Basics of Cloud Computing
Cloud Computing broken down to it’s simplest form is: cloud service providers deliver computing services to their customers over the Internet. This could be anything; Including networking services, applications, security, and entire server environments.
Formal Definition is as follows:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. If you have access to the Internet, you can access the cloud. It doesn't matter whether you're sitting in your office or on the beach. Cloud Computing works On-Demand; meaning you can acquire new cloud resources almost immediately when you need them and you can turn them off quickly (and stop paying for them!) when they are no longer required.
Similar to how an electric bill operates. You get charged by how much electricity you use in your house. The cloud is a shared group of resources accessed by many different people. It uses a shared pool of resources that may be configured for different purposes by different users. Multitenancy is whenever many different users share resources in the same cloud infrastructure. In a multitenant environment, the same physical hardware might support the workloads and storage needs of many different customers, all of whom operate without any knowledge of or interaction Service Providers are X’d out as Well. Unlike on-premises hardware acquisition, you can provision cloud services yourself without dealing with account representatives and order processing times. If you need a new cloud server, you don't need to call up Microsoft, Amazon, or Google. You just click a few buttons on their website and you're good to go.
Benefits of Cloud Computing
The key is to find the right balance between having on-premise technology and having it in the cloud. This varies from organization to organization obviously due to different needs. Understanding some of the key benefits provided by the cloud is helpful to finding that correct balance: On-demand self-service computing Cloud resources are available when and where you need them. This provides developers and technologists with incredible agility, reducing cycle times and increasing the speed of deployment. Elasticity and scalability are closely related. Scalability is focused on rapidly increasing capacity. Elasticity says that capacity should expand and contract as needs change to optimize costs. Example. If your website starts to experience a burst in activity, elasticity allows you to automatically add servers until that capacity is met and then remove those servers when the capacity is no longer needed. Everything you do in the cloud is measured by the provider. Providers track the number of seconds of processing time you consume, the amount of storage you occupy, the number of log entries that you generate, and many other measures. They use this information to be able to assess charges based on your usage. You pay for exactly what you use—no more and no less The speed to provision cloud resources and the ability to use them for short periods of time lends tremendous agility and flexibility to technology organizations. Developers and engineers who wish to try a new idea can rapidly spin up a test environment, evaluate the approach, and decide whether to move it into production with minimal effort and cost. As the demand for a cloud-based service increases, customers can manually or automatically increase the desired service amount. In some cloud environments, the cloud service provider may do this in a manner that is completely transparent to the customer, scaling resources behind the scenes. Cloud providers achieve scalability in two ways: Increases the capacity of existing server. Example. you might change the number of CPU cores or the amount of memory assigned to a server. In the physical world, this means opening up a server and adding physical hardware. In the cloud, you can just click a few buttons and add memory or compute capacity Adds more servers to a pool of clustered servers, as shown in Figure 10.1(b). Example. If you run a website that supports 2,000 concurrent users with two servers, you might add a new server every time your typical usage increases another 1,000 users. Cloud computing makes this quite easy, as you can just replicate your existing server with a few clicks. Cloud Roles
In any cloud computing environment, different organizations take on different roles. There are five key roles in the cloud:
Cloud service providers
Cloud Service Providers are the firms that offer cloud computing services to their customers. They may build their own datacenters or work hand in hand with other cloud providers to deliver their service, but their defining characteristic is they offer a cloud service for sale. CSPs can charge a flat fee or only charge on use, like a utility bill! Cloud consumers
Cloud Consumers are the organizations and individuals who purchase cloud services from cloud service providers. They use these services to meet their own business requirements. Cloud partners (or cloud brokers)
Cloud Partners are organizations that offer ancillary products or services that support or integrate with the offerings of a cloud service provider. Cloud partners may offer training or consulting to help customers make use of a cloud service, provide software development and integration services, or perform any other service that facilitates the use of a cloud offering. Cloud auditors
Cloud Auditors are independent organizations that provide third-party assessments of cloud services and operations. Depending on the scope of the audit engagement, they may provide a general assessment of a cloud environment or focus on security controls for a narrow scope of operations. Cloud carriers
Cloud Carriers serve as the intermediaries that provide the connectivity that allows the delivery of cloud services from providers to consumers.
Cloud Service Models
There are 3 main categories for cloud service models. These categories are:
Infrastructure as a Service (IaaS)
Infrastructure as a service (IaaS) offerings allow customers to purchase and interact with the basic building blocks of a technology infrastructure. These include computing, storage, and networks. Consumers have the most control here; They have the flexibility to configure and manage those services in any way they like to meet their own business needs. Software as a Service (SaaS)
Software as a service (SaaS) offerings provide customers with access to a fully managed application running in the cloud. The provider is responsible for everything from the operation of the physical datacenters to the performance management of the application itself, although some of these tasks may be outsourced to other cloud service provider Ex. Gmail, Shopify, Slack, Salesforce, Mailchimp, Zoom. SaaS is widely used to deliver applications ranging from web-based email to enterprise resource planning (ERP) and customer relationship management (CRM) suites. Customers enjoy continued access to cutting-edge software and typically pay for SaaS services using a subscription model. Anything as a Service (AaaS)
“Anything as a service” (XaaS) describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet. Any IT function can be transformed into a service for enterprise consumption. Platform as a Service (PaaS)
Platform as a Service (PaaS) is a cloud computing model that provides customers a complete cloud platform—hardware, software, and infrastructure—for developing, running, and managing applications without the cost, complexity, and inflexibility that often comes with building and maintaining that platform on-premises. Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. Function as a service (FaaS) platforms are an example of PaaS computing.
MSP (Managed Service Providers)
Managed service providers (MSPs) are services organizations that provide information technology as a service to their customers.
Outsource the IT services if your organization cannot bring anyone in-house. MSPs may handle an organization's IT needs completely, or they may offer focused services such as network design and implementation Managed Security Service Providers (MSSPs) include security monitoring, vulnerability management, incident response, and firewall management. Cloud Deployment Models
Cloud deployment models describe how a cloud service is delivered to customers and whether the resources used to offer services is for one one customer or it’s shared with other customers.
Public Cloud
The Public Cloud is defined as computing services offered by third-party providers over the public Internet, making them available to anyone who wants to use or purchase them. Public cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model Public cloud providers may offer IaaS, PaaS, SaaS, and FaaS services to their customers. The key distinction is that those services do not run on infrastructure dedicated to a single customer but rather on infrastructure that is available to the general public. Ex. AWS, Microsoft Azure, and Google Compute Platform. Private Cloud
The term Private Cloud is used to describe any cloud infrastructure that is provisioned for use by a single customer. This infrastructure may be built and managed by the organization that will be using the infrastructure, or it may be built and managed by a third party. The key distinction here is that only one customer uses the environment. Because only one customer uses a private cloud, private cloud services tend to have excess unused capacity to support peak demand and, as a result, are not as cost-efficient as public cloud services. Ex. The US Intelligence Communities (IC) need to use cloud services as well. So, Amazon built them a entire cloud computing system (C2S Region) that is completely dedicated to the work and needs of the IC. AWS is operating the C2S region specifically for the IC but it runs with the same tools and services available in the AWS public cloud, presumably at much greater cost. Community Cloud
A Community Cloud service shares characteristics of both the public and private models. The community cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Ex. Academic research libraries joined together to form a ring that provides access to their collections of books. Students and faculty at HathiTrust member institutions may log into the community cloud service to access resources. Hybrid Cloud
Hybrid cloud is a catch-all term used to describe cloud deployments that blend public, private, and/or community cloud services together. A Hybrid Cloud is a mixed computing environment where applications are run using a combination of computing, storage, and services in different environments—public clouds and private clouds, including on-premises data centers or Shared Responsibility Model
Cloud security operations also differ significantly from on-premises environments because cloud customers must divide responsibilities between one or more service providers and the customers' own cybersecurity teams.
Under the shared responsibility model, the data and data management always remain the responsibility of the customer. Regardless of the cloud service model (IaaS, PaaS, SaaS), the customer is always responsible for their own data, including its classification, handling, protection, and regulatory compliance. This is just due to the nature of how the cloud models operate. We’ve seen up above that different models have different levels of shared responsibility between the Cloud Provider and the Consumer’s cyber security team. In an IaaS environment, the customer takes over security responsibility for everything that isn’t infrastructure ( OS, applications, and the data they run in the IaaS environment.
In a PaaS environment, the vendor takes security responsibility for the OS, Application, Hardware, and datacenter, while the customer retains responsibility for the data being placed in the environment and configuring it’s security.
In the SaaS environment, the Cloud Providers handles almost all security responsibility. The customer retains some shared control over the data that they place in the SaaS environment and the access controls around that data.
Edge Computing
Edge computing allows devices in remote locations to process data at the "edge" of the network, either by the device or a local server. And when data needs to be processed in the central datacenter, only the most important data is transmitted, thereby minimizing latency.
Edge is about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes, leading to greater action-led results in real time. It does this by using sensors to preprocess some of the data before shipping it back to the cloud. ‘Edge’ because it allows some of the remote sensors on the edge of the network to take the processing load off of the cloud. It means that the applications that are running and the decisions being made from the data created by these applications are all occurring on the local system and don’t have to go out to the internet. Having local processing on the edge device and a midpoint in the fog allows us to have a much more efficient cloud computing experience.
Fog Computing
Fog computing, very similar to edge computing, is intended for distributed computing where numerous "peripheral" devices connect to a . The word "fog" refers to its cloud-like properties, but closer to the "ground", i.e. IoT devices. These IoT devices are located in close-proximity to the remote sensors. It aims to bring cloud intelligence, processing, and storage closer to the network’s edge to provide quicker and more localized computing services for the connected smart devices that make up the IoT. It can be considered a mini-cloud that leverages its own resources and the data collected from (IoT) edge devices in combination with the vast computational resources available from the cloud. It’s a distributed cloud architecture that allows us to send information into the cloud for processing without requiring that all of this data be consolidated in one single place. This means that any data that our IoT device needs to make local decisions can stay local on that device. It doesn’t need to go into the cloud From a privacy perspective, this means that we can keep sensitive data on our local network, and we can only send into the fog the information that we might feel a little more comfortable sharing with others.
On-Premise v. Off-Premise
On-Premise
On-Premise software or infrastructure is installed and runs on a company's own hardware infrastructure, and is hosted locally.
Deployed and maintained in-house at a physical office as opposed to being hosted on a vendor-supplied cloud. The organization remains responsible and bears the cost for training, support and updates. On-premise applications are presumed to be more reliable, secure; offering complete ownership and control. Off-Premise / Cloud / Hosted infrastructure is not hosted locally and maintained in your organization’s building. It is handled by a 3rd party provider that utilizes a specialized computing environment .
The company leases or rents the software from a third-party provider. They don’t require local installation; The implementation time is reduced and only host monitoring software need be installed. The organization doesn’t have the responsibility of maintaining the facilities or infrastructure. Organizations use the virtual infrastructure maintained by cloud service providers Cloud Infrastructure Resources
IaaS computing environments provide organizations with access to a wide variety of computing resources, including compute capacity, storage, and networking. These resources are available in a flexible manner and typically may be used immediately upon request.
Traditional Servers
Legacy Servers will always have one application running per server.
Ex. Email application would be the only app running on an entire server, or the Webserver would only have one web application running on the entire server. Every business critical application required you to buy a new server solely dedicated to that one application. This is an incredibly wasteful method. You’re essentially using only a small % of the physical server’s full power just to run one application. Old Servers do not posses the capability to run multiple application securely. Virtual Servers
Organizations can spin up virtual servers running most common operating systems with the specific number of CPU cores, amount of RAM, and storage capacity that is necessary to meet business requirements.
It’s used the same way you would if the server was physically in your data center. The main difference lies in the capabilities of the Virtual Server. Virtual Servers can run so much more than traditional servers can. Virtual servers allow multiple applications to run on a single server by simulating hardware and software through Virtual Machines. Ex. If a company has 3 needed applications being run a server, a virtual machine can be used to run all 3 applications on that one server. In order to run multiple virtual machines on one physical server, you’ll need a Hypervisor. A hypervisor is what allows one machine to run multiple virtual machines. Virtual Machines will have their own OS running. Virtual machines are placed on top of Hypervisors. VMs solve the problem of wasting money on buying entire servers for every business critical application needed. Can have multiple different operating systems running on the same server by using a VM. VMs tend to to consume a lot disk space because each one runs it’s own operating system. Slow to startup due to an entire OS having to startup. Each VM also requires a license for the OS. Tend to consume a lot of RAM and CPU power from the server. Containers
Containers only contain an application that has been bundled with all the files, configurations, dependencies, and everything it needs to run.
Docker is the leading software used to run, create, and manage containers. Container Engine is what unpacks the container files and hands them off to the core of the OS kernel. Containers only contain an application! Consumes less RAM and CPU power on top of taking milliseconds to bootup. Containers must be packaged with the same OS of the server for it to run. If the OS of the server crashes, all the containers will do down with it. Ex. If the server OS is Linux, then the container’s OS must be Linux based.
Thin Client
A common Thin Client definition is a computer that uses resources housed inside a central server as opposed to a local hard drive. A thin client connects to a server-based or cloud-based environment that hosts the majority of applications, memory, and sensitive data the user needs.
Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored. It has just enough computing power to be able to connect to a desktop that is running in the cloud. Sometimes referred to as a Virtual Desktop Infrastructure or VDI, or if we are running this in the cloud, it may be provided through a third-party service such as Desktop as a Service or DaaS. You would be locally running a single device that allows us to connect a keyboard, a mouse, and a monitor, and that device, then connects to our desktop that’s running in the cloud. Meaning this device doesn’t need a high-end CPU or a lot of memory, because the application is running in the cloud.
Microservices/API
Monolithic Application
Many of the applications we use from day-to-day are one very large application that is built on a single codebase. This application does everything using this enormous amount of code that has been programmed into that app.
So everything associated with the user interface (mentioned below) is controlled by this single codebase. Putting data into the application and out Having the application set up like this creates complexity when you need to upgrade or update just one part of the application. You cannot upgrade a single feature in a Monolithic application, instead you have to replace the entire code base in order to use those new functions. Microservice Architecture
Microservice Architecture uses APIs to break up Monolithic (Huge) applications into individual services, allowing you to upgrade individual features of an application.
API Gateways are used to manage communication between the client machine and the microservices. Adding New Features: If we need to add new features to the application, we can simply add new microservices into this view, and if we need to increase the scalability of an application, we only need to increase the microservices that are being used the most. If any microservice needs to be changed, updated, or new features added, you only need to change the microservice associated with those particular features. This also means that if certain microservices become unavailable, the entire application doesn’t fail, only that particular service related to the application. Increased Security due to segmentation: The segmentation allows you to have much tighter control of data security since you can limit what microservices might have access to different types of data.
Serverless Architecture
Function-as-a-Service, or FaaS, is a serverless way to run functions in any cloud environment. With the help of FaaS, developers can focus on writing function code without the need to build and maintain the required infrastructure.
FaaS is mainly used in an event-driven computing context where functions are triggered by a specific event such as message queues, HTTP requests, etc. It allows us to take the operating system completely out of the equation, and instead perform individual tasks based on the functions that are requested by the application. Stateless Compute Container is used by developers to spin up and deconstruct service sessions. These compute containers are simply processors that are designed to respond to our API requests. So our application will send in the API request to the compute container, and the results of that API requests are sent back to the client. On-Command: Only use these compute containers when you need them, Only use these microservices (application functions) as you need them. If a user does need to perform an certain function, we can spin up an individual compute container, perform that request, and then disable that compute container, meaning that it is ephemeral or temporary in use. These containers might run for a single event, and once that event is done, the container disappears.
Infrastructure as Code
Infrastructure as Code (IaC) is the automating the creation, deconstruction, and management of code that is used in place for actual infrastructure hardware.
Deploy servers, routers, switches, and applications as code.
IaC is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. 
2.2 Summarize virtualization and cloud computing concepts
