Common cloud models

Increasingly, organizations are utilizing cloud-based storage instead of storing data in local data centers. The advantages to this approach include the ability to access the data from anywhere, the ability to scale computing resources to meet demand, and robust fault tolerance options. This section will look at various cloud models and some of the concepts that make it a viable option for the enterprise.

Shared resources

Devices in a cloud data center are virtual machines (VMs) that share the resources of the underlying host. Virtual machines represent virtual instances of an operating system that exist as files on the physical host. Technicians can appropriate these resources in whichever relative percentages they are comfortable. One of the benefits of hypervisor-driven virtualization is the ability of the hypervisor to recognize momentary needs for more resources by one of the VMs and react by shifting some percentage of the resource in contention to the overloaded VM.

Rapid elasticity

One of the advantages of a cloud environment is the ability to add resources as needed on the fly and release those resources when they are no longer required. This makes for more efficient use of resources, allocating them where needed at any particular point in time. These include CPU and memory resources. This is called rapid elasticity because it occurs automatically according to the rules for resource sharing that have been deployed.

On-demand

In a cloud environment, it is typically possible for customers to add additional compute resources at any time to their cloud solution without involving the cloud provider. This is called on-demand resource utilization and results in the customer paying for what is used, rather than paying for unused resources.

Resource pooling

Resource pooling is a cloud concept whereby collections of resources (CPU and memory) are stored in containers called pools. These pools can be configured to be shared by certain virtual systems. The relative priority to the usages of the resources is controlled by the configuration of what are called resource shares. It is also possible to use another concept in combination with resource shares called resource guarantees. These settings are used to ensure that certain systems always have required resources. Finally, resource limits can be used to prevent a system from monopolizing the resources in the pool.

Measured service

Measured service is a term used to describe the process of tracking resource utilization by the customer for the purpose of charging for those resources. This works much in the same way that a utility company charges the organization only for the power used in a period. In this case, the customer is charged for the compute resources utilized in a period. Measured services are recommended for customers who are not able to predict their required usage.

Metered

Metered service is an agreed upon and committed level of service that does not change and is paid in advance. So even if you don’t use it all, you pay for it all. For instance, you can select the number of Oracle compute processor units (OCPUs) or the amount of memory. Customers can change their service capacity as needed, which will increase/decrease their bill. Metered services are recommended for customers who can predict their required usage.

Off-site email applications

An example of SaaS is off-site email such as Gmail for the Enterprise, in which customers pay for the entire solution and support by the month. SaaS is particularly well suited for small businesses. Instead of investing in additional in-house server capacity and software licenses, companies simply can adjust their SaaS subscription on a monthly basis, scaling consumption requirements up and down based on project demands and other variables.

Cloud file storage services

Cloud file storage services, such as Box, Dropbox, and Drive, offer a way to save money on storage capacity and the management of said capacity though a storage as a service offering. Again, SaaS is particularly well suited for small businesses. Rather than spending money on hardware that will perhaps be obsolete in five years, smaller organizations can treat this as an expense rather than a capital expenditure.

Virtual application streaming/cloud-based applications

Cloud-based applications differ from web applications in that they are not always exclusively dependent on web browsers to work. They can be custom-built apps installed on Internet-connected devices, such as desktops and mobile phones, and can be used to access a wider range of services, such as on-demand computing cycle, storage, application development platforms, and even application streaming.

Applications for laptops/desktops

The same applications offered for cell phones/tablets come in a version compatible with laptops/desktops, and as shown in Figure 4.1, the proper app is sent based on the connecting device platform.

Virtual desktop

Virtual desktop infrastructures (VDIs) host desktop operating systems within a virtual environment in a centralized server. Users access the desktops and run them from the server. There are three models for implementing VDI.

Centralized All desktop instances are stored in a single server, requiring significant processing power on the server.

Hosted Desktops are maintained by a service provider. This model eliminates capital cost and is instead subject to operation cost.

Remote Virtual Desktops An image is copied to the local machine, making a constant network connection unnecessary.

Exam essentials

Describe the cloud service models. These include SaaS, PaaS, and IaaS. Differentiate the models with respect to the various responsibilities of the vendor and the customer.

Differentiate cloud architectures. Describe the architectural differences in the private, public, hybrid, and community cloud models.

Identify basic terms describing some of the benefits of cloud computing. These include rapid elasticity, on-demand computing, and measured service.

Purpose of virtual machines

Traditionally, workstations can have multiple operating systems installed on them but run only one at a time. By running virtualization software, the same workstation can be running Window 10 along with Windows Server 2016 and Red Hat Enterprise Linux (or almost any other operating system) at the same time, allowing a developer to test code in various environments as well as cut and paste between VMs.

From a networking standpoint, each of the VMs will typically need full network access, and configuring the permissions for each can sometimes be tricky.

Resource requirements

The resource requirements for virtualization are largely based on what environments you are creating. The hardware on the machine must have enough memory, hard drive space, and processor capability to support the virtualization. You also need the software to make virtualization possible (discussed in the next section).

Emulator requirements

XP Mode is a free emulator from Microsoft that you can download and use as a virtual emulator. A number of others are also available. In most cases, the motherboard and associated BIOS settings need no alteration to provide services to these VMs. Some of the virtualization products, however (such as Microsoft’s Hyper-V, Windows 7 Virtual PC, and Windows 10 Client Hyper-V), require that the motherboard support hardware-assisted virtualization. The benefit derived from using hardware-assisted virtualization is that it reduces overhead and improves performance.

Security requirements

Tales of security woes that can occur with attackers jumping out of one VM and accessing another have been exaggerated. Although such threats are possible, most software solutions include sufficient protection to reduce the possibility to a small one.

Most virtualization-specific threats focus on the hypervisor (the software that allows the VMs to exist). If the hypervisor can be successfully attacked, the attacker can gain root-level access to all virtual systems. While this is a legitimate issue—and one that has been demonstrated to be possible in most systems (including VMware, Xen, and Microsoft Virtual Machine)—it is one that has been patched each time it has appeared. The solution to most virtualization threats is to always apply the most recent patches and keep the systems up-to-date.

It is much easier to attack a virtual machine than a hypervisor because admins do not think about the security of each individual VM. It is also important to ensure that all VMs are updated with patches for both the OS and all applications. If VMs are allowed to run with outdated OS or software, known vulnerabilities will exist that attackers will take advantage of.

Keep in mind that in any virtual environment, each virtual server that is hosted on the physical server must be configured with its own security mechanisms. These mechanisms include antivirus and anti-malware software and all the latest service packs and security updates for all the software hosted on the virtual machine.

Network requirements

Network access is not a requirement in every virtual environment (for example, if you were decoding an application that would run only locally) but is often needed in most. During implementation of the virtualization, you can configure the network functionality for the machine (known as internal) or combine elements of the network together to provide network virtualization (known as external). The difference between internal and external implementations is usually based on which software package you are using.

Hypervisor

The hypervisor is the software that allows the VMs to exist. Figure 4.2 shows the relationship between the host machine, its physical resources, the resident VMs, and the virtual resources assigned to them. Also, remember that all the virtual servers share the resources of the physical device.

Type II Hypervisor

A Type II hypervisor runs within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware. VMware Workstation and VirtualBox exemplify Type II hypervisors. Figure 4.3 compares the two approaches.

Exam essentials

Be familiar with virtualization terminology. The hypervisor is the software that allows the VMs to exist. VMs are separate instances of an operating system, and they function independently of one another on a host physical machine.

Know security concerns related to virtualization. Most virtualization-specific threats focus on the hypervisor. If the hypervisor can be successfully attacked, the attacker can gain root-level access to all virtual systems.