Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 04_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 01_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 03_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 04_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 03_ocred_fax_ocred.pdf
- Cloud and Virtualization Security PDF
Full Transcript
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Types of Containers OS Containers Q O Containers used as an operating system and run multiple services Examples: LXC, OpenVZ, Linux Vserver, BDS Jails, Solaris Zones Application Containers O Containers used to run a si...
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Types of Containers OS Containers Q O Containers used as an operating system and run multiple services Examples: LXC, OpenVZ, Linux Vserver, BDS Jails, Solaris Zones Application Containers O Containers used to run a single application O A container contains the application, its dependencies, and hardware requirements file O Examples: Docker, Rocket.. o Types of Containers OS Containers: OS containers are virtual environments sharing the kernel of the host environment that provides them isolated user space. The user can install, configure, and run different applications, libraries, etc. in OS containers. OS containers run multiple services and processes. OS containers are suitable for users that require an operating system to install various libraries, databases, etc. Examples of OS containers are LXC, OpenVZ, Linux Vserver, BSD Jails, and Solaris Zones. Application Containers: These are containers used to run a single service. They have layered file systems and are built on top of OS container technologies. Application containers are suitable for users that require to package an application and its components together for distribution. Examples of application containers are Docker and Rocket. Module 10 Page 1257 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Containers Vs.Virtual Machine. : Provides OS-level Provides hardware-level virtualization virtualization Lightweight Heavyweight All containers share the host OS Requires less memory space Fully isolated (more secure) Example: LXC, LXD, CGManager, Docker Virtual Machines : ' App1 App2 App3 Bins/Libs Bins/Libs Bins/Libs Guest 0S Guest 0OS Guest OS it Host Operating System Each virtual machine runs in Allocates required memory Process-level isolation (less secure) Example: VMWare, vSphere, Virtual Box Hyper-V, : : é [nfrastructire I=m 28 its own 0S | ) Containers Appl App2 App3 Bins/Libs Bins/Libs Bins/Libs w8 = o] Y Infrastructure ) @ Containers Vs. Virtual Machine Containers and virtual machines decrease resource requirements and increase functionality. The differences between a container and a virtual machine are as follows. Virtual Machine Container Virtualization based on an operating Definition Type Virtualization Memory Space Security Start-up Time Operating System Providers system, in which the kernel’s An operating system or application operating system functionality is replicated on multiple instances of isolated user space. environment that runs on a physical machine. Lightweight. Heavyweight. Provides OS virtualization. Provides hardware-level virtualization. Requires less memory space. Requires more memory space. Process-level isolation (less secure). | Fully isolated (more secure). Start-up time is in milliseconds. Start-up time is in minutes. Host OS is shared. Each VM has its own OS. Examples: LXC, LXD, CGManager, Examples: VMware, Hyper-V, vSphere, Docker. Virtual Box. Table 10.1: Containers Vs Virtual Machines Module 10 Page 1258 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Guest OS Exam 212-82 Guest 0OS Guest OS Figure 10.6: Virtual machine Figure 10.7: Container Module 10 Page 1259 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Docker 11 9 O Docker is an open source technology used for developing, packaging, and running applications and all its dependencies in the form of containers, to ensure that the application works in a seamless environment O Docker provides a Platform-as-a-Service (PaaS) through OS-level virtualization and delivers containerized software packages Docker Engine Docker Arxchitecture % Client ‘& S g PRI @ Server Docker daemon Data Volumes Docker... Docker ,° = ------- / ,..fi DAEMON :’% l RN ) L. _— | — B[_" Containers Copyright © by < L fi D I;ax;z z B < A Rest API 1= '(-flff‘fi?‘.’i" Registry lw_‘.q, ! Docker Host Images s sesssess Build _—— Pl = Run * "= AL All Rights Reserved. Reproduction is Strictly Prohibited Docker Docker is an open source technology used for developing, packaging, and running applications and all their dependencies in the form of containers, to ensure that each application works in a seamless environment. Docker provides platform-as-a-service (PaaS) through OS-level virtualization and delivers containerized software packages. Docker Engine: This is an application installed on the host machine and uses the following components to develop, assemble, ship, and run applications. = Docker Daemon: This manages the Docker images, containers, networks, and storage volume, and processes the requests of the Docker API. It is responsible for containerrelated actions and communicates with other daemons in order to manage its services. = Docker Engine REST API: This API is used by an application to communicate with the Docker daemon. = Docker CLI: This is a command line interface that is used to interact with the Docker daemon. Using CLI, users can execute commands (build, run, and stop applications) to a Docker daemon. Docker Systems Working Mechanism: The Docker client interacts with the Docker daemon using a REST API through Unix sockets or a network interface. The Docker client and the Docker daemon can run on the same system, or the user can connect a Docker client to a remote Docker daemon. Module 10 Page 1260 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Docker Architecture: The Docker architecture is based following components: Docker Client: This enables the on a client-server model users to communicate with the Docker and has the environment. The key function of the Docker client is to retrieve the images from the registry and run them on the Docker host. Some of the common docker commands of the Docker client are: build docker pull docker run Docker Host: This provides the user an environment to run an application. The Docker host consists of Docker daemon, images, containers, following components are objects of the Docker host. networks, and storage. The Images: An image is a read-only binary template for building a container. Images are used to build a container or to configure the container with additional features. The container capabilities and requirements rely on the metadata of the images. Docker images are hosted by Docker registries. Containers: A container is an encapsulated environment to run an application. A container’s access to resources is defined by the image. The user can also create a new image depending on the state of the container. Networking: Docker has networking drivers to support networking containers. It implements networking in an application-driven manner. Docker Registries: These are services that provide locations for storing and downloading images. While working with registries, frequently used commands are: docker push docker pull docker run Client Manages Containers ANetwork Manages Docker CLI Manages EEEEEEEERENS \ Rest API Images Server — dDocker Mana. es D 2 ==. g Data Volumes Figure 10.8: Docker engine Module 10 Page 1261 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing EN = = B Docker Build ans®. 4 ol Run , ” PR 1. ‘ / : \.7 S ~ : 2 ‘r:%‘ N N DAEMON ant "\4 RO > s Docker Docker Registry | 5, Docker Host Client ’g‘ - Exam 212-82. v L‘ N. h. Containers Images =, ~[immmm. & ,';“a / ’, P 7 , EEEEEEEES Build == == = Pull - "™ Run Figure 10.9: Docker architecture Module 10 Page 1262 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.