Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Module Flow Understand Virtualization Essential Concepts and OS Virtualization Security p 4 @ Discuss the Insights of Cloud Security and Best Practices Understand Cloud Computing Fundamentals ' - l | I I Understand Virtualization Essential Concepts and OS Virtualization Security The objective of this section is to explain virtualization concepts, the types of virtualization, the various components of virtualization, the various enablers of virtualization technology, virtualization security and concerns, and best practices. Module 10 Page 1241 OS Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 QO Virtualization refers to a software-based virtual representation of an IT infrastructure that includes network, devices, applications, storage, etc. Virtualization O The virtualization framework divides the physical resources which are traditionally bound to hardware, into multiple individual simulated environments Virtual Architecture — , Traditional Architecture _ * | Opemtimgsystem HARDWARE L) ~ =y E NI 1 =. Network % etwork = ~— Server e Carysd o 111 0 = T [ e Server Storage Storage Copyright © by L All Rights Reserved. Reproductionis Strictly Prohibited Virtualization (Cont’d) o altl Virtualization = 3_ Levels of Approaches Types of Virtualization Virtualization Q Full Virtualization Q Storage Device Virtualization O Operating System Virtualization O 0S assisted Virtualization or Para Virtualization O File System Virtualization O Network Virtualization Q Server Virtualization Q Server Virtualization O Hardware assisted Virtualization Q Hybrid Virtualization Q Fabric Virtualization O Desktop Virtualization Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. Virtualization The virtualization architecture may be best illustrated by contrasting it with the traditional architecture. In the traditional architecture, the hardware infrastructure (host machine) runs a single operating system in which all applications are executed. Module 10 Page 1242 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 HARDWARE o = =3 AA. I : i - = - Network : - = s:/ N Server - Storage Figure 10.1: Traditional Architecture The above figure illustrates the traditional architecture. In the figure, a single instance of an operating system, with a set of applications, completely utilizes the available 32-bit hardware infrastructure. The host OS directly interacts with the hardware to request system resources. By contrast, in the virtualization architecture, the hardware platform (host machine) is used to run multiple sets of virtual operating systems (guest OSes) and their applications. — o =1 A : o 11111 o \ Network - - e : - - - N——rt Server Storage Figure 10.2: Virtual Architecture The above figure virtualization illustrates layer acts the virtualization as middleware between architecture. the As operating shown systems in the and the figure, the computer hardware. It logically partitions the hardware resources based on the requests received from the host and the guest operating systems. The host OS directly interacts with the computer hardware, but the guest OSes interact through the virtualization layer. Module 10 Page 1243 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Virtualization Approaches Various approaches can be adopted to achieve virtualization, as described below: Full Virtualization: In this type of virtualization, the guest OS is not aware that it is running in a virtualized environment. It sends commands to the virtual machine manager (VMM) to interact with the computer hardware. The VMM then translates the commands to binary instructions and forwards them to the host OS. The resources are allocated to the guest OS through the VMM. OS assisted Virtualization or Para Virtualization: In this type of virtualization, the guest OS is aware of the virtual environment in which it is running and communicates with the host machine to request for resources. The commands are translated into binary code by the guest OS for the computer hardware. The VMM is not involved in the request and response operations. Hardware assisted Virtualization: Modern microprocessor architectures have special instructions to aid the virtualization of hardware. These instructions enable the guest OS to execute privileged instructions directly on the processer. The operating system treats the system calls as user programs. Hybrid Virtualization: In this type of virtualization, the guest OS adopts the functionality of para virtualization and uses the VMM for binary translation to different types of hardware resources. Further, the design of a virtual environment may incorporate several levels of virtualization. The following are some levels of virtualization that a virtual environment may leverage. Storage Device techniques such Virtualization: as data This striping and is the data virtualization mirroring. RAID of storage devices is an example using of storage virtualization, in which multiple storage devices are combined into a single logical unit. File System Virtualization: This refers to the virtualization of data at the level of the file system. It facilitates convenience of sharing and protection of data within the software. Virtualized data pools manipulate files and data based on user demand. Server Virtualization: Server level virtualization enables the partition (or virtualization) of the server’s operating system environment. This involves the logical partitioning of the server’s hard drive. Fabric Virtualization: This level of virtualization makes the virtual devices independent of the physical computer hardware. It creates a massive pool different virtual machines running on the hardware. Storage of storage areas for area network (SAN) technology is used to achieve fabric level virtualization. Types of Virtualization Operating System Virtualization: This type of virtualization enables the hardware to execute multiple operating systems simultaneously, thus enabling the user to run applications requiring different operating systems on a single system. This is done Module 10 Page 1244 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 directly in the kernel of the operating system, which not only reduces hardware costs, but also saves time spent on updating software on multiple machines. = Network Virtualization: capacities and resources were now Virtualization encompasses visible and allocated has the moved beyond network as to software well. just server While in traditional and actual storage hardware networks, network virtualization creates an abstraction of these network resources. In network virtualization, multiple physical networks are combined into a single software-based virtual network, or a single physical network is divided and exists as multiple independent virtual networks. = Server Virtualization: This is the virtualization of server resources such as physical servers, processors, abstraction and operating systems. of multiple virtual machines This process enables the creation on a single server. and Each virtual machine works independently and runs its own operating system. = Desktop Virtualization: In this virtualization technology, the operating system instance, representing the user’s desktop, is located within a central server on the cloud. This enables the user to control the desktop on the cloud and use any device to access it. The data and files are not stored on the system with which the user accesses the desktop but are instead stored in the cloud. Virtualized desktops can be accessed through a server and are hosted on a remote central server, which could be a cluster of computers, thus enabling the user to maintain a desktop on a single central server or cloud. Desktop virtualization reduces the cost of ownership and downtime, enables centralized management, Module 10 Page 1245 and may enhance security. Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.