1-Cloud Services - Cloud Computing Concepts

Cloud Services: Cloud Computing Concepts Transcript https://cdn2.percipio.com/secure/c/1639301300.382d7b1f7473bd47c8...
Cloud Services: Cloud

Computing Concepts
Explore fundamental cloud computing concepts such as cloud service
models, hosting options, and security considerations, among other
topics covered in this 14-video course. Begin by examining cloud
benefits, components, and service models; the differences between
cloud computing roles such as cloud service customer, cloud service
architect, and cloud auditor, and learn the differences between on-
premises and cloud implementations. This leads to an overview of the
IaaS (Infrastructure as a Service) cloud service model; the SaaS
(Software as a Service) cloud service model, and what needs to be
considered when using the PaaS (Platform-as-a-Service) cloud
service model. Next, take a look at benefits and potential pitfalls for
private cloud implementation; advantages and disadvantages of using
a public cloud; benefits of using a hybrid cloud solution, and benefits
and potential pitfalls of using a community cloud. Learners will
examine the potential risks and benefits of migrating to the cloud, and
explore common cloud vulnerabilities such as negligence, cyber
threats, and system vulnerabilities.
Table of Contents
1. Course Overview
2. Moving to the Cloud
3. Cloud Computing Roles
4. On-premise vs. Cloud
5. IaaS
6. SaaS
7. PaaS
8. Private Cloud
9. Public Cloud
1 of 29 2021-12-11, 20:30
10. Hybrid Cloud

11. Community Cloud
12. Cloud Migration Risks and Benefits
13. Common Cloud Vulnerabilities
14. Course Summary
Course Overview
[Video description begins] Topic title: Course Overview. [Video
description ends]
Hi, I'm Dan Lachance. I've worked in various IT roles since the early
1990s, including as a technical trainer, as a programmer, a consultant,
as well as an IT tech author, and editor.
[Video description begins] Your host for the session is Dan Lachance.
He is an IT Trainer and a Consultant. [Video description ends]
I've held and still hold IT certifications related to Linux, Novell,

Lotus, CompTIA, and Microsoft. Some of my specialties over the
years have included networking, IT security, cloud solutions, Linux
management and configuration and troubleshooting across a wide
array of Microsoft products. In this course, we're going to explore
fundamentals of cloud computing, such as cloud models, hosting
options and security basics.
I'll start by examining the benefits of moving to the cloud, and cloud
components, and service models. I'll then explore the different cloud
computing roles, and differentiate between on-premises and cloud
implementations. Next, I'll examine different cloud service models
including Infrastructure as a Service, Software as a Service, and
Platform as a Service. Moving on, I'll examine the advantages and
disadvantages of various cloud implementations including private,
public, hybrid, and community clouds. Lastly, I'll explore risks and
benefits of migrating to the cloud, as well as talking about common
cloud vulnerabilities that you should be aware of.
2 of 29 2021-12-11, 20:30
Moving to the Cloud

[Video description begins] Topic title: Moving to the Cloud. Your host
for the session is Dan Lachance. [Video description ends]
Organizations looking at moving to the cloud, means that they will

have to consider some of the migration options to migrate data that
they might currently host on-premises into the cloud, or migrating
applications are currently run on-premises in the cloud, and also, any
servers that they have running on-premises that might serve up files
or that might actually run application workloads can also potentially
be migrated into the cloud computing environment.
[Video description begins] Screen title: Cloud Migration Models.

[Video description ends]
Now with cloud migration, you can either migrate from your existing
on-premises environment. But at the same time if you're already using
cloud computing, you might consider migrating from an existing
cloud service provider, to a new cloud service provider. Now the
benefits of moving to the cloud would include first of all, reduced
infrastructure expenses. At least compared to what you might have to
do on-premises.
On-premises, you have capital expenditures related to purchasing the

hardware to create the supporting IT infrastructure. Things like
physical servers, storage arrays, UPS backup systems. However, in
the cloud that's done by the cloud service provider. Another benefit of
moving to the cloud, is minimizing capacity boundary issues. Cloud
providers have the benefit of economies of scale where they have
such a vast pool of resources made available to cloud customers.
They can offer it at a reduced charge compared to what we would
have to do if we were doing this ourselves entirely on-premises.
The other thing is that when you run out of capacity on-premises such
as storage, you have to then acquire additional hardware and
3 of 29 2021-12-11, 20:30
configure it to have that additional storage available. That takes a lot

longer than it would to simply allocate more cloud storage through a
public cloud service provider. Another benefit is the reduced total
cost of ownership, or TCO over time. Now, that can be gauged by
comparing the ongoing operational expense of cloud computing
charges against the on-premises capital upfront expenditures required
to acquire all of the equipment to support the infrastructure.
Another benefit of moving to the cloud, is the increased global scope

and access to redundancy. Public cloud service providers have data
centers around the globe, and so the benefit of that, for example, if
you're hosting a public facing website, is that you've already got that
availability to place that website near users that might access it. You
also have access to redundancy by replicating content, whether it's
files stored in the cloud, or even replicating virtual machines running
out workloads to alternate locations around the planet. Moving to the
cloud means standardizing on file formats.
You want to make sure that you don't move to a public cloud service
provider that has a proprietary or customized way of dealing with file
formats and data exchange, you want to use open standards. That way
you have an easy exit strategy, if you need to switch to a different
cloud service provider. The other consideration when you move to the
cloud is that the service offerings, whether they are new ones that will
be introduced or changing existing ones, there are going to be
changes with the way things are done over time with a cloud
computing provider, and that even includes with the management
tools be the command line based or graphically based.
So be aware that there are changes that are made, and we kind of have
to go with the flow, don't have a choice because we don't have the
underlying control of the infrastructure, the cloud service provider
does. The other consideration is privacy and security. Now moving to
the cloud, it does not mean you have less security. Instead, we should
consider the security accreditations or the compliance that the public
cloud service provider has, with various security audits to determine
which one we should use.
4 of 29 2021-12-11, 20:30
So your organization might be very concerned with privacy and

security, and there's no reason that can't be achieved in the cloud as it
would be on-premises. The only distinction being, perhaps less
configuration, flexibility and control when it comes to security in the
public cloud. The other consideration when moving to the cloud is
integration. For instance, you might have on-premises software
components that you're currently running, that you want to leave on-
premises.
You might want to integrate them with cloud services. For example,
developers could make API programmatic calls from on-premises
software components to talk to cloud services. The other
consideration are the various cloud models available and the offerings
within each. First we have software as a service. Whenever we refer
to a cloud service offering, it usually ends with as a service.
[Video description begins] Software as a Service is abbreviated as

SaaS. [Video description ends]
It means it's delivered and available over a network, hosted on

equipment that is the responsibility of the cloud provider. So software
as a service or SaaS is normally used by end users, it's prepackaged
software. You might think of things like Office 365, or Google
Classroom, or Google documents. Platform as a service, or PaaS, is of
the most interest to developers. It provides operating system, and
application, and database stacks, and programming tools like
centralized code repod... repositories that support continuous
integration and delivery, the ability to host custom APIs in the cloud
and so on.
Infrastructure as a service, or IaaS is of primary interest to IT

technicians, administrators. Where we're talking about the underlying
virtual machines and the storage that is available in the cloud, and
also the virtual network capabilities that we can configure. So we've
got software, platform, and infrastructure available as cloud service
models. The other thing to consider when moving to the cloud is the
cloud provider service-level agreements, or SLAs.
5 of 29 2021-12-11, 20:30
There will always be an SLA for each type of cloud service offering.
So if you're looking at storage in the cloud, there might be multiple
storage SLAs, if there are multiple different service offerings for
different types of storage in the cloud. Just like there would be an
SLA for virtual machine instances in the cloud, which guarantees
things like uptime on a monthly basis. The other consideration is
looking into the security accreditations that the cloud service provider
has acquired.
For example, if they're PCI DSS compliant that might be important if

you are running an e-commerce site and you have to deal with credit
card holder information. The other thing to consider are the
management tools available, whether they're command line based,
API programming based, or GUI based, and then determining if there
are automation and orchestration techniques available with that cloud
service provider. One of the benefits of the cloud is for repetitive
types of tasks, you can automate a lot of those, which speed things up
and makes a resilient against human failure.
Cloud Computing Roles

[Video description begins] Topic title: Cloud Computing Roles. Your
host for the session is Dan Lachance. [Video description ends]
There are a number of definable roles when it comes to a cloud

computing ecosystem. The first role is the cloud service provider,
otherwise called as CSP. Where they bear much of the responsibility
for making sure that the underlying infrastructure supporting cloud
services remains up and running, and that things perform well
according to SLAs for cloud services. Also at the CSP level, they
have the ultimate configuration flexibility because they control the
actual physical hardware, the physical servers, the physical storage
arrays, the physical network switches and routers, and so on in their
data centers.
Cloud consumers also called cloud customers or cloud tenants, have a
6 of 29 2021-12-11, 20:30
multitude of different cloud models they can work with in terms of

offerings. So developers, for example, will be interested in platform
as a service or PaaS, which would be useful for developing custom
apps. So the cloud service provider has offerings that facilitate those
tasks. Next, we have common office staff or end users that would be
interested primarily in Software as a Service or SaaS. For example,
using cloud-based email or office productivity tools like spreadsheets
and word processors, all in the cloud. In other words, having that
software delivered over a network.
At the IT level, then we have Infrastructure as a Service or IaaS. This

would be for cloud administrators or cloud technicians that would be
responsible for determining which cloud services need to be
deployed, and then deploying and managing those cloud services.
Things like virtual machines or applications, custom applications,
running in the cloud and allocating storage and controlling access to
all of those cloud resources. So that's really part of the IT support
team's responsibilities.
Other roles include the Cloud Service Brokerage or the CSB. Think
of this kind of as a mortgage broker, an intermediary that has the
ability to look at your computing needs as it pertains to the cloud and
then going out and negotiating and finding the best cloud service
provider that meets those needs. Cloud architects are the technicians
that will design your organization-specific use of cloud services to
achieve organizational objectives. Cloud auditors are those people
that will audit the usage of cloud activities to ensure things like legal
and regulatory compliance, and also to ensure peak optimum
efficiency.
So having things running smoothly at an efficient cost level. Finally,

we've got cloud carriers. Cloud carriers come in a few different
forms, the most common of which, when it comes to public cloud
service providers are internet service providers. They are the cloud
carriers that provide the network link between an on premises
network or an individual customer to the cloud provider. Other types
of cloud carriers would also include local telco or cable companies.
7 of 29 2021-12-11, 20:30
Anyone that can provide a dedicated network circuit were available in

different regions around the world, from an on premises network
directly to the cloud without traversing the internet. That would be
another example of a cloud carrier role.
On-premise vs. Cloud

[Video description begins] Topic title: On-premise vs. Cloud. Your
host for the session is Dan Lachance. [Video description ends]
To further illustrate the benefits of cloud computing, sometimes it's

important to compare it against the equivalent on-premises solutions.
So we're going to take a look at running IT services on-premises and
in the cloud.
[Video description begins] Screen title: On-premise IT Solutions.

The first thing to consider is that when you run things on-premises.
Because it's running on your equipment and everything is your
responsibility. That also means by extension, you have more
configuration control. There's more flexibility in how that IT solution
is configured and how it's maintained over time. But then there is the
issue of hardware acquisition. So if you need to support a new line of
business app, for example, on-premises. You need to make sure you
have the underlying hardware to support it. Whether that includes
servers, whether that includes network routing equipment or switches,
storage arrays, and so on.
That means it costs money. It costs more money to acquire all of this
hardware than it would to simply rent it or use it on an as needed
basis in the cloud. It also means waiting for it to arrive. So if you
place an order for hardware, it takes time for it to be shipped to your
on-premises network or data center. The other consideration is
software. You need to acquire software that you're going to use on-
premises. Not only that, but you also need to license it. Now the same
8 of 29 2021-12-11, 20:30
thing would be true in the cloud, the difference being it's a little easier
in the cloud.
Even to the point where you can bring your own existing licenses that
you might have already previously acquired, and reuse them in the
cloud, when you adopt the cloud. With on-premises IT solutions, you
also have the responsibility of ongoing management. That's the
responsibility of the organization, that owns that infrastructure. So
normal administration, such as making sure that backups occur.
Making sure that user accounts are created for newly hired
employees, applying updates and so on. That's all the responsibility of
the IT team on-premises. Deploying resources on-premises, such as a
new application, usually involves the on-premises IT team and the
help desk, and maybe even some training staff.
However, in the cloud, often new software that is made available is

simply available to use over the network immediately. There's no
need to deploy it in most cases. I say most cases because depending
on what types of solutions you're using in the cloud. There still might
be some software components you need to download and install on
user devices. Whether that device is a smartphone, or a laptop or a
desktop. Then there is the cost factor. With on-premises, there are
ongoing costs related to acquiring hardware such as server hardware.
Which is really considered a capital expenditure, otherwise shortened
to CAPEX. Then there's the power consumption, for all of the IT
infrastructure equipment.
You've got to pay the power bill and the heating and cooling bills as
well. Then there's the amount of real estate or the space that you need
to accommodate all of this equipment. In a server room or even in
your own on-premises data center. In the cloud, you only pay for the
resources that you use, kind of like electricity, or water. It's metered
based on your consumption, you pay a certain amount. That's an
operational expense otherwise shortened to OPEX. So the prices will
adjust depending on how much you consume.
That's why it's important in the cloud, to ensure when you're finished
9 of 29 2021-12-11, 20:30
with something. Such as a virtual machine or database that was used

for testing, that you immediately shut it down, and if you don't need it
in the future, delete it. Otherwise leaving things running means
incurring unnecessary charges. Then there's the control of things like
data and the configuration of your IT solutions. With on-premises you
have full control of every aspect of the data life cycle. From its
creation, its storage, it's sharing. You also have full configuration
control of your IT solutions. In the cloud, in some cases, data
ownership could be questionable. Especially where you start
replicating cloud stored data to alternate regions around the world.
Where that data could be subject to the laws within the jurisdiction
that the data center falls within, and of course in the cloud we have
limited configuration control. Because some of the responsibility for
the underlying IT infrastructure falls upon the cloud service provider.
Certainly at the hardware level all of the responsibility falls on the
cloud service provider. When comparing on-premises computing to
cloud computing, security always comes up. Now with on-premises
environments, you might have sensitive data or systems that are
highly classified, that require a high level of privacy.
Now that could be related to government agencies, including military

and law enforcement, or banking. However, in the cloud, there is a
potential for a security breach, just as there is on-premises. Now one
of the arguments that you'll hear is that, well, public cloud service
providers are more of a target. They're centralized target where there
are multiple customers or tenants storing potentially sensitive data.
Which you could also liken to saying, you shouldn't store your money
in a bank.
Because the bank stores money for a lot of customers, it's a larger
target. Remember, public cloud service providers are in the business
of earning a profit. It's bad for business if there are security breaches.
So chances are, public cloud providers probably have much more
security in place than most private sector organizations would be able
to afford. So there could be public records, intellectual property,
whether it's on-premises or in the cloud, that needs to be protected.
10 of 29 2021-12-11, 20:30
But we want to move away from a statement as simple as saying, that

security is not as strong in the cloud for data as it would be on-
premises.
Because that's definitely not the case. Then there's compliance, we

have to think about on-premises compliance with regulations and
laws, especially as it applies to sensitive data. In the cloud the same
thing is really true. So what to look for with cloud service providers is
what is relevant to your organization in the type of data that it will be
dealing with. So you might look at legislative acts such as HIPAA for
the protection of medical information, or GDPR for the protection of
European Union citizen data, or PCI DSS for the protection of credit
card holder information.
IaaS
[Video description begins] Topic title: IaaS. Your host for the session
is Dan Lachance. [Video description ends]
Infrastructure as a Service or IaaS is a cloud computing service model

that allows for self service, and that is actually a cloud computing
characteristic, self service or self provisioning of cloud based
resources. This also includes not only the provisioning, but the
monitoring of deployed resources, and also having access to them,
such as being able to use SSH to remotely administer a Linux
deployed virtual machine in the cloud. So compute would include
things like virtual machines.
Networking would include things like virtual network definitions in

the cloud into which virtual machines are deployed, and also the
configuring of cloud-based storage. All of these items are configured
compute infrastructure. Of course, at the end of the day in the data
center, these are all based on underlying physical hardware. But the
underlying physical hardware is the responsibility of the cloud service
provider.
11 of 29 2021-12-11, 20:30
The software deployment of those items as we see here, is the

responsibility in terms of management and patching of the cloud
service customer. Some characteristics of infrastructure as a service
include the fact that the resources, the virtual machines, the storage, it
can be provisioned as a service, and as a service means that there's an
easy to use interface, whether it's command line based or graphically
based.
Costs are based on consumption. So for instance, for every minute

that a virtual machine runs, you incur a charge. When you don't need
that virtual machine running therefore, you should shut it down to
save on costs, and many cloud providers will give you a way to
automate the... or schedule the shut down of virtual machine
instances. The other thing about infrastructure as a service in the
cloud is that it's highly scalable.
Because there are so many pooled underlying resources made

available by the cloud service provider, it's very quick and easy to all
of a sudden, ask for a more powerful virtual machine. In other words,
to resize it, or to group virtual machines together to support a busy
application or to increase the amount of storage that's available. So
we have control of the infrastructure at the software level as cloud
customers with infrastructure as a service.
[Video description begins] Screen title: IaaS. [Video description ends]
So virtualization technology then would apply to servers and

operating systems. So in a matter of seconds, potentially you could
deploy a Linux or a Windows based virtual machine, once you select
the appropriate operating system image version. You can also
virtualize networks. You can define a virtual network with one or
more subnets and you can specify the IPv4 or the IPv6 address ranges
that you want to use. Networking also includes things like network
ACLs, access control lists, essentially firewalls where you can control
inbound and outbound network flow.
Then there's the storage side, such as provisioning additional storage
12 of 29 2021-12-11, 20:30
space that will be used for users to upload content to the cloud.
Infrastructure as a service has many different possible use cases for
many different types of organizations such as companies that want to
avoid high hardware and software costs. Because you weren't paying
the upfront cost for the entire hardware infrastructure with cloud
computing, you're only paying for what you are using. Also for
companies that are experiencing rapid growth. Because of rapid
elasticity in the cloud in just a matter of seconds, we can spin up new
virtual machines or new storage space that's available or configure a
new virtual network into which we deploy virtual machines. All of
this can happen very quickly. So for companies experiencing rapid
growth, this lends itself to it nicely.
SaaS
[Video description begins] Topic title: SaaS. Your host for the session
Software as a service, or SaaS, otherwise called SaaS, is another form

of cloud computing. It's another cloud service model that's often
referred to as cloud application services. Arguably, it's the most
common way that cloud computing gets used by a vast number of
users, such as those using cloud-based email or even personal cloud
storage and of course, at the enterprise level as well. So what happens
with software as a service is we have prepackaged software that's
ready to use that's made available over a network, such as the
Internet.
[Video description begins] Screen title: SaaS: Delivery. [Video

description ends]
The vendor, in this context, the cloud service provider, is responsible

for managing the underlying infrastructure that supports the SaaS
solution. So the underlying data storage, the underlying servers that
run the software. One of the great advantages about software as a
service is rapid elasticity. So in the example of cloud-based email, if
13 of 29 2021-12-11, 20:30
your organization hires ten new employees, you can very quickly
provision new cloud-based email accounts, and not have to worry
about licensing, and so on, in the cloud. Now, they do have to be
licensed, but it's already available immediately and conveniently with
the cloud provider solution. Scalability is another advantage.
As things get busy, scaling adds more underlying compute

horsepower to handle the increased workload. That, in this context,
with software as a service would be the responsibility of the cloud
service provider. There would be a service level agreement, or an
SLA for the specific service such as cloud-based email, a guaranteed
level of performance and uptime. Another advantage of software as a
service is integration. For example, you might be able to integrate
previous used software like email on premises and import messages
or archives into the cloud, but it really depends on the specific SaaS
solution.
Upgrades are not the responsibility of the cloud customer when it

comes to upgrading the underlying software that supports the specific
solution such as cloud-based email. That's the responsibility of the
cloud service provider, and so from the cloud customer's perspective,
that definitely works out to be an advantage. Cloud service providers
also strive to make these solutions very very easy to use for the
average user. So some characteristics of software as a service. It is
centrally managed by the cloud service provider. It's accessible over a
network such as the Internet when it comes to public cloud
computing.
Vendors are responsible for managing updates to the underlying

software, and it's hosted remotely on cloud service provider
equipment. So organizations that use software as a service will
benefit in many ways. For example, startup companies. It's a very
inexpensive way to provision cloud resources at the software level
very quickly and easily. It can be used for short-term projects because
you're only paying for what you're using and when you remove access
to that application, you no longer are charged. Also, it can be used for
web and mobile applications.
14 of 29 2021-12-11, 20:30
[Video description begins] Screen title: SaaS: Considerations. [Video

description ends]
Now there are some limitations, with software as a service, one being
potential vendor lock-in. If you're using a specific cloud service
provider's software as a service solution, it might be specific to that
provider, and so it could be difficult for you to get your data out of it
or to integrate it with other components. But it really depends on the
specific solution question, at least it's a consideration.
So integration support falls under that, it might only be limited

abilities. You might have very limited customization capabilities,
since you don't control the actual underlying servers, that house that
software. Then there's the issue of data security. Now, data security
isn't solely the responsibility of the cloud service provider, especially
in this context. So users might opt, for example, to encrypt documents
they create with a cloud-based word processor. S
o some of that responsibility then for data security will certainly fall
on users and also cloud users determining, which physical
geographical location data is stored in, which means that the data
could be subject to laws of that area. Now remember that software as
a service runs centrally on cloud provider equipment.
So it's controlled by that third party, the cloud service provider.

Because we don't control as customers, the underlying network and
storage and servers that run software as a service solutions,
performance could be an issue but also at the same time on the other
side of the coin. Remember that performance details are specified in
the service level agreement and if the cloud service provider does not
abide by those terms, then the consequence would be service credits
for you the cloud customer against your next cloud computing bill.
PaaS
[Video description begins] Topic title: PaaS. Your host for the session
15 of 29 2021-12-11, 20:30
Platform-as-a-Service, or PaaS, is yet another cloud service model.

It's also called cloud platform services. This one serves as a great
framework for software developers and testers, which we'll explore in
further detail soon. So the infrastructure that supports platform as a
service is managed by a third party. Of course, in this context, that
third party is the cloud service provider.
[Video description begins] Screen title: PaaS: Delivery. [Video

description ends]
So developers then can leverage, platform as a service solutions in the

cloud to create and test software and also deliver it to users of that
software. A lot of this can be automated. For example, when a
developer checks in a new code change that can trigger a series of
tests to automatically be run against that for quality assurance, and
upon successful testing, then the software could be packaged up and
through a push notification sent out to mobile devices or
automatically published on a website for download.
A lot of that can be automated. Some advantages of platform as a

service, it's scalable because it's running on cloud provider
equipment, and cloud providers pool resources together for use by
cloud customers. It's highly available, that's especially true when you
start configuring replication of your cloud based data to alternate
locations. It's highly customizable, and that comes at many different
levels. Such as customizing the code that you actually host in the
cloud, customizing testing and Automation and customizing the
packaging and delivery of the software. So automation is an
important part of that.
We even have the option of migrating some of your existing software

development data from on-premises into the cloud. That would even
include things like databases used by custom software. So
characteristics of platform as a Service, it is a virtualization type of
technology in a broad sense. It uses a number of underlying
16 of 29 2021-12-11, 20:30
virtualization Technologies such as virtual machines and even

application containerization, where application files and settings are
stored within their own logical boundary. There are variety of
services available. That's definitely true. Where you could host
custom functions or collections of functions API's in the cloud.
Also, you have different types of databases that can be deployed

automatically, kind of as a stack where you'll have certain operating
system, certain developer tools and a certain type of database that can
be deployed really with just a few clicks. Database integration, is
always very important with Platform as a Service. Databases whether
they be SQL based or no SQL based where no SQL doesn't really
have a rigid storage blueprint as SQL does. These can be used
depending on the type of application being constructed. Also
accessibility. Platform as a Service, is a service model in the cloud,
and one characteristic of the cloud is, self provisioned resources.
So it doesn't take very much for developers to begin provisioning

additional items in the cloud. You might say what kinds of items, it
could be a code repository that supports code check-in. It could be an
automated code pipeline. That includes automated testing that's
triggered as we've mentioned, when code is checked-in by developer
to a code repository that's cloud based. So who will use platform as a
service? Well, organizations that are looking at making customized
software applications even for internal use, such as line of business
apps, will benefit from platform as a service.
So also the deployment of the app will benefit from platform as a

service in the cloud. That would be continuous integration and
continuous delivery, such as automated testing, automated packaging
and pushing out of software changes. Of course, we We always have
to consider the security of data that results from the use of platform as
a service offerings. That could mean enabling encryption, for
example at the database level. So this would fall upon the
responsibility of the cloud customer, in this case, a software
developer, to make sure security is implemented correctly.
17 of 29 2021-12-11, 20:30
The other thing is integration such as with existing services, we have

to consider any potential runtime issues that might cause Flaws in the
software, so it stops functioning. Now again if we have rigid and
automated testing in place, then that type of issue should be
minimized. Then there are operational issues. Remember that when
you use cloud computing, you are essentially outsourcing the
responsibility. It's a risk to a third party, and the third party is the
cloud service provider. Even though they need to abide by service
level agreements, still a risk that at least needs to be considered.
Private Cloud
[Video description begins] Topic title: Private Cloud. Your host for
the session is Dan Lachance. [Video description ends]
There's a common misconception that if you run virtualization on

premises. So if you're running virtual machines, you have a private
cloud. This is not the case. In order to have a cloud, you not only have
to use virtualization technologies, but self-provisioning of resources
needs to be in place. You need to have a large number of resources
pooled together. You need to track and charge based on resource
consumption. It needs to be made available over the network. So
virtualization is only about one component of cloud computing. So
you might wonder then, well, what does constitute a private cloud?
First of all, we're talking about private IT infrastructure that resides

behind a firewall. So for example, it could be equipment owned and
managed by a single organization on their own network, that adheres
to cloud computing principles. Such as rapid elasticity, and self-
provisioning, and metered usage. So it's used by one organization and
that's where the private comes from. There is a fee per unit time
model. In other words, just like with public cloud computing, you are
charged based on what you consume, what you use. Now you might
say, how can an organization charge itself? This is often used in a
private cloud within an organization for departmental charge back.
18 of 29 2021-12-11, 20:30
So different department managers might have access to a web based

GUI where they can provision licensing, for example for email users,
with just a click of a button, or they can provision virtual machines
for testing purposes and that is tracked and at the end of each month,
each department is billed accordingly from IT or from headquarters.
So what are some advantages of a private cloud? There's no question
that you have entire and full control of everything, including security
control, not to mention predictable performance.
You can predict what happens in terms of network bandwidth

performance and individual virtual machine performance in a private
Cloud. Because you control all aspects of it, in the same way you
have full configuration flexibility. Again, because you have full
control of every component all the way down to the hardware level.
Now one important private cloud consideration is the cost of it.
Because a private cloud means a single organization uses all of its
own infrastructure, all of that infrastructure needs to be paid for
somehow up front, and so that's a capital type of expenditure and so
that's a cost that needs to be considered.
Then there's the ongoing maintenance, making sure things run

smoothly, working through help desk tickets, making sure things are
patched, adding updates as they occur and so on. So when should an
organization use private cloud computing then? Well, one reason
would be because they require a virtualized environment with cloud
computing flexibility. Remember, virtualization unto itself does not
constitute a cloud. Also, organizations that have privacy or
compliance concerns about running their services in the public cloud,
could opt to have full control. So that they are compliant, by running
it in their own private cloud.
Public Cloud
[Video description begins] Topic title: Public Cloud. Your host for the
session is Dan Lachance. [Video description ends]
19 of 29 2021-12-11, 20:30
A public cloud, is accessible over a network such as the Public

Internet, or even through a Dedicated Circuit from an organization's
on-premises network to the cloud without going over the Internet. But
either way, public cloud computing makes shared resources available
to subscribers. This would include things like virtual machine servers,
storage in the cloud, network configurations, even VPN solutions
going to the cloud. All of this can be provisioned through cloud
computing in a public sense, as well as the use of software
applications.
Things like Office 365 or Google Documents or Google Classroom.

All of these things allow end-user productivity software to be made
available over a network. In the case of public cloud computing, it's
available to anybody that wants to subscribe. So when should
organizations use public cloud computing services? Well, the first
reason to use it is for rapid provisioning of IT services. So if you need
to provision 100 new email accounts, you can do it very, very rapidly
in the public cloud. Including taking care of the licensing that goes
along with that, compared to what you might need to do on-premises.
Where you might all of a sudden realize you don't have enough
hardware to handle that capacity. So first you have to acquire the
hardware before you can configure it to be used to support your ten
new email users. If you need IT system and data storage scalability.
For example, we realize that for a project that we're working on, we
need an additional amount of storage space. Well on-premises, you
have to physically have that space available in your storage arrays.
Now the same thing is true in the public cloud, but the public cloud
has enormous capacity, and so you're more likely to be able to have
that available immediately in the public cloud, than you would be on-
premises.
Organizations that have no desire or don't have the budget to

implement a private cloud. Might also be likely candidates for using
public cloud computing. Scalability in the public cloud, is based on
large hardware installations. That's the vast amounts of pooled
hardware resources that are made available to cloud customers by the
20 of 29 2021-12-11, 20:30
cloud service provider. So it allows for scalability. For example, with

just a few clicks, I could resize an existing cloud based virtual
machine, to add more CPUs, more virtual processors to increase its
compute power or add more RAM.
This can be done very, very quickly with a minimal effort. Also,
scalability means that we can respond to demand for services in real
time. For example, you might deploy a load balancer in the cloud in
front of your application, maybe a custom application, and as requests
for the app increase.
You can have it automatically scale by adding more virtual machine

instances to handle the increase in the workload. You can also have it
automatically remove those virtual machines when they're not needed
to save on costs. Because when you have virtual machines running,
you're paying for them. The other thing to think about, is that you're
saving in many ways with public cloud computing to what you might
alternatively do on-premises.
[Video description begins] Screen title: Costs Savings. [Video

description ends]
First thing is that you only pay for the resources that you are using in
the public cloud. So for example, if you need a virtual machine to test
out a new configuration. You can do that in the cloud, very quickly by
spinning up the virtual machine, and then when you're finished, shut
it down. You aren't paying for it. Now on-premises, if you have
enough people doing that. You might need to actually acquire
additional hardware to support that increased demand for testing
purposes, let's say with virtual machines. In the cloud, licencing is
very convenient and easy to use.
So if you provision a Windows operating system in a virtual machine

in the cloud. The price permitted, for example, while the VM is
running will also include the licensing costs. That's not quite the case
on-premises, you'd have to acquire the licensing and make sure you
are compliant with the license terms. Also, you will require less IT
21 of 29 2021-12-11, 20:30
staff on-premises. If you are using public cloud computing, than if

you exclusively used on-premises IT services. Because there's no
hardware to acquire and maintain, and depending on the specific
services being used in the public cloud, you might not even require
servers on-premises.
Hybrid Cloud
[Video description begins] Topic title: Hybrid Cloud. Your host for
the session is Dan Lachance. [Video description ends]
A Hybrid Cloud computing model, combines both private and public

clouds. Where a private cloud refers to private infrastructure owned
and used by a single organization, that follows cloud computing
characteristics, such as metered usage, self-provisioning and so on, as
well as using public cloud provider solutions. But a hybrid cloud can
also mean that you are linking your on-premises IT infrastructure
with the public cloud. Examples of this would include, using a site-to-
site VPN, between your on-premises network and the cloud.
Essentially, extending your on-premises network environment into the

cloud environment or even linking your on-premises identity store
like Microsoft Active Directory with Active Directory in the cloud, to
allow users to sign-in once with their on-premises credentials, yet still
be authorized to use cloud apps. So there are a number of variations
then on what a hybrid cloud is. Now in the public cloud, you might
use this, so you could work with services, that don't deal with
sensitive data, and also you want the benefits of scalability in the
public cloud. Whereby, you might use the private cloud to store more
sensitive data. However, that's not to say in any way that storing
anything in the cloud is less secure than storing it on-premises.
[Video description begins] Screen title: Use Cases. [Video description

ends]
So we can use a hybrid cloud environment for big data operations.
22 of 29 2021-12-11, 20:30
Big data refers to the vast amounts of data, even from streaming over
the network, over the Internet, such as data coming in from news
feeds, data coming in from IoT devices, it could be coming from
anywhere. But when we have vast amounts of data, it makes sense
that we have a scalable environment to analyze that data, and an easy
and cheap way to do that is in the public cloud, but that's public
cloud.
What's the take on hybrid? Well, the hybrid kicks in, because you
might have some of those data feeds sourced from your on-premises
network, or perhaps your analysis tools are on-premises, but you want
big data stored in the cloud. Another use case would be, cloud backup
and replication. For instance, you might install an agent on your on-
premises servers or even devices, doesn't have to be a server that
periodically on a schedule backs data up to the cloud environment,
the public cloud. So you've got a link between your on-premises
environment and the cloud in terms of backup, even replication.
So not only backups, but you might have live replica data, replicated
from an on-premises file server into the cloud, and whether content is
changed in the cloud or on-premises, it synchronizes to the other
location. Then of course, you might use a hybrid solution for the short
term because you are adopting cloud computing. You want to migrate
some of your on-premises components into the cloud, such as data, or
applications, or virtual machines, that type of thing. The other thing to
think about with the hybrid cloud is that, at least on the public cloud
computing side, you're only paying for resources that are used.
[Video description begins] Screen title: Costs. [Video description

ends]
So you should therefore always avoid idle cloud resources, especially

things like databases that you deploy in the cloud as a managed
service, meaning you don't have to worry with the underlying servers
to get that up and running. Don't leave those things running because
you will incur charges. Only leave them running, if they need to be
left running.
23 of 29 2021-12-11, 20:30
Community Cloud
[Video description begins] Topic title: Community Cloud. Your host
for the session is Dan Lachance. [Video description ends]
A community cloud, is used amongst organizations that have similar

IT needs. Such as similar underlying compute requirements, perhaps
for graphics processing. Similar storage requirements, such as within
national boundaries. Similar security requirements, such as the
protection of sensitive data, using very specific tools and methods,
and also scalability. So in essence, a community cloud is cloud
computing, but it's kind of a subset of it where it's a little bit more
specialized and caters to more specific needs. So community cloud
characteristics include a shared infrastructure. Well, this is true with
all cloud computing models except for private.
Also, understand that the organizations or entities that might have

similar computing needs, could be both in the private sector and/or at
the government level. So some public cloud service providers, offer
government cloud solutions. So when should an organization use the
community cloud solution? Well, you probably have to, if for
example, it's a government agency that must meet very strict security
requirements. So for regulatory compliance related to processing,
storing, and collecting things like health information, financial
records, legal documents. So it's common then to see in the healthcare
industry, for example, community clouds being used that meet the
specific security and operational requirements, of that type of
industry.
Cloud Migration Risks and Benefits

[Video description begins] Topic title: Cloud Migration Risks and
Benefits. Your host for the session is Dan Lachance. [Video
description ends]
24 of 29 2021-12-11, 20:30
Organizations that assess moving to the cloud, need to weigh the

benefits of cloud computing along with the risks to determine which
action should be taken. One of the benefits of migrating to the cloud
is reduced capital costs. Now, in the public cloud computing
environment, we are using the cloud service provider's underlying
infrastructure. Their physical servers, their storage arrays, their
network equipment. Which means that we as the customer, do not
have to put up the money upfront to acquire that hardware
infrastructure, hence, reduced capital costs.
On-demand scalability is a benefit of the cloud. If we determine that

we need more power in a virtual machine, we can resize it with a
click of a button, and add more RAM or virtual CPUs. If we need
more storage space, we can do that quickly. If we need to have more
virtual machines running in a cluster to support an app, to improve
performance, we can do that very quickly and easily without any
underlying technical knowledge. So on demand scalability, is a very
important benefit related to cloud computing.
Disaster recovery, many organizations actually use the public cloud as

an alternate recovery site. Now this takes proactive planning ahead of
time, meaning that you might replicate virtual machines which run
applications and data to alternate geographical locations, essentially,
to other data centers owned by the cloud service provider. So that in
the event of a regional disaster, for example, you've already got your
systems and your data running elsewhere. So that can minimize
business disruptions. Remote access to applications. Well, when
you're running things in the cloud, then you can access them from
anywhere.
Now, of course, we have security rules that are in place to limit traffic
flow, but the potential is there to allow that to happen, and depending
on the specific type of migration scenario you're talking about, you
could result with less administrative responsibility. So for example,
imagine that you are moving from an on-premises mail server that
your IT team must maintain, where all the user mailboxes are stored.
Let's say you're moving from that, to a cloud hosted email solution.
25 of 29 2021-12-11, 20:30
You don't have to worry about the server anymore.
You can just add users and licenses with a click of a button, and so
that means then in that particular example that you don't have to
worry about updating the mail server software or the underlying
operating system running the mail server. That would then become
the responsibility, of the cloud service provider. So that's definitely a
perceived benefit. But there's no gain without some kind of
undertaken risk. One is proprietary technologies. If a cloud service
provider is offering their services or data exchange formats over the
network and with files in a very specific format, that could make it
difficult to get your data out of that cloud, back on premises or to a
different cloud provider.
Then there's network latency and downtime of services, which are

potential risks. However, remember that public cloud service
providers have a service level agreement that guarantees uptime on a
monthly basis, and so usually the risk is more prevalent on the
customer side, meaning that if we only have a single Internet
connection, linking an on premises office to the cloud and we depend
on the cloud, then we should probably consider having a secondary
Internet connection to the cloud from a different Internet service
provider to increase resiliency against failure.
[Video description begins] Screen title: Data Requirements. [Video

description ends]
The other thing to think about is data sensitivity. So, you might have
certain laws or regulations that require data to be collected, processed,
stored, shared, and archived in a very specific way. So in order to
comply with these laws and regulations, it would be upon you, the
cloud customer, to configure settings appropriately, to meet those data
sensitivity requirements.
Common Cloud Vulnerabilities
26 of 29 2021-12-11, 20:30
[Video description begins] Topic title: Common Cloud Vulnerabilities.

Your host for the session is Dan Lachance. Screen title: Data Assets.
One important aspect of properly using cloud computing is thinking

about common cloud vulnerabilities. Many of which are no different
than what you would experience on-premises. So it all boils down to
how you configure and use these services. Let's start by talking about
data assets, such as databases or files containing sensitive
information. One problem is not encrypting that information. Often,
encryption is automatically put in place over the network such as
through HTTPS communications, very common.
But what's less common is enforcing encryption for everything that

gets stored, at least everything that is considered sensitive. Now,
many public cloud providers will automatically encrypt content stored
in the cloud. But otherwise, it's always an option for the cloud
customer if it's not turned on automatically, and also, customers will
always have the ability to use their own custom encryption keys that
are in their control for their cloud data that's encrypted. The other
possible issue related to data assets is more on the administrative side.
Where a data asset is important, also cloud resources are important
such as cloud virtual machines running a mission critical app.
So the principle of least privilege, or PoLP, states that only the

permissions required to perform a job task should be granted and
nothing more, and so principle at least privilege abuse could be a
problem where we might simply grant too many permissions to cloud
resources, such as to other administrators, and therefore they might
mistakenly delete virtual machines that are critical, or deploy too
many of them and not shut them down, which means the organization
is paying for those unnecessarily, and so what can be done then is to
use role-based access control or RBAC.
In other words, if you need someone to be able to manage your virtual

machine in the cloud, let's say, but not actually getting to the data
within it, we could use a role, that would allow them to manage the
27 of 29 2021-12-11, 20:30
virtual machine, and then that would take care of that problem. They
wouldn't have any additional permission. So RBAC is an important
consideration when it comes to security in cloud computing. Then
there's users and devices. For example, instead of going with just
username and password, which constitutes single factor
authentication, because it's both something you know, you might use
multi-factor authentication for all cloud user accounts.
[Video description begins] Multi-factor authentication is abbreviated

as MFA. [Video description ends]
Now, multi-factor authentication uses another authentication factor,

such as requiring the possession of a smartphone, where a six digit
PIN might be sent. That must be used in addition to a username and
password to authenticate. So something you know, plus something
you have. The other thing is to harden all user devices. All it takes is
a single compromised smartphone that has access to cloud resources
to start a security breach or some kind of a malware infection in the
cloud.
So always remember that every endpoint device, whether it be a

smartphone, a tablet, an industry specific device connected to the
cloud. All of these items need to be secured to reduce their attack
surface. Then there's the insider abuse. There is the potential for staff
or cloud administrators to damage or exfiltrate information. One of
the things that we can apply in a cloud computing environment is data
loss prevention policies, otherwise called DLP policies.
Data loss prevention, has rules that looks at the type of information or
data being worked with, and if it, for example, determines that maybe
there's credit card numbers in it, it can automatically encrypt and
prevent forwarding of that information through email, as just one
example.Then, of course, auditing. Auditing allows for accountability.
We can track not only user activity, but also device activity that might
be abnormal, such as devices authenticating to a VPN in the middle
of the night when that normally does not happen, and many public
cloud service providers have mechanisms in place to automatically
28 of 29 2021-12-11, 20:30
detect things like this, suspicious login activity.
Course Summary
[Video description begins] Topic title: Course Summary. [Video
description ends]
So in this course, we've examined cloud computing fundamentals,

including cloud models, hosting options, and security basics. We did
this by exploring the benefits of moving to the cloud, cloud
components, and service models, the different cloud computing roles,
the differences between on-premises versus cloud implementations.
We also took a look at Infrastructure as a service, software as a
service, and platform as a service, cloud service models.
We discussed the advantages and disadvantages of cloud

implementations. Now that would include public and private, hybrid,
and community clouds. We also looked at the risks and benefits of
migrating to the cloud, and finally, we talked about common cloud
vulnerabilities. In our next course, we'll move on to explore some of
the factors to consider when incorporating cloud integration,
including cloud data storage architectures, security concepts, and
cloud infrastructure components.
29 of 29 2021-12-11, 20:30

1-Cloud Services - Cloud Computing Concepts

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1-Cloud Services - Cloud Computing Concepts

Uploaded by

Copyright:

Available Formats

Cloud Services: Cloud Computing Concepts Transcript https://cdn2.percipio.com/secure/c/1639301300.382d7b1f7473bd47c8...

Cloud Services: Cloud

10. Hybrid Cloud

I've held and still hold IT certifications related to Linux, Novell,

Moving to the Cloud

Organizations looking at moving to the cloud, means that they will

[Video description begins] Screen title: Cloud Migration Models.

On-premises, you have capital expenditures related to purchasing the

configure it to have that additional storage available. That takes a lot

Another benefit of moving to the cloud, is the increased global scope

So your organization might be very concerned with privacy and

[Video description begins] Software as a Service is abbreviated as

It means it's delivered and available over a network, hosted on

Infrastructure as a service, or IaaS is of primary interest to IT

For example, if they're PCI DSS compliant that might be important if

Cloud Computing Roles

There are a number of definable roles when it comes to a cloud

Cloud consumers also called cloud customers or cloud tenants, have a

multitude of different cloud models they can work with in terms of

At the IT level, then we have Infrastructure as a Service or IaaS. This

So having things running smoothly at an efficient cost level. Finally,

Anyone that can provide a dedicated network circuit were available in

On-premise vs. Cloud

To further illustrate the benefits of cloud computing, sometimes it's

[Video description begins] Screen title: On-premise IT Solutions.

However, in the cloud, often new software that is made available is

with something. Such as a virtual machine or database that was used

Now that could be related to government agencies, including military

But we want to move away from a statement as simple as saying, that

Because that's definitely not the case. Then there's compliance, we

Infrastructure as a Service or IaaS is a cloud computing service model

Networking would include things like virtual network definitions in

The software deployment of those items as we see here, is the

Costs are based on consumption. So for instance, for every minute

Because there are so many pooled underlying resources made

[Video description begins] Screen title: IaaS. [Video description ends]

So virtualization technology then would apply to servers and

Then there's the storage side, such as provisioning additional storage

Software as a service, or SaaS, otherwise called SaaS, is another form

[Video description begins] Screen title: SaaS: Delivery. [Video

The vendor, in this context, the cloud service provider, is responsible

As things get busy, scaling adds more underlying compute

Upgrades are not the responsibility of the cloud customer when it

Vendors are responsible for managing updates to the underlying

[Video description begins] Screen title: SaaS: Considerations. [Video

So integration support falls under that, it might only be limited

So it's controlled by that third party, the cloud service provider.

is Dan Lachance. [Video description ends]

Platform-as-a-Service, or PaaS, is yet another cloud service model.

[Video description begins] Screen title: PaaS: Delivery. [Video

So developers then can leverage, platform as a service solutions in the

A lot of that can be automated. Some advantages of platform as a

We even have the option of migrating some of your existing software

virtualization Technologies such as virtual machines and even

Also, you have different types of databases that can be deployed

So it doesn't take very much for developers to begin provisioning

So also the deployment of the app will benefit from platform as a

The other thing is integration such as with existing services, we have

There's a common misconception that if you run virtualization on

First of all, we're talking about private IT infrastructure that resides

So different department managers might have access to a web based

You can predict what happens in terms of network bandwidth

Then there's the ongoing maintenance, making sure things run