Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 04_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Types of Containers

OS Containers Application Containers
Q Containers used as an operating system and O Containers used to run a single application
QO
run multiple services.. o
O A container contains the application, its
O Examples: LXC, OpenVZ, Linux Vserver, BDS dependencies, and hardware requirements file
Jails, Solaris Zones
O Examples: Docker, Rocket

Types of Containers
OS Containers: OS containers are virtual environments sharing the kernel of the host
environment that provides them isolated user space. The user can install, configure, and
run different applications, libraries, etc. in OS containers. OS containers run multiple
services and processes. OS containers are suitable for users that require an operating
system to install various libraries, databases, etc. Examples of OS containers are LXC,
OpenVZ, Linux Vserver, BSD Jails, and Solaris Zones.

Application Containers: These are containers used to run a single service. They have
layered file systems and are built on top of OS container technologies. Application
containers are suitable for users that require to package an application and its
components together for distribution. Examples of application containers are Docker
and Rocket.

Module 10 Page 1257 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Containers Vs.Virtual Machine.
: Virtual Machines

App1 App2 App3
Provides OS-level Provides hardware-level Bins/Libs Bins/Libs Bins/Libs
virtualization virtualization :
' Guest 0S Guest 0OS Guest OS

Lightweight Heavyweight it
Host Operating System |
All containers share the Each virtual machine runs in [nfrastructire
host OS its own 0S 28 I=m )
Containers
Requires less memory
Allocates required memory Appl App2 App3
space
Bins/Libs Bins/Libs Bins/Libs
Fully isolated (more Process-level isolation (less :
secure) secure)

Example: LXC, LXD, Example: VMWare, Hyper-V, o] Y
CGManager, Docker vSphere, Virtual Box : w8 = Infrastructure @
é )

Containers Vs. Virtual Machine

Containers and virtual machines decrease resource requirements and increase functionality.
The differences between a container and a virtual machine are as follows.

Container Virtual Machine

Virtualization based on an operating
system, in which the kernel’s An operating system or application
Definition operating system functionality is environment that runs on a physical
replicated on multiple instances of machine.
isolated user space.

Type Lightweight. Heavyweight.

Virtualization Provides OS virtualization. Provides hardware-level virtualization.

Memory Space Requires less memory space. Requires more memory space.

Security Process-level isolation (less secure). | Fully isolated (more secure).

Start-up Time Start-up time is in milliseconds. Start-up time is in minutes.

Operating System Host OS is shared. Each VM has its own OS.

Examples: LXC, LXD, CGManager, Examples: VMware, Hyper-V, vSphere,
Providers
Docker. Virtual Box.

Table 10.1: Containers Vs Virtual Machines

Module 10 Page 1258 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Guest OS Guest OS
0OS Guest 0OS
OS

Figure 10.6: Virtual machine

Figure 10.7: Container

Module 10 Page 1259 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Docker
O Docker is an open source technology used for developing, packaging, and running applications and all its
11 9 dependencies in the form of containers, to ensure that the application works in a seamless environment
O Docker provides a Platform-as-a-Service (PaaS) through OS-level virtualization and delivers containerized
software packages

Docker Engine Docker Arxchitecture
% -
B ‘& Client Docker Host ! Registry lw_‘.q,
'(-flff‘fi?‘.’i" A
I;ax;z
Rest API..fi DAEMON l
S g Docker... ------- :’% ) RN < L fi

PRI Server
@ Docker
= , L

z
<
daemon

D
1=
Data / |
Volumes Docker ,°. — s

_— B[_" sesssess Build
_—— Pl

Containers Images = * "= Run

Copyright © by AL All Rights Reserved. Reproduction is Strictly Prohibited

Docker

Docker is an open source technology used for developing, packaging, and running applications
and all their dependencies in the form of containers, to ensure that each application works in a
seamless environment. Docker provides platform-as-a-service (PaaS) through OS-level
virtualization and delivers containerized software packages.
Docker Engine: This is an application installed on the host machine and uses the following
components to develop, assemble, ship, and run applications.
= Docker Daemon: This manages the Docker images, containers, networks, and storage
volume, and processes the requests of the Docker API. It is responsible for container-
related actions and communicates with other daemons in order to manage its services.
= Docker Engine REST API: This API is used by an application to communicate with the
Docker daemon.

= Docker CLI: This is a command line interface that is used to interact with the Docker
daemon. Using CLI, users can execute commands (build, run, and stop applications) to a
Docker daemon.
Docker Systems Working Mechanism: The Docker client interacts with the Docker daemon
using a REST API through Unix sockets or a network interface. The Docker client and the Docker
daemon can run on the same system, or the user can connect a Docker client to a remote
Docker daemon.

Module 10 Page 1260 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Docker Architecture: The Docker architecture is based on a client-server model and has the
following components:
Docker Client: This enables the users to communicate with the Docker environment.
The key function of the Docker client is to retrieve the images from the registry and run
them on the Docker host. Some of the common commands of the Docker client are:
docker build
docker pull
docker run

Docker Host: This provides the user an environment to run an application. The Docker
host consists of Docker daemon, images, containers, networks, and storage. The
following components are objects of the Docker host.
Images: An image is a read-only binary template for building a container. Images are
used to build a container or to configure the container with additional features. The
container capabilities and requirements rely on the metadata of the images. Docker
images are hosted by Docker registries.
Containers: A container is an encapsulated environment to run an application. A
container’s access to resources is defined by the image. The user can also create a new
image depending on the state of the container.
Networking: Docker has networking drivers to support networking containers. It
implements networking in an application-driven manner.
Docker Registries: These are services that provide locations for storing and downloading
images. While working with registries, frequently used commands are:
docker push
docker pull

docker run

Client
Manages Docker CLI Manages
EEEEEEEERENS \

Containers Rest API Images

A- Server —
Manages dDocker Mana. es D 2 ==
Network. g
Data
Volumes

Figure 10.8: Docker engine

Module 10 Page 1261 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

’g‘ Client Docker Host Registry | 5,

N N ‘r:%‘
17%‘
ant "\4 DAEMON

-
> EN
Docker ans®
RO ” / ‘ : L‘

= Build 7PR e 2 : S N~
N
oy Docker A
> s
7.-.7.$
\
kK.
= v4 |.,
AP p
b ~[immmm
=,o
=
= pull
ol o. 4 g Vi. & ,';“a (A
1. 1 u
,
e
Docker ,. P 7
B Run ’,
/
h EEEEEEEES
SEEEEEEE Build. == == = Pull

Containers Images - "™ Run

Figure 10.9: Docker architecture

Module 10 Page 1262 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.