Podcast
Questions and Answers
What is the primary function of a Logical Network Perimeter in cloud computing?
What is the primary function of a Logical Network Perimeter in cloud computing?
- To physically isolate cloud data centers from external access.
- To provide unrestricted bandwidth to all cloud resources for optimal performance.
- To establish a virtual boundary, isolating network environments within the cloud. (correct)
- To control the physical cabling and network hardware within a cloud infrastructure.
In what way do cloud providers leverage virtual servers to enhance resource utilization?
In what way do cloud providers leverage virtual servers to enhance resource utilization?
- By bypassing physical servers entirely and relying on virtualized hardware.
- By sharing the underlying physical server among multiple cloud consumers, each with individual virtual server instances. (correct)
- By reallocating a virtual server instance every time the physical server reaches maximum load.
- By exclusively assigning a single physical server to each cloud consumer.
What is a key security concern associated with cloud storage devices?
What is a key security concern associated with cloud storage devices?
- Ensuring the security, integrity, and confidentiality of data when entrusted to external cloud providers. (correct)
- Maintaining optimal cooling of the storage devices to prevent data loss.
- The lack of redundancy in cloud storage systems, leading to higher potential for data loss.
- The physical wear and tear on storage devices due to constant data access.
Within the context of cloud storage, how are 'Blocks' defined relative to other storage levels?
Within the context of cloud storage, how are 'Blocks' defined relative to other storage levels?
What is the primary responsibility of a Cloud Usage Monitor?
What is the primary responsibility of a Cloud Usage Monitor?
What outcome does resource replication aim to achieve in a cloud environment?
What outcome does resource replication aim to achieve in a cloud environment?
A ready-made environment in cloud computing is best described as which of the following?
A ready-made environment in cloud computing is best described as which of the following?
What functionality does a container provide in a cloud computing environment?
What functionality does a container provide in a cloud computing environment?
What is the core function of an Automated Scaling Listener in cloud architecture?
What is the core function of an Automated Scaling Listener in cloud architecture?
What does 'scaling-up' achieve within the context of an automated scaling listener?
What does 'scaling-up' achieve within the context of an automated scaling listener?
How does a load balancer contribute to horizontal scaling in cloud resources?
How does a load balancer contribute to horizontal scaling in cloud resources?
Which of these accurately describes the function of 'Workload Prioritization' in workload distribution?
Which of these accurately describes the function of 'Workload Prioritization' in workload distribution?
What role does an SLA monitor fulfill in a cloud environment?
What role does an SLA monitor fulfill in a cloud environment?
What is the primary function of a Pay-Per-Use Monitor in cloud services?
What is the primary function of a Pay-Per-Use Monitor in cloud services?
Within the operations of a pay-per-use monitor, what system processes the data collected to determine payment fees?
Within the operations of a pay-per-use monitor, what system processes the data collected to determine payment fees?
What type of data is an Audit Monitor designed to collect in cloud environments?
What type of data is an Audit Monitor designed to collect in cloud environments?
What is the primary purpose of a failover system in cloud computing?
What is the primary purpose of a failover system in cloud computing?
In the context of failover systems, what is the key characteristic of an Active-Passive configuration?
In the context of failover systems, what is the key characteristic of an Active-Passive configuration?
What is the fundamental purpose of a hypervisor in a virtualized infrastructure?
What is the fundamental purpose of a hypervisor in a virtualized infrastructure?
What is the primary benefit of using a resource cluster in cloud computing?
What is the primary benefit of using a resource cluster in cloud computing?
Which description aligns with the purpose of a Multi-Device Broker in cloud services?
Which description aligns with the purpose of a Multi-Device Broker in cloud services?
What is the primary function of a State Management Database in cloud computing?
What is the primary function of a State Management Database in cloud computing?
What is the main objective of a Remote Administration System in cloud computing?
What is the main objective of a Remote Administration System in cloud computing?
What is the key function of a Usage and Administration Portal in a cloud environment?
What is the key function of a Usage and Administration Portal in a cloud environment?
How does a Resource Management System contribute to the efficiency of cloud services?
How does a Resource Management System contribute to the efficiency of cloud services?
What role does a Virtual Infrastructure Manager (VIM) play within a Resource Management System?
What role does a Virtual Infrastructure Manager (VIM) play within a Resource Management System?
What primary function does an SLA Management System perform in cloud computing?
What primary function does an SLA Management System perform in cloud computing?
What is the specific function of the Billing Management System in cloud operations?
What is the specific function of the Billing Management System in cloud operations?
What risk does encryption mitigate when applied to data in cloud environments?
What risk does encryption mitigate when applied to data in cloud environments?
How does asymmetric encryption differ from symmetric encryption?
How does asymmetric encryption differ from symmetric encryption?
What is the main characteristic of Hashing as a data protection method?
What is the main characteristic of Hashing as a data protection method?
How does a digital signature ensure data integrity and authenticity?
How does a digital signature ensure data integrity and authenticity?
What is the role of digital certificates within a Public Key Infrastructure (PKI)?
What is the role of digital certificates within a Public Key Infrastructure (PKI)?
What aspects does Identity and Access Management (IAM) primarily control?
What aspects does Identity and Access Management (IAM) primarily control?
What is the significance of Single Sign-On (SSO) in cloud security?
What is the significance of Single Sign-On (SSO) in cloud security?
How are cloud-based security groups typically created?
How are cloud-based security groups typically created?
What is the primary goal of Hardening a virtual server image?
What is the primary goal of Hardening a virtual server image?
Flashcards
Logical Network Perimeter
Logical Network Perimeter
Establishes a secure boundary, isolating the network environment in a cloud.
Virtual Server
Virtual Server
A software implementation that imitates a physical server.
Cloud Storage Device
Cloud Storage Device
Storage devices designed for cloud-based data needs.
Cloud Storage - Blocks
Cloud Storage - Blocks
Signup and view all the flashcards
Cloud Storage - Objects
Cloud Storage - Objects
Signup and view all the flashcards
Cloud Usage Monitor
Cloud Usage Monitor
Signup and view all the flashcards
Resource Replication
Resource Replication
Signup and view all the flashcards
Ready-Made Environment
Ready-Made Environment
Signup and view all the flashcards
Container
Container
Signup and view all the flashcards
Automated Scaling Listener
Automated Scaling Listener
Signup and view all the flashcards
Load Balancer
Load Balancer
Signup and view all the flashcards
SLA Monitor
SLA Monitor
Signup and view all the flashcards
Pay-Per-Use Monitor
Pay-Per-Use Monitor
Signup and view all the flashcards
Audit Monitor
Audit Monitor
Signup and view all the flashcards
Failover System
Failover System
Signup and view all the flashcards
Hypervisor
Hypervisor
Signup and view all the flashcards
Resource Cluster
Resource Cluster
Signup and view all the flashcards
Multi-Device Broker
Multi-Device Broker
Signup and view all the flashcards
State Management Database
State Management Database
Signup and view all the flashcards
Remote Administration System
Remote Administration System
Signup and view all the flashcards
Resource Management System
Resource Management System
Signup and view all the flashcards
Billing Management System
Billing Management System
Signup and view all the flashcards
Encryption
Encryption
Signup and view all the flashcards
Hashing
Hashing
Signup and view all the flashcards
Digital Signature
Digital Signature
Signup and view all the flashcards
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
Signup and view all the flashcards
Identity and Access Management (IAM)
Identity and Access Management (IAM)
Signup and view all the flashcards
Single Sign-On (SSO)
Single Sign-On (SSO)
Signup and view all the flashcards
Cloud-Based Security Groups
Cloud-Based Security Groups
Signup and view all the flashcards
Hardened Virtual Server Images
Hardened Virtual Server Images
Signup and view all the flashcards
Study Notes
Cloud Computing Mechanisms
- Cloud computing mechanisms involve emerging technologies.
Cloud Infrastructure Mechanisms
- Cloud infrastructure mechanisms are related to cloud computing mechanisms.
Logical Network Perimeter
- Isolation of network environment.
- Establishes a virtual network boundary.
- The logical network parameter is typically established via network devices that supply and control the connectivity of a data center.
- It is commonly deployed as virtualized IT environments.
Virtual Server
- Emulates a physical server.
- Cloud providers use it to share the same physical server with multiple cloud consumers by providing cloud consumers with individual virtual server instances.
Cloud Storage Device
- Represents storage devices that are designed specifically for cloud-based provisioning.
- Instances of these devices can be virtualized, similarly to how physical servers can spawn virtual server images.
- A primary concern related to cloud storage is the security, integrity, and confidentiality of data, which becomes more prone to being compromised when entrusted to external cloud providers and other third parties.
Cloud Storage Device - Storage Levels
- Files are collections of data grouped into files located in folders.
- Datasets are sets of data organized into a table-based, delimited, or record format.
- Blocks are the lowest level of storage that is closest to the hardware and is the smallest unit of data that is still individually accessible.
- Objects store data and associated metadata as web-based resources.
Cloud Usage Monitor
- The cloud usage monitor is responsible for collecting and processing IT resource usage data.
Three Common Agent-Based Implementations
- Monitor Agent resides along communication paths to transparently monitor and analyze dataflows.
- Resource Agent collects usage data by having event-driver interactions with specialized resource software.
- Polling Agent collects cloud service usage data by polling IT resources.
Resource Application
- Replication is typically performed when an IT resource's availability and performance need to be enhanced through the creation of multiple instances of the same IT resource.
Ready Made Environment
- Represents a pre-defined, cloud-based platform comprised of a set of already installed IT resources, ready to be used and customized by a cloud consumer.
- Examples Include:
- Databases
- Middleware
- Development tools
- Governance tools
Container
- Enables multiple isolated cloud services to run on a single physical or virtual server while accessing the same operating system kernel.
Specialized Cloud Mechanisms
- Specialized cloud mechanisms are related to cloud computing mechanisms.
Automated Scaling Listener
- A service agent that monitors and tracks communications between cloud service consumers and cloud services for dynamic scaling purposes.
- They automatically track workload status information which can be determined by the volume of cloud consumer-generated requests or via backend processing demands triggered by certain types of requests.
- Scaling-Down - The virtual server continues residing on the same physical host server while being scaled down to a lower performance configuration.
- Scaling-Up - The virtual server's capacity is doubled on its original physical host server. The VIM may also migrate the virtual server to another physical server if the original host server is overcommitted.
Load Balancer
- A common approach to horizontal scaling is to balance a workload across two or more IT resources to increase performance and capacity beyond what a single IT resource can provide.
Load Balancer - Specialized Runtime Workload Distribution Functions
- Asymmetric Distribution: Larger workloads are issued to IT resources with higher processing capacities.
- Workload Prioritization: Workloads are scheduled, queued, discarded, and distributed workloads according to their priority levels.
- Content-Aware Distribution: Requests are distributed to different IT resources as dictated by the request content.
SLA Monitor
- SLA stands for Service Level Agreement.
- It is used to specifically observe the runtime performance of cloud services to ensure that they fulfill contractual QoS requirements that are published in SLAs.
- The system can proactively repair or failover cloud services when exception conditions occur, such as when the SLA monitor reports a cloud service as "down."
Pay Per Use Monitor
- Measures cloud-based IT resource usage in accordance with predefined pricing parameters and generates usage logs for fee calculations and billing purposes.
- Data collected from the pay-per-use monitor is processed by a billing management system that calculates payment fees.
Pay Per Use Monitor - Monitoring Variables
- Request/response message quantity.
- Transmitted data volume.
- Bandwidth consumption.
Audit Monitor
- Used to collect audit tracking data for networks and IT resources in support of regulatory and contractual obligations.
Failover System
- Used to increase the reliability and availability of IT resources by using established clustering technology to provide redundant implementations.
- Configured to automatically switch over to a redundant or standby IT resource instance whenever the currently active IT resource becomes unavailable.
Basic Configurations
- Active-Active: actively serves the workload synchronously
- Active-Passive: A standby or inactive implementation is activated to take over the processing from the IT resource that becomes unavailable.
Hypervisor
- A fundamental part of virtualization infrastructure that is primarily used to generate virtual server instances of a physical server.
- Limited to one physical server and can therefore only create virtual images of that server
Resource Cluster
- Used to group multiple IT resource instances so that they can be operated as a single IT resource.
- This increases the combined computing capacity, load balancing, and availability of the clustered IT resources.
Resource Cluster - Common Types
- Server Cluster: Physical or virtual servers are clustered to improve performance and availability.
- Database Cluster: Designed to improve data availability
- Large Dataset Cluster: Data partitioning and distribution is implemented so that the target datasets can be efficiently partitioned without compromising data integrity or computing accuracy.
Multi-Device Broker
- Used to facilitate runtime data transformation so as to make a cloud service accessible to a wider range of cloud service consumer programs and devices.
- XML Gateway – transmits and validates XML data
- Cloud Storage Gateway - transforms cloud storage protocols and encodes storage devices to facilitate data transfer and storage -Mobile Device Gateway - transforms the communication protocols used by mobile devices into protocols that are compatible with a cloud service
State Management Database
- A storage device that is used to temporarily persist state data for software programs.
- As an alternative to caching state data in memory, software programs can off-load state data to the database in order to reduce the amount of runtime memory they consume which makes the surrounding infrastructure more scalable.
Cloud Management Mechanisms
- Cloud management mechanisms are related to cloud computing mechanisms.
Remote Administration System
- Provides tools and user-interfaces for external cloud resource administrators to configure and administer cloud-based IT resources.
- Tools and APIs provided by a remote administration system are generally used by the cloud provider to develop and customize online portals that provide cloud consumers with a variety of administrative controls.
Two Primary Types of Portal
- Usage and Administration Portal : Centralizes management controls to different cloud-based IT resources and can further provide IT resource usage reports.
- Self-Service Portal: Allows cloud consumers to search an up-to-date list of cloud services and IT resources that are available from a cloud provider.
Tasks Commonly Performed By Cloud Consumers Via A Remote Administration Console
- Configuring and setting up cloud services.
- Monitoring cloud service status, usage, and performance.
- Managing user accounts, security credentials, authorization, and access control.
Resource Management System
- Helps coordinate IT resources in response to management actions performed by both cloud consumers and cloud providers.
- Core to this system is the virtual infrastructure manager VIM that coordinates the server hardware so that virtual server instances can be created from the most expedient underlying physical server.
Tasks Typically Automated Through The Resource Management System
- Allocating and releasing virtual IT resources into the available physical infrastructure in response to the starting, pausing, resuming, and termination of virtual IT resource instances.
- Managing virtual IT resource templates that are used to create pre-built instances, such as virtual server images.
- Monitoring operational conditions of IT resources.
SLA Management System
- Represents a range of commercially available cloud management products that provide features pertaining to the administration, collection, storage, reporting, and runtime notification of SLA data.
Billing Management System
- Dedicated to the collection and processing of usage data as it pertains to cloud provider accounting and cloud consumer billing.
- Relies on pay-per-use monitors to gather runtime usage data that is stored in a repository that the system components then draw from for billing, reporting, and invoicing purposes.
- Allows for the definition of different pricing policies, as well as custom pricing models on a per cloud consumer and/or per IT resource basis.
Cloud Security Mechanisms
- Cloud security mechanisms are related to cloud computing mechanisms.
Encryption
- Encryption encodes plaintext data into a protected and unreadable format.
Two Common Forms Of Encryption
- Symmetric Encryption: Uses the same key for both encryption and decryption, both of which are performed by authorized parties that use the one shared key.
- Asymmetric Encryption: Relies on the use of two different keys, namely a private key and a public key.
Hashing
- Used when a one-way, non-reversible form of data protection is required.
- Once hashing has been applied to a message, it is locked and no key is provided for the message to be unlocked.
- A hashing function is applied to protect the integrity of a message that is intercepted and altered by a malicious service agent, before it is forwarded.
Digital Signature
- Means of providing data authenticity and integrity through authentication and non-repudiation.
- A message is assigned a digital signature prior to transmission, which is then rendered invalid if the message experiences any subsequent, unauthorized modifications.
Public Key Infrastructure (PKI)
- Exists as a system of protocols, data formats, rules, and practices that enable large-scale systems to securely use public key cryptography.
- Used to associate public keys with their corresponding key owners while enabling the verification of key validity.
- PKIs rely on the use of digital certificates, which are digitally signed data structures that bind public keys to certificate owner identities, as well as to related information, such as validity periods.
Identity and Access Management (IAM)
- Encompasses the components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems.
Four Main Components of IAM
- Authentication: verifies that the user entering some system or service is who they say they are.
- Authorization: is the process of giving the user access to particular resources.
- User Management: responsible for creating new user identities and access groups, resetting passwords, defining password policies, and managing privileges.
- Credential Management: establishes identities and access control rules for defined user accounts, which mitigates the threat of insufficient authorization.
Single Sign-On (SSO)
- Enables one cloud service consumer to be authenticated by a security broker, which establishes a security context that is persisted while the cloud service consumer accesses other cloud services or cloud-based IT resources.
- The credentials initially provided by the cloud service consumer remain valid for the duration of a session, while its security context information is shared.
Cloud-Based Security Groups
- Resource segmentation - used to enable virtualization by allocating a variety of physical IT resources to virtual machines.
- The cloud-based resource segmentation process creates cloud-based security group mechanisms that are determined through security policies.
Hardened Virtual Server Images
- A virtual server is created from a template configuration called a virtual server image.
- Hardening is the process of stripping unnecessary software from a system to limit potential vulnerabilities that can be exploited by attackers
- A hardened virtual server image is a template for virtual service instance creation that has been subjected to a hardening process
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.