Some of the
characteristics that define cloud computing include metered usage, where we pay only for those IT resources that we use
in the cloud.
Another
characteristic is resource pooling,
where the cloud provider is responsible for pooling together all of the
physical resources like server hardware, storage, network equipment, and that's
made available to cloud subscribers, otherwise called tenants.
Another
characteristic is that we should be able to access our cloud IT resources over a network, and in the
case of a public cloud that means access from anywhere over the Internet.
Rapid elasticity is another characteristic so that we can
quickly provision resources and deprovision them as required, and this is often
done through a self-provisioning web portal.
A
public cloud is one whose
services are potentially accessible to all Internet users. We say potentially
because there might be a requirement to sign up for an account or pay a
subscription fee, but potentially it is available. A public cloud has worldwide
geographic locations, and that's definitely the case with Amazon Web Services.
The cloud provider is responsible for acquiring all of the hardware and making
sure it's available for the IT services that they sell as cloud services to
their customers.
A
private cloud, on the
other hand, is accessible only to a single organization and not to everybody
over the Internet, and that's because it's organization owned and maintained
hardware. However, a private cloud still does adhere to the exact same cloud
characteristics that a public cloud does. For example, having a
self-provisioned rapid elasticity of pooled IT resources available, that's
still a cloud. In this case it's private because it's on hardware owned by the
organization. The purpose of a private cloud is really apparent in larger
government agencies and enterprises where we can track usage of IT resources
and then use that for departmental chargeback.
A
hybrid cloud is the best
of both worlds. The two worlds we're talking about are the on-premises IT
computing environment and the cloud computing environment. We have to consider
that the migration of on-premises systems and data could potentially take a
long time. So, for example, we might have data stored on-premises and in the
cloud at the same time. And this is possible, for example, using the Amazon Web
Services Storage Gateway, where we've got a cached copy of data available
locally on the Gateway appliance on our on-premises network, but it's also replicating
that data into the cloud. We might also, as another example, have a hardware
VPN that links our on-premises environment to an Amazon Web Services Virtual
Private Cloud, essentially a virtual network running in the cloud.
A
community cloud serves the
same needs that are required across multiple tenants. For example, Amazon Web
Services has a government cloud in the United States, where it deals with
things like sensitive data requirements, regulatory compliance. It's managed by
US personnel and it's also FedRAMP compliant. FedRAMP, of course, is the
Federal Risk and Authorization Management Program. So having these specific
types of clouds available, in this case the government cloud, is referred to as
a community cloud.
Cloud computing service models.
So what is a service model anyway? Well, as it
applies to cloud computing, it really correlates to the type of cloud service
that we would subscribe to. So let's think about IT components like virtual
machines and databases and websites and storage. Each of these examples
correlates to a specific type of cloud computing service model.
Let's start with Infrastructure as
a Service, otherwise called IaaS. This includes things in Amazon Web
Services like EC2 virtual machines. Or S3 cloud storage, or virtual networks
which are called VPCs, Virtual Private Clouds. That's core IT infrastructure. And
so it's considered Infrastructure as a Service.
Another type of
cloud computing model is Platform as a Service,
otherwise called PaaS. This deals with things like databases or even things
like searching, such as the Amazon CloudSearch capability.
Software
as a Service is called
SaaS, and this is the way we would deal with things like websites or using
Amazon Web Services WorkDocs. Well we can work with office productivity
documents like Excel and Word documents in the cloud.
Security
as a Service is called
SECaaS. This deals with security that's being provided by a provider. So we're
essentially transferring that risk out to some kind of a hosted solution. And
it comes in many forms. It could be spam or malware scanning done for email in
the cloud. Or as we see here, we've got an option in Amazon Web Services called
AWS Shield. The purpose of this offering is for distributed denial of service
attack protection.
A DDoS occurs
when an attacker has control of slave machines, otherwise called #zombies. And the collection of these on a
network is called a #botnet. Well, the
attacker can issue commands to those slaves so that they could attack a victim
host, as pictured here, or an entire network. Such as to flood it with traffic
thereby preventing legitimate traffic from getting to, for example, a
legitimate website. And in many cases a lot of these botnets are actually for
rent by malicious users to the highest bidder. So for a fee, potentially we
could pay for the use of a botnet to bring down a network or a host. Now
luckily with Amazon Web Services, this can be mitigated using AWS Shield. DDoS
protection mechanisms will often do things like looking at irregular traffic
flows and blocking certain IP addresses.