Agent collects cloud service usage data by polling IT resources.

Resource Application

• Replication is typically performed when an IT resource's availability and performance need to be enhanced through the creation of multiple instances of the same IT resource.

Ready Made Environment

• Represents a pre-defined, cloud-based platform comprised of a set of already installed IT resources, ready to be used and customized by a cloud consumer.
• Examples Include:
  • Databases
  • Middleware
  • Development tools
  • Governance tools

Container

• Enables multiple isolated cloud services to run on a single physical or virtual server while accessing the same operating system kernel.

Specialized Cloud Mechanisms

• Specialized cloud mechanisms are related to cloud computing mechanisms.

Automated Scaling Listener

• A service agent that monitors and tracks communications between cloud service consumers and cloud services for dynamic scaling purposes.
• They automatically track workload status information which can be determined by the volume of cloud consumer-generated requests or via backend processing demands triggered by certain types of requests.
• Scaling-Down - The virtual server continues residing on the same physical host server while being scaled down to a lower performance configuration.
• Scaling-Up - The virtual server's capacity is doubled on its original physical host server. The VIM may also migrate the virtual server to another physical server if the original host server is overcommitted.

Load Balancer

• A common approach to horizontal scaling is to balance a workload across two or more IT resources to increase performance and capacity beyond what a single IT resource can provide.

Load Balancer - Specialized Runtime Workload Distribution Functions

• Asymmetric Distribution: Larger workloads are issued to IT resources with higher processing capacities.
• Workload Prioritization: Workloads are scheduled, queued, discarded, and distributed workloads according to their priority levels.
• Content-Aware Distribution: Requests are distributed to different IT resources as dictated by the request content.

SLA Monitor

• SLA stands for Service Level Agreement.
• It is used to specifically observe the runtime performance of cloud services to ensure that they fulfill contractual QoS requirements that are published in SLAs.
• The system can proactively repair or failover cloud services when exception conditions occur, such as when the SLA monitor reports a cloud service as "down."

Pay Per Use Monitor

• Measures cloud-based IT resource usage in accordance with predefined pricing parameters and generates usage logs for fee calculations and billing purposes.
• Data collected from the pay-per-use monitor is processed by a billing management system that calculates payment fees.

Pay Per Use Monitor - Monitoring Variables

• Request/response message quantity.
• Transmitted data volume.
• Bandwidth consumption.

Audit Monitor

• Used to collect audit tracking data for networks and IT resources in support of regulatory and contractual obligations.

Failover System

• Used to increase the reliability and availability of IT resources by using established clustering technology to provide redundant implementations.
• Configured to automatically switch over to a redundant or standby IT resource instance whenever the currently active IT resource becomes unavailable.

Basic Configurations

• Active-Active: actively serves the workload synchronously
• Active-Passive: A standby or inactive implementation is activated to take over the processing from the IT resource that becomes unavailable.

Hypervisor

• A fundamental part of virtualization infrastructure that is primarily used to generate virtual server instances of a physical server.
• Limited to one physical server and can therefore only create virtual images of that server

Resource Cluster

• Used to group multiple IT resource instances so that they can be operated as a single IT resource.
• This increases the combined computing capacity, load balancing, and availability of the clustered IT resources.

Resource Cluster - Common Types

• Server Cluster: Physical or virtual servers are clustered to improve performance and availability.
• Database Cluster: Designed to improve data availability
• Large Dataset Cluster: Data partitioning and distribution is implemented so that the target datasets can be efficiently partitioned without compromising data integrity or computing accuracy.

Multi-Device Broker

• Used to facilitate runtime data transformation so as to make a cloud service accessible to a wider range of cloud service consumer programs and devices.
  • XML Gateway – transmits and validates XML data
  • Cloud Storage Gateway - transforms cloud storage protocols and encodes storage devices to facilitate data transfer and storage -Mobile Device Gateway - transforms the communication protocols used by mobile devices into protocols that are compatible with a cloud service

State Management Database

• A storage device that is used to temporarily persist state data for software programs.
• As an alternative to caching state data in memory, software programs can off-load state data to the database in order to reduce the amount of runtime memory they consume which makes the surrounding infrastructure more scalable.

Cloud Management Mechanisms

• Cloud management mechanisms are related to cloud computing mechanisms.

Remote Administration System

• Provides tools and user-interfaces for external cloud resource administrators to configure and administer cloud-based IT resources.
• Tools and APIs provided by a remote administration system are generally used by the cloud provider to develop and customize online portals that provide cloud consumers with a variety of administrative controls.

Two Primary Types of Portal

• Usage and Administration Portal : Centralizes management controls to different cloud-based IT resources and can further provide IT resource usage reports.
• Self-Service Portal: Allows cloud consumers to search an up-to-date list of cloud services and IT resources that are available from a cloud provider.

Tasks Commonly Performed By Cloud Consumers Via A Remote Administration Console

• Configuring and setting up cloud services.
• Monitoring cloud service status, usage, and performance.
• Managing user accounts, security credentials, authorization, and access control.

Resource Management System

• Helps coordinate IT resources in response to management actions performed by both cloud consumers and cloud providers.
• Core to this system is the virtual infrastructure manager VIM that coordinates the server hardware so that virtual server instances can be created from the most expedient underlying physical server.

Tasks Typically Automated Through The Resource Management System

• Allocating and releasing virtual IT resources into the available physical infrastructure in response to the starting, pausing, resuming, and termination of virtual IT resource instances.
• Managing virtual IT resource templates that are used to create pre-built instances, such as virtual server images.
• Monitoring operational conditions of IT resources.

SLA Management System

• Represents a range of commercially available cloud management products that provide features pertaining to the administration, collection, storage, reporting, and runtime notification of SLA data.

Billing Management System

• Dedicated to the collection and processing of usage data as it pertains to cloud provider accounting and cloud consumer billing.
• Relies on pay-per-use monitors to gather runtime usage data that is stored in a repository that the system components then draw from for billing, reporting, and invoicing purposes.
• Allows for the definition of different pricing policies, as well as custom pricing models on a per cloud consumer and/or per IT resource basis.

Cloud Security Mechanisms

• Cloud security mechanisms are related to cloud computing mechanisms.

Encryption

• Encryption encodes plaintext data into a protected and unreadable format.

Two Common Forms Of Encryption

• Symmetric Encryption: Uses the same key for both encryption and decryption, both of which are performed by authorized parties that use the one shared key.
• Asymmetric Encryption: Relies on the use of two different keys, namely a private key and a public key.

Hashing

• Used when a one-way, non-reversible form of data protection is required.
• Once hashing has been applied to a message, it is locked and no key is provided for the message to be unlocked.
• A hashing function is applied to protect the integrity of a message that is intercepted and altered by a malicious service agent, before it is forwarded.

Digital Signature

• Means of providing data authenticity and integrity through authentication and non-repudiation.
• A message is assigned a digital signature prior to transmission, which is then rendered invalid if the message experiences any subsequent, unauthorized modifications.

Public Key Infrastructure (PKI)

• Exists as a system of protocols, data formats, rules, and practices that enable large-scale systems to securely use public key cryptography.
• Used to associate public keys with their corresponding key owners while enabling the verification of key validity.
• PKIs rely on the use of digital certificates, which are digitally signed data structures that bind public keys to certificate owner identities, as well as to related information, such as validity periods.

Identity and Access Management (IAM)

• Encompasses the components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems.

Four Main Components of IAM

• Authentication: verifies that the user entering some system or service is who they say they are.
• Authorization: is the process of giving the user access to particular resources.
• User Management: responsible for creating new user identities and access groups, resetting passwords, defining password policies, and managing privileges.
• Credential Management: establishes identities and access control rules for defined user accounts, which mitigates the threat of insufficient authorization.

Single Sign-On (SSO)

• Enables one cloud service consumer to be authenticated by a security broker, which establishes a security context that is persisted while the cloud service consumer accesses other cloud services or cloud-based IT resources.
• The credentials initially provided by the cloud service consumer remain valid for the duration of a session, while its security context information is shared.

Cloud-Based Security Groups

• Resource segmentation - used to enable virtualization by allocating a variety of physical IT resources to virtual machines.
• The cloud-based resource segmentation process creates cloud-based security group mechanisms that are determined through security policies.

Hardened Virtual Server Images

• A virtual server is created from a template configuration called a virtual server image.
• Hardening is the process of stripping unnecessary software from a system to limit potential vulnerabilities that can be exploited by attackers
• A hardened virtual server image is a template for virtual service instance creation that has been subjected to a hardening process