1. What is cloud infrastructure?

Overview
Cloud infrastructure is a term used to describe the components needed for cloud
computing, which includes hardware, abstracted resources, storage, and network
resources. Think of cloud infrastructure as the tools needed to build a cloud. In order
to host services and applications in the cloud, you need cloud infrastructure.

How does cloud infrastructure work?

An abstraction technology or process—like virtualization—is used to separate
resources from physical hardware and pool them into clouds; automation software
and management tools allocate these resources and provision new environments so
users can access what they need—when they need it.

What's included in cloud infrastructure?

Cloud infrastructure is made up of several components, each integrated with one
another into a single architecture supporting business operations. A typical solution
may be composed of hardware, virtualization, storage, and networking components.

As a term, cloud infrastructure can be used to describe a complete cloud computing

system—once all the pieces are put together—as well as the individual technologies
themselves.
Components of cloud infrastructure
Hardware
Although you probably think of clouds as being virtual, they require hardware as part
of the infrastructure.

A cloud network is made up of a variety of physical hardware that can be located at

multiple geographical locations.
The hardware includes networking equipment, like switches, routers, firewalls, and
load balancers, storage arrays, backup devices, and servers.

Virtualization connects the servers together, dividing and abstracting resources

to make them accessible to users.

Virtualization
Virtualization is technology that separates IT services and functions from hardware.

Software called a hypervisor sits on top of physical hardware and abstracts the
machine's resources, such as memory, computing power, and storage.

Once these virtual resources are allocated into centralized pools they’re considered
clouds.

With clouds, you get the benefits of self-service access, automated infrastructure
scaling, and dynamic resource pools.

Storage
Within a single datacentre, data may be stored across many disks in a single storage
array. Storage management ensures data is correctly being backed up, that
outdated backups are removed regularly, and that data is indexed for retrieval in
case any storage component fails.

Virtualization abstracts storage space from hardware systems so that it can be

accessed by users as cloud storage.

When storage is turned into a cloud resource, you can add or remove drives,
repurpose hardware, and respond to change without manually provisioning separate
storage servers for every new initiative.

Network
The network is composed of physical wires, switches, routers, and other equipment.
Virtual networks are created on top of these physical resources.

A typical cloud network configuration is composed of multiple subnetworks, each with

varying levels of visibility. The cloud permits the creation of virtual local area networks
(VLANs) and assigns static and/or dynamic addresses as needed for all network
resources.

The cloud resources are delivered to users over a network, such as the internet or an
intranet, so you can access cloud services or apps remotely on demand.
Public, private, and hybrid cloud infrastructure

The basic elements of cloud infrastructure are the same whether you have a private
cloud, public cloud, or a combination.
To get started with any of the cloud computing types, you need a cloud infrastructure.
You can create a private cloud by building it yourself using resources dedicated solely
to you, or you can use a public cloud by renting the cloud infrastructure from a cloud
provider so you don’t have to set it up yourself.

2. What is a network management system?

A network management system, or NMS, is an application or set of applications that
lets network engineers manage a network's independent components inside a bigger
network management framework and performs several key functions.

An NMS identifies, configures, monitors, updates and troubleshoots network devices -

- both wired and wireless -- in an enterprise network. A system management control
application then displays the performance data collected from each network
component, and enables network engineers to make changes as needed.

Network element vendors make their performance data available to NMS software
either through APIs or through protocols like NetFlow, a de facto industry standard
originally developed by Cisco that lets NetFlow-enabled routers transmit traffic and
performance information.

NMS functions

Network engineers use NMSes to handle a variety of operations:

a. Performance monitoring. By collecting operating metrics through a series of

physical taps, software agents or Simple Network Management

Protocol interfaces, NMSes provide visibility to determine if network elements
operate correctly.

b. Device detection. NMSes detect devices on the network and ensures the
network recognizes devices and configures them correctly.

c. Performance analysis. NMSes track performance data indicators, including

bandwidth utilization, packet loss, latency, availability and uptime of network

components.

d. Notification alerts: In the event of a system disruption, NMSes proactively alert

administrators about any performance issues.
Network management systems can perform several essential management tasks.

Types of NMSes

Enterprises can install NMS software on premises on a dedicated server and managed
on site, or they can access NMSes as a service. Vendors supply tools for the enterprise
to administer and monitor its network. NMS software can manage a wide variety of
network components, manufactured by multiple vendors.

Early versions of NMS software sometimes worked only with hardware manufactured
by the same vendor. But those limitations have largely disappeared as networks have
migrated to architectures based on equipment from multiple suppliers.

On-premises NMS installation can enable better control and customization of the
software to meet specific goals. Managing the software internally can require
additional IT staff and resources, however. As the software ages, the organization
must upgrade or replace it. A vendor-based NMS can enable a quicker return on
investment, but access to the software can be compromised if an outage occurs at
the provider's data centre.
NMSes can monitor both wired and wireless network elements. In the past, a separate
NMS would be required for each kind of element. However, as wireless networking
becomes more prevalent, unified NMSes, which enable a network engineer to track
both wired components and wireless network elements through a single
management console, become available.

NMS software can also enable companies to track performance throughout their own
networks, as well as through external networks, such as those operated by cloud and
as-a-service providers. Visibility is enabled through APIs and other means through
which an enterprise can access performance flow data, or logs, to analyze security
or performance.

NMS trends

As network hardware vendors continue to make their systems more open, NMS
software is enabling interoperability as enterprises use NMS tools to control and add
features across a wider variety of devices. NMSes also serve as the framework
for intent-based networking, a developing methodology that automates network
oversight, configuration and troubleshooting.

Key Cloud Management Products:

a. AWS CloudWatch: Monitoring and management tool for AWS services.

b. Microsoft Azure Monitor: Provides full-stack monitoring for applications and
infrastructure.
c. Google Cloud Operations Suite (formerly Stackdriver): Integrated monitoring,
logging, and diagnostics.

3. Monitoring of Cloud Deployment Stack

The Cloud Adoption Framework provides a comprehensive monitoring strategy for

cloud deployment models, including public cloud, hybrid cloud, and private cloud.
The framework recommends monitoring each layer of the stack, including:

1. Application monitoring: Focus on application performance, errors, and user

behavior analytics.

2. Azure resources: Monitor availability, performance, and operation of Azure

resources such as virtual machines, storage, and networks.
3. In-guest Operating Systems components: Monitor capacity, availability,
performance, logs, events, and services for Windows and Linux servers.

4. Network: Monitor reachability, latency, and network topology changes between

virtual machines and endpoints.

5. Azure subscription: Monitor administrative actions, service health, and resource

health from the Azure service perspective.

6. Azure tenant: Monitor Microsoft Entra ID, audit, and sign-in logs.

Monitoring Tools

The Cloud Adoption Framework recommends using Azure Monitor, Operations

Manager, and System Center Operations Manager (SCOM) Managed Instance for
monitoring cloud deployment stacks. Each tool has its strengths and weaknesses, and
the choice depends on the specific requirements and existing infrastructure.

Azure Monitor

o Supports monitoring of all Azure resources, including applications, virtual

machines, storage, and networks.
o Offers customizable dashboards, alerts, and visualizations.
o Integrates with other Azure services, such as Application Insights and Log
Analytics.

Operations Manager

o Supports monitoring of on-premises and hybrid cloud environments.

o Offers advanced analytics and visualization capabilities.
o Integrates with System Center products, such as System Center
Configuration Manager.

SCOM Managed Instance

 o Supports monitoring of Azure resources, including virtual machines,
storage, and networks.
o Offers customizable dashboards and alerts.
o Integrates with System Center products, such as System Center
Configuration Manager.

Best Practices

1. Create a centralized monitoring solution: Use a single monitoring platform to collect

and analyze data from all layers of the stack.

2. Define clear monitoring goals: Establish specific monitoring objectives and metrics
to measure performance and health.

3. Configure alerts and notifications: Set up alerts and notifications to trigger actions
based on monitoring data.

4. Integrate with existing tools and processes: Integrate monitoring data with existing
IT tools and processes to ensure seamless integration.

5. Continuously review and refine monitoring: Regularly review and refine monitoring
configurations to ensure they remain effective and efficient.

Automating OCI Stack Monitoring Deployment

For Oracle Cloud Infrastructure (OCI) Compute Instances, automating the

deployment of Stack Monitoring can be achieved using scripts or Terraform
configurations. This ensures consistent and scalable monitoring across the
environment.

Cloud Monitoring Tools Comparison

The Cloud Adoption Framework provides a comparison of cloud monitoring tools,

including:

1. Azure Monitor: Offers comprehensive monitoring and analytics for Azure resources.
2. New Relic: Provides full-stack monitoring for cloud, web, and on-premises
environments.

3. Datadog: Offers monitoring and analytics for cloud, infrastructure, and

applications.

4. Sumo Logic: Provides log analysis and monitoring for cloud and on-premises
environments.

4. Lifecycle Management of Cloud Services

Cloud Computing is the booming industry of the present time and will continue to
grow by many folds in the near future. Nowadays, it’s really hard to find a safe, secure,
and yet cost-effective place to store your data and business-critical ideas. But, with
the rise of cloud computing, this problem is vanishing exponentially. Cloud provides us
with a place where your data can not only be stored but can also be accessed easily
over the internet. Using Cloud Computing you can also host and manage your
applications.

Why we need Cloud Computing Solution?

By using Cloud Computing Solution, we get various benefits, some of which are as
follows-
1. Improved software and hardware performance– through cloud computing
solution one can easily make out what will be the best software and hardware
specification for the better performance of the application running on the cloud.
2. Flexibility and affordability– Cloud Computing provides its users with a wide variety
of deployment models and functions through which they can choose the best
options for their applications. Cloud services are much more affordable.
3. Increased uptime and availability– it is highly available and has a great uptime
which help’s in managing more amount of traffic at a particular time.
4. Better collaboration with real-time sharing– cloud computing has great real-time
sharing.

Who needs a Cloud Computing Solution?

Cloud Computing is available for every kind of users who want to deploy their
applications onto the cloud service.

Life Cycle of Cloud Computing Solution

To create such a cloud platform, it takes a long number of steps and dedicated time.
Let’s now look at the steps involved or the lifecycle of cloud computing solutions.
Step 1: Define the Purpose
The first and foremost step is to define the purpose for which you want to create a
cloud. For this, you have first to understand your business requirement and what type
of application you want to run on the cloud. After this, you have to decide whether
you want your cloud to be public, private, or hybrid.
Step 2: Define the Hardware
Deciding what type of hardware, you will need is the most thought after the process.
One needs to be very precise in making the decision. For this, you will have to choose
the compute service that will provide the right support when you resize your compute
capacity to maintain your application running.
Step 3: Define the Storage
Every application needs a good amount of storage where it’s data can be stored
safely. For any application storage type that should be chosen carefully for this one
should choose the storage service where they can back up and archive their data
over the internet.
Step 4: Define the Network
Networking is the key that will deliver your data to the end-users. So, the network must
be configured sincerely and should be flawless so that intruders can not break into
the network. One should define the network that securely delivers data, videos, and
applications with low latency and high transfer speed.
Step 5: Define the Security
Security is a key aspect of any application. Set up your security service which enables
services for user authentication or limiting access to a certain set of users on your
resources.
Step 6: Define the Management Process and Tools
The developer should have complete control over there resource and to configure
these you should define some management tools which monitor your cloud
environment, resources used, and the customer application running on it.
Step 7: Testing the Process
Testing is yet another important thing in the life cycle of deploying any application. All
the faults can figure out only through the testing process involved in it. During testing,
you should verify your application using various developer tools where you build, test,
and deploy your code quickly.
Step 8: Analytics
Finally, analyze and visualize data using analytics service where you can start querying
data instantly and get results then and there only. Once analyzing is done complete,
your application becomes ready you deploying.

Advantages

1. Cost Saving- It helps you to save substantial capital costs as it does not need any
physical hardware investments.
2. High Speed- Cloud computing allows you to deploy your service quickly in fewer
clicks.
3. Backup and restore of data- Back-up and restore of data is easy in cloud
computing.
4. Reliability- It is highly reliable to use cloud computing solutions.
Disadvantages

1. Performance can vary- Its performance depends on the speed and quality of the
internet
2. Downtime- Cloud Computing Solutions has a great span of downtime.

5. What is cloud security?

Cloud security refers to the cybersecurity policies, best practices, controls, and
technologies used to secure applications, data, and infrastructure in cloud
environments. In particular, cloud security works to provide storage and network
protection against internal and external threats, access management, data
governance and compliance, and disaster recovery.

Cloud computing has become the technology of choice for companies looking to
gain the agility and flexibility needed to accelerate innovation and meet the
expectations of today’s modern consumers. But migrating to more dynamic cloud
environments requires new approaches to security to ensure that data remains secure
across online infrastructure, applications, and platforms.

Cloud security defined

Cloud security is the set of cybersecurity measures used to protect cloud-based

applications, data, and infrastructure. This includes applying security policies,
practices, controls, and other technologies like identity and access
management and data loss prevention tools to help secure cloud environments
against unauthorized access, online attacks, and insider threats.

How does cloud security work?

Cloud security mainly focuses on how to implement policies, processes, and
technologies together so they ensure data protection, support regulatory
compliance, and provide control over privacy, access, and authentication for users
and devices.

Cloud service providers (CSPs) typically follow a shared responsibility model, which
means implementing cloud computing security is both the responsibility of the cloud
provider and you—the customer. Think of it as a responsibility framework that defines
which security tasks belong to the cloud provider and which are the duty of the
customer. Understanding where your provider’s security responsibilities end and yours
begin is critical for building a resilient cloud security strategy.

Broadly speaking, the CSP is always responsible for the cloud and its core
infrastructure, while the customer is expected to secure anything that runs “in” the
cloud, such as network controls, identity and access management, data, and
applications.

Shared responsibility models vary depending on the service provider and the cloud
computing service model you use—the more the provider manages, the more they
can protect.

6. Security of Data in the Cloud

Cloud computing has revolutionized the way organizations store and manage data,
offering flexibility, scalability, and cost-effectiveness. However, with the benefits come
concerns about data security. Here are key considerations for ensuring the security of
data in the cloud:

1. Shared Responsibility Model

In the cloud, security responsibilities are shared between the cloud provider and the
customer. The cloud provider is responsible for securing the infrastructure, while the
customer is responsible for securing the data stored on that infrastructure.

2. Data Classification and Governance

Classify data based on its sensitivity and implement appropriate access controls,
encryption, and retention policies. This ensures that data is protected according to its
level of sensitivity.

3. Identity and Access Management

Implement robust identity and access management (IAM) systems to control who has
access to data and applications. Use multi-factor authentication, role-based access
control, and least privilege access to minimize the attack surface.

4. Data Encryption

Encrypt data both in transit (using SSL/TLS) and at rest (using encryption algorithms like
AES). This ensures that even if data is intercepted or accessed by unauthorized parties,
it remains unreadable.
5. Monitoring and Auditing

Regularly monitor cloud activity and audit logs to detect and respond to security
incidents. Implement tools to track user activity, data access, and changes to
configurations.

6. Cloud Provider Selection

Carefully evaluate cloud providers' security capabilities, compliance with regulatory

requirements, and incident response plans. Ensure that the provider has a strong
security posture and meets your organization's security requirements.

7. Compliance and Regulatory Requirements

Understand and comply with relevant regulations, such as GDPR, HIPAA, and PCI-DSS,
which govern data protection and security in the cloud.

8. Data Backup and Recovery

Implement a robust backup and recovery strategy to ensure business continuity in the
event of data loss or corruption.

9. Incident Response

Develop an incident response plan to quickly respond to security incidents, including

data breaches, and minimize the impact on your organization.

10. Continuous Monitoring and Improvement

Regularly assess and improve your cloud security posture through ongoing monitoring,
vulnerability assessments, and penetration testing.

By following these best practices, organizations can effectively secure their data in
the cloud and minimize the risks associated with cloud computing.

7. Cloud Identity Management

Cloud identity management describes how organizations implement IAM controls in

cloud computing environments. It includes policies, processes, and tools that protect

critical resources on the cloud.

The main purpose of cloud identity management is controlling access to cloud-based

applications and data. It guarantees employees have access to the assets they need

to carry out their work. It also improves security by preventing employees from

accessing assets they don’t need.

Unlike traditional identity management systems, cloud identity management tools

can process permissions across multiple environments and devices automatically. This

makes it more flexible than most on-premises solutions, which require manual controls.

Why Is Cloud Identity Management Important?

As organizations move more workloads into the cloud, the number of users accessing

cloud-based assets increases. Manually managing user permissions through a

traditional IAM solution quickly becomes infeasible.

Security teams that do not have robust, automated identity management solutions

have to manually grant and revoke permissions to cloud assets. This leads to one of

two situations:

1. Slow manual permissions processes lead to production bottlenecks, or;

2. Fast manual permissions processes introduce security risks since there isn’t enough
time for vetting users properly.

This can also get in the way of remote work. Employees who try to log into the

company network from abroad may be shut out by traditional access management

policies. Before they can start working, they must wait for someone to approve their

connection.

Cloud identity management resolves these issues by providing a scalable, unified set

of tools and processes for automating access control. It gives organizations a robust

set of identity management solutions, allowing them to take advantage of the

productivity and scalability benefits that cloud computing offers.

Benefits of Cloud Identity Management

Cloud identity management provides a number of features that traditional solutions

lack, like continual authentication and context-aware access.

These features combine to provide organizations with valuable benefits to operational

security and day-to-day productivity, including:

 o Improved security and data protection. Cloud IAM offers superior security
compared to traditional solutions. It monitors access across multiple platforms
and mitigates insider threats by supporting role-based access.
o Simplified user provisioning and deprovisioning. Instead of onboarding and
offboarding users manually, cloud identity management solutions let
organizations automate the process.
o Enhanced user experience and productivity. Employees spend less time
waiting for approvals, and managers spend less time reviewing access
permissions.
o Centralized access control and policy enforcement. Security teams have
immediate visibility into access control and permissions profiles for every user in
the organization.
o Scalability to meet organizational needs. Cloud-based identity management
solutions are designed to grow alongside the organization. There is no need to
augment the system with additional investments in on-site equipment.

How Does Cloud Identity Management Work?

Cloud identity management works by establishing a standard set of protocols for

managing user access permissions. These protocols work on a role-based framework,

allowing the policies to follow employees across multiple devices and locations.

Some of the protocols involved include:

a. Lightweight Directory Access Protocol (LDAP) is a popular protocol for on-

premises directories like Microsoft’s Active Directory. It is one of the oldest
protocols in the industry.
b. Security Assertion Markup Language (SAML) is an open-standard protocol
often used for single sign-on (SSO) features, which allows users to share the
same credentials across multiple applications.
c. System for Cross-domain Identity Management (SCIM) provides a standardized
user schema for provisioning users in cloud-based productivity apps like
Microsoft 365, Google Workspace, and more.
d. OAuth is an open-standards protocol that provides secure access for web
applications and endpoint devices. Social media platforms, consumer
services, and payment processes use OAuth.
e. OpenID is a decentralized protocol that can secure multiple websites and
applications simultaneously. Since it started using public key encryption, it
earned wide adoption as an authentication layer for OAuth.
f. RADIUS authenticates and authorizes remote network access. It runs on the
application layer and can report on network activity. While originally
conceived for dial-up and DSL internet providers, it is now commonly used in
secure web forms, Wi-Fi controls, and VPNs.
Key Features of Cloud Identity Management

Not all cloud identity management tools produce the same results. The best solutions

address obstacles to identity and access management security with the following

features:

a. Automated user provisioning and deprovisioning. Manual provisioning and

deprovisioning tasks can take up a great deal of time. This reduces the time
and resources available for pursuing high-impact strategic initiatives.
b. Role-based access control and permission management. Mapping users,
assets, and devices to employee roles simplifies data governance and access
management significantly. This makes it easier for security teams to manage
users according to their identity.
c. Password management and self-service capabilities. Your IAM solution must
include methods for enforcing good password policies, and provide secure
self-service options to users who forget their credentials.
d. Directory services integration and synchronization. Many organizations still use
the same directory services they used when they had exclusively on-premises
infrastructure. Your cloud identity management solution must integrate easily
with services like Microsoft Active Directory.
e. Audit and compliance reporting. Generating customized reports should be
painless and easy. Otherwise, audits may catch you off guard and take
valuable time and effort away from high-priority security tasks.

Best Practices for Cloud Identity Management

Full-featured cloud IAM solutions enable security teams to overcome some of the

challenges associated with secure access management. Organizations that adopt a

cloud identity management platform will want to:

a. Implement strong password policies and authentication mechanisms. Craft

and enforce policies requiring passwords to contain letters, numbers, and
punctuation symbols. Enable multi-factor authentication on every account
that supports it.
b. Review access and privilege management policies regularly. Establish robust
policies for reviewing access provisioning and deprovisioning. Critically
examine user privilege escalations to protect the organization from malicious
insiders.
c. Conduct user training and awareness programs. Policies only work when
employees know how to follow them. Encourage users to reach out to the
security team when they have questions about insider threats and security
policies.
d. Continuous monitoring and threat detection. Integrate your cloud IAM solution
with a Security Information and Event Management (SIEM) platform that can
 contextualize authentications and login events. Have analysts review this data
and investigate unusual activities.
 Compliance with industry regulations and standards. Establish cloud-based
identity access management processes that are compliant with industry-
standard best practices like the NIST Cybersecurity Framework.