Upload File

understanding_the_cloud

8
Understanding the Cloud (20-25%) Describe cloud principles & delivery mechanisms. Differentiate between on-premise IT service models. On-Premise Online (Cloud) Control over all systems/data. Customizable No software licensing costs. Corporate dta is stored/handled internally. No new infrastructure requirements, I.e. servers. Resources are configurable, but no full control over data & processes. Dedicated IT staff for mntc/support. Low cost for services. Initial investment is high, but pays off over time. 3 rd parties are doing the work, but are also handling sensitive data. Ref. 1 Differentiate between subscription or pay-as-you-go vs. Upfront CapEx/OpEx funding model. Pay-as-you-go is Operational Expense (OpEx) funding model. It's advantage is that users can pay for processor time and storage as needed, by a company offering external cloud service aka cloud service provider (CSP). OpEx model is on-going investment. It's non committal, allowing flexibility. OpEx is a preferred option, since capital investment is limited. Pay-as-you-go offers scalability, where users can consume more or less power as needed. Ref. 5

Upload: melissa-kattke

Post on 19-Feb-2017

44 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Understanding_the_Cloud

Understanding the Cloud (20-25%)

Describe cloud principles & delivery mechanisms.

Differentiate between on-premise IT service models.On-Premise Online (Cloud)Control over all systems/data. Customizable No software licensing costs.Corporate dta is stored/handled internally. No new infrastructure requirements, I.e.

servers. Resources are configurable, but no full control over data & processes.

Dedicated IT staff for mntc/support. Low cost for services.Initial investment is high, but pays off over time.

3rd parties are doing the work, but are also handling sensitive data.

Ref. 1

Differentiate between subscription or pay-as-you-go vs. Upfront CapEx/OpEx funding model.

Pay-as-you-go is Operational Expense (OpEx) funding model. It's advantage is that users can pay for processor time and storage as needed, by a

company offering external cloud service aka cloud service provider (CSP). OpEx model is on-going investment. It's non committal, allowing flexibility. OpEx is a preferred option, since capital investment is limited. Pay-as-you-go offers

scalability, where users can consume more or less power as needed. Ref. 5

o Paying upfront requires companies to pay for direct, indirect & overhead costs of ruing & owning datacenters (CapEx).

o As capital assets ages, it will cost more for upgrades, replacements, personnel & mntc.o Pay up front does not allow flexibility nor scalability. Ref. 5o Paying upfront also incurs an on-going OpEx as well as CapEx. Ref. 9

Use cloud services to expand capacity (elasticity of the cloud), scalability, redundancy & availability.

o Elasticity – expands or shrinks storage capacity as needed.o Scalability – allows addition/contraction of power (I.e., more users, drive space or RAM)

in the form of enabling more connections (customer requests).

Page 2: Understanding_the_Cloud

o Scale up – add more resources.o Scale out – add 1 or more subscription(s).

o Redundancy – Automatic recovery, having an extra server built-in, in the event of an outage/disaster.

o Availability – provide high level of service, regardless of vicissitudes in demand/system failure.

o Recovery of failure – five 9s, 99.999% system availability through elasticity, scalability & redundancy. Ref. 2

o High availability chart – shows acceptable uptime percentage. Ref. 2

Differentiate between configurable vs. CustomizableConfigurable – system is complete, but allows users to make granular changes to fit needs.

Saves $$$ & time, b/c don't need to hire developers to recode.

Cloud services that are on-line are configurable.

Customizable – system is incomplete & developers need to recode & implement changes.

Changes are $$$ & significant.

Changes affect the service.

On-premise is customizable.

Describe cloud security requirements & policiesDescribe how cloud services manage privacy

1. Cloud service providers (CSPs) - adhere to standards, I.e. SSAE-16, PCI DSS or ISO 27001 to protect data that is stored, processed & transmitted.

2. Encryption secures data being transferred by using key encryption management program.

a. Data is hidden in code in transit & reassembled into readable data @ rest.b. SSL & HTTPS are forms of encryption that protects data in transit.

3. Tokens – offer KMS the encrypts data on the server side & provides audit trail of usage.4. Versioning – prevents accidental deletion/overwriting.5. Logging – protects data by tracking requests for server access. Ref. 9

Page 3: Understanding_the_Cloud

How compliance goals are met:Microsoft (MS) has privacy standards that:

1. Privacy by design – MS is the custodian of customer data. MS has a trust center where transparency & trust between organizations & MS is est.

2. MS has independent verification in place to maintain privacy.

MS has 6 key privacy principles:

1. Control – customers are in control of their data.2. Transparency - MS is transparent about data collection & use, so customers are

informed.3. Security – MS protects data through security measures & encryption.4. Legal protections – MS respects local privacy laws & fights for legal protection of your

privacy.5. No content-based targeting – MS will not use your data for advertising.6. Benefits to you – When MS collects data, it is used to benefit the customer & improve

UX. Ref. 13

How data is secured @ rest or on-the-wire1. Defense in depth approach to provide physical, logical and data layers of security

features & operational best practices. Ref. 12

2. Physical security – 24hr monitoring data centers, multi-factor authentication, separate internal & external networks, role separation. Bad drives & hw are destroyed. Ref. 12

3. Logical security – Lockbox process limits data access. Whitelisted servers run. Threat mgmt teams that act as hackers to learn how to prevent attacks. Ports & perimeter are scanned. Use of intrusion detection.

4. Data security – encryption @ rest & in-transit with SSL/TLS. Threat mgmt. Security monitoring. File/data integrity are guarded from tampering. Exchange Online Threat Protection offers advanced security & reliability against spam & malware. Ref. 12

5. User controls – O365 msg encryption allows user to send encrypted email, DLP & RTS. Policies can be config to protect data. S/MINE offers msg security w/ certified-based email access. Azure Rights Mgmt preventss file-level access w/o credentials.

6. Admin controls – multi-factor authentication protects access to service with 2nd factor, I.e. phone. DLP prevents data leaks. MDM allows mgmt of corporate data. MAM –

Page 4: Understanding_the_Cloud

from Intune, allows more control to secure data in apps. Built-in anti-virus & antispam protection in Exchange Online.

How data & operations transparency requirements are metSelf assessment & 3rd party audits help meet compliance & transparency goals.

Describe how cloud services stay up-to-date & availableDescribe the service/feature improvement process:

1. Monitor service health – O365 admin ctr/service settings/get updates Request 1st release – available immediately. Affects whole organization, but can "select group of people" to rcv 1st release. Standard release – available in 2 weeks.

2. Service mntc – redundancy, resilience, distributed services & monitoring.

3. Future roadmap publishing – overview of updates & future releases.

4. Identify guarantees – MS offers 99.9% guarantee of uptime that's financially backed.

5. Service Level Agreement (SLA) - minimum level of acceptable service, with 99.9% rate of recovery.

6. Capping of liability – liable up to 12 months or $5k.

Describe various cloud servicesDeployment models:

Private cloud – privately owned by an organization; allows privacy & control. Hosted in customer's own data center. More secure, but limited size & scalability. CapEx & OpEx for physical resources.

On-prem private cloud is best for those who want control & configurability of infrastructure & security. Ref. 7

Externally hosted private cloud is through a 3rd party, off-premise & offers privacy. Ref. 7

Community cloud – Shared by several organizations & supports a specific community that has shared concerns, I.e. gov't. May be managed by the organization or 3rd part. May exist on-premise or off-premise.

Public cloud – Available to the public that shared the same infrastructure pool with limited configurations & security protections. This is owned by an org selling cloud services.

Page 5: Understanding_the_Cloud

It's off-premise & low cost model, b/c it's pay-as-you-go. Large in scale to allow on-demand scalability. Ref. 7

Hybrid cloud – consists of 2 or more clouds (private, community or public) that are unique, but bound together by standardized or proprietary technology that enables data & application portability (e.g. cloud bursting for load balancing between clouds).

Hybrid clouds offer on-demand, externally-provisioned scalability. Ref. 7

Differentiate between types of cloud services & characteristics.Software as a Service (SaaS) - allows little customization, b/c vendor manages everything (apps, data, runtime, middleware, OS, virtualization, servers, storage, networking).

This is "on-demand SW"

Reduces OpEx by outsourcing HW, SW mntc & support to CSP.

Examples: CRM, email, virtual desktop, communications, games, O365 & SalesForce. Ref. 2, 4

Platform as a Service (PaaS) - vendor provides HW & some SW, including OS, db, web server & programming tools.

Users have little control over HW, but can manage apps installed & control data.

Users can build apps, define & create storage structures & upload it onto the platform.

Users don't have to worry about config load balancing or DNS.

Primary use is for development, testing & deployment.

Vendor provides OS or platform the application is running on.

Examples: Executive runtime, db, web server, development tools, Windows Azure. Ref. 4

Infrastructure as a Service (IaaS) - Offers computers, physical or VMs & other resources.

IaaS is a cloud-service model that refers to online services where users don't worry about infrastructure, location, data partitioning, scaling, security & backups.

IaaS support many VMs & can scale service, according to needs.

IaaS offers firewalls, load balancing, IP addresses and SW bundles on a on-demand basis, but the client is responsible for installing & maintaining OS, apps, data, runtime & middleware.

IaaS offers virtualization & HW (servers, storage & networking)

Page 6: Understanding_the_Cloud

Examples: private cloud, VMs, Servers, storage, load balancing & networks. Ref. 2, 3, 4

Cloud Clients: web browsers, mobile app, thin client & terminal emulator.


United States Constitution

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Chapter 23

The Last Carnival I Ever Saw

How Computer Monitors Work

Chapter 24

(Tesla) - The Tesla Magnetic Car Engine

xCDC14a

The Dutch Republic In International Trade

Oedipus The King: The Ideal Tragic Play

One Flew Over the Cuckoo's Nest

Chapter-01

Rubik's cube solution

Daniel Zanella and Alexander Weygers

Improve the Color Quality Of Your Monitor

Cakes Recipes

Venture Capital

Explore The Levels of Creation

Tragic Heroes

I Am a Holocaust Denier and I Am Unafraid

Fortran

18 Tricks to Teach Your Body

Aesops Fables

How Computer Keyboards Work

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Introduction to Six Sigma

The Best American Humorous Short Stories

Do you admire Leonardo da Vinci?

Disclaimer

Steve Jobs' Commencement Speech at Stanford

Keyboard Shortcuts for the Opera Browser for Mac OS X

Basic Buffer Overflows Explained

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Barclays1

Algorithms