Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
CompTIA
Tags
Related
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 06_ocred_fax_ocred.pdf
- Structures de données en C - ENSAM PDF
- ITS66504 Lecture 7 Introduction to Cloud Computing PDF
- Computer Networks and Cloud Computing Unit 1 Notes PDF
- Introduction to Cloud Computing PDF
- Cloud Computing Introduction PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing On-premises vs. Hosted vs. Cloud s |...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing On-premises vs. Hosted vs. Cloud s | o The organization establishes the | oow | A third party owns the infrastructure and e A third party owns the platform; the infrastructure and runs all the business runs the business operations for the enterprise uses the resources based on operations organization the requirement DRI Tent The software or application is installed The cloud provider installs the software A third party sets up the entire cloud BV on internal physical servers or application on virtual servers hosting center or data center T AT e Depends on the skills of internal Depends on the Internet speed Pedo.nnan.ce can be opnmnzer:I by employees working with the service provider Physical infrastructure and initial setup Virtual infrastructure is paid for as per Rented private infrastructure is relatively are expensive usage expensive for the organization The platform can perform Connectivity Systems can work without the Internet Active Internet service is mandatory communication with both a private internal network and the Internet s Depends on the skills of the Less secure than other options as it is FECURY IS URCor She CRRtION'S Security control; all systems must be up to date administration team completely operated off-site and patched constantly Maintained by an internal team Maintained by the cloud provider :';:'::;med DL s — -~. ; Scalability depends on the availability of Scalability Offers limited scalability Easily and highly scalable applications on the cloud Copyright © by L All Rights Reserved. Reproduction Is Strictly Prohibited. On-premises vs. Hosted vs. Cloud There are many technologies for organizations to choose and deploy applications or software to run their business effectively. An organization should consider various factors such as budget, business size, and maintenance challenges before choosing a deployment option. Choosing the appropriate deployment platform for their business is often a challenging task for organizations. Before choosing a deployment option, organizations should be aware of various technologies, their features, and how secure they are. The table below describes various IT deployment models and their services. Parameters On-premises Cloud Hosted The organization A third party owns the A third party owns the. establishes the infrastructure and runs platform; the enterprise Ownership |... infrastructure and runs all | the business operations uses the resources based the business operations. for the organization. on the requirement. The cloud provider The software or A third party sets up the installs the software or Deployment | application is installed on entire cloud hosting application on virtual internal physical servers. center or data center. servers. Performance can be Depends on the skills of Depends on the Internet Performance |. optimized by working internal employees. speed.... with the service provider. Rented private Physical infrastructure.. i. ; i y o Virtual infrastructure is infrastructure is relatively Cost and initial setup are... paid for as per usage. expensive for the expensive. R organization. Module 10 Page 1321 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing The platform can perform.. Systems can work Active Internet service is communication with both Connectivity i.. without the Internet. mandatory. a private internal network and the Internet. Security is under the. Less secure than other organization’s control; all. Depends on the skills of. e Security.. options as it is completely | systems must be up to the administration team.. operated off-site. date and patched constantly.. Maintained by an internal | Maintained by the cloud Maintained by a third- Maintenance.. team. provider. party hosting agency. Scalability depends on the Scalability Offers limited scalability. Easily and highly scalable. | availability of applications on the cloud. Table 10.3: Comparison among on-premises, hosted, and cloud IT deployment models Module 10 Page 1322 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing NIST Cloud Deployment Reference Architecture NN\ Lh lb NIST cloud computing reference architecture defines five major actors: Cloud Consumer 0 A person or organization that uses cloud computing computing services services Cloud Provider || Cloud Provider Service Layer Cloud Service g @ O Cloud Consumer Management A person or organization providing services to Cloud Consumer Saas >- Cloud Cloud Broker Broker interested parties Cloud Auditor Cloud Paas # g Business Support Business Service Service Cloud Carrier |l Security l 12as 1aas Intermediation Security audit audit I Security 6 Privacy An intermediary for providing connectivity and Service Configuration Service Pccioil transport services between consumers and cloud consumers between cloud and m Resource Abstraction Configuration Aggregation providers Impact P Audit and Control Layer Perf [[ Physical Resource Layer || Portability/ Interoperability Portability/. E g Cloud Auditor Auditor Interoperability Service Audit -m Arbitrage © XN [ | 2& A party for making independent assessments of ! ’f E cloud service controls cloud service controls and taking an and taking an opinion opinion thereon thereon Facility ¢ o g& S — Cloud Broker @ An entity that manages cloud services in terms of Cloud Carrier use, performance, and delivery, and maintains the relationship between cloud providers and consumers Copyright © by L All Rights Reserved. Reproduction Reproduction Isis Strictly Prohibited Prohibited. NIST Cloud Deployment Reference Architecture Arxchitecture The figure below gives an overview of the NIST cloud computing reference architecture; it displays the primary actors, activities, and functions in cloud computing. The diagram illustrates a generic high-level architecture, intended for better understanding the uses, requirements, characteristics, and standards of cloud computing. Cloud Provider Service Layer Cloud Service Cloud Consumer Management Management SaaS. _ S S | Cloud Broker Business Support Cloud Auditor Paas PaaS g Business Support Service Service | laaS laa$ Intermediation Security audit F Y. Security Privacy Provisioning/ = 8 : Configuration Configuration 3 = Service Servnce_ Privacy Resource Abstraction v Aggregation Impact Audit and Control Layer Portability/ Portability/. Performance Performance \~ Physical Resource Layer Physical Resource Layer Service Audit. s Interoperability Interoperability Service & Audit | Arbitrage ‘ Hardware Ny [=] Ny e B8Ro & il Facility Cloud Carrier Figure 10.27: NIST cloud computing reference architecture Module 10 Page 1323 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing The five significant actors are as follows: Cloud Consumer A cloud consumer is a person or organization that maintains a business relationship with the cloud service providers (CSPs) and utilizes the cloud computing services. The cloud consumer browses the CSP’s service catalog requests for the desired services, sets up service contracts with the CSP (either directly or via cloud broker), and uses the services. The CSP bills the consumer based on the services provided. The CSP should fulfill the service level agreement (SLA) in which the cloud consumer specifies the technical performance requirements, such as the quality of service, security, and remedies for performance failure. The CSP may also define limitations and obligations if any, that cloud consumers must accept. The services available to a cloud consumer in the Paa$, laaS, and SaaS models are as follows: o PaaS - database (DB), business intelligence, application deployment, development and testing, and integration o laaS - storage, services management, content delivery network (CDN), platform hosting, backup and recovery, and computing o SaaS - human resources, enterprise resource planning (ERP), sales, customer relationship management (CRM), collaboration, document management, email and office productivity, content management, financial services, and social networks. Cloud Provider A cloud provider is a person or organization who acquires and manages the computing infrastructure intended for providing services (directly or via a cloud broker) to interested parties via network access. Cloud Carrier A cloud carrier acts as an intermediary that provides connectivity and transport services between CSPs and cloud consumers. The cloud carrier provides access to consumers via a network, telecommunication, or other access devices. Cloud Auditor A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon. Audits verify adherence to standards through a review of the objective evidence. A cloud auditor can evaluate the services provided by a CSP regarding security controls (management, operational, and technical safeguards intended to protect the confidentiality, integrity, and availability of the system and its information), privacy impact (compliance with applicable privacy laws and regulations governing an individual’s privacy), performance, etc. Module 10 Page 1324 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing = Cloud Broker The integration of cloud services is becoming too complicated for cloud consumers to manage. Thus, a cloud consumer may request cloud services from a cloud broker, rather than directly contacting a CSP. The cloud broker is an entity that manages cloud services regarding use, performance, and delivery and maintains the relationship between CSPs and cloud consumers. The services provided by cloud brokers fall in three categories: o Service Intermediation: Improves a given function by a specific capability and provides value-added services to cloud consumers. o Service Aggregation: Combines and integrates multiple services into one or more new services. o Service Arbitrage: Similar to service aggregation but without the fixing of the aggregated services (the cloud broker can choose services from multiple agencies). Module 10 Page 1325 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
