Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
.
CIS 3500 1
Cloud and Virtualization
Chapter #15:
Architecture and Design
Chapter Objectives
n Explore virtualization concepts
n Become familiar with cloud concepts
Cloud and Virtualization2
Cloud and Virtualization
n Virtualization and cloud services are becoming common
enterprise tools to manage
n costs
n capacity
n resources
n complexity
n risk
Cloud and Virtualization3
Hypervisor
n V ir t u a l i z a t io n t e c h n o lo g y e n a b le s a c o m p u t e r t o h a v e m o r e t h a n o n e O S a n d
o p e r a t in g a t t h e s a m e t im e
n I t i s a n a b s t r a c t io n o f t h e O S la y e r
n T o e n a b le v i r t u a l i z a t io n , a h y p e r v is o r i s e m p lo y e d
n A h y p e r v is o r s a r e a lo w - le v e l p r o g r a m s t h a t a l lo w m u l t ip le o p e r a t in g s y s t e m s
t o r u n o n a s in g le h o s t c o m p u t e r
n T h e y u s e a t h in la y e r o f c o d e t o a l lo c a t e r e s o u r c e s in r e a l t im e – t h e y c o n t r o l
I / O s a n d m e m o r y m a n a g e m e n t : s e p a r a t io n o f s o f t w a r e a n d h a r d w a r e
n H o s t m a c h in e a n d h o s t O S - g u e s t m a c h in e a n d g u e s t O S
n T y p e I a n d T y p e I I h y p e r v is o r s
Cloud and Virtualization4
.
CIS 3500 2
Type I
n Type I hypervisors run directly on the system hardware
n Native, bare-metal, or embedded hypervisors
n They are designed for speed and efficiency – no additional OS layer
n KVM (Kernel-based Virtual Machine, a Linux implementation),
Xen (Citrix Linux implementation),
Microsoft Windows Server Hyper-V (Windows OS core)
VMware’s vSphere/ESXi platforms
n They come with management tools
Cloud and Virtualization5
Type II
n Type II hypervisors run on top of a host operating system
n Oracle’s VirtualBox and VMware’s VMware Player
n These are designed for limited numbers of VMs, typically
running in a desktop or small server environment
Cloud and Virtualization6
Application Cells/Containers
n A hypervisor enables multiple OS instances to coexist
n The concept of application cells/containers is similar
n Container holds the portions of an OS that it needs
n But have separate memory, CPU, and storage threads so they will not
interact with each other
n Multiple instances of an application or different applications share a
host OS with virtually no overhead
n It is the evolution of the VM concept to the application space
n This eliminates the differences between a development, test, or
production environmentCloud and Virtualization7
VM Sprawl Avoidance
n You can lose track of a VM
n VMs basically are files that contain a copy of a working
machine’s disk and memory structures
n Creating a new VM is a simple process
n As the number of VMs grows over time, sprawl can set in
n Can be avoided through naming conventions and proper
storage architectures
n VMware can manage, locate and use resources when required
Cloud and Virtualization8
.
CIS 3500 3
VM Escape Protection
n One concern is VM escape, where escapes from one VM to
the underlying OS
n VMs use the same RAM, the same processors, and so forth
n Large-scale VM environments have specific modules
designed to detect escape and provide VM escape
protection to other modules
Cloud and Virtualization9
Cloud Storage
n Cloud storage: computer storage provided over a network
n One of the characteristics is transparency to the end user
n This improves usability, performance, scalability, flexibility,
security, and reliability
n Security is a particular challenge: how to allow data to be
stored outside your enterprise and yet remain in control
n The common answer is encryption
n Apple iCloud, Microsoft OneDrive, and Dropbox
Cloud and Virtualization10
Cloud Deployment Models
n Cloud deployment models: internal and external
n Big scale from Google and Amazon
n The promise of cloud computing is improved utility
n Platform as a Service,
Software as a Service, and
Infrastructure as a Service
Cloud and Virtualization11
SaaS
n Software as a Service (SaaS) is the offering of software to
end users from within the cloud
n SaaS acts as software on demand, and runs from the cloud
n Advantages: updates can be seamless to end users, and
integration between components can be enhanced
n Microsoft Office 365 and Adobe Creative Suite
Cloud and Virtualization12
.
CIS 3500 4
PaaS
n Platform as a Service (PaaS): computing platform in the
cloud
n Multiple sets of software can be delivered
n PaaS offerings generally focus on security and scalability
Cloud and Virtualization13
IaaS
n Infrastructure as a Service (IaaS) is a virtual solution for
computing
n Rather than building data centers, IaaS allows firms to
contract for utility computing as needed
n IaaS is specifically on a pay-per-use basis, scalable directly
with need
n You can even rent supercomputers
Cloud and Virtualization14
Private
n Private clouds are essentially reserved resources used only
for the organization—your own little cloud within the cloud.
n This service will be more expensive, but it should also carry
less exposure
n Better defined security, processing, handling of data
Cloud and Virtualization15
Public
n Public cloud is rendered over a system that is open for
public use
n There is little operational difference between public and
private cloud architectures
n Security ramifications can be substantial
n Services separate users with security restrictions, the depth
and level of these restrictions, will be significantly less in a
public cloud
Cloud and Virtualization16
.
CIS 3500 5
Community
n A community cloud system for several organizations with a
common interest
n They share a cloud environment for the specific purpose
n Community initiatives
n Cost-sharing mechanism for specific data-sharing initiatives
Cloud and Virtualization17
Hybrid
n A hybrid cloud: elements are combined from private,
public, and community cloud structures
n They can be used together:
n sensitive information can be stored in the private cloud
n issue-related information can be stored in the community
cloud
Cloud and Virtualization18
On-Premise vs. Hosted vs. Cloud
n On-premises: the system resides locally
n VM, storage, or even services
n locally hosted and maintained
n advantage: organization has total control, high connectivity
n disadvantage: requires local resources, not as easy to scale
n Hosted services: the services hosted somewhere else
n provides a set cost based on the amount you use
n advantage: costs, especially when scale is included
Cloud and Virtualization19
VDI/VDE
n Virtual desktop infrastructure (VDI) and virtual desktop environment
(VDE): hosting of a desktop environment on a central server.
n VDI: all the components needed to set up the environment
n VDE: what the user sees, the actual user environment
n User “machine” and all of its data are persisted in the server
environment
n Users can use a wide range of machines, even mobile phones, to
access their desktop and perform their work
n Tremendous security advantages because all data resides on servers
inside the enterprise, in the data centerCloud and Virtualization20
.
CIS 3500 6
Cloud Access Security Broker
n Cloud access security brokers (CASBs): security policy
enforcement between cloud service providers and their
customers to maintain and enforce security policies
n CASBs belong to the broader category of managed security
service providers (MSSPs)
n CASB vendors provide a range of security services designed
to protect cloud infrastructure and data
Cloud and Virtualization21
Security as a Service
n Security as a Service: outsourcing security functions
n Advantages: scale, costs, and speed
n Security is a complex, wide-ranging cornucopia of technical
specialties, all working together to provide appropriate risk reductions
n Technically savvy security pros, experienced management, specialized
hardware and software, fairly complex operations –any or all of this
can be outsourced
n Specializations in network security, web application security, e-mail
security, incident response services, infrastructure updates
Cloud and Virtualization22
Stay Alert!
There is no 100 percent secure system, and
there is nothing that is foolproof!