CompTIA Cloud Essentials+

What is Cloud Computing?

• Cloud computing is a business computing model that delivers easy-to-use, on-demand network
access to a pool of computing resources, including software, infrastructure, and hardware facilities
over a network
• This "pay-per-use" model helps an organization to use resources when needed and pay only for the
facilities and the time for which resources have been used
• Hundreds of commercial clouds are available today while Amazon Web Services (AWS), Microsoft
Azure, and Google Cloud being the top-most
Benefits of Cloud Computing

• Easily access the resources for anywhere and everywhere!

• No need for heavy hardware setups and complicated systems

• Quickly add or remove additional resources as per requirement

• Provides enterprise-level backups for high-end data protection and security

• Optimizes maintenance time and cost

Characteristics of Cloud

Rapid
Elasticity

Self-Service
Availability
viability

Cloud

Broad
Measured
Network
Service
access

Scalability
Virtualization

• Virtualization is the process of creating virtual

replicas or virtual machines (VMs) of computing
resources, by eliminating the traditional one-to-
one relationship between a physical server and a
logical server

• It allows multiple Operating Systems (or multiple

instances of the same OS) run on one physical
machine simultaneously

• Although invented in 1967, virtualization is being

popularly used since the last decade
Virtual Machine Manager
(VMM)
• Widely known as Hypervisor
• It is the software that is used to enable Virtualization
• There are two types of Hypervisors- Type 1 and Type 2
Cloud Service Models

• Infrastructure as a service – used for highest-level storage and systems

• Platform as a Service – used for managing hardware platforms

• Software as a service – used when more applications are involved

Cloud Service Models (Cont’d)

• Here is a glance on how all the 3 service models collaborate:

Source: “Cloud computing” by Sam Johnston. Licensed under CC BY-SA 3.0 via Wikimedia Commons.
List of other Service Models

• Business processes as a service (BPaaS)

• Communications as a service (CaaS)
• Desktop as a service (DaaS)
• Data as a service (also DaaS)
• Database as a service (DBaaS)
• Disaster recovery as a service (DRaaS)
• Functions as a service (FaaS)
• Hardware as a service (HaaS)
• Information technology as a service (ITaaS)
• Monitoring as a service (MaaS)
• Network as a service (NaaS)
• Anything/everything as a service (XaaS)
Cloud Deployment Models

• Public Cloud – It is a cloud solution that provides dynamically provisioned resources on a self
service basis to customers via the Internet

• Private cloud – It is a dedicated computing infrastructure owned and shared among users within
the organization

• Hybrid Cloud – It is a combined application of both public and private cloud services where, the
organization stores their critical data in-house and moves the rest of the data to the cloud

• Community Cloud – It is a cloud solution in which organizations having common security practices
and mission share hosted computing services.
Cloud Security Matters!

• Hardware step-up – Done! Virtualization – Done! Shared Service providing – Done! But, what about
the security of client’s data ?
• Securing the client’s data from viruses and theft is a major challenge of cloud system
• Unfortunately, there many hackers out there waiting for that one security hole to breach the
precious data
• Cloud offers a Shared Responsibility Model, that enables both the client and client service provider
to share security duties to improve overall security of the system
• In the Shared Responsibility Model:
• Cloud Service Provider is responsible for security “of” the cloud
• Client is responsible for security “in” the cloud
Cloud Security Matters!

The Shared Responsibility Model

Cloud Design Aspects:
Redundancy
• Cloud is designed in such a way that it always maintains high availability and provides continues
access to its resources
• Even if there is an unexpected failure in some sort of device, system, or process, then immediately
other components of the cloud can take over and provide uninterrupted services to the users
• It is important to build a Redundancy Plan with your cloud service provider to eliminate issues
caused by a single point of failure
• Focus areas to establish a Redundancy Plan are:
• Hardware
• Network
• Geographic locations
• Process
• Software
• Data
Cloud Design Aspects: High
Availability
• Cloud ensures high availability of services
• Availability of cloud services is measured in 9’s (Ex: When some one says “Availability of our cloud is
four 9’s “, it means their cloud will be up for 99.99 % of the time)
• It is important to discuss about the availability measure with your Cloud Service Provider (CSP),
while signing the Service Level Agreement (SLA)
• Following shows acceptable down time based on the based on the availability measure

Availability Downtime per year Downtime per day

Three nines (99.9%) 8.77 hours 1.44 minutes
Four nines (99.99%) 52.6 minutes 8.64 seconds
Five nines (99.999%) 5.26 minutes 864 milliseconds
Six nines (99.9999%) 31.56 seconds 86.4 milliseconds
Cloud Design Aspects: Disaster
Recovery
• Disaster recovery plan is mandatory in any business as it outlines tells how to regain operational
status in the event of a disaster
• Cloud infrastructure has the ability to become operational after a disaster.

• Things needs to be ensured:

• All the recovery policies and
procedures are clearly mentioned in
the SLA
• Recovery objectives are defined in a
disaster recovery plan
• Regular Backups are performed
Cloud Design Aspects:
Recovery Objectives
Recovery Defines the maximum age
Objectives Recovery Point
Objective (RPO) of the files that should be
recovered

Recovery Time Defines how much time

Objective (RTO) CSP can take to recover
everything
Networking Concepts- A Quick
Overview
• A network is an interface that connects two or more computers or devices and enables them to
communicate
• Basic elements of network include:
• Network adapter (or network card)
• Transmission method
• Protocol
Networking Concepts- TCP/IP
Protocol
• Transmission Control Protocol/Internet Protocol (TCP/IP) is a must when we are talking about
networking
• It is an Internet protocol that enables the communication
• TCP/IP has many other internal protocols working automatically in four levels, where every device
uses each of these 4 levels for communicating with other devices
Networking Concepts- TCP/IP
Protocol
The 4 levels of TCP/IP Protocol:
Connecting to Cloud

Using-
Hypertext Transfer Protocol
Secure (HTTPS)
• Hypertext Transfer Protocol Secure (HTTPS) is responsible for connecting the client to
cloud resources
• Example: Connecting to Google Drive with HTTPS
Remote Desktop Protocol
(RDP)
• RDP protocol allows the users to create and access virtual Windows copies of their computers in
any other devices
• Once the Windows virtual instance is created, the user can access it just like their original server -
host and run apps, browse files, provide storage, etc.
• These virtual instances are mainly used for:
• Creating different test environments
• Providing extra server capacity
Remote Desktop Protocol
(RDP) (Cont’d)
Once the virtual system is created by the provider, you should install an RDP client on the
current device through which you are going to access the virtual system

For example:
• Linux users can use the rdesktop command
• macOS users can download the Microsoft Remote
Desktop app from the Mac App Store
• Android and iOS users will find RDP clients in their
respective app stores
• Whereas, Windows includes an RDP client called
Remote Desktop Connection; See here 🡪
The Secure Shell (SSH)

• Secure Shells functionality is similar to RDP; the difference is RDP is for Windows Virtual Instances
whereas, SSH is for the Linux Instances
• SSH allows the client to connect and access the virtual copy of Linux system using another device
• Once the connection is established by the provider, You use an SSH command to access the virtual
Linux system
• Example: (for Ref only)
• ssh -i "QDt1.pem" [email protected]
• You can always use Open Source SSH clients like ‘PuTTY’, if your computer does not have access
through SSH commands
Virtual Private Network (VPN)

• VPN provides prominent internet traffic security and is widely used for secure traffic between the
physical cloud sites
• It is defined as secured private connection that occurs through a public network
• VPN is very useful for the organizations to secure their employees remote network in this current
scenario
Direct Connect

• In Direction Connection, the system is physically connect to the network of cloud service provider
• This is mostly used when bulk data transfer is needed for large number of systems
• Examples:
• Azure ExpressRoute
• AWS Direct Connect, and
• Google Cloud Interconnect
Cloud Storage Technologies

• Storage in the cloud functions similar to storage on a local device, the only difference is you need
Internet to access the data in cloud’s hard drive!
• Cloud storage runs on software-defined storage (SDS)
• SDS – A technology that separates the physical storage of data from the logical control over drive
configuration, independent from the underlying hardware
Storage Providers

• There are many cloud storage providers starting from big to budding players in the business
• Here is a list of few cloud-based storage providers:
• Dropbox
• Apple iCloud
• Box
• Microsoft OneDrive
• Google Drive
• Choosing the right storage provider is totally up to your speed Vs. cost requirements
Storage Characteristics

Storage performance
categories

Hot Storage Cold Storage

For Readily Available

For not-so-used data
data
Storage Characteristics
(Cont’d)

Trait Hot Storage Cold storage

Access speed Fast Slow

Media type Solid-State drives (SSDs) Hard Disk Drives (HDDs),

Tape drives

Cost per GB Higher Lower

Table: Hot Storage Vs. Cold

Storage
Storage Characteristics
(Cont’d)
• Key Considerations when it comes to storage:
• Cost per gigabyte
• Storage capacity limits
• The maximum number of containers allowed
• Data encryption
• Storage compression and/or de-duplication
• If intelligent analysis of storage usage and/or automated optimization is provided
• Dynamic container resizing (e.g., capacity on demand)
• Data read/write speed
• Number of data reads/writes allowed, or cost per thousand reads/writes
• Data latency for reads/writes
• Data retrieval time for archives
• Archived data retrieval cost
Storage Types

Although data stored inside the hard disk is in binary format (0’s and 1’s); Basic
categorization of data storage is done in three types:

Files Blocks Objects

Storage Types: Files

• Based on filing cabinet

• Structure:
Filing Cabinet 🡪 Folders 🡪 (Sub Folders) 🡪 Files
• File systems in different Operating systems
• Windows - New Technology File System (NTFS)
• Macs - Apple File System (APFS),
• Linux - fourth extended file system (ext4),
Storage Types: Blocks

• Files are split in to equal sized chunks 🡪 assigned to unique ID 🡪 storage in hard drive
• Blocks does not need any file structure as they are assigned to a unique ID
Storage Types: Objects

• Object type is used to store unstructured data; example pictures and videos
• Most of the organizations use object storage to analyze and retrieve their unstructured data
effectively
• Every unit is stored as an object no matter its type and size
• Following are the characteristic of an object:

Data

Meta
Data Object ID

Attributes
Storage Features

Makes files
Compression smaller to save
the storage space
Storage
Features
Eliminates
Deduplication
duplicate data
Storage Features

• CDN balances the load of the original webserver and provides high-speed access to web resources
for the users in geographically distributed locations
• The main idea behind CDN is to provide uninterrupted services to the users in remote locations

• This is how CDN works:

• Creates PoP (point of presence) with each
having a edge server
• Catches content from original web server
• Serves remote users
Overview: Cloud
Implementation Framework
• Any Cloud Implementation Framework can be decoded in to five categories:

Gather Requirements • Business, Technical, Key Stakeholders

Assessment • Baselines, Feasibility, Gap Analysis

Design • Define Future State

Implementation • Migration

Operations/ • Ongoing Management and Assessment

Management
Cloud Assessments: Step 1:
Gathering Requirements
• Questions to ask yourself:
• Does our business even need the cloud?
• What do we need?
• Whom to approach for requirements?
• Who are the key stakeholders when it comes to cloud?
• Key stakeholder is a person involved in your business who has a particular interest or concern in
something. Example:
• Chief executive officer (CEO)
• Chief financial officer (CFO)
• Chief information officer (CIO)
• Chief technology officer (CTO)
• Chief information security officer (CISO)
• Department managers or supervisors
• Key network and application users
Step 2: Using Baselines

• A baseline is a test that is performed to read the performance of network and cloud services
• It is important to identify what to baseline and when to baseline
• Baselines helps to identify if your business needs any additional cloud services to increase the
performance
Step 3: Performing a Feasibility
Study
• Feasibility study determines the practicality of the proposed requirements
• It is mainly performed to determine:
• Capabilities that can/should be offloaded to the cloud
• Level of cloud availability (The Nines! Remember we discussed in Module 02?)
• Compliance, security, and privacy guidelines
• Support services from your Internal business and CSP
• Migration path to the cloud
Step 4: Analysing the Gaps

• A gap is nothing but the step space between where you are and where you want to be in future
• There can be cases where your current business requirements might differ from what you need in
the next month- Gap analysis is performed to identify all such cases
• Following is the sample template used for analyzing Gaps

Category Current Goal Action Priority Owner Due Date

State Needed
Business
People
Governance
Platform
Security
Operations
Step 5: Reporting

• Reporting and measuring the cloud performing is done based on the following key elements:
• Compute
• Network
• Storage
• Reporting not only helps to measure the performance but also to share this data with other core
executives in your business, when needed
Step 6: Understanding
Benchmarks
• While baseline is a read of performance, A benchmark is a point of reference for comparison
• Which means, once you get the results from baseline, you can refer to the benchmark and
evaluate the cloud performance
• Key areas to benchmark while assessing potential CSPs:
• Availability
• Response time
• Incident resolution time
Step 7: Documentation

• Documentation is required for keeping everything in track and can be very helpful while:
• Meeting with stakeholders
• Locating resources and applications during pre- and post-migration
• Identifying Owners of capabilities and processes
• Identifying Internal and external points of contact
Identity Access Management

Identity Access Management is used to verify that the person trying to log in and access cloud
resources is who they say they are!

IAM Method Description

Multifactor Authentication Takes multiple pieces (two or more) of information
form the user before they login to ensure high-level
security
Single Sign-On (SSO) Allows users to access all of the systems, resources,
and apps with one initial login; by removing the
burden of creating different logins for multiple
applications
Federated identity FIM is a SSO across organizations or security
management (FIM) domains
Cloud-Native Applications

Agile Cloud based applications run on two technologies

Microservices Containerization

• Applications are broken down • All microservice components are

into smaller components and stored the same container to
work together to form an achieve an organized approach
application
Compliance and their
Importance
• CSPs must define compliance as it allows the end users to raise their concerns and makes them feel
confident before signing the contract
• With the compliance management CSPs can validate themselves against complaint requirements
and regulations
• Typically compliance with regulations fall into one of the following three areas:

• Activity logging and auditing

• Encryption and key management

• Identity access and control

Regulatory concerns

Regulatory Concerns

Local, state, and Industry-based International

federal regulations requirements standards

As it is almost impossible to cover all the regulatory concerns, we will be listing the most popular ones in the next slides
Regulatory concerns (Cont’d)

• Local, state, and federal regulations:

• Federal Risk and Authorization Management Program (FedRAMP)
• Federal Information Security Management Act (FISMA)
• Federal Information Processing Standard (FIPS)
Regulatory concerns (Cont’d)

• Industry-Based Requirements
• Family Educational Rights and Privacy Act (FERPA)
• Financial Industry Regulatory Authority (FINRA)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Motion Picture Association of America (MPAA)
• Sarbanes-Oxley Act (SOX)
Regulatory concerns (Cont’d)

• International Standards:
• CIS Benchmarks
• International Organization of Standardization (IOS)
• ISO 9001 – Global Quality Standard
• ISO 27001 – Security Management Controls
• ISO 27017 – Cloud Specific Controls
• ISO 27018 – Personal Data Protection
Summary
Questions
Thank You!