Cloud Essentials Study Guide

Unofficial
Study Guide
for CompTIAs Cloud Essentials Certification

by Joseph Jordan Version 1.0 November 2013
TableofContents
Introduction..................................................................................................................................................2 Domain1.0CharacteristicsofCloudServicesfromaBusinessPerspective .................................................3 1.1Understandcommontermsanddefinitionsofcloudcomputingandprovideexamples.......................3 1.2Describetherelationshipbetweencloudcomputingandvirtualization.................................................6 1.3Nameearlyexamplesofcloudcomputing.............................................................................................. 6 1.4Understandseveralcommondefinitionsofcloudcomputingandtheir.................................................7 commonalities/differences........................................................................................................................... 7 1.5Recognizewhattypesorganizationsmightbenefitfromcloudcomputing...........................................7 1.6Recognizewhattypesorganizationsmightnotbenefitfromcloudcomputing.....................................8 1.7Distinguishbetweenthedifferenttypesofclouds,includingXaaS,IaaS,PaaS,andgiveexamplesof them..............................................................................................................................................................8 Domain1.0SampleQuestions.................................................................................................................... 10 Domain2.0CloudComputingandBusinessValue..................................................................................... 13 2.1Recognizethesimilaritiesanddifferencesbetweencloudcomputingandoutsourcing......................13 2.2Understandthefollowingcharacteristicsofcloudsandcloudservicesfromabusinessperspective..14 2.3Demonstratehowthecharacteristicsofcloudcomputingenhancebusinessvalue............................17 Domain2.0SampleQuestions.................................................................................................................... 18 Domain3.0TechnicalPerspectives/CloudTypes....................................................................................... 21 3.1Understandthedifferencebetweenprivateandpublictypesofcloudsfromatechnicalperspective andprovideexamples.................................................................................................................................21 3.2Understandatahighlevelthefollowingimportanttechniquesandmethodsforcloudcomputing deployment.................................................................................................................................................22
3.3Explaintechnicalchallengesandrisksforcloudcomputingandmethodstomitigatethem...............25 3.4Describetheimpactofcloudcomputingonapplicationarchitectureandthe.....................................29 applicationdevelopmentprocess............................................................................................................... 29 Domain3.0SampleQuestions.................................................................................................................... 34 Domain4.0StepstoSuccessfulAdoptionofCloud.................................................................................... 37 4.1Explaintypicalstepsthatleadtoasuccessfuladoptionofcloudcomputingservices.........................39 4.2Understandtherolesandcapabilitiesofcloudcomputingvendorsanddependenciesonthevendors. ....................................................................................................................................................................40 4.3Understandthefollowingorganizationalcapabilitiesthatarerelevantforrealizingcloudbenefits..42 4.4Describemultipleapproachesformigratingapplications.................................................................... 43 Domain4.0SampleQuestions.................................................................................................................... 44 Domain5.0ImpactandChangesofCloudComputingonITServiceManagement...................................47 5.1UnderstandtheimpactandchangescloudcomputingonITservicemanagementinatypical organization................................................................................................................................................47 5.2UseastructuredapproachbasedonITILtoexplorethepotentialimpactofcloudcomputinginyour organization................................................................................................................................................51 Domain5.0SampleQuestions.................................................................................................................... 53 Domain6.0RisksandConsequencesofCloudComputing........................................................................ 56 6.1Explainandidentifytheissuesassociatedwithintegratingcloudcomputingintoanorganizations existingcomplianceriskandregulatoryframework................................................................................... 56 6.2Explaintheimplicationsfordirectcostandcostallocations................................................................57 6.3Understandhowtomaintainstrategicflexibility................................................................................. 58 Domain6.0SampleQuestions.................................................................................................................... 59 Appendix1:References.............................................................................................................................. 62
Appendix2:AnswerstoDomainQuestions............................................................................................... 65 Appendix3:AcronymListandGlossary...................................................................................................... 69 Appendix4:Index.......................................................................................................................................75
CloudEssentialsStudyGuide
Page1
Page2
Introduction
Cloud computing is the newest buzzword in the world of information technology (IT). In its simplest form, cloud computing extends the flexibility of IT resource allocation already realized throughdatacentervirtualization.Initsmostelaboratesense,cloudcomputingprovidesatotal paradigm shift in the way IT resources are provisioned and managed. Although many vendors, most notably VMware and Microsoft (MS), provide their own cloud solutions and associated certification training paths, there are few neutralvendor certifications available for the cloud. The Computing Technology Industry Association (CompTIA) offers just such a certification with their Cloud Essentials program (http://certification.comptia.org/getCertified/certifications/cloud.aspx). Because the exam is new, there are few resources available to prepare for it. This study guide followstheCloudEssentialsCertificationExamObjectives(CLO001)(CompTIA,2011): Domain1.0CharacteristicsofCloudServicesfromaBusinessPerspective Domain2.0CloudComputingandBusinessValue Domain3.0TechnicalPerspective/CloudTypes Domain4.0StepstoSuccessfulAdoptionofCloudComputing Domain5.0ImpactandChangesofCloudComputingonITServiceManagement Domain6.0RisksandConsequencesofCloudComputing
Page3
Domain1.0CharacteristicsofCloudServicesfromaBusinessPerspective
During an interview at the Churchill Club, Larry Ellison, the chief executive officer (CEO) of Oracle Corporation, famously stated all the Cloud is, is computers in a network (2009), meaning that cloud computing is nothing new and merely a different name for the way computing has always been done. However, something happened about 2006 to change the way the term cloud computing would be viewed. In that year Amazon introduced Elastic ComputeCloud(EC2)(Amazon,2006)andGoogledevelopedGoogleApps(Hausman,Cook,and Sampaio,2013). TheNationalInstituteofStandardsandTechnology(NIST)definescloudcomputingasamodel for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (2011, p. 2). While technically sound, this definition does little to emphasize the impact that cloud computing is having and will continue to have on the waythatgovernments,universities,corporations,companies,andindividualsconductbusiness. One entity that has taken cloud computing seriously is the United States (U.S.) government (USG).VivekKundra,formerU.S.ChiefInformationOfficer(CIO),statesthatcloudcomputing has the potential to play a major part in addressing inefficiencies and improving government service delivery. The cloud computing model can significantly help agencies grappling with the need to provide highly reliable, innovative services quickly despite resource constraints (2011, p.1). Does cloud computing deserve such faith from one of the worlds largest consumers of IT)? Only time will tell, but Gartner believes the public cloud services market is forecast to grow 18.5 percent in 2013 to total $131 billion worldwide, up from $111 billion in 2012, so the USG isnotalone. 1.1Understandcommontermsanddefinitionsofcloudcomputingandprovideexamples. According to their Cloud Essentials Certification Exam Objectives, CompTIA used NIST publication800145duringdevelopmenttostandardizeonthedefinitionofcertainCloudterms (2011, p. 2), so most of the terms described in this section will be based on the meaning offeredinthisNISTdocument. Deployment model is one category NIST uses to describe cloud computing. These models are further described in Section 1.4 but are listed below. There is a general consensus on these models:theyareidenticaltothoselistedintheWikipediaarticleforcloudcomputing(2013): PrivateCloud CommunityCloud PublicCloud HybridCloud
Page4
Service model is another category NIST uses to describe cloud computing. The three most prominent and accepted service models are mentioned in NIST publication 800145. They are furthereddiscussedinSection1.7: SoftwareasaService(SaaS) PlatformasaService(PaaS) InfrastructureasaService(IaaS)
Other service models have been nominated, most notably these two defined by the InternationalTelecommunicationUnion(ITU)(2012): NetworkasaService(NaaS) CommunicationsasaService(CaaS)
Others that could be mentioned on the Cloud Essentials exam include the following (CompTIA, 2011): BusinessProcessasaService(BPaaS) MonitoringasaService(MaaS) TestingasaService(TaaS)
In theory, there are many types of service models possible. For this reason, the term Anything asaService(XaaS)hasbeenusedtoaccommodateallpossibilities(Accenture,2012). NISTalsoidentifiestheseessentialcharacteristicsforcloudcomputing(2012,p.2): Ondemand selfservice. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiringhumaninteractionwitheachserviceprovider. Broadnetworkaccess.Capabilitiesareavailableoverthenetworkandaccessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms(e.g.,mobilephones,tablets,laptops,andworkstations). Resource pooling. The providers computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledgeovertheexactlocationoftheprovidedresourcesbutmaybeabletospecify locationatahigherlevelofabstraction(e.g.,country,state,ordatacenter).Examplesof resourcesincludestorage,processing,memory,andnetworkbandwidth.
Page5
Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand.Totheconsumer,thecapabilitiesavailableforprovisioningoftenappeartobe unlimitedandcanbeappropriatedinanyquantityatanytime. Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for boththeproviderandconsumeroftheutilizedservice. Other terms associated with cloud computing that NIST does not mention in publication 800 145includethefollowing: Virtualization.Thecreationofalogicalresourceatalowerlayersoitappearsto be a physical resource to the layers above it. To accomplish this simulation, there is usually an "abstraction layer" between the logical resource (or resources) and everythingelseabove.ThisconceptisexploredfurtherinSection1.2. Multitenancy. In reference to software architecture, multitenancy occurs when a single instance of an application serves multiple client organizations, as opposed to launchingmultipleinstancestoserveeachclientorganizationindividually.Accordingto Phil Wainewright, services must be provided as multitenancy in order to be considered trulycloudcomputing(2010). Service Level Agreement (SLA). A contract in which a cloud computing provider promises an agreed upon level of service to include factors such as performance, reliability, availability, and security. Without an SLA, cloud computing could not be a successfulbusinessmodel. Cloud Broker. An application or entity that facilitates the exchange of service betweenresourceslocatedindifferentcloudcomputingarchitectures. CloudBursting.Thetemporaryuseofpubliccloudresourcestohandlesurgesin workload and user access. Often times cloud bursting occurs in a hybrid environment where a public cloud is used to augment services provided in a private cloud during a surge. CloudComputingStack.ThehierarchalpyramidshowingSaaSatthetop,PaaSin themiddle,andIaaSatthebase,asdescribedinSection1.7. Federation.Intheinformationsciences,federationreferstomultiplecomputing providers agreeing upon protocols and standards of operation. Ironically, while cloud computing is meant to result in the widest distribution of computing services (sometimes referred to as democratization), the plethora of cloud computing vendors and the methods they have used to deploy their services has resulted instead in larger
Page6
and deeper stovepipes of information and resources than ever before. Federation and cloud brokering offer the greatest hope in rectifying this debilitating problem facing the cloudcomputingindustry. Identity and Access Management (IAM). Sometimes referred to simply as identity management, IAM is the management of a users identity (known as the security principal, or just principle) within a particular IT environment such as a cloud service.Thisconceptisdiscussedfurtherwithinthesecuritysectionsofthisguide. 1.2Describetherelationshipbetweencloudcomputingandvirtualization. Virtualization is a technological concept that allows the provisioning of computing resources to the realtime demands of the workload. Computer scientists and engineers have been using virtualizationsincethebeginningofcomputingtoenableeverythingfromcommandprocessing to data storing (virtual memory, logical disks, and so on). Virtualization was hidden from most users until VMware and other vendors made it possible to virtualize the actual workstations and servers themselves, hardware resources that administrators and users have been accustomedtohandlingonlyasphysicaldevicesinthepast. Cloud computing, on the other hand, is a business model that allows the distribution of computing resources to users from whatever location makes sense for the business. The reason cloud computing has become such a phenomenon lately is because the underlying technology that makes cloud computing possible, virtualization, has made significant strides overthepastdecade. The business value of cloud computing, empowered by virtualization (and related technologies such as storage area networks (SAN) and serviceoriented architecture (SOA)) are investigated inSection2.2. 1.3Nameearlyexamplesofcloudcomputing. In the most general sense, webmail services such as those provided by Yahoo! Mail, Google Gmail,andMicrosoftWindowsLiveHotmailareatypeofSaaSandcouldbeconsideredsomeof the earliest examples of cloud computing. Most users do not have email servers in their homes.Instead,usersfinditmorecosteffectivetooutsourcethatcapabilitytoanorganization that runs email servers for a living, even though their datacenter is located far away and can onlybeaccessedthroughtheInternet. Today, cloud computing is considered more than just a service provided from a remote location.Theearliestexamplesofcloudcomputingasdefinednowadaysbeganin2006: SaaSGoogleApps PaaSRackspaceCloud IaaSAmazonWebServices(knownasElasticComputeCloudin2006)
Page7
1.4Understandseveralcommondefinitionsofcloudcomputingandtheir commonalities/differences. NISTprovidesthesedefinitionsforcloudcomputingdeploymentmodels(2011,p.3): Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned,managed,andoperatedbytheorganization,athirdparty,orsomecombination ofthem,anditmayexistonoroffpremises. Communitycloud.Thecloudinfrastructureisprovisionedforexclusiveusebya specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, athirdparty,orsomecombinationofthem,anditmayexistonoroffpremises. Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of thecloudprovider. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and applicationportability(e.g.,cloudburstingforloadbalancingbetweenclouds). The greatest distinction between public cloud and all other deployment models is the idea of multitenancy. Public cloud offerings are, by definition, multitenant. The other models make use of private cloud deployment model in one way or another and depend on a single tenant architecture. This distinction is significant when studying which types of organization may or maynotbenefitfromcloudcomputing. 1.5Recognizewhattypesorganizationsmightbenefitfromcloudcomputing In general, any organization that experiences an unpredictable workload over time would benefit greatly from cloud computing, such as retailers who sell their goods through online shoppingapplications. Another interesting example from the world of content distribution is Netflix. This company delivers a billion video instances to customers every month (VaughanNichols, S. J., 2013). To accomplish this feat, Netflix distributes its inventory of films using Amazon Web Services, even thoughAmazonisavideocontentcompetitortoNetflixsbusiness. Any organization that relies heavily on mobile computing would also benefit from the distributedarchitectureprovidedbycloudcomputing.
Page8
The NIST cloud computing reference architecture defines five major actors: cloud consumer, cloudprovider,cloudauditor,cloudbroker,andcloudcarrier. 1.6Recognizewhattypesorganizationsmightnotbenefitfromcloudcomputing For CompTIAs Cloud Essentials exam, it is important to note that any organization bound by legal obligations to ensure privacy and confidentiality will have additional challenges in adoptingacloudcomputingstrategy.Examplesentitiesincludethefollowing: Health Insurance Portability and Accountability Act of 1996 (HIPPA). This law ensures security and privacy of health data during electronic data interchange within the U.S. healthcare system. Because of this law, medical facilities would find it difficult toutilizecloudservices. SarbanesOxley Act of 2002. This law places restrictions on the handling of financial records, making it difficult for financial institutions to comply with if those recordsarelocatedinacloudenvironment. Military organizations would also find it difficult to utilize cloud services due to thesensitivityoftheirinformation. But even the above challenges can by overcome by utilizing private clouds with appropriate securitymechanismsinplace.ThispointwasdramaticallyprovenwhentheCentralIntelligence Agency (CIA), one of the most secretive organizations in theworld,awardeda$600 contractto hostaprivatecloudatAmazonWebServices(AWS)(Golden,2013).Itisimportanttonotethat the CIA chose AWS overIBM Cloud even though IBMs offer was lowerin price because the CIAdeterminedthatAWSsplanwasmoresecure. 1.7 Distinguish between the different types of clouds, including XaaS, IaaS, PaaS, and give examplesofthem NISTprovidesthesedefinitionsforcloudcomputingservicemodels(2011,p.23): Software as a Service (SaaS). The capability provided to the consumer is to use the providers applications running on a cloud infrastructure2. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., webbased email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exceptionoflimiteduserspecificapplicationconfigurationsettings(NIST,2011,p.2). Platform as a Service (PaaS). The capability provided to the consumer is to deployontothecloudinfrastructureconsumercreatedoracquiredapplicationscreated using programming languages, libraries, services, and tools supported by the provider.3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed
Page9
applicationsandpossiblyconfigurationsettingsfortheapplicationhostingenvironment (NIST,2011,p.23). Infrastructure as aService (IaaS).The capability providedto the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g.,hostfirewalls)(NIST,2011,p.3). As shown in Figure 1, a common way to visualize these service models is through a pyramid (oftenreferredtoasthecloudcomputingstack)thatdisplaysboththe modelsand theprimary consumersforeachmodel(Hausman,Cook,andSampaio,2013).
Figure1CloudComputingServiceModelStackandPrincipleConsumers
Below are examples of realworld vendors who provide cloud services that fall under one or moreoftheservicemodels: SaaS o o MicrosoftOffice365(http://office.microsoft.com/enus/) Zoho(http://www.zoho.com/)
o GoogleApps (http://www.google.com/intx/en/enterprise/apps/business/) o PaaS Salesforce(http://www.salesforce.com/)
CloudEssentialsStudyGuide o o o o IaaS o o
Page10
MicrosoftWindowsAzure(http://www.windowsazure.com/enus/) RackSpace(http://www.rackspace.com/) GoogleAppEngine(https://developers.google.com/appengine/) Force(http://www.force.com/)
MicrosoftWindowsAzure(http://www.windowsazure.com/enus/) AmazonWebServices(http://aws.amazon.com/)
o Google Compute Engine (https://cloud.google.com/products/compute engine) o IBM Cloud Services services/cloudservices.html) (http://www935.ibm.com/services/us/en/it
Notethatsomevendorsofferservicesalongallmodels.Itisalsocommontofindhybridservice models. For example, developers can build their applications on a cloud providers PaaS offeringandthendistributethoseapplicationstousersfromthecloudprovidersSaaSoffering. Domain1.0SampleQuestions 1. Which of these organizations would have the greatest challenge in adopting a cloud computingstrategy: a. AcmeTaxService b. JohnsonVideoStreamingService c. NewYorkMedicalInstitute d. TheAmericanOnlineClothingRetailer 2. Webemailserviceisanexampleofwhichtypeofcloudcomputingservicemodel: a. IaaS b. XaaS c. PaaS d. SaaS
Page11
3. Which cloud computing deployment model is most appropriately associated with multitenancy: a. PublicCloud b. HybridCloud c. PrivateCloud d. CommunityCloud 4. Whatyeardidthetermcloudcomputingtakeonthemeaningthatithastoday: a. 1998 b. 2000 c. 2006 d. 2010 5. Whichcloudcomputingservicemodelisusedprimarilybyapplicationdevelopers: a. IaaS b. XaaS c. PaaS d. SaaS 6. Whichcloudcomputingservicemodelismeanttoencompassallpossiblemodels: a. IaaS b. XaaS c. PaaS d. SaaS a. Which technology is most responsible for the recent growth of cloud computing services: b. SLA c. SOA d. IAM e. Virtualization
Page12
7. Which concepts should be used to overcome the isolation of information and resources withinseparatecloudcomputingenvironments(choosetwo): a. Federation b. Virtualization c. SOA d. CloudBroker 8. Which cloud computing service model would enable client administrators the ability to manageandcontroltheirownnetworkdevicesandapplicationservers: a. IaaS b. XaaS c. PaaS d. SaaS 9. Cloudcomputingstackisatermusedtodescribetheservicemodelhierarchy: a. True b. False
Page13
Domain2.0CloudComputingandBusinessValue
Although empowered by technology, cloud computing is not itself a technology. Cloud computing is a business model. Like all business models, this one only makes sense if there is value added to the organization. As pointed out by Kirk Hausman, Susan Cook, and Telmo Sampaio,itiseasytogetcaughtupinthehypeaboutcloudcomputing,butnoteverybusiness willbenefitfromrapidadoptionofcloudservices(2013,p.79). In this section, the business drivers for cloud computing are examined. These drivers must be analyzed by senior leaders to determine if, where, and how much of an organizations IT servicesshouldbemigratedintoacloudenvironment. 2.1Recognizethesimilaritiesanddifferencesbetweencloudcomputingandoutsourcing. IT outsourcing has been around for decades. Cloud computing, as we know it today, has been around since 2006. In their article Cloud Computing Versus Traditional Outsourcing Key Differences, Kuan Hon and Christopher Millard delve into the legal considerations when distinguishing between IT outsourcing and cloud computing (2012). In particular, the authors claim that laws within the European Union (E.U.) are accustomed to the IT outsourcing model andareillpreparedtodealwithcloudcomputing. Inthemostgeneralterms,IToutsourcinginvolvesadetailedcontractbetweenaprovideranda customer, while cloud computing involves a payasyougo, commoditystyle service, similar to how telephone and electric service are provisioned for most organizations. In his video "IT OutsourcingandCloudComputing",RonHogueexploresthesimilaritiesanddifferences(2012): Similarities o "Third Parties Retain Assets" Both models result in an outside organizationowningtheresourcesbeingusedtoprovidetheservice. o "Lack of Internal IT Resources" In both models, the customer generally doesnotmanageitsowninternalITresources. o "Risks"Inherentrisksforbothmodelsincludethefollowing: "VendorLockIn"
"Confidentiality" Or rather, the potential for a breach in confidentiality. Differences o "Interaction"ThereisgenerallymoreinteractionwithanIToutsourcing vendor. The contract would be tailored to the needs of the client. Cloud computing, on the other hand, is usually provisioned using prepackaged service contracts.
Page14
o "Scaling" Because it is payasyougo, a cloud computing contract is considered more scalable and can usually be changed much quicker to accommodatevariationsinondemandutilization. o "Commitment" IT outsourcing contracts are typically established for one to three years, whereas cloud computing is generally ondemand and pay asyougowithnocommitmentfromtheclient. One interesting factor to note is that, with the popularity and potential cost savings of cloud computing,itisverylikelythattheorganizationsprovidingIToutsourcingservicestoclientswill themselvestakeadvantageofcloudcomputingproviders. 2.2 Understand the following characteristics of clouds and cloud services from a business perspective. Scalability. As shown in Figure 2, IT resources can be scaled vertically, which means adding more resources to existing hardware servers. Datacenters often add more servers to scale horizontally. As distributed services became the norm, following theexplosionoftheInternetandwebenabledapplications,datacentersmovedtohigh end backend servers that are vertically scaled as needed while front end servers are horizontally scaled in quantity as needed to handle client interface demands. With virtualization, the host servers are vertically scaled with more resources and/or scaled horizontally as needed while IT services themselves are horizontally scaled with additionalvirtualizedserversbuilttohandletheworkload.
Figure2VariousLevelsofScalability
Page15
Security. In cloud computing, security is a doubleedged sword. On the one hand, by moving IT resources, applications, and information into the cloud, an organization loses control of these assets and experiences additional risk. This risk comesinthreeforms: o DatainMotionDatathatistravellingbackandforthbetweentheclient organization and the cloud service provider. This data must be encrypted to ensureconfidentialityandintegrityoftheinformation.Mostcloudprovidersuse Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and some kind of PublicKeyInfrastructure(PKI)toprotecttheirclientsdatainmotion. o Data at Rest Data that is recorded on the cloud service providers storage infrastructure. This data must be protected from outside threats using defense in depth and from inside threats using policies such as least privilege, separation of duties, and the twoperson rule. The data should be encrypted on thestoragedeviceitselfasthelowestandlastlineofdefense. o Data in Use Data that is being used by the client but resides in random access memory (RAM) somewhere within the cloud service providers infrastructure. Data in this state is the most vulnerable and can only be protectedusingasubsetofthedefenseindeptharchitectureusedtoprotectthe dataatrest. On the other hand, organizations may not have been providing adequate security using their own inhouse resources originally, or perhaps a new organization has decided to use cloud computing because it cannot afford to hire the personnel or purchase the products required to provide adequate security. Cloud service providers implement enhanced security through economics of scale with highly qualifiedsecurityspecialistswhoshouldbeavailabletwentyfourhoursaday,seven days a week. These professionals provide security services that could be cost prohibitive for the client organizations to implement themselves, including the followingtasks: o o o o o Patchmanagement. Softwareupdates. Backupandrecovery. Redundancyandfaulttolerance. Computingnetworkdefense:
Firewalls Intrusiondetection/preventionsystems(IDS/IPS) Proxyservices
CloudEssentialsStudyGuide o o o
Virtualprivatenetworks(VPN) Networkaddresstranslation(NAT)
Page16
Systemauditing. Encryption. Incidentresponseandhandling.
HardwareIndependence.Forcloudcomputingtobesuccessful,applicationsand services must be hardware independent, easy to migrate, and based on open Internet technology standards. Otherwise, a client organization may find itself caught in vendor lockin using customized proprietary cloud applications. The preferred software and architecture design pattern is serviceorientedarchitecture (SOA), which is independent of vendor, product, or technology, and allows for migration from one cloud provider to another. Variable Costs. One of the primary motivations for migrating IT services to a cloud provider is to avoid the cost of building a datacenter or of maintaining and upgrading a datacenter if one already exists. The cost of building a datacenter falls under the heading of capital expense (CapEx). By avoiding these fixed assets and instead purchasing IT services from a cloud provider, an organization will expend operational expenses (OpEx). While there are direct and indirect costs associated with eachmodel,theoneadvantageofOpExisthelackofinvestmentinhardwarethatmust be maintained and eventually replaced. Furthermore, OpeEx can be deducted for tax purposes in the year they are incurred, while CapEx must be amortized over multiple fiscalyears(Diffen,2012).Theimportantfactorstoconsideraretotalcostofownership (TCO)andreturnoninvestment(ROI): o TCO is the complete cost of a service throughout its lifetime, including directandindirectcosts. For an inhouse datacenter, TCO includes personnel for network engineering, systems administration, information assurance, and help desk; hardware and software licenses; electrical power; air conditioning; realestate;maintenancecontracts;insurance;securitymeasures;andlife cyclereplacement. Forcloudcomputingservices,TCOincludesdirectlybilledservices for storage, central processing unit (CPU) cycles, memory usage, and bandwidth consumption; personnel for help desk, procurement and contractoversight;hardwareandsoftwarelicenses;andcostofmigrating services and information from the organizations location to the cloud serviceprovider.
Page17
o ROI is the measurement of a services benefit divided by the cost of the service over a specified period of time. It is assumed that, over time, the OpEx for cloud computing would be greater than CapEx for an inhouse datacenter. The ROI reveals how long it would take for these expenses to converge. The organization must determine what makes more sense, an improved cash flow in the short term by using cloud computing or longterm savings by leveraging the valueofthecapitalinvestmentinadatacenter. Time to Market. According to the authors of Cloud Essentials, organizational agility is the ability to rapidly adapt to changes in the market or industry through identification and realization of opportunities (Kirk, Cook, and Sampaio, 2013, p. 78). By leaving IT management to cloud service provider professionals, an organization can dedicate more time to its core business. For example, Ben Kepes claims that software developersspend80%oftheirtimemaintainingtheirdatacenterinfrastructureand20% oftheirtimedevelopingsoftware.Hebelievesthesepercentagescouldbereversedifa software development firm would migrate its IT service to the cloud (2011). Furthermore, these organizations could reduce time to market by provisioning additional IT resources as needed through a cloud service provider rather than wasting timeonprocuringandinstallingadditionalcomputingpowerforaninhousedatacenter, especially if those resources are only needed for a finite amount of time to accommodateaspecificproject. Distribution over the Internet. The Internet is one of the reasons why cloud computing is possible on a national and international scale. Nowadays, it is possible to runabusinessinonecitywhileitsITresources,applications,andinformationarestored and provisioned from multiple datacenters located across the globe. This distributed architecture also makes it possible to leverage the flexibility of mobile devices to empower mobile workers. However, this great capability comes with its own risk. Many things can go wrong between an organizations location and the cloud service providers datacenters, outages that have nothing to do with the cloud service providers facilities. Furthermore, IT performance will never be as responsive coming from a cloud provider as it would be from an inhouse datacenter. Internet bandwidth and packet latency are both factors neither the cloud service provider nor the client organization have any control over. Monitoring performance and reacting to problems isoneofthegreatestchallengesfacingthecloudserviceindustry. 2.3Demonstratehowthecharacteristicsofcloudcomputingenhancebusinessvalue. The characteristics described in the previous section were specifically mentioned my CompTIA in their Cloud Essentials Certification Exam Objectives, but they must be viewed in the larger contextofthethreeprimaryreasonsforconsideringcloudcomputing: Increased Capability (meaning more effectiveness and/or more efficiency). Scalability,specificallynearinstantaneousprovisioningofITresourcestomeetworkload demands is the primary means for realizing effectiveness from cloud computing, while
Page18
taking advantage of a cloud service providers expertise and economics of scale are the primarywaystoimproveefficiency. DecreasedCost.Utilizingcloudcomputingenablesorganizationstodecreasethe cost of an inhouse datacenter, specifically by avoiding the investment in equipment that may not always be used to its fullest potential and must be replaced after a few yearsandbyeliminatingtheneedtohire,train,andretainexpensiveITpersonnel. Risk Mitigation. Risk mitigation is a complex topic because of the shift in risk when moving resources and information to the cloud (which will be covered in detail in Domain6.0). In the end, the only criterion for deciding to migrate to the cloud and what type of cloud servicestopurchaseisthebusinessimpact: Organizational Agility. Reacting and adapting to change (Kirk, Cook, and Sampaio,2013,p.79). Strategic Flexibility. Anticipating and preparing for uncertainty (Kirk, Cook, and Sampaio,2013,p.79). Domain2.0SampleQuestions 1. Which of these characteristics represent a difference between cloud computing and IT outsourcing: a. Risks b. Abilitytoscaleondemand c. OwnershipofITresources d. Offsitestorage 2. Which of the following reasons should be considered most when determining whether ornottoutilizeacloudserviceprovider: a. Totalcostofownership b. Technology c. Returnoninvestment d. Businessimpact 3. Whichtypeofscalabilityinvolvesaddingadditionalresourcestoexistinghostservers:
CloudEssentialsStudyGuide a. Vertical b. Horizontal c. Diagonal d. Upscale 4.
Page19
WhichofthefollowingrisksisinherentinbothcloudcomputingandIToutsourcing: a. Vendorlockin b. Lackofscalability c. Equipmentobsolescence d. Capitalexpense
5. Which of the following problems does the cloud service provider have least control over: a. Powerconsumption b. Storagespace c. Internetlatency d. CPUoverutilization 6. In the U.S., operational expenses can be deducted fully from taxes in the same fiscal year: a. True b. False 7. Howcancloudcomputingreducethetimeittakesanorganizationtobringaproductto market: a. Bylimitingvariablecosts b. Byavoidingvendorlockin c. Byreducingtotalcostofownership d. Byprovidingondemandcomputingcapacityasneeded 8. Whatisoneoftheprimarychallengesfacingthecloudserviceindustry: a. Storagecapacityplanning
Page20
b. Determiningmostappropriateservicemodeltoutilize c. Performancemonitoring d. OpExversusCapEx 9. What are two ways an organization can reduce costs using cloud computing (choose two): a. Savingsonbandwidthconsumption b. Avoidinvestmentinequipment c. ReducethenumberofITstaffrequired d. Reducethenumberofprocurementspecialistsrequired 10. Underwhichconditionsmustdatabeprotected: a. Dataatrest b. Datainmotion c. Datainuse d. Alloftheabove
Page21
Domain3.0TechnicalPerspectives/CloudTypes
Althoughnotitselfatechnology,cloudcomputingdependsontechnology.Inafewcases,such asvirtualization,newtechnologieswereneededinordertomakecloudcomputingareality.In other cases, such as networking, IT professionals have had to look at underlying, existing technologiesinnewandinnovativeways. 3.1 Understand the difference between private and public types of clouds from a technical perspectiveandprovideexamples Public cloud is the deployment model most associated with cloud computing. One of the first vendorstoofferpubliccloudserviceswasAmazonWebServices(AWS).Asshowninthescreen capture from the AWS services page in Figure 3, Amazon offers various packages that can be customizedforondemandprovisioningbyaclient. Intheend,however,theclientsresources and information will be shared on the same hardware and virtual environment as many other clients. This situation is known as multitenancy, a concept that allows clients to share in the economicsofscaleenjoyedbythepubliccloudprovider.Butmultitenancyalsoresultsinmany applications competing for the same resources and risks for all clients if one clients environmentisattacked.
Figure3AWSPublicCloudOfferings
Page22
In recent news, the CIA has just awarded AWS a six hundred million dollar contract for cloud services (Golden, 2013). Of course, the CIA will not be using the same interface as shown in Figure 3, nor will the spy agency be sharing its resources or storing its highly sensitive data on thesamevolumesasotherAWSclients.Thiscontractwillbeforaprivatecloud. Therearetwodifferenttypesofprivateclouds: Outsourced private clouds, like the one AWS will be doing for the CIA. These clouds are built using products such as Xenproject (http://www.xenproject.org/users/cloud.html). The primary difference between this deploymentmodelandthepublicclouddeploymentmodelisthis: o Publiccloud:Multitenancy,sharedvirtualizedinfrastructure.
o Outsourced Private cloud: Singletenancy, segregated virtualized infrastructure. Inhouse private clouds, such as those built using products from vendors such as Microsoft (http://www.microsoft.com/enus/servercloud/solutions/virtualization privatecloud.aspx#fbid=VBEubVskhak) and VMware (http://www.vmware.com/cloud computing/privatecloud.html). The characteristics that differentiate a private cloud fromavirtualizeddatacenterincludethefollowing(HurwitzandKaufman,2011): o o o o Automationandaselfserviceforprovisioning. Wellmanagedenvironment. Sophisticatedsecurityandgovernance. Controlledservicelevel.
3.2 Understand at a high level the following important techniques and methods for cloud computingdeployment. Networking. Networking is often described in terms of the seven layers of the theoretical Open Systems Interconnection (OSI) Model as shown in the first two columns of the table in Figure 4. Cloud computing itself depends on the Internet and World Wide Web, which are usually mapped to the transport control protocol (TCP)/internet protocol (IP) stack as shown in the third column of the table. The actual equipment in a datacenter associated with the TCP/IP stack is shown in the fourth column. The final column shows one way in which the cloud computing service models canbemappedtotheTCP/IPstack.
Page23
Figure4NetworkingLayers UnderstandingSaaSandPaaSintermsofnetworkingisratherstraightforward: o SaaS Users access and execute applications at the cloud service providersdatacenters,usuallythroughwebaccessacrosstheInternet. o PaaS Developers build their software using application program interfaces (API) provided by the cloud service providers computing platform, usuallyaccessedusingthehypertexttransportprotocol(HTTP). For IaaS however, network access is not so straightforward. A datacenters architecture consists of layer one (cabling) and layer two (switch) devices that make up the local area network (LAN). Under the IaaS service model, a cloud service provider hosts these resources for a client organization, but the administrators at the client organizations location must traverse a wide area network (WAN) the Internet in most cases at the layer three level in order to access the infrastructure atthecloudserviceprovidersdatacenter.Virtualnetworkingattemptstoovercome this problem by creating a layer of abstraction between the physical network at the cloud service providers data center and the virtual network which the administrators at the client organizations site see across the WAN (CloudScaling, 2009). This virtualization technique is known as layer two over layer three (L2 over L3). One L2 over L3 method is known as virtual extensible local area network (VXLAN), a type of softwaredefined cloud networking (SDCN) technology that utilizes layer two tunnels across TCP/IP routed networks (such as the Internet). VXLAN was developed by a consortium of vendors to include Intel, VMware, Arista, andBroadcom(Hausman,Cook,Sampaio,2013). Automation and Self Service. For cloud computing to be useful to client organizations, there must be a way in which the client administrators can monitor the performance and capacity of their cloud resources. There must also be a method to
Page24
quickly provision resources (virtual machines, storage, applications, etc.) as needed. Selfservice provisioning is most often provided by means of a webbased portal which includes virtual machine monitors (VMM) and controls to add resources to existing virtual machines (vertical scaling) or to add additional virtual machines (horizontal scaling). Administrators must use credentials and possibly strong authentication in order to access the selfservice portal. The administrators would only be able to manipulate resources as established by the cloud service provider based on contractual agreement.Theprovidermustensuresecurityofitsresourcesandmustensurethatno administrator can interfere with another clients resources. To be truly effective, the selfservice portal should provide a great deal of automation, especially since it is not possible for the client administrators to directly access the hardware and software like they could if they were managing their own inhouse datacenter. Automation features couldincludeanyorallofthefollowing: o o o o Databackupandrecovery. Resourcepoolingforondemandworkload. Provisioningpolicyenforcement. Resourcelimitationenforcement.
Setting restrictions and limitations using automation is critical to ensure proper governance over a clients cloud computing environment by enforcing change management and preventing problems such as virtualization sprawl and inconsistenciesinvirtualmachineconfiguration. Federation. Stove piped information occurs when an organization places all of its IT resources into a single cloud service provider environment where proprietary protocols and systems are used. Federation is one way to overcome this problem, either through the interconnection of two or more service providers environments through sharing agreements or through the federation of user identities so that a user can access applications and information from multiple environments, preferably taking advantage of single signon (SSO). For federated cloud services to be successful, the service providers must make resource provisioning, billing support systems (BSS), and customer support transparent to the users. The cloud service providers must also integrateandextendtheirclientfacingSLAs. The Role of Standardization. The most effective way to ensure interoperability between cloud environments is to maximize the use of cloud computing standards basedonopenInternetstandardsandaccepteddataformats.Bothgoodandbadnews, there are numerous organizations developing cloud computing standards (Hausman, Cook,Sampaio,2013): o CloudSecurityAlliance(CSA)https://cloudsecurityalliance.org/
Page25
o Cloud Standards Customer Council (CSCC) http://www.cloud council.org/ o Distributed Management http://dmtf.org/standards/cloud Task Force (DMTF)
o Institute of Electrical and Electronics Engineers (IEEE) Standards Associationhttp://standards.ieee.org/index.html o National Institute of http://www.nist.gov/itl/cloud/ Standards and Technology (NIST)
o Organization for the Advancement of Structured Information Standards (OASIS)https://www.oasisopen.org/committees/tc_cat.php?cat=cloud o Storage Network Industries http://www.snia.org/forums/csi Association (SNIA)
One can only hope that the standards developed by these organizations will be compatiblewitheachother. 3.3Explaintechnicalchallengesandrisksforcloudcomputingandmethodstomitigatethem In general, the challenges and risks associated with cloud computing exist because an organizations IT resources and information are stored in a location outside of their control. The client organization is dependent on SLA to ensure confidentiality, integrity, and availability (thesecurityCIAtriad)oftheirresources,leavingeverythingfromphysicalsecuritytocomputer networkdefensetoanoutsideentitywhowillnevercareasmuchaboutthoseresourcesasthe client organization does. In particular, client organizations leave themselves open to loss of assets and information if the cloud service provider goes out of business or is forced to give up a clients information due to legal action. In addition to these general issues, CompTIA specificallylistthefollowingchallengesintheirCloudEssentialsCertificationExamObjectives: Cloud Storage. SNIA defines cloud storage as Data storage as a Service (DaaS) and provides this definition: Delivery over a network of appropriately configured virtual storage and related data services, based on a request for a given service level. Typically,DaaShideslimitstoscalability,iseitherselfprovisionedorprovisionlessandis billed based on consumption (2013, p.63). As data at rest, cloud storage is susceptible tocompromiseifthecloudserviceprovidersdefenseindeptharchitectureisbreached, unless the data is encrypted. Not all cloud service providers encrypt user information, or they dont encrypt all of the information. Sometimes, for performance reasons, only information clearly identified as sensitive is encrypted. Aaron Souppouris reports that, although Amazon Web Services has been encrypting client information since 2011, Google has only recently started encrypting client information in response to accusationsthattheU.S.NationalSecurityAgency(NSA)isspyingoninformationstored by companies who do business on the Internet (2013). But whether encrypted or not,
Page26
duetothemultitenancynatureofDaaS,organizationsbeholdentoregulatorymandates such as SarbanesOxley Act (SOX), Payment Card Industry Data Security Standards (PCI DSS), or Health Insurance Portability and Accountability Act (HIPPA), may not be able to meetcomplianceobligationsusingcloudstorage.Inordertodoso,theywouldneedto negotiate a private cloud offering with their cloud service provider in the same what thattheU.S.CIAwillbedoingwithAmazonWebServices.Oneofthechallengesfacing cloud storage providers is the sheer volume of data they must securely store and manage for their clients. The term big data has been coined to describe applications that generate several terabytes of data every day. One technology that some vendors use to mitigate this challenge is data deduplication sometimes referred to as intelligent data compression or singleinstance data storage a specialized data compression technique for eliminating duplicate copies of repetitive data. The variety of data formats also creates a challenge to cloud storage providers, everything from multimedia to structured database files. Unstructured, flat files such as text and binary requiremoreprocessingpowerforparsing. Application Performance. Although distributed applications are nothing new to datacenters and have been successfully implemented across the Internet for over a decade, there are more applications and more different types of applications being introduced to cloud computing every day, and not all applications are suitable to be deliveredfromthecloud.Hausman,Cook,andSampaioofferthisruleofthumb: o Applications that process large amounts of data and are input/output (I/O)boundshouldremainonpremises; o ThosethatrequireprocessingsmallamountsofdataandareCPUbound canbenefitfromcloudcomputing(2013,p.135). It is not always easy to follow this rule of thumb. Most organizations can either depend entirely on a cloud service provider or not utilize their service at all not both. And even small organizations can generate a lot of storage data. The challenge to successfully delivering applications from a cloud service provider, especially when using the multitenant environment of a public cloud, is scalability and elasticity. The cloud service provider must be able to provision the resources needed to fulfill SLA obligations during predictable, unpredictable, and periodic bursts in workload demand. Another problem facing cloud service providers is the that security reduces performance. The more secure the computing environment, the greater the performance penalty. Encryption is one of the best ways to protect data whether at rest or in motion. Encryption causes increased CPU utilization and creates latency. For this and many other reasons, applications must be built from thegroundup,orextensivelymodified,tosurviveandthriveinacloudenvironment. Data Integration. In cases where standardization and interoperability between cloud service providers fail, vendors often develop an orchestration layer meant to allow the arrangement, organization, integration and management of the resources
Page27
of multiple cloud vendors. A few cloud orchestration tools on the market today includethefollowing: o Cisco Intelligent Automation for http://www.cisco.com/en/US/products/ps11869/index.html o Citrix CloudPlatform http://www.citrix.com/products/cloudplatform/overview.html Cloud
o Flexiant Cloud Orchestrator http://www.flexiant.com/flexiantcloud orchestrator/ o IBM SmartCloud Continuous Delivery 03.ibm.com/software/products/us/en/continuousdelivery/ http://www
o NephoScale Cloud Orchestration Suite http://nephoscale.com/a/?utm_expid=40838270 0.GPlL01JiRt69UJFHbvvuIw.1&utm_referrer=http%3A%2F%2Fnephoscale.com%2 Fa%2F o RightScaleCloudManagementhttp://www.rightscale.com/products/
If these tools are not sufficient, a client organization may solicit the services of a cloud broker in order to aggregate and integrate the services from multiple cloud providersintooneservice. Security. Security for cloud computing is no different than security for all types ofcomputing.Thebasicsarethesame: o o o ConfidentialityKeepingthedatafromunauthorizedrecipients. IntegrityEnsuringdatadoesnotexperienceunauthorizedchanges. AvailabilityMakingdataavailabletoauthorizedrecipientsatalltime.
The challenge within the cloud computing environment is the amount of resources andinformationthatmustbeprotected,ofteninamultitenantenvironment,andat alllevels: o o o DataatRest DatainMotion DatainUse
Theonlywayforacloudserviceprovidertosupplythenecessarysecurityisthrough a comprehensive defense in depth security architecture to protect from outside threats and strict security policies (least privilege, separation of duties, twoperson
Page28
rule, etc.) to protect form inside threats. Most security plans involve three categoriesofsecuritycontrols: o Management Guideline, standards, and policies that cloud service providerpersonnelmustfollow. o Technical Access control, authentication, encryption, and computer networkdefense. o Operational Process and procedures that cloud service provider personnel and client personnel, especially those with elevated privileges on the cloudcomputingresources,mustfollow. Therearespecificthreatsthatmustbeaddressedwithregardstocloudcomputing: o Hypervisor Also known as the virtual machine monitor (VMM), this component (including software, firmware, and/or hardware) creates and runs virtual machines in a virtualized environment. There are two general types of hypervisor: Type1Thetypethatrunsdirectlyonthehostmachine.
Type 2 The type that runs as an application within the host machinesoperatingsystem. In both types, there are serious security ramifications, including the following: The abstraction layer used by hypervisors creates a new level of automation with powerful privileges that could be used to wreak havoc on a system if accessed by inept authorized users or unauthorized actors withmaliciousintent. Because of its power as described in the previous bullet, the hypervisor has become a popular attack vector for hackers who attempt togainaccessthroughintrusionorsocialengineering. Once a hacker successfully accesses the hypervisor, malware and rootkits can be installed and operated stealthily since most resources meant to protect a system from such threats normally operate at the operatingsystemlevel,withlittleornovisibilityintothehypervisor. o Identity Management Managing clients security principals (user accounts)andtheirrightsisconsideredoneofthemostcomplexandchallenging problems in cloud computing. Public key infrastructures (PKI) using certificates, digital signatures, public keys and private keys is often the technology used to protect a users identity. These systems are expensive, difficulttoimplementandmaintain,andcomewiththeirowninherentrisks:
Page29
Certificaterevocationmethodsthatlagrealtimeoperations Compromisedcertificates Unreliablecertificateauthority
Claimsbased identity is often used by applications to control authentication. These applications, referred to as relying party (RP), use Security Token Service (STS) as the issuer of a claim for an identity, much in the way that a state motor vehicle administration will issue a drivers license as a claim of identity for a motorist who lives in the state. The security of claimsbased identityisonlyasgoodastheRP. 3.4Describetheimpactofcloudcomputingonapplicationarchitectureandthe applicationdevelopmentprocess. Allapplicationscanbedecomposedintothreecomponents:
PresentationLayerThecomponentwithwhichtheuserinterfaces.
ApplicationLayerThecomponentwheretheapplicationperformstheactivities itwascreatedtoaccomplish. Data Layer Thecomponent where information is stored before and after being manipulatedbytheapplication. These components are illustrated in Figure 5. In this example, all components of a desktop applicationareshownresidingintheusersworkstation.
Figure5DesktopApplication Figure6showstheapplicationcomponentsinadistributedenvironmentwheretheapplication layerishostedonaserverclusterforhighavailabilityandtomaketheapplicationaccessibleby
Page30
all users within the organization. The data is also stored on separate equipment, which makes iteasiertoscaleandfacilitateshighavailability.
Figure6DistributedApplication Figure 7 shows how the application components are distributed in a webbased scenario. The workstation with a web browser represents all users accessing the application across the Internet. The vendor providing the application most likely has a datacenter with front end webservers to handle the load of multiple users, a clustered backend database server for high availability, and data located on a SAN for scalability and resilience. Although potentially serving thousands or tens of thousands of users, this architecture is still straightforward because all those users are accessing the same service using a common API and standard protocols(HTTP,forexample).
Page31
Figure7WebBasedApplication In a cloud environment, as illustrated in Figure 8, the situation becomes much more complex. To begin with, users will be accessing cloud applications from a variety of device types. AlthoughtransportwillmostlikelybecarriedoutusingHTTPbetweentheclientdeviceandthe application servers, there could be many different types of protocols utilized to execute the numerous types of applications that users expect to access from cloud service providers. To accommodate both the variety of application services it must enable and the volume of users that could potentially need those services at any given time of the day, the cloud service providerwilltakeadvantageofvirtualizedresources.Thecloudserviceproviderisalsolikelyto store customer data at multiple datacenters across the globe to ensure availability and to improveperformance.
Page32
Figure8CloudApplication Thetwoprimaryfactorsthatmustbeconsidereddifferentlywhendevelopinganapplicationfor useinthecloudasopposedtowebenablinganapplicationareelasticityandmultitenancy. Elasticity is essential for all cloud deployment models: private, community, public, and hybrid. Elasticityissimilartobutnotexactlythesameasscalability.Scalabilityismerelytheconceptof increasing computing power in existing hosts (vertical) or increasing the number of hosts (horizontal). Elasticity takes this concept further by increasing and decreasing computing power nearinstantaneously as user demand waxes and wanes. To accomplish this feat, cloud server providers must take advantage of virtualized environments. It is impossible to upgrade physical servers or add more hardware servers in response to autoprovisioning and/or self provisioning. Multitenancy is essential for public clouds (as well as community clouds and hybrid clouds if they include a public component). In the singletenancy architecture enjoyed by private cloud users, eachapplication instance is accessed only by users of the clientorganization. In a public cloud, the multitenant architecture means that users from organizations all over the world are accessingthesameinstanceofanapplication.Thismodeltakesadvantageoftheeconomicsof scalebutaddsriskfortheusersandchallengesfortheprovider. AsdescribedbyMicrosoftintheirbook,DevelopingMultitenantApplicationsfortheCloud,3rd Edition,eachtenant(user)withinamultitenantenvironmentexpectsthesecharacteristicsfrom theircloudcomputingexperience(Betts,Homer,Jezierski,Narumoto,Zhang,2012):
CloudEssentialsStudyGuide Isolation Availability Scalability LowCost Customizability RegulatoryCompliance
Page33
On the other hand, the cloud service provider expects to achieve these goals through multitenancy: MeetingCustomerRequirements Profitability AbilitytoQuicklyandAccuratelyBill ProvedMultipleServiceLevels ProvideProvisioning Maintainability AbilitytoMonitor Automation
In order to successfully satisfy its clients expectation and to meet its goals, a cloud service providermustutilizethefollowingtechnologiesandpractices: Service Level Agreements (SLA) The vendor must be able to document, legally, whatitsobligationsaretotheclientsaswellasliabilities. Application Stability Without a stable environment, it would be impossible for thevendortofulfillitsSLAobligationswithoutwastingresourcesandmoney. Resource Limitations and Throttling The vendor must be able to restrict the throughput from one client application in order to ensure the SLAs are met for other tenants. GeoLocation The most successful cloud service providers will be international inscope.Thevendorsmusthavedatacentersacrosstheglobetoincreaseresilienceand toimproveperformance.
Page34
Partitioning to Isolate Tenant Data The vendor must be able to ensure the integrityandconfidentialityofeverytenantsinformation. Authentication and Authorization The vendor must be able to validate the identity of client users and their privileges on the cloud resources in a way that is both accurateandconvenienttotheusers. Legal and Regulatory Environment The vendor must provide an environment that allows its clients to meet all applicable privacy and accountability responsibilities fortheinformationtheclientsstoresonthevendorscloudresources. Domain3.0SampleQuestions 1. Which of these characteristics represent a difference between a private cloud and virtualizeddatacenter: a. Virtualization b. Softwarelicensing c. Automationandaselfserviceprovisioning d. Electricalpowerconsumption 2. Whichclouddeploymentmodelismostassociatedwithmultitenancy: a. Publiccloud b. Privatecloud c. Communitycloud d. Hybridcloud 3. WhichcloudservicemodelreliesonL2overL3virtualization: a. SaaS b. PaaS c. IaaS d. DaaS 4. Which cloud service models are most likely to use HTTP or HTTPS as the primary protocol (choosetwo): a. SaaS
CloudEssentialsStudyGuide b. PaaS c. IaaS d. DaaS
Page35
5. What characteristic of Data storage as a Service (DaaS) creates the greatest risk for clients ofcloudcomputing: a. Thenumberofvolumesrequiredtostorethedata b. Costpermegabyte c. Internetlatency d. Databeingstoredatfacilitiesindifferentcountries 6. Whichapplicationarchitecturetypeisnotabletoleverageclusteringforhighavailability: a. Desktop b. Distributed c. WebBased d. Cloud 7. WhichtechnologyismostoftenusedforIDmanagement: a. Federation b. Publickeyinfrastructures(PKI) c. Virtualization d. ServiceLevelAgreement(SLA) 8. Whatfactorshouldanorganizationconsidermostinordertoavoidvendorlockin: a. Cost b. Multitenancy c. Performance d. Standardization 9. Whydoesvirtualizationpresentsuchagreatsecurityrisk: a. Manymonitoringandauditingtoolscannotseethehypervisorenvironment b. Defaultpasswordsarenotstrong
Page36
c. Thereisnowaytopreventbackchannels d. Therearefewpersonnelabletounderstandvirtualizationsecurity 10. Whatistheprimarydifferencebetweenelasticityandscalability: a. Onlyscalabilitycanbeprovisionedverticallyandhorizontally b. Elasticitymustbeprovisionedondemandandpreferablyautomatically c. Scalabilitytechniquesnormallycostmore d. Thereisnodifference
Page37
Domain4.0StepstoSuccessfulAdoptionofCloud
An organizations cloud computing strategy could be as minimalistic as selecting a single applicationtoaccessfromanSaaSproviderasillustratedinFigure9.
Figure9SingleApplicationProvidedasSaaS An organization could go all out and retain only terminals at its location that obtain all services through a virtual desktop infrastructure (VDI) from a cloud service provider. The VDI could be implemented as an IaaS solution as illustrated in Figure 10. In this scenario, the organization maintains a staff of IT professionals who manage virtualized resources located at the cloud serviceprovidersfacility.TheorganizationsstaffrunstheVDIonbehalfofitsownusers.
Figure10VDIthroughIaaSProvider
Page38
Or, the organization could implement the VDI as an SaaS solution as illustrated in Figure 11. In this scenario, the organization retains no system administrators to run the VDI, instead relying onthecloudserviceprovidersadministratorsforeverything.Thistypeofsolutionisofferedby TurnKeyDesk(http://turnkeydesk.com/).
Figure11VDIthroughSaaSProvider Most organizations will probably choose a solution, at least initially, that falls between the extremes shown in Figures 9 through 11. A hybrid cloud example is shown in Figure 12 whereby an organization maintains a private cloud at its own datacenter but accesses some IT resources from a public cloud service provider. There are many reasons for implementing a splitarchitecture,twoofthemostcommonbeingthese: The organization wants to leverage the economics of scale offered by public cloudservicesbutmustretainproprietaryapplicationsthatdonotportwelltothecloud or sensitive information that must remain on the premises due to regulatory obligations. The organization wants to retain its own datacenter, but it may need additional resourcestohandleburstsindemand.Thissolutionintroducestechnicalchallengesand has not been deployed as widely as experts had predicted in the early days of cloud computing.
Page39
Figure12HybridCloudScenario According to Hausman, Cook, and Sampaio, there was an expectation that organizations would gothroughanevolutioninthisorder(2013): TraditionalDatacenter VirtualizedDatacenter DistributedVirtualization PrivateCloud HybridCloud(partialprivateandpartialpublic) PublicCloud
VendorssuchasMicrosoftwithitsWindowsAzureplatformandVMwarewithitsvCloudHybrid Service offering are counting on many customers following such an evolutionary path. However, there is no reason to expect such an evolution and organizations should adopt whatever cloud deployment and service models make sense to their business and operational goals. 4.1Explaintypicalstepsthatleadtoasuccessfuladoptionofcloudcomputingservices. Successful adoption of cloud computing services will follow the IT Service Management philosophy as described in Domain 5.0. For now, the most important step is identifying the
Page40
deployment model and service model(s) that will most benefit the organizations business operations. Understand Selection Criteria for a Pilot Many organizations may want to start with a limitedscope pilot project to determine if an application is suitable for deployment from a cloud environment. Change management, project management, anddetaileddocumentationareneededtoensurethepilotyieldsthenecessarymetrics forseniorleadershiptomakeadecision: o Technical Considerations the pilot must show that the application can be successfully ported to a cloud environment effectively, efficiently, and securely. o Financial Considerations the pilot must prove that porting the application to a cloud environment is cost effective and advantageous to the organizationoveraspecificperiodoftime. o Adoption Considerations the pilot must demonstrate that the organizations helpdesk is prepared to assist users with the new deployment paradigm for the application and that senior leadership is ready to resist pushbackfromwithintheorganization. RelateSaaS,PaaS,IaaSDeploymenttoOrganizationGoals: o SaaS This service model is appropriate for an organization that wishes to minimize not only its datacenter footprint but the number of IT staff members. All management functions for the applications deployed in this mannerarecarriedoutbytheservicecloudprovider. o PaaS This service model is appropriate for an organization that must frequently ramp up for projects that require large commitments in IT resources thatarenolongerneededoncetheprojectiscomplete. o IaaSThisservicemodelisappropriateforanorganizationthatwishesto minimize its datacenter footprint but still wants all management and administrationofITresourcestobecarriedoutbyitsownITstaff. 4.2 Understand the roles and capabilities of cloud computing vendors and dependencies on thevendors. CloudcomputingcanonlybesuccessfulthroughtheimplementationofeffectiveSLAs.TheSLA must clearly define the vendor and client roles and responsibilities. As Thomas Trappler emphasizes in his online article, all expectations of what the cloud service provider should do mustbedocumented.Specifically,anorganizationmustensureitsSLA: Codifiesthespecificparametersandminimumlevelsrequiredforeachelement oftheservice,aswellasremediesforfailuretomeetthoserequirements.
Page41
Affirms your institution's ownership of its data stored on the service provider's system,andspecifiesyourrightstogetitback. Details the system infrastructure and security standards to be maintained by theserviceprovider,alongwithyourrightstoaudittheircompliance. Specifies your rights and cost to continue and discontinue using the service (Trappler,2010). PrimaryconsiderationsforanSLAincludethefollowingservicelevelobjects(SLO): Uptime Performanceandresponsetime Errorcorrectiontime Infrastructure/security(Trappler,2010).
To avoid confusion and misinterpretations, SLA terms such as downtime, downtime period, monthlyuptimepercentage,andscheduleddowntimemustbeexplicitlydefined. Since a clients information is now stored on the premises of a cloud service provider, specific issuesregardingthedatamustbedocumented: OwnershipofData DispositionofData DataBreaches LocationofData Legal/GovernmentRequestsforAccesstoData(Trappler,2010).
BymovingitsITresourcesandinformationtoacloudserviceprovidersfacility,anorganization assumes significant risk by losing handson control. Security of these resources must be addressedinSLA: DatacenterAudits/Certifications DatacenterInspections DisasterRecovery/BusinessContinuity(Trappler,2010).
Another risk is the fate of an organizations IT resources and information when the cloud service provider experiences a major change such as bankruptcy or merger/acquisition. The SLAshouldexplicitlystatewhattheorganizationsrightsareunderthesecircumstances.
Page42
Finally, prices must be clearly dictated, specifically since cost savings is one of the primary reasons an organization chooses cloud computing. Costs could include any or all of the following: FixedFees TransferFees MinimumVariableCharges VariableUsageCharges o o PerInstance PerHourofConsumption
OneTimeSetupCharges ExcessiveUsagePenalties
4.3 Understand the following organizational capabilities that are relevant for realizing cloud benefits. MovingtoacloudcomputingenvironmentmeansthatallmembersoftheITstaffmustbecome more attuned with how IT services align with the business operations. These personnel must alsolearnmoreaboutcontractsandSLAsthantheyprobablyneededtoknowbeforemigration tothecloud. SkillsthatareRequiredinanOrganizationAdoptingCloudComputing. o SaaS Under this service model, system administrators have fewer responsibilities with regards to installation and maintenance of the applications that have been moved to the cloud. On the other hand, the senior IT staff must become more proficient with project management and vendor management. They must monitor the SLAs and ensure the organization is receiving the specified level of performance and vendor support. Desktop personnel will still need to assist users within the organization. They will also need to interface withthecloudserviceprovidersadministratorstoresolvetechnicalissues. o PaaS Under this service model, the skill set for the system administrators and helpdesk personnel is similar to that required for SaaS. The organizationsdevelopersmustbetrainedontheAPIsusedbythecloudservice provider. o IaaS Under this service model, the responsibilities for the system administrators are principally unchanged from those within a traditional datacenter, except that maintenance of the physical server hardware is shifted to the administrators at the cloud service providers location. As with IaaS and
Page43
PaaS, the administrators must be more involved with vendor management. The roleforhelpdeskpersonnelislittlechangedinthisscenario. Critical Success Factors. According to Richard A. Caralli, Critical success factors (CSF) define key areas of performance that are essential for the organization to accomplish its mission (2004, p.2). CFSs are not strategic goals, but they are activities that must occur in order for strategic goals to be realized. CompTIA considers CSFs to be one of the steps to successful adoption of cloud computing because an organization should only consider migrating to the cloud if doing so would enable one or more strategic goals. Therefore, an example of a strategic goal and associated CSF with regardstocloudcomputingcouldbeasfollows: StrategicGoal CSF
Reduce IT infrastructure costs by 30% Decrease amount of equipment in the overthenextfiscalyear. datacenter. 4.4Describemultipleapproachesformigratingapplications. When deciding to migrate an existing application from its datacenter to a cloud service provider, an organization must first determine which service model is more appropriate (Betts, Homer,Jezierski,Narumoto,andZhang,2012): IaaS Using this service model, the organizations administrators have more control over the environment since they maintain the virtual network and machines used to host the application once migrated. In this scenario, the organizations administratorsalsohavethemostresponsibility. PaaS Using this service model, the organizations administrators only control the application. The virtual machines and their operating systems are managed by the cloudserviceprovidersadministrators. SaaSThisservicemodelisnotanoptionformigratinganexistingapplicationto the cloud. Instead, the organization could attempt to find a cloud service provider that offersanapplicationusingtheSaaSmodelthatprovidesthesamefunctionality. Once the service model has been selected, the organization should use a migration path that follows the best practices of ITSM service transition (discussed further in Domain 5.0). The processshouldincludemostorallofthefollowingsteps: use. AssessDeterminewhichapplicationtobemigratedandwhichservicemodelto
Proof of Concept Install the application in the cloud as a test case. Configure theapplicationasitisbeingusedinproduction.Generatetestdata.Selectuserstotest thecloudbasedversionoftheapplication.
Page44
Migrate Data Once the proof of concept has proven successful, copy the real datafromtheexistingapplicationinthedatacentertothecloudversion. Migrate Application After alerting users and planning for a disruption in service, switch users to the cloud based version. Keep the original instance of the applicationinstandbyinthedatacenterincaseitisnecessarytorollback. Automation/Scaling Configure the cloud based version so it can scale depending on user demand. If possible, configure auto provisioning so the scaling can occur automatically. Coordination with the cloud service provider may be required dependingonwhichservicemodelwaschosen. Optimizing Continually monitor the performance of the cloudbased applicationandtweakasnecessarytoimprove. Domain4.0SampleQuestions 1. Whichscenariorepresentsthemostminimalisticadoptionofcloudcomputingpossible: a. SingleApplicationProvidedasSaaS b. VDIthroughanIaaSProvider c. VDIthroughanSaaSProvider d. Hybridcloud 2. Which cloud service model requires that the client organization maintain a qualified staffofnetworkengineersandsystemadministrators: a. SaaS b. PaaS c. IaaS d. DaaS 3. Which cloud deployment model did experts believe would be the intermediary step in anevolutionaryprogressiontowardsthefulladoptionofcloudcomputing: a. Publiccloud b. Privatecloud c. Communitycloud
CloudEssentialsStudyGuide d. Hybridcloud
Page45
4. Whatisthemostimportantconsiderationinestablishingaservicelevelagreement(SLA) withacloudserviceprovider: a. Theproviderspastexperience b. Durationofthecontract c. Subscriptionversusconsumptioncosts d. Explicitlydocumentingallexpectations 5. Whatisthebestwayforanorganizationtobeginwithcloudcomputing: a. Analyzeusecases b. Implementapilotprogram c. Discusswithotherorganizationstheircloudcomputingexperiences d. Hireacloudcomputingconsultant 6. Regardlessofwhichcloudservicemodelisimplemented,anorganizationsITstaffmust becomemoreproficientwiththisskill: a. Projectmanagement b. Legalcontracts c. Vendormanagement d. Schedulemanagement 7. Migration to cloud computing means an organizations IT staff can focus more on technologyissuesandlessonbusinessoperations: a. True b. False 8. Which cloud service model requires that an organizations system administrators install andmaintainanapplicationbutnottheunderlyingvirtualmachineandoperatingsystem: a. SaaS b. PaaS c. IaaS d. DaaS
Page46
9. Which cloud service model should an organization consider if it cannot afford to build a qualifiedstaffofnetworkengineersandsystemadministrators: a. SaaS b. PaaS c. IaaS d. DaaS 10. Thecriticalsuccessfactors(CSF)forcloudcomputingshouldbealignedwithwhat: a. TheskillsetofanorganizationsITstaff b. Anorganizationsmaturitylevel c. Anorganizationsbusinessgoals d. Anorganizationsquarterlyprofits
Page47
Domain5.0ImpactandChangesofCloudComputingonITServiceManagement
Throughout the 1990s and 2000s, the explosive growth of the information technology (IT) industry paved the way for a new breed of professional and resulted in the expenditure of a phenomenalamountofmoney.Inthepastdecade,therehasbeensomedoubtastothevalue addedtobusinessbyallthecapitalexpenses(CapEx)andoperationalexpenses(OpEx)spenton IT, most notably payroll expenses for all those professionals. The concept of IT Service Management (ITSM) has recently become popular as a way to align the delivery of IT services with the needs of the business, emphasizing benefits to the user community rather than computing capability. ITSM involves a paradigm shift from managing IT as a datacenter full of expensiveandsometimestemperamentalhardwareandsoftwaretofocusingonthedeliveryof endtoendservicesusingbestpracticeprocessmodels. The Information Technology Infrastructure Library (ITIL) is a globally recognized framework of best practices for ITSM (http://www.itilofficialsite.com/). Figure 13 shows the five ITIL Life Cycle stages and associated processes (Orand and Villarreal, 2011). As can be imagined, cloud computingchangesITSMforanorganizationthatmakesthemigration.
Figure13ITILLifeCycle 5.1 Understand the impact and changes cloud computing on IT service management in a typicalorganization. The CompTIA Cloud Essentials certification looks at ITSM from the point of view of the organization that migrates parts or all of its IT services into a cloud environment, not from the
Page48
perspective of the cloud service provider, which will have its own ITSM practices to execute in order to manage its resources and fulfill SLA obligations. Therefore, the below bullets examine what changes within the ITIL Life Cycle stages when an organization moves its IT services from inhouse to the cloud. The discussion will focus on two of the service models, Software as a Service(SaaS)andInfrastructureasaService(IaaS): ServiceStrategyTheServiceStrategyvolumeprovidesguidanceindeveloping an overall strategy for IT Service Management. This involves understanding your markets, your customers, your capabilities and resources, and the financial constraints under which these services must be defined, delivered and supported (Orand and Villarreal,2011). o SaaS InHouse When hosting applications inhouse, an organization must plan everything from ensuring the software enhances business requirement to financing the purchase of licenses and maintenance over thelifeoftheapplication. Cloud When deciding to host an application from a cloud vendor, an organization must determine if the payasyougo cost over a periodoftimeoutweighsthelicenseandmaintenancecostofowningthe softwareoutright. o IaaS InHouse In a traditional datacenter, an organization must fund thecapitalexpensesforalltheequipmentandsoftwareandmustfundall the operating expenses. Administrators are required to operate and maintaintheequipmentandsoftware. Cloud If using a cloud provider to house its virtualized servers, an organization avoids the CapEx investment and instead pays for computing capacity as needed. The organization still needs administratorstooperatethevirtualizednetworkandservermachines. ServiceDesignTheServiceDesignvolumeprovidesguidanceontheprinciples ofbalancingdesignagainstadiversesetofconstraints.Italsodiscusseshowtodesigna service that meets the business needs, is financially justifiable, and can be supported as an ongoing concern. Service Design incorporates these requirements into a set of design documents upon which a service, or modification to a service, can be developed (OrandandVillarreal,2011). o SaaS InHouse The IT staff must build use cases to justify purchasing applications. The staff must determine capacity requirements,
Page49
availability requirements, service level requirements, and security requirements. The staff must develop and execute procedures to ensure all the requirements are fulfilled and establish a relationship with the application vendor for technical support. The organization may need to purchase licenses for newer versions when the original software reaches endoflife. Cloud The IT staff must build use cases to justify renting applications from a cloud vendor. The staff must still determine capacity requirements, availability requirements, service level requirements, and security requirements. The difference is that the responsibility for executing the procedures now shifts to the cloud vendor. The organizationsITstaffmustestablisharelationshipwiththecloudvendor toensurealltherequirementsarefulfilledandfortechnicalsupport.The organization no longer needs to purchase new licenses when the original software reaches end of life, although the cloud service vendor could increasethepayasyougorateatanytime. o IaaS InHouse In a traditional datacenter, the organizations IT staff must determine capacity requirements, availability requirements, service level requirements, and security requirements for all hardware and software, including environmental factors for the datacenter itself such aselectricalpower,airconditioning,andphysicalsecurity.Thestaffmust develop and execute procedures to ensure all the equipment and software is properly maintained, and they must establish a relationship withallthevendorsfortechnicalsupport. Cloud When using virtualized network and server machines in a cloud service providers facility, the organizations IT staff must still determine capacity requirements, availability requirements, service level requirements, and security requirements for all virtualized hardware and software, but environmental factors for the datacenter are handled entirelybythecloudserviceprovider. Service Operations The Service Operation volume provides guidance on the effective and efficient operation of the service. Service Operation is where the value of the service is realized and the strategy of the organization is executed. Service Operation is important to Continual Service Improvement, as the Service Operation stage is where the services are monitored and improvements are identified through the serviceperformancereports(OrandandVillarreal,2011). o SaaS
Page50
InHouse Administrators are needed to install and maintain the application and helpdesk personnel are needed to assist users with the application. The administrators must patch and upgrade the application foritsentirelife. Cloud Administrators are no longer needed to maintain the application, but helpdesk personnel are still needed to assist users. The helpdesk personnel will need to interface with the cloud vendor support stafftoresolvetechnicalproblems. o IaaS InHouse In a traditional datacenter, the organizations IT staff must install and maintain all hardware and software. The administrators must patch and upgrade firmware and applications for the entire life of the resources. When malfunctions occur, the staff must either coordinate for vendor warranty support (if the resource is still under warranty),purchasereplacementparts,orreplacedefectivedevices. Cloud When using virtualized network and server machines in a cloud service providers facility, the organizations IT staff must still configure and maintain the virtualized machines and they are still responsible for patching and upgrading applications, but the cloud service provider takes care of upgrading firmware for the physical equipment that host the virtualized resources. The cloud service provider is also responsible to care for all hardware malfunctions, upgrades,andlifecyclereplacement. Service Transition The Service Transition volume provides guidance on the transitioning of a service into operation. Service Transition considers all elements required for a service. These elements include all aspects of a service, both technical and nontechnical. This holistic view of a service helps to ensure that the service is transitioned in a way that it can be supported as an ongoing concern as effectively and efficientlyaspossible(OrandandVillarreal,2011). o SaaS InHouseWhendeployinganewapplicationoramajorupgrade, administrators must develop and implement a change management plan thatincludesalertingandeducatingtheusers. Cloud When choosing a new application from a cloud service provider, or when the cloud service provider deploys a major upgrade to anapplicationalreadyinusebyitsclients,theorganizationsITstaffmust workwiththecloudserviceprovidertodevelopandimplementachange managementplanthatincludesalertingandeducatingusers.
CloudEssentialsStudyGuide o IaaS
Page51
InHouseInatraditionaldatacenter,theorganizationsITstaffis responsibleforchangemanagementwhendeployingnewapplicationsor newhardwareandwhenupgradingapplicationsandexistinghardware. Cloud If an organization decides to migrate services from an in housedatacentertoacloudserviceprovider,theorganizationsITstaffis responsiblefor thechange management plan that willinclude everything from establishing SLAs, developing procedures to monitor and enforce those SLAs, planning for disruptions in service during the migration, and assistinguserswithusingthenewITservices. 5.2 Use a structured approach based on ITIL to explore the potential impact of cloud computinginyourorganization. There are generally two situations under which an organization will consider whether or not to utilizeacloudserviceprovider: A new organization that is deciding whether to invest capital expenditures in buildingitsowndatacenterortopurchaseITservicesfromacloudserviceprovider,or An existing organization with its own datacenter that is deciding whether or not torelinquishthedatacenterandmigrateITservicestoacloudserviceprovider. In either case, the organization must follow the best practices of service strategy to determine which path to follow, the best practices of service design to execute whichever decision is reached,andthebestpracticesofserviceoperationsoncethedecisionhasbeenimplemented. For service strategy, the organization must determine which solution makes sense for the business. One of the primary decisions for the new organization is whether or not it can assemble an IT staff with adequate qualifications for a reasonable price. For the existing organization, the decision revolves around whether to retain the IT staff and to use them in a differentcapacityorwhethertodownsizetheirdepartment. For service design, once the decision has been made to start with or migrate to a service cloud provider,therearemanyconsiderationstoaddress(Kepes,2011): Whichapplications(SaaS)orITresources(IaaS)shouldbemigrated? Whichvendortochoose: o o o Avoidvendorlockin Billingcapabilities Minimumcharges
CloudEssentialsStudyGuide o o o Fixedcosts Performance Support
Page52
Architectingforthecloud: o o o o o Whichservicemodeltouse(SaaS,PaaS,orIaaS) Bandwidthandlatencyconsiderations Applicationperformanceconsiderations Securityconsiderations Complianceconsiderations
For service operations, the organization must remain an active participant in monitoring the performanceofitsITservicesandensuringthecloudserviceproviderislivinguptotheSLA.As stated by Hausman, Cook, and Sampaio in Cloud Essentials, an organization should monitor thesemetricsdependingontheservicemodel: SaaS o PaaS o o IaaS o o o Operatingsystemforvirtualmachines Servicesonvirtualmachines Connectivitytoservices Servicesonvirtualmachines Connectivitytoservices Connectivitytoservices
The organization must also hold the cloud service provider accountable for maintenance of all hardware and software, as well as security for all information stored on the providers resources. For service transition, the existing organization that decides to migrate IT services to a cloud service provider must follow through with all change management processes to ensure that usersenjoythesameorbetterlevelofservice.
CloudEssentialsStudyGuide Domain5.0SampleQuestions
Page53
1. ITServiceManagement(ITSM)shouldbeusedtoensurethatITinvestmentsdowhat: a. Followbestbusinesspractices b. Supportanorganizationsbusinessoperation c. Costlesseachquarter d. Donotconsumemorethan10%ofanorganizationsoperatingbudget 2. When a cloud service providers administrators perform all virtual machine maintenance withinanSaaScloudservicemodel,whichpartofanorganizationsITSMisaffected: a. ServiceStrategy b. ServiceDesign c. ServiceOperation d. ServiceTransition 3. At which stage of ITSM must an organization decide which cloud service model best fits its businessoperations: a. ServiceStrategy b. ServiceDesign c. ServiceOperation d. ServiceTransition 4. Choosing between an SaaS and an IaaS service models has the greatest impact on which stageofanorganizationsITSMplan: a. ServiceStrategy b. ServiceDesign c. ServiceOperation d. ServiceTransition 5. Which part of an organizations ITSM plan does not change when upgrading an application eveniftheapplicationishostedundertheIaaScloudservicemodel: a. ServiceStrategy b. ServiceDesign
CloudEssentialsStudyGuide c. ServiceOperation d. ServiceTransition
Page54
6. Which stage of an organizations ITSM is most affected when preparing for a cloud deploymentoncetheservicemodelhasbeendecided: a. ServiceStrategy b. ServiceDesign c. ServiceOperation d. ServiceTransition 7. Which part of an organizations ITSM is most affected once the decision has been made to migratealldataandapplicationsfromanexistingdatacentertoacloudserviceprovider: a. ServiceStrategy b. ServiceDesign c. ServiceOperation d. ServiceTransition 8. WhichbestdescribestheInformationTechnologyInfrastructureLibrary(ITIL): a. ITSMbodyofstandards b. ITSMregulations c. ITSMframework d. ITSMsoftwarepackage 9. UnderwhichcloudservicemodeldoesanorganizationsITstaffnotplayarole. a. SaaS b. PaaS c. IaaS d. Noneoftheabove 10. ChangemanagementiscarriedoutunderwhichstageofITSM: a. ServiceStrategy b. ServiceDesign
CloudEssentialsStudyGuide c. ServiceOperation d. ServiceTransition
Page55
Page56
Domain6.0RisksandConsequencesofCloudComputing
The primary risks associated with cloud computing is the location of an organizations information at a cloud service providers facility. In many cases this information will be distributed across multiple facilities located in different countries. This scenario creates risk in thefollowingways: Theorganizationmaynotknowalltheplacesitsinformationisstored.
The organization may have Personally Identifiable Information (PII) or information it otherwise does not own which is covered by laws and regulations restrictinghowandwheretheinformationcanbestored. The information may be under the jurisdiction of different laws depending on thenationwhereitisstored.Thelawsfordifferentnationsmayconflict. Most nations have laws allowing enforcement agencies, with probable cause, to confiscate information from a service provider without notifying the client who owns theinformation. 6.1 Explain and identify the issues associated with integrating cloud computing into an organizationsexistingcomplianceriskandregulatoryframework. There are basically two methods in which an organizations information can be secured and madesafefromunauthorizedaccess: Have the cloud service provider build a private cloud infrastructure with single tenancy software and segregated virtualized infrastructure. This solution may not be possibleoraffordablewithmostpubliccloudproviders. Implementation and enforcement of a comprehensive security policy that is explicitlydefinedinanSLAwiththeabilityfortheclientstovalidate. However,noteventhesesafeguardswillprotectclientsfromthefollowingtypesofrisks: Security,Legal,Compliance,PrivacyRisks:
The greatest security risk facing cloud service providers is identification management, particularly when a user has multiple security principals that must be trackedforpurposesofauthenticationandauthorization. Having information stored offsite and potentially in multiple legal jurisdictions puts an organization at risk whereby it may not be able to comply with PII or privileged informationregulations. Regulatory compliance may stipulate specific levels of authentication and access controlswhichtheorganizationmustrelyonthecloudserviceprovidertocomplywith.
Page57
A cloud service provider may be legally obligated to disclose information belonging to a client organization in the case of bankruptcy or suspected criminal activity. Publicly traded companies in the U.S. may have difficulty complying with the SarbanesOxley Act (SOX) if its IT resources and information are stored offsite where the organization cannot ensure that proper data and process isolation, auditing controls,andforensicresponsearebeingimplemented. Medical facilities in the U.S. may have difficulty complying with the Health Insurance Portability and Accountability Act (HIPPA) if its IT resources and information are stored offsite where the organization cannot ensure that proper data and process isolation,auditingcontrols,andforensicresponsearebeingimplemented. Financial institutes in the U.S. may have difficulty complying with the Payment Card Industry Data Security Standards (PCIDSS) if its IT resources and information are stored offsite where the organization cannot ensure that proper data and process isolation,auditingcontrols,andforensicresponsearebeingimplemented. 6.2Explaintheimplicationsfordirectcostandcostallocations. Costswithinanorganizationcanusuallybedescribedintwoways: Direct Costs Expenses that can be directly charged back to a specific project or programwithintheorganization. Indirect Costs Expenses that cannot be directly charged back to a specific projectorprogramandinsteadareallocatedtoacategory. TheCharlesStewartMottFoundationofferstheseexamples(2013): Costsusuallychargeddirectly o o o o o Projectstaff Consultants Projectsupplies Publications Travel
Costseitherchargeddirectlyorallocatedindirectly o o Telephonecharges Computeruse
CloudEssentialsStudyGuide o o o Projectclericalpersonnel Postageandprinting
Page58
Miscellaneousofficesupplies
Costsusuallyallocatedindirectly o o o o o Utilities Rent Auditandlegal Administrativestaff Equipmentrental
Often it is difficult to charge computer usage directly when an organization hosts its own datacenter. Capital expenditures (CapEx) and utilities needed to run the datacenter are allocated indirectly. In theory, the operational expenses (OpEx) used for cloud computing services, if properly tracked, could be charged back directly to a specific project or program as well. Another risk associated with cloud computing is the ease with which vendors have made it to purchase their services. Users within the organization could obtain funds through backchannel methods and use them to purchase cloud services without the IT staff or the organizations accountantsknowingaboutit.Inthiswaythechargesarenottracked,cannotbechargedback, andcannotbeallocatedproperly. 6.3Understandhowtomaintainstrategicflexibility. By moving IT resources to a cloud environment, an organization can minimize capital expenditures(CapEx)byutilizingoperationalexpenditures(OpEx)instead.Thisshifthasseveral advantages: The organization can deduct all OpEx for tax reasons in the fiscal year they are incurred. The organization can operate more efficiently by paying for IT resources only as theyareneeded. These factors provide a great deal of organization agility; however, strategic flexibility requires an organization to focus on anticipating and preparing for uncertainty. The most important requirement to achieve this goal is to ensure that SLAs are in place that clearly define the organization as the owner of the data that is stored with the cloud service provider. There are only two ways in which an organization can back out of a cloud service arrangement, and both waysdependontheorganizationsundisputedownershipofthedata:
CloudEssentialsStudyGuide Domain6.0SampleQuestions
Page59
Migratethedatatoanothercloudserviceprovider. Migratethedatabacktotheorganizationsdatacenter.
1. Whatistheprimaryriskincurredwhenanorganizationmigratestoacloudenvironment: a. Cloudcomputingcostsarenotfixed b. Someorallofitsinformationisnolongerundertheorganizationsdirectcontrol c. Relianceonadministratorswhoarenotemployedbytheorganization d. Thelengthofcloudcomputingcontracts 2. What recourse does an organization have to ensure that its information is not confiscated bylawenforcementagencieswhencriminalactivityissuspected: a. Dependsonlawsofthenationinwhichthedataisphysicallylocated b. Dependsonthetermsoftheservicelevelagreement c. Law enforcement agencies are not allowed to access an organizations information inacloudenvironment d. Theorganizationhasnorecourse 3. In the U.S., banks and other financial institutions must consider this standard when migratingtothecloud: a. SarbanesOxleyAct(SOX) b. HIPPA c. PCIDSS d. PII 4. IntheU.S.,medicalfacilitiesmustconsiderthislawwhenmigratingtothecloud: a. SarbanesOxleyAct(SOX) b. HIPPA c. PCIDSS d. PII
Page60
5. IntheU.S.,publicallytradedcompaniesmustconsiderthislawwhenmigratingtothecloud: a. SarbanesOxleyAct(SOX) b. HIPPA c. PCIDSS d. PII 6. In the U.S., all organizations must consider this type of information when migrating to the cloud: a. SarbanesOxleyAct(SOX) b. HIPPA c. PCIDSS d. PII 7. Whichtypeofcostcanbechargedbacktoaspecificprojectorprogram: a. Directcharges b. Indirectallocations c. Fixedcosts d. Variablecosts 8. Whatisonewayinwhichanorganizationcanensurecompliancewithallprivacyregulation withinacloudenvironment: a. Establish a singletenancy, segregated virtual environment with the cloud service provider b. Ensurethecloudserviceproviderkeepsalltheinformationstoredinonenation c. Validatethecloudserviceproviderssecuritypolicies d. Utilizeacommunitycloudenvironment 9. What happens if users within an organization purchase cloud computing services without theITstaffknowingaboutit: a. TheuserswillnotbeabletoestablishanSLAwiththevendor b. TheuserswillonlybeabletopurchaseIaaSservices c. Thechargescannotbeproperlyallocated
Page61
d. Thecostsbecomevariableratherthanfixed 10. With regards to cloud computing, what is the most important consideration for an organizationtomaintainstrategicflexibility: a. Reputationofthecloudserviceprovider b. OverallITexpenditures c. AwellorganizedITSM d. Asoundexitstrategy
Page62
Appendix1:References
Purdueowl:APAformattingandstyleguide.(2012).Purdueonlinewritinglab.Citationstyle chart.Retrievedfromhttp://owl.english.purdue.edu/owl/resource/949/01/ CompTIA(2011).CompTIACloudEssentialsExamObjectives(CLO001).RetrievedNovermber 8,2012fromhttp://certification.comptia.org/getCertified/certifications/cloud.aspx. Ellison,L.(2009).LarryEllison&EdZanderattheChurchillClub9.21.09.RetrievedOctober20, 2013fromhttp://www.youtube.com/watch?v=rmrxN3GWHpM. Amazon(2006).AmazonWebServicesBlog.RetrievedOctober20,2013from http://aws.typepad.com/aws/2006/08/amazon_ec2_beta.html. Hausman,K.,Cook,S.andSampaio,T.(2013).CloudEssentials.Sybex,Indianapolis,IN. Kundra,V.(2011).FederalCloudComputingStrategy.ChiefofInformationOffice,theWhite House,WashingtonD.C. Gartner(2013).GartnerSaysWorldwidePublicCloudServicesMarkettoTotal$131Billion. RetrievedOctober20,2013fromhttp://www.gartner.com/newsroom/id/2352816. Wikipedia(2013).CloudComputing.RetrievedOctober20,2013from http://en.wikipedia.org/wiki/Cloud_computing. InternationalTelecommunicationUnion(2012).FocusGrouponCloudComputingTechnical ReportPart1:IntroductiontotheCloudEcosystem:Definitions,Taxonomies,UseCases andHighLevelRequirements.TelecommunicationStandardizationSectorofITU. Accenture(2012).WheretheCloudMeetsReality:ScalingtoSucceedinNewBusinessModels.
Page63
Wainewright,P.(2010).DefiningtheTrueMeaningofCloud.ZDNetSpecialReport.Retrieved October26,2013fromhttp://www.zdnet.com/blog/saas/definingthetruemeaningof cloud/1160. VaughanNichols,S.J.(2013).TheBiggestCloudAppofAll:Netflix.ZDNetSpecialReport. RetrievedOctober27,2013fromhttp://www.zdnet.com/thebiggestcloudappofall netflix7000014298/. Golden,B.(2013).WhattheCIAPrivateCloudReallySaysAboutAmazonWebServices.CIO. RetrievedOctober27,2013from http://www.cio.com/article/737633/What_the_CIA_Private_Cloud_Really_Says_About_ Amazon_Web_Services. Hon,K.andMillard,C.(2012).CloudComputingvsTraditionalOutsourcingKeyDifferences. SCLFoundationsofITLawProgramme.RetrievedNovember1,2013from http://www.scl.org/site.aspx?i=ed28054 Hogue,R.(2012).ITOutsourcingandCloudComputing.YouTube.RetrievedNovember1, 2013fromhttp://www.youtube.com/watch?v=Qw_3EOp6fvM Diffen.(2012).CapexvsOpex.RetrievedNovember1,2013from http://www.diffen.com/difference/Capex_vs_Opex Kepes,B.(2011).Cloudonomics:theEconomyofCloudComputing.DiversityLimited, Christchurch,NewZealand. CloudScaling.(2009).InfrastructureasaServiceBuildersGuide.TheCloudscalingGroup.San Francisco,CA. SNIA.(20123).StorageNetworkIndustriesAssociation(SNIA)Dictionary.SNIA.SanFrancisco, CA.
Page64
AaronSouppouris.(2013).GooglewillAutomaticallyEncryptCloudDatainResponsetoNSA Anxiety.TheVerge.Retrieved2November2013from http://www.theverge.com/2013/8/16/4627232/googlecloudstorageautomated128 bitaessecurity Hurwitz,J.andKaufman,M.(2011).PrivateCloudforDummies,IBMLimitedEdition.John Wiley&Sons,Inc.Hoboken,NJ. Betts,D.,Homer,A.,Jezierski,A.,Narumoto,M.,Zhang,H.(2012).DevelopingMultitenant ApplicationsfortheCloud,3rdEdition.Microsoft.Redmond,WA. Orand,B.andVillarreal,J.(2011).FoundationsofITServiceManagementwithITIL2011. ProactiveITSOlutions,LLC.Houston,TX. Kepes,B.(2011).PlanningaMovetotheCloud,Tips,TricksandPitfalls.DiversityLimited, Christchurch,NewZealand. Trappler,T.(2011).IfIt'sintheCloud,GetItonPaper:CloudComputingContractIssues EducauseReviewOnline.Retrieved10November2013from http://www.educause.edu/ero/article/ifitscloudgetitpapercloudcomputing contractissues Caralli,R.A.(2004).TheCriticalSuccessFactorMethod:EstablishingaFoundationfor EnterpriseSecurityManagement.CarnegieMellonSoftwareEngineeringInstitute. Pittsburgh,PA. Betts,D.,HomerA.,Jezierski,A.,Narumoto,M.andZhang,H.(2012).MovingApplicationto theCloud,3rdEdition.Microsoft.Redmond,WA. Indirectvs.DirectCosts.CharlesStewartMottFoundation.Retrieved10November2013from http://www.mott.org/grantsandguidelines/ForGrantees/accounting/indirectvsdirect?pri nt=1
Page65
Appendix2:AnswerstoDomainQuestions
AnswerstoDomain1.0Questions Question1Answerc. Question2Answerd. Question3Answera. Question4Answerc. Question5Answerc. Question6Answerb. Question7Answerd. Question8Answersa.andd. Question9Answera. Question10Answera. AnswerstoDomain2.0Questions Question1Answerb. Question2Answerd. Question3Answera. Question4Answera. Question5Answerc. Question6Answera. Question7Answerd.
CloudEssentialsStudyGuide Question8Answerc. Question9Answersb.andc. Question10Answerd. AnswerstoDomain3.0Questions Question1Answerc. Question2Answera. Question3Answerc. Question4Answersa.andb. Question5Answerd. Question6Answera. Question7Answerb. Question8Answerd. Question9Answera. Question10Answerb. AnswerstoDomain4.0Questions Question1Answera. Question2Answerc. Question3Answerd. Question4Answerd. Question5Answerb.
Page66
CloudEssentialsStudyGuide Question6Answerc. Question7Answerb. Question8Answerb. Question9Answera. Question10Answerc. AnswerstoDomain5.0Questions Question1Answerb. Question2Answerc. Question3Answera. Question4Answerc. Question5Answerd. Question6Answerb. Question7Answerd. Question8Answerc. Question9Answerd. Question10Answerd.
Page67
AnswerstoDomain6.0Questions Question1Answerb. Question2Answera. Question3Answerc.
CloudEssentialsStudyGuide Question4Answerb. Question5Answera. Question6Answerd. Question7Answera. Question8Answera. Question9Answerc. Question10Answerd.

Page68
CloudEssentialsStudyGuide Appendix3:AcronymListandGlossary
allocatedcost AnythingasaService(XaaS) API applicationlayer applicationprogram interfaces(API) authentication authorization automation availability AWS BPaaS BSS businesscontinuity BusinessProcessasa Service(BPaaS) CaaS CapEx capitalexpense CEO CIA CIA CIO cloudbroker cloudbursting cloudcomputing cloudcomputingstack cloudstorage Communicationsasa Service communitycloud CompTIA confidentiality confidentiality,integrity,
Page69
Seeindirectcost Generictermthatinsinuatesthatalmostanythingcanbeprovisionedasacloud service. applicationprograminterfaces Thelogicallayerwhereanapplicationexecutesthefunctionitwascreatedto perform. Interfacedesignspecificationforapplicationtoapplicationcommunications. Verificationofapersonsorsecurityprincipalsidentity. Theprivilegesandrightsallowedforanidentifiedpersonorsecurityprincipalon specifiedresources. ConfigurationandprovisioningofITresourcesthroughautomatedmeanssuchas scripting,batchprocessing,orprogramming. Seeconfidentiality,integrity,andavailability AmazonWebServices BusinessProcessasaService billingsupportsystems Policies,procedures,andactivitiesundertakenbyanorganizationtoensurethat operationscontinueevenduringemergenciesanddisasters. Theprovisioningofhorizontalorverticalbusinessprocessesasacloudservice. CommunicationsasaService capitalexpense Investmentcostofequipmentandproperty.IntheU.S.,capitalexpensesmustbe amortizedordepreciatedovermultiplefiscalyears. chiefexecutiveofficer CentralIntelligenceAgency confidentiality,integrity,andavailability ChiefInformationOfficer Organizationorapplicationthatfacilitatesaccesstomultiplecloudcomputing environments. Theuseofresourcesinacloudcomputingenvironmenttohandleatemporary surgeinuserdemand. TheuseofITresources,usuallyvirtualizedandusuallyprovidedbyadedicated serviceprovider,thatareprovisionedasneeded. Anothertermforthethreeprimarycloudservicemodels,usuallydepictedasa pyramidwithIaaSatthebase,PaaSinthemiddle,andSaaSatthepoint. SeeDatastorageasaService Theprovisioningofnetworkcommunicationsasacloudservice. Acloudcomputingdeploymentmodelwiththecharacteristicsofapubliccloud butprovisionedforusebyaspecificgroupoforganizations. ComputingTechnologyIndustryAssociation Seeconfidentiality,integrity,andavailability TheITsecuritytriad:confidentialitymeansinformationcanonlybeaccessedby
andavailability(CIA)
Page70
authorizedusers;integritymeansthatinformationisonlymodifiedbyauthorized usersforauthorizedreasons;availabilitymeansinformationisaccessibleby authorizedusersatauthorizedtimesandunderauthorizedsituations. centralprocessingunit Elementsrequiredtoachieveoperationalgoals. CloudSecurityAlliance Criticalsuccessfactors DatastorageasaService Datathatisstoredonpersistentmedia. Databeingtransportedfromonelocationtoanotheracrossanetwork. Datathatisstoredinnonpersistentmemoryandisbeingmanipulatedbyan applicationoruser. Thelayerwhereinformationisstoredbeforeandafterbeingmanipulatedatthe applicationlayer. AroomorfacilitywhereITresourcesbelongingtoanorganizationarehosted, maintained,administered,andutilized. Layersofsecuritymeasuresusuallyincludingcomputernetworkdefense resources(routers,firewalls,IDSs/IPSs,andproxies),encryptiontechniques, policies,andprocedures. Acostassociatedwithaspecificprojectorprogramwithinanorganization. Policiesandproceduresexecutedtobringbusinessoperationsbackonline followinganemergencyordisaster. Anarchitecturewherebyfunctionsperformedbyanapplicationarespreadacross differentphysicalorvirtualITresourceswhichmaybelocatedwithinthesame datacenterorwithindifferentdatacentersseparatedbyalocalareanetworkor wideareanetwork. DistributedManagementTaskForce EuropeanUnion ElasticComputeCloud Theprovisioningofresourcesinnearrealtimeandusuallythroughautomationto scaleeitherverticallyorhorizontallyinresponsetouserdemand. Techniquesandproceduresusedtoensuretheconfidentialityandintegrityof databytransformingthedataintoanunreadableformatthroughtheuseof mathematicalalgorithmsandkeys. Standardsand/ormethodsutilizedbymultipleorganizations(suchasnetworkor cloudserviceproviders)toensurethesuccessfulsharingofITresourcesand/or information. Coststhatarethesamefrommonthtomonth. HealthInsurancePortabilityandAccountabilityActof1996 Increasingcomputingcapabilitybyaddingmorephysicalhardwareorvirtually resources. hypertexttransportprotocol Acombinationofprivateandpublic/communitycloudcomputingenvironments, Alsoknownasthevirtualmachinemonitor(VMM),thiscomponent(including software,firmware,and/orhardware)createsandrunsvirtualmachinesina virtualizedenvironment. input/output
CPU criticalsuccessfactors(CSF) CSA CSF DaaS dataatrest datainmotion datainuse datalayer datacenter
defenseindepth directcost disasterrecovery
distributedcomputing DMTF E.U. EC2 elasticity
encryption
federation fixedcosts HIPPA horizontalscaling HTTP hybridcloud
hypervisor I/O
IaaS IAM IdentityandAccess Management identitymanagement IDS IEEE indirectcost InformationTechnology InfrastructureLibrary(ITIL) InfrastructureasaService (IaaS) integrity IP IPS isolation IT ITServiceManagement (ITSM) ITIL ITSM ITU L2overL3 LAN MaaS MonitoringasaService (MaaS) MS multitenancy NaaS NAT NetworkasaService NIST NSA
Page71
InfrastructureasaService IdentityandAccessManagement Policies,procedures,andtechnologiesusedtotracktheidentityormultiple identities(usuallyreferredtoassecurityprincipals)ofauser. SeeIdentityandAccessManagement Intrusiondetectionsystems InstituteofElectricalandElectronicsEngineers Coststhatcannotbeassociatedtoaspecificprojectorprogramwithinan organizationandareusuallyallocatedtoacategory. AframeworkofITservicemanagementbestpracticesthatincludesthelifecycle volumesServiceStrategy,ServiceDesign,ServiceOperations,ServiceTransition, andContinualServiceImprovement(CSI). TheprovisioningofnetworkandserviceresourcesasacloudserviceattheOSI Layer2layer. Seeconfidentiality,integrity,andavailability internetprotocol Intrusionpreventionsystems Seesingletenancy informationtechnology TheprocessofaligningITresourceacquisition,management,andprovisioning withbusinessoperationsandorganizationalgoals. InformationTechnologyInfrastructureLibrary ITServiceManagement InternationalTelecommunicationUnion layertwooverlayerthree localareanetwork MonitoringasaService Theprovisioningofmonitoringresourcesasacloudservice. Microsoft ThesharingofIThardwareandvirtualresourcesbymultipletenants,orusers, specificallythesharingofasingleinstanceofanapplicationbythoseusers. NetworkasaService Networkaddresstranslation Theprovisioningofnetworkresourcesasacloudservice. NationalInstituteofStandardsandTechnology
NationalSecurityAgency Thetheoreticalmodelusedtodescribethevariouslevelsofdistributed applicationcommunicationstoincludeLayer1physical,Layer2datalink,Layer3 OpenSystems network,Layer4transport,Layer5session,Layer6presentation,andLayer7 Interconnection(OSI)Model application. Noninvestmentcostofoperatingabusiness.IntheU.S.,operationalexpenses operationalexpenses canbefullydeductedinthefiscalyearinwhichtheywereincurred. OpEx organizationalagility operationalexpenses Thewaysinwhichanorganizationreactsandadaptstochange.
OSI outsourcing PaaS partitioning payasyougo
Page72
OpenSystemsInterconnection Adetailedcontractbetweenaserviceproviderandacustomer. PlatformasaService Seemultitenancy
Avariablecostmodelwherebyclientsonlypayfortheservicestheyneed. Asecurityframeworkfornetworking,dataprotection,vulnerabilitymanagement, PaymentCardIndustryData accesscontrol,monitoringandpoliciesrelatedtothehandlingofcreditanddebit SecurityStandards(PCIDSS) cards. PCIDSS PersonallyIdentifiable Information(PII) PII pilot PlatformasaService(PaaS) PKI presentationlayer PaymentCardIndustryDataSecurityStandards Informationthatcanuniquelyidentifyanindividual. PersonallyIdentifiableInformation Atestcasedevelopedasaproofofconcept. Theprovisioningofvirtualserversasacloudservicewhereclientadministrators caninstallandoperateapplications. PublicKeyInfrastructure Thelayerwhereauserinteractswithanapplication. Acloudservicedeploymentmodelintendedforasingleorganization,either provisionedfromtheorganizationsowndatacenterorfromaprivatecloud serviceprovider. TheprocessofpreparinganddistributingITresourcestousers. Acloudservicedeploymentmodelwherebyaserviceproviderleveragesthe economicsofscaleandprovisionsITresourcestocustomers,usuallyoverthe Internet. Asetofhardware,software,people,policies,andproceduresusedtocreate, manage,distribute,use,store,andrevokedigitalcertificatesforencryptionand digitalsignatures. randomaccessmemory Applicationswhichcarryoutclaimsbasedidentificationthroughtheuse of SecurityTokenServices(STS). Metricsusedtodeterminethevalueofacquisitionsandactivitieswithrespect theircosts. Thepotentialforlossresultingfromagivenaction,activityand/orinaction, foreseenorunforeseen. returnoninvestment relyingparty SoftwareasaService storageareanetworks AfederallawthatsetsstandardsforallU.S.publiccompanyboards,management andpublicaccountingfirms. Theconceptofincreasingcomputingpowerinexistinghosts(vertical)or increasingthenumberofhosts(horizontal). softwaredefinedcloudnetworking Theabilityforaclientadministratororusertoprovisioncomputingcapacityas needed. SeeITServiceManagement Partofaservicecontractwherethedetailsaboutaserviceareformallyand
privatecloud provisioning
publiccloud PublicKeyInfrastructure (PKI) RAM relyingparty(RP) returnoninvestment(ROI) risk ROI RP SaaS SAN SarbanesOxleyAct scalability SDCN selfservice ServiceDesign ServiceLevelAgreement
(SLA) servicelevelobjects(SLO) ServiceOperations ServiceStrategy ServiceTransition serviceoriented architecture(SOA) singlesignon(SSO) explicitlydefined.
Page73
Parametersthataremeasuredtovalidatetheperformanceandcompliancetothe levelofservicedefinedbyanSLA. SeeITServiceManagement SeeITServiceManagement SeeITServiceManagement Asoftwaredesignandsoftwarearchitecturedesignthatdefinesapplication functionalityasservicestootherapplications. Theabilityforausertobeauthorizedonmultiplesystemsbyloggingononetime eventhoughtheusermayhavemultiplesecurityprincipals. TheisolationofIThardwareandvirtualresourcesdedicatedtoasingletenant,or userorganization,specificallytheisolationofasingleinstanceofanapplication dedicatedforthatorganization. ServiceLevelAgreement servicelevelobjects StorageNetworkIndustriesAssociation serviceorientedarchitecture Theprovisioningofapplicationsasacloudserviceforclientusers. SarbanesOxleyAct SecureSocketsLayer singlesignon Anetworkdedicatedtostoragedatatrafficbetweenhostserversandstorage devices. Waysinwhichanorganizationanticipatesandpreparesforuncertainty. SecurityTokenService TestingasaService totalcostofownership transportcontrolprotocol Theprovisioningoftestingresourcesasacloudservice. Theamountoftimeittakesanorganizationtoreleaseaproductorserviceafter itsconception. TransportLayerSecurity Allcosts,directandindirect,associatedwithaproductorservice. UnitedStates UnitedStatesgovernment Coststhatchangefrommonthtomonth. virtualdesktopinfrastructure Theinabilityofanorganizationtoportitsinformation,applications,andother resourcesfromonecloudserviceprovidertoanotherduetotheuseof proprietaryports,protocols,services,and/orAPIs. Increasingcomputingcapabilitybyaddingmoreresourcestoexistingphysical hardwareorvirtuallyresources. Aservicewherebyadesktopenvironmentisaccessedacrossanetworkfroma remotecomputingenvironment. Thecreationofalogicalresourceatalowerlayersoitappearstobeaphysical
singletenancy SLA SLO SNIA SOA SoftwareasaService(SaaS) SOX SSL SSO storageareanetwork(SAN) strategicflexibility STS TaaS TCO TCP TestingasaService timetomarket TLS totalcostofownership (TCO) U.S. USG variablecosts VDI
vendorlockin verticalscaling virtualdesktop infrastructure virtualization
Page74
resourcetothelayersaboveit. VMM VPN WAN XaaS virtualmachinemonitor Virtualprivatenetworks wideareanetwork AnythingasaService
CloudEssentialsStudyGuide Appendix4:Index
Page75
A
abstractionlayer,5,28 allocated,57,58,60 Amazon,3,6,7,8,10,21,25,62,63 AmazonWebServices,26,62 API,23,30,42 ApplicationLayer,29 applicationprograminterfaces,23 auditing,16,35,57 Authentication,34 Authorization,34 Automation,22,23,27,33,34,44 Availability,27,33 AWS,8,21,22
CentralIntelligenceAgency,8 CEO,3 Certificate,29 chiefexecutiveofficer,3 ChiefInformationOfficer,3 CIA,8,22,25,26,63 CIO,3,63 Cisco,27 Citrix,27 Cloud Community,3 Computing,2,3,4,5,6,8,9,10,11,12,13,15,17,21, 22,24,25,27,32,35,37,39,40,42,47,48,49,50, 51,52,56,59,62,63,64 Essentials,2,3,4,8,17,25,47,52,62
B
bigdata,26 billingsupportsystems,24 BPaaS,4 BSS,24 BusinessContinuity,41 BusinessProcessasaService,4
Hybrid,3 Private,3 Public,3 CloudBroker,5 CloudBursting,5 cloudcomputingstack,9 CloudStandardsCustomerCouncil,25 CommunicationsasaService,4 Communitycloud,7,34,44
C
CaaS,4 CapEx,16,17,20,47,48,58 capitalexpense,16
CompTIA,2,3,4,8,17,25,43,47,62 ComputingStack,5 ComputingTechnologyIndustryAssociation,2 confidentiality,8,13,15,25,34
Confidentiality,13,27 CPU,16,19,26 CriticalSuccessFactors,43 CSA,24 CSCC,25 CSF,43,46
Page76
G
Gartner,3,62 Google,3,6,9,10,25,64 GoogleApps,3
H D
HealthInsurancePortabilityandAccountabilityAct,8,26, 57 HealthInsurancePortabilityandAccountabilityActof 1996,8 HIPPA,8,26,57,59,60 HTTP,23,30,31,34 Hybridcloud,7,34,44,45 Hypervisor,28
DataatRest,15,27 DatainMotion,15,27 DatainUse,15,27 DataIntegration,26 DataLayer,29 Datacenter,39,41 DirectCosts,57,64 directlychargedback,57 DisasterRecovery,41 DistributedManagementTaskForce,25 DistributionovertheInternet,17 DMTF,25
I
IaaS,4,5,6,8,9,10,11,12,23,34,35,37,40,42,43,44, 45,46,48,49,50,51,52,53,54,60 IAM,6,11 IBM,8,10,27,64
E
ElasticComputeCloud,3 elasticity,5,26,32,36 Encryption,16,26
IdentityandAccessManagement,6 identitymanagement,6 IdentityManagement,28 IDS,15 IndirectCosts,57
F
Federation,5,12,24,35
informationtechnology,2,47 InformationTechnologyInfrastructureLibrary,47,54 InfrastructureasaService,4,9,48
Flexiant,27
InHouse,48,49,50,51 input/output,26 Integrity,27 InternationalTelecommunicationUnion,4,62 Internet,6,14,16,17,19,22,23,24,25,26,30,35 internetprotocol,22 Intrusiondetection/preventionsystems,15 IP,22,23 IPS,15 Isolation,33 IT,2,3,6,13,14,15,16,17,18,19,20,21,24,25,37,38, 39,40,41,42,43,45,46,47,48,49,50,51,52,53,54, 57,58,60,61,63,64 ITServiceManagement,2,39,47,48,53,64 ITIL,47,48,51,54,64 ITSM,43,47,53,54,61 ITU,4,62
Page77
N
NaaS,4 NAT,16 NationalInstituteofStandardsandTechnology,3,25 NephoScale,27 Netflix,7,63 Networkaddresstranslation,16 NetworkasaService,4 Networking,22,23 NIST,3,4,5,7,8,9,25
O
OASIS,25 Ondemand,4 operationalexpenses,16,19,47,58 OpEx,16,17,20,47,58 OracleCorporation,3
L
L2overL3,23,34 localareanetwork,23
OrganizationalAgility,18 outsourcing,13,14,18,19
P M
PaaS,4,5,6,8,9,10,11,12,23,34,35,40,42,43,44,45, 46,52,54 PaymentCardIndustryDataSecurityStandards,26 PCIDSS,26,57,59,60 PersonallyIdentifiableInformation,56 PII,56,59,60 Pilot,40
MaaS,4 Microsoft,2,6,9,10,22,32,39,64 MonitoringasaService,4 MS,2 multitenancy,5,7,11,21,26,32,33,34 Multitenancy,5,22,32,35
PKI,15,28,35 PlatformasaService,4,8 PresentationLayer,29 Privatecloud,7,22,34,44 ProofofConcept,43 provision,4,9,24,26 Provisioning,24,33 Proxy,15 Publiccloud,7,21,22,34,44 PublicKeyInfrastructure,15
SarbanesOxleyActof2002,8 Scalability,14,17,32,33,36 Scaling,14,44,62 SDCN,23 SecureSocketsLayer,15 Security,15,24,25,27,29,41,52,56,57,64 SelfService,23 selfservice,4,22,24,34 ServiceDesign,48,53,54 ServiceLevelAgreement,5,35 ServiceOperations,49
Page78
R
RackSpace,10 RAM,15 randomaccessmemory,15 relyingparty,29 returnoninvestment,16 RightScale,27 risk,15,17,18,32,35,41,56,58,59 Risk,18 ROI,16,17 RP,29
ServiceStrategy,48,53,54 ServiceTransition,50,53,54,55 serviceorientedarchitecture,6,16 singlesignon,24 singletenant,7 Singletenancy,22 SLA,5,11,25,26,33,35,40,41,42,45,48,51,52,56,58, 60 SNIA,25,63 SOA,6,11,12,16 SoftwareasaService,4,8,48 softwaredefinedcloudnetworking,23
S
SaaS,4,5,6,8,9,10,11,12,23,34,37,38,40,42,43,44,
SOX,26,57,59,60 SSL,15 SSO,24
45,46,48,49,50,51,52,53,54 Standardization,24,35,62 Salesforce,9 storageareanetworks,6 SAN,6,30 StrategicFlexibility,18 SarbanesOxleyAct,8,26,57,59,60
STS,29
vendorlockin,51 virtualdesktopinfrastructure,37
Page79
T
TaaS,4 TCO,16 TCP,22,23 TCP/IP,22 TestingasaService,4 TimetoMarket,17 TLS,15 totalcostofownership,16,19 transportcontrolprotocol,22 TurnKey,38
virtualextensiblelocalareanetwork,23 virtualmachine,24,28,45,53 Virtualprivatenetworks,16 virtualization,2,6,14,21,22,23,24,34,35,36 Virtualization,5,6,11,12,34,35,39 VMM,24,28 VMware,2,6,22,23,39 VPN,16 VXLAN,23
W
WAN,23
U
U.S.,3,8,19,25,57,59,60 UnitedStates,3 USG,3
wideareanetwork,23 Wikipedia,3,62
Z
Zoho,9
V
VariableCosts,16 VDI,37,38,44

Cloud Essentials Study Guide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cloud Essentials Study Guide

Caricato da

Copyright:

Formati disponibili

Unofficial

by Joseph Jordan Version 1.0 November 2013

o GoogleApps (http://www.google.com/intx/en/enterprise/apps/business/) o PaaS Salesforce(http://www.salesforce.com/)

MicrosoftWindowsAzure(http://www.windowsazure.com/enus/) RackSpace(http://www.rackspace.com/) GoogleAppEngine(https://developers.google.com/appengine/) Force(http://www.force.com/)

Firewalls Intrusiondetection/preventionsystems(IDS/IPS) Proxyservices

Systemauditing. Encryption. Incidentresponseandhandling.

CloudEssentialsStudyGuide a. Vertical b. Horizontal c. Diagonal d. Upscale 4.

WhichofthefollowingrisksisinherentinbothcloudcomputingandIToutsourcing: a. Vendorlockin b. Lackofscalability c. Equipmentobsolescence d. Capitalexpense

o NephoScale Cloud Orchestration Suite http://nephoscale.com/a/?utm_expid=40838270 0.GPlL01JiRt69UJFHbvvuIw.1&utm_referrer=http%3A%2F%2Fnephoscale.com%2 Fa%2F o RightScaleCloudManagementhttp://www.rightscale.com/products/

Certificaterevocationmethodsthatlagrealtimeoperations Compromisedcertificates Unreliablecertificateauthority

Figure5DesktopApplication Figure6showstheapplicationcomponentsinadistributedenvironmentwheretheapplication layerishostedonaserverclusterforhighavailabilityandtomaketheapplicationaccessibleby

CloudEssentialsStudyGuide Isolation Availability Scalability LowCost Customizability RegulatoryCompliance

CloudEssentialsStudyGuide b. PaaS c. IaaS d. DaaS

CloudEssentialsStudyGuide o o o Fixedcosts Performance Support

Architectingforthecloud: o o o o o Whichservicemodeltouse(SaaS,PaaS,orIaaS) Bandwidthandlatencyconsiderations Applicationperformanceconsiderations Securityconsiderations Complianceconsiderations

CloudEssentialsStudyGuide c. ServiceOperation d. ServiceTransition

CloudEssentialsStudyGuide c. ServiceOperation d. ServiceTransition

Costseitherchargeddirectlyorallocatedindirectly o o Telephonecharges Computeruse

CloudEssentialsStudyGuide o o o Projectclericalpersonnel Postageandprinting

Costsusuallyallocatedindirectly o o o o o Utilities Rent Auditandlegal Administrativestaff Equipmentrental

AnswerstoDomain6.0Questions Question1Answerb. Question2Answera. Question3Answerc.

CloudEssentialsStudyGuide Question4Answerb. Question5Answera. Question6Answerd. Question7Answera. Question8Answera. Question9Answerc. Question10Answerd.

defenseindepth directcost disasterrecovery

distributedcomputing DMTF E.U. EC2 elasticity

federation fixedcosts HIPPA horizontalscaling HTTP hybridcloud

OpenSystemsInterconnection Adetailedcontractbetweenaserviceproviderandacustomer. PlatformasaService Seemultitenancy

vendorlockin verticalscaling virtualdesktop infrastructure virtualization

resourcetothelayersaboveit. VMM VPN WAN XaaS virtualmachinemonitor Virtualprivatenetworks wideareanetwork AnythingasaService

Hybrid,3 Private,3 Public,3 CloudBroker,5 CloudBursting,5 cloudcomputingstack,9 CloudStandardsCustomerCouncil,25 CommunicationsasaService,4 Communitycloud,7,34,44

CompTIA,2,3,4,8,17,25,43,47,62 ComputingStack,5 ComputingTechnologyIndustryAssociation,2 confidentiality,8,13,15,25,34

IdentityandAccessManagement,6 identitymanagement,6 IdentityManagement,28 IDS,15 IndirectCosts,57

informationtechnology,2,47 InformationTechnologyInfrastructureLibrary,47,54 InfrastructureasaService,4,9,48

MaaS,4 Microsoft,2,6,9,10,22,32,39,64 MonitoringasaService,4 MS,2 multitenancy,5,7,11,21,26,32,33,34 Multitenancy,5,22,32,35

SOX,26,57,59,60 SSL,15 SSO,24

45,46,48,49,50,51,52,53,54 Standardization,24,35,62 Salesforce,9 storageareanetworks,6 SAN,6,30 StrategicFlexibility,18 SarbanesOxleyAct,8,26,57,59,60

virtualextensiblelocalareanetwork,23 virtualmachine,24,28,45,53 Virtualprivatenetworks,16 virtualization,2,6,14,21,22,23,24,34,35,36 Virtualization,5,6,11,12,34,35,39 VMM,24,28 VMware,2,6,22,23,39 VPN,16 VXLAN,23

Potrebbero piacerti anche