Public vs Private Cloud Overview

Questions and Answers

What characterizes a private cloud?

It must be hosted on-site by the organization.

It can only be managed by the organization itself.

It is provisioned exclusively for a single organization. (correct)

It is accessible to the general public.

Which of the following is an example of a private cloud service?

Amazon VPC (correct)

Dropbox

Microsoft OneDrive

Google Cloud Platform

What is a common misconception about private clouds?

They are inherently more secure than all public clouds.

They can only be managed on the organization’s premises. (correct)

They require less IT skill to manage than public clouds.

They provide more flexibility than public clouds.

In which scenario is a private cloud considered on-site?

When it is implemented at a customer's premises.

What is a key requirement for organizations using an on-site private cloud?

They require IT skills to manage their devices and cloud.

What is a primary concern for organizations considering the use of an on-site private cloud?

The need for a robust network infrastructure.

What does the security perimeter of an on-site private cloud signify?

It allows subscribers to exercise control over their resources.

Which of the following best describes outsourced private clouds?

They consist of servers managed by a hosting company.

What is a potential risk of workloads residing concurrently on the same systems in an on-site private cloud?

Risk of exposure due to software flaws

What impacts the on-demand bulk data import/export capabilities in an on-site private cloud?

The network capacity of the on-site private cloud

What is a significant financial consideration when migrating to an on-site private cloud?

Significant-to-high up-front costs for setup

Which aspect of an on-site private cloud is dependent on anticipated workloads?

Fixed computing and storage capacity

What allows a subscriber to enhance security against external threats in an on-site private cloud?

Implementing a strong security perimeter

What feature distinguishes an outsourced private cloud from an on-site private cloud?

Two security perimeters joined by a protected communications link

Why might real-time processing be problematic in an on-site private cloud?

Because of network capacity limitations

Which statement is true regarding client workload security in an on-site private cloud?

Access policies can mitigate risks of exposing client workloads.

What primarily influences the security of data in an outsourced private cloud?

The strength and availability of security perimeters

Which of the following is a key risk associated with multi-tenancy in an outsourced private cloud?

Implications similar to those of on-site private cloud

What is a potential limitation when conducting bulk data import/export in an outsourced private cloud?

Network capacity between the provider and subscriber

What main costs might a subscriber incur when migrating to an outsourced private cloud?

Negotiating the service level agreement (SLA)

How can communication limitations in an outsourced private cloud scenario be addressed?

By provisioning high-performance networking

In what way does the security perimeter differ in an outsourced private cloud compared to an on-site private cloud?

Both subscriber's and provider's perimeters need hardening

What capability do providers have that is a core advantage for outsourced private cloud services?

Ability to provision and operate computing equipment at scale

Which factor may necessitate an upgrade of the subscriber's network when moving to an outsourced private cloud?

Need for higher bandwidth to connect to the cloud

What happens when the parser encounters an external entity that it cannot retrieve?

The parser will cease processing the DTD content and make the available data to the application.

Which type of XML parser must retrieve all defined entities in the DTD?

Validating parser

How does a non-validating parser handle unresolved external entities?

It proceeds with processing the remaining document while noting the unresolved entities.

What is the role of entity references in XML processing?

To replace occurrences of certain character sequences with corresponding entities.

Which character is specified as not usable as whitespace in XML tags?

EBCDIC character 'NEL'

What should be used to include characters not defined in the encoding charset in XML?

Character references

What is a special characteristic of validating parsers in XML processing?

They validate document compatibility with the DTD.

What occurs if an XML parser identifies an external entity?

It retrieves and replaces each occurrence of the entity reference recursively.

What distinguishes control sensitive instructions from behavior sensitive instructions?

Control sensitive instructions can inadvertently expose the guest OS.

What is required for a VMM to be constructed on a conventional third generation computer?

The set of privileged instructions must be a subset of sensitive instructions.

What characterizes full virtualization in server environments?

Emulation of hardware, including the CPU, is used.

What is a significant drawback of using full virtualization?

Performance can be adversely affected due to hardware emulation.

What is the primary way the guest operating system interacts with the VMM in para-virtualization?

By modifying the guest OS to be aware of the VMM.

What does hardware-assisted virtualization primarily allow?

Unmodified operating systems can run without virtualization knowledge.

Which of the following represents a modification approach in para-virtualization?

Using para-virtualized drivers for enhanced device performance.

What is one of the notable features of QEMU and Bochs in virtualization?

They contribute to the total portability of VMs.

Which of the following describes a main advantage of hardware-assisted virtualization?

It allows for improved performance by eliminating the need for emulation.

Which of the following accurately describes a limitation of using para-virtualization?

It requires the guest OS to be aware of virtualization.

What is a common misconception regarding virtual machine portability?

Portability is possible due to consistent hardware emulation.

Why might a guest OS benefit from para-virtualized drivers?

To leverage virtualization-aware APIs for performance improvements.

What is the role of the VMM in a hardware-assisted virtualization environment?

It intercepts and emulates privileged operations using hardware extensions.

Study Notes

Public Cloud

• Restrictive default service level agreements
  • Public cloud service level agreements set limitations on how the cloud resources can be used.

Private Cloud

• Infrastructure is exclusive to a single organization
  • Multiple consumers within the organization can access the resources
• Examples include:
  • Eucalyptus
  • Ubuntu Enterprise Cloud - UEC
  • Amazon VPC
  • VMware Cloud Infrastructure Suite
  • Microsoft ECI data center.
• Private cloud can be managed by a third party and exist off-premises
• Two main scenarios exist:
  • On-site Private Cloud: implemented at the customer's location
  • Outsourced Private Cloud: server-side is managed by a hosting company.

On-site Private Cloud

• Subscriber organization retains control over resources within the security perimeter
• Factors to consider:
  • Subscribers still need IT skills to manage the environment
  • Workload location is hidden from clients for better resource management
  • Client workloads can reside concurrently within the same infrastructure, requiring strong access control policies
  • Network dependency impacts bulk data transfer and real-time processing
  • Secure from external threats with proper security perimeter implementation
  • Significant upfront costs for migrating to the cloud

Outsourced Private Cloud

• Two security perimeters are involved: one implemented by the subscriber and one by the provider.
• Stronger protection depends on both security perimeters and the protected communication link
• Considerations include:
  • Subscribers may be able to provision unique communication links with the provider.
  • Risks related to multi-tenancy are similar to on-site private clouds.
  • Network capacity limitations impact data transfer and real-time processing
  • Robust security measures are needed at both subscriber and provider perimeters.
  • Moderate to significant upfront costs for migration
  • Core competencies of providers: provisioning and operating computing equipment at scale
  • Main start-up costs are negotiation of service level agreements, network upgrades, application porting to the cloud, and training.

Virtualization

• Virtual Machine Monitor (VMM) can be constructed if sensitive instructions of a computer are a subset of privileged instructions.
• A computer is recursively virtualizable if a VMM without timing dependencies can be built.

VMM & VM

• VMMs are the core of virtualization technology.
• VMMs are responsible for managing and isolating VMs for security and performance considerations.

Server Virtualization Approaches

• Full Virtualization
  • First generation approach for x86/x64 server virtualization
  • Uses dynamic binary translation to emulate system hardware and software
    • Emulation layer talks to an operating system
    • Guest OS does not perceive the emulated environment
• Para-Virtualization
  • Guest OS is modified to run kernel-level operations
    • Guest OS is aware of privileged instructions
    • VMM handles virtualization
  • Guest OS communicates with the VMM via a specialized API
• Hardware-assisted virtualization
  • Guest OS runs in ring 0
  • VMM emulates privileged operations by using processor extensions
  • Removes many complexities of VMM development
  • VMM runs in a privileged ring higher than 0

Network Virtualization

• Virtualization of network infrastructure, such as:
  • Switches
  • Routers
  • Firewalls
  • Load balancers
• Allows for greater flexibility and efficiency in managing network resources

Why Virtualize?

• Allows for greater utilization of computing resources
• Improves flexibility and scalability of infrastructure
• Provides isolation and security to enhance reliability

XML Processing Rules: External Entities

• External entities are referenced in a DTD to import external data into an XML document.
• XML parsers can be validating or non-validating.
• Validating parsers must retrieve all entities and verify compatibility with DTD rules.
• Non-validating parsers attempt to retrieve entities but cease processing the DTD at the first unresolved entity.

Special Issues: Characters and Charsets

• XML defines specific characters as whitespace in tags.
• EBCIDIC character 'NEL' cannot be used as whitespace.
• Character references can be used to include characters not defined in the current encoding charset.

Description

This quiz explores the differences between public and private cloud infrastructures, including their service level agreements and examples of private cloud solutions. It covers various scenarios, such as on-site and outsourced private clouds, providing insights into management and organizational control.