1.0 Networking Fundamentals

icon picker
1.8 Summarize Cloud Concepts and Connectivity Options

Last edited 365 days ago by Makiel [Muh-Keel]

What is Cloud Computing?

Simply put, Cloud Computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale. You typically pay only for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change.
Advantages to Cloud Service Providers
Cost reduction, standardization, and automation
High Utilization through virtual, shared resoruces
Easier administration
Fall-in-Place operations model
Advantages to Cloud Users
On-Demand, self-service resource set up
Fast Deployment cycles
Cost Effectiveness
Centralized appearance of resources
High availability, horizontally scaled application architectures
No need for a local backup because it’s all virtual anyway.
Deployment Models
Private Cloud
A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private cloud. A private cloud is one in which the services and infrastructure are maintained on a private network
Public Cloud
Public clouds are owned and operated by a third-party cloud service providers, which deliver their computing resources, like servers and storage, over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. You access these services and manage your account using a web browser.
Hybrid Cloud
Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives your business greater flexibility, more deployment options, and helps optimize your existing infrastructure, security, and compliance.
Community Cloud
This is a solution owned and managed by a group of organizations that create the cloud for a common purpose.
Cloud Service Models
Cloud Providers can offer you different available resources based on your needs and budget. You can choose just a vitalized network platform or go all in with the network, OS, and application resources.
There are Three Service Models to choose from. Infrastructure as a Service (IaaS) allows the customer to manage most of the network, whereas Software as a Service (SaaS) doesn’t allow any management by the customer, and Platform as a Service (PaaS) is somewhere in the middle of the two. Desktop as a Service (DaaS) is does exist, but it’s not as popular as the main three.
Infrastructure as a Service (IaaS)
The most basic category of cloud computing services. With IaaS, you rent IT infrastructure—servers and virtual machines (VMs), storage, networks, operating systems—from a cloud provider on a pay-as-you-go basis.
The customer has the most control and management capability.
Ex. Windows Azure
image.png
Platform as a Service (PaaS)
Platform as a service refers to cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications. PaaS is designed to make it easier for developers to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development.
Ex. Google App Engine
image.png
Software as a Service (SaaS)
Software as a service is a method for delivering software applications over the Internet, on demand and typically on a subscription basis. With SaaS, cloud providers host and manage the software application and underlying infrastructure, and handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually with a web browser on their phone, tablet, or PC.
Customers have the least amount of control capability.
Ex. MailChimp and Slack.
image.png
Desktop as a Service (DaaS)
DaaS hosts the desktop OS, such as Windows or Linux, plus the storage, infrastructure, and network resources inside the data center.
A data stream of the laptop is accessed from the user’s remote device, usually via a web browser or a small application residing on the user’s computer, tablet, or phone.
This allows all applications, data, and security standards to be hosted inside the data center for centralized management; This takes the absolute most control away from the customer and user.
image.png
Image of Cloud Service Models
image.png
Infrastructure as code
Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manually configuring hardware.
With the new hyperscale cloud data centers, it is no longer practical to configure each device in the network individually. Also, configuration changes happen so frequently it would be impossible for a team of engineers to keep up with the manual configuration tasks.
The concept of IaC allows all configurations for the cloud devices and networks to be translated into machine code instead of physical hardware configurations. IaC manages provisioning through code so manually configuration changes is no longer required.
Automation/Orchestration
Automation involves individual tasks that do not require human intervention and are used to create workflows that referred as orchestration. This allows you to easily manage very complex and large tasks using code instead of physically and manually configuring it.
Defines configuration, management, and the coordination of cloud ops.
Orchestration in the cloud allows you to create a complete virtual data center that includes all compute, storage, database, networking, security, management, and any other required services.
Common automation tools include Terraform, Kubernetes, and CloudFormation.
Connectivity Options
By default, your traffic into and out of your public cloud travels across the Internet. This a good solution in many cases, but if you require additional security when accessing your cloud resources and exchanging your data, there are two common solutions.
VPN (Virtual Private Network)
Cloud Providers offer site-to-site VPN options that allow you to establish a secure and protected network connection across the Public Internet.
The VPN connection verifies that both ends of the connection are legit and then establishes encrypted tunnels to route traffic from your data center to your cloud resources. If an attacker intercepts the data, they will not be able to read it due to the encryption of the traffic.
VPC Endpoint – Direct connection between cloud provider networks.
Be sure to avoid Virtual Machine Sprawl Avoid
It’s too easy to build out infrastructure in the cloud — all you have to do is click a button and — BOOM! You have 12 servers at your finger tips.
You have to be careful to not create an unwanted plethora of infrastructure and instances; It’s easy to lose track of which servers and switches are for what, and what applications are connected to what virtual infrastructure.
From the beginning, you should have a formal process in place of creating/decommissioning virtual infrastructure. This way you’ll know exactly what applications are connected to what VMs.
Leaving the VM could potentially be a concern for company security
Although it may seem like VMs are self-contained in their own little worlds, a potential hacker who knows how to leave the VM and hop on the company’s network represents a very real security threat.
VM escapes should be countered with well-thought out security policies and procedures; Both reactive + preventative.
The internet
Direct Connections
Multitenancy
Public Clouds host hundreds of thousands of different customer accounts in the same cloud.
Multitenant Clouds offer isolated space in the data centers to run services such as compute, storage, databases, development applications, AI, network applications (such as firewalls and load balancers), and many other services.
Think of this as your own private data center in the cloud.
Elasticity
Allows you to meet the fluctuating workload requirements by adding or removing resources in near real time.
Elasticity provides on-demand resources such as computing instances or stage space that can meet your existing workloads and automatically adds/subtracts capacity to meet peak and slow workloads.
It allows you to do this all in seconds or minutes
Scalability
A cloud feature that allows you to use cloud resources that meet your current workload needs and later migrate to a larger system to handle growth.
You can either scale up to a larger server instance or scale out by adding additional cloud server in parallel to handle the larger workloads.
Scalability allows you to grow your cloud deployments based on demand, whereas elasticity enables you to scale resources up or down based on real-time workload requirements.
Security Implications/Considerations
Cloud computing is equally susceptible to attacks as on-premises environments.
Data security varies country to country, and customers have zero idea where their data is located any given time.

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.