2. Virtualization
• It enables single hardware equipment to run
multiple operating systems environment
simultaneously, greatly enhancing processing
power utilization, among other benefits.
• Hypervisor is the central program that controls
the execution of various guest operating
systems and provide the abstraction level
between the guest and hosts environment.
• A computer on which a hypervisor runs one or
more virtual machines is called a host machine,
and each virtual machine is called a guest
machine
Virtualization
3. Type 1 Hypervisor
• A Type 1 hypervisor is tied to the underlying hardware
and hosts virtual machines on top of it, and it operates
as the sole layer between the hardware
• Due to the proprietary nature of Type 1 hypervisor
software and the close intrinsic tie that it has to the
underlying hardware, security can be maintained with a
very high degree of confidence.
• Because the vendor controls both the hardware and
software, the hypervisor implementation is tightly
controlled as to its features and capabilities, making a
much leaner and tighter software platform that is more
difficult to exploit.
• These are also referred to as bare metal hypervisors
• VMware ESX and ESXi,Microsoft Hyper-V,Citrix XenServer
Type 1
Hypervisor
4. Type 2 Hypervisor
• A Type 2 hypervisor is software based.
• With software-based hypervisors, you are dependent on
an operating system that is independent of the hardware
and virtualization system to operate.
• The hypervisor must interact with the operating system
and rely on it for access to the underlying hardware and
system processes.
• With this dependency, the hypervisor is then vulnerable
to any potential flaws and software exploits that can
strike the underlying operating system, which could then
be used to launch attacks against the hypervisor.
• The security with Type 2 hypervisors is not as tight and
dependable as the native solution that Type 1 provides.
• VMware Workstation/Fusion/Player, VMware Server,
Microsoft Virtual PC, Oracle VM VirtualBox
Type 2
Hypervisor
5. VM Sprawl
VM SPRAWL
•Sprawl is the uncontrolled spreading and disorganization caused by lack of an
organizational structure when many similar elements require management.
•VM sprawl, also known as virtualization sprawl, happens when an administrator
can no longer effectively control and manage all the virtual machines on a
network.
•VMs basically are files that contain a copy of a working machine’s disk and
memory structures and management is easy when numbers are less
•But as the number of VMs grows rapidly over time, sprawl can set in. VM sprawl is
a symptom of a disorganized structure
VM Sprawl Avoidance
•VM sprawl can be avoided through policy.
•VM sprawl can be avoided through naming conventions and proper storage
architectures, so that the files are in the correct directory, making finding the
correct VM easy and efficient.
•But as in any filing system, it works only if everyone routinely follows the
established policies and procedures to ensure that proper VM naming and filing
are performed.
•You can also integrated VM management tools, such as ESX sever from VMware, is
its ability to enable administrators to manage VMs and avoid sprawl
6. VM Escape
VM Escape
• Virtual machine escape is the process of a program breaking out of
the virtual machine on which it is running and interacting with the
host operating system,
• A virtual machine is a "completely isolated guest operating system
installation within a normal host operating system.
• Virtual machine escape is an exploit in which the attacker runs code on
a VM that allows an operating system running within it to break out
and interact directly with the hypervisor.
VM Escape Protection
• Keep virtual machine software patched.
• Install only the resource-sharing features that you really need.
• Keep software installations to a minimum because each program brings
its own vulnerabilities
7. Before the Cloud: Example 1- Storage Space
•Challenge :
•Availability of training contents while travelling.
•Solution ( Before the cloud) :
•As a trainer, I always used to carry my content in my hard drive
when I had to travel for training , in case my laptop crashes or content
gets corrupted. This extra hard drive cost me money and it also
doesn’t ensure guaranteed availability of data as the hard drive can
also get corrupted.
•Solution ( After the cloud):
•Now , I am using space in Google drive which is storage as a service
in cloud and now my data is available online wherever I go and I can
access it from my mobile/laptop/Phablet etc. from anywhere in the
world.
8. Before the Cloud: Example 2- Online E Commerce
•Challenge :
•Peak Usage during holidays and Sale time
•Less Load during rest of time
•Solution ( Before the cloud) :
•Peak Load Provisioning: Need to procure hardware for peak load
which will cost lot of money and those hardware and resources
would remain idle during low load period.
•Solution ( After the cloud):
•Now , instead of procuring hardware and resources anticipating
peak load, you can use cloud and configure scaling policies to scale up
and scale down resources based on demand which can save money
and you will be able to use resources optimally.
9. Cloud Computing
Cloud computing is the delivery
of computing services—including
servers, storage, databases,
networking, software, analytics, and
intelligence—over the Internet
(“the cloud”) to offer faster
innovation, flexible resources, and
economies of scale
Cloud computing is the use of
Internet-based computing resources,
typically “as a service,” to allow
internal or external customers to
consume where scalable and elastic
information technology (IT)-enabled
capabilities are provided.
11. NIST and ISO/IEC Definition
NIST Definition
800-145
• NIST Definition
• Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared
pool of configurable computing resources (e.g.,
networks, servers, storage, applications , and
services) that can be rapidly provisioned and
released with minimal management effort or
service provider interaction.”
ISO/IEC 17788
• ISO/IEC Definition 17788
• Paradigm for enabling network access to a scalable
and elastic pool of shareable physical or virtual
resources with self-service provisioning and
administration on-demand
12. NIST vs ISO 17788 Comparison
NIST 800-145 Essential Characteristics ISO/IEC 17788
Broad network access Broad network access
On-demand self-service On-demand self-service
Resource pooling Resource pooling
Rapid elasticity Rapid elasticity and Scalability
Measured service Measured service
Multitenancy
13. Cloud Building Blocks
The building blocks of cloud computing are comprised of RAM, CPU, storage and Networking.
IaaS comprises the most fundamental building blocks of an cloud service: the processing, storage, and
network infrastructure upon which cloud applications are built.
CPU Memory Storage Network
14. Cloud Computing Characteristics
The provider abstracts
resources and collects
them into a pool,
portions of which can be
allocated to different
consumers (typically
based on policies).
Resource pooling
Consumers provision the
resources from the pool
using on-demand self-
service. They manage
their resources
themselves, without
having to talk to a
human administrator.
On Demand Self Service
It means that all
resources are available
over a network, without
any need for direct
physical access.
Broad network access
It allows consumers to
expand or contract the
resources they use from
the pool (provisioning
and de provisioning),
often completely
automatically.
Rapid elasticity
Customers are charged
for what they are using
or consuming.
• Measured service
is a reference to the
mode of operation of
software where multiple
independent instances
of one or multiple
applications operate in a
shared environment.
Multitenancy
15. Categorization of Cloud
Cloud Categorization
Deployment Categories
Public Cloud Private Cloud
Community
Cloud
Hybrid Cloud
Service Categories
Infrastructure
as
Service(IAAS)
Software as a
service(SAAS)
Platform as a
service(PAAS)
16. Public Cloud
Public Cloud:
• According to NIST” the cloud infrastructure is provisioned for open
use by the general public.
• It may be owned, managed, and operated by a business, academic,
or government organization, or some combination of them. It exists
on the premises of the cloud provider.
• Significant and notable providers in the public cloud space include
Amazon, Microsoft, Salesforce, and Google, among others.
Public cloud benefits
• Easy and inexpensive setup because the provider covers hardware,
application, and bandwidth costs
• Streamlined and easy-to-provision resources
• Scalability to meet customer needs
• No wasted resources—pay as you consume
17. Private Cloud
Private Cloud
•The cloud infrastructure is provisioned for exclusive use by a single organization
comprising multiple consumers (e.g., business units).
•It may be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premise.
•A private cloud is typically managed by the organization it serves; however, outsourcing
the general management of this to trusted third parties may also be an option.
•A private cloud is typically available only to the entity or organization, its employees,
contractors, and selected third parties.
•Significant and notable providers in the private cloud space include
HPE,Vmware,Dell,Oracle,IBM,Microsoft
Private cloud benefits
•Increased control over data, underlying systems, and applications
•Ownership and retention of governance controls
•Assurance over data location and removal of multiple jurisdiction legal and compliance
18. Hybrid Cloud
Hybrid Cloud
•The cloud infrastructure is a composition of two or more distinct cloud infrastructures
(private, community, or public) that remain unique entities, but are bound together
by standardized or proprietary technology that enables data and application
portability (e.g., cloud bursting for load balancing between clouds).”
•Hybrid cloud computing is gaining in popularity because it enables organizations to
retain control of their IT environments, coupled with the convenience of allowing
organizations to use public cloud service to fulfill non-mission-critical workloads and
taking advantage of flexibility, scalability, and cost savings.
•Significant and notable providers in the private cloud space include
Microsoft,Amazon, Vmware,EMC, IBM, HPE
Hybrid cloud benefits
•Retain ownership and oversight of critical tasks and processes related to technology.
•Reuse previous investments in technology within the organization.
•Control the most critical business components and systems.
•Act as a cost-effective means of fulfilling noncritical
19. Community Model
Community Cloud
• The cloud infrastructure is provisioned for exclusive use by a specific
community of consumers from organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance considerations).
• It may be owned, managed, and operated by one or more of the organizations
in the community, a third party, or some combination of them, and it may exist
on or off premises.”
• Community clouds can be on-premises or offsite and should give the benefits
of a public cloud deployment, while providing heightened levels of privacy,
security, and regulatory compliance
Benefits of Community Cloud
• Improved Service
• Secure and Compliance
• Available and Reliable
• Flexibility and Scalability
20. Categorization of Cloud: Service Categories
Cloud Service
Categories
Infrastructure as
Service(IAAS)
Software as a
service(SAAS)
Platform as a
service(PAAS
21. Categorization of Cloud: Service Categories
• It offers access to a resource pool of fundamental
computing infrastructure, such as compute, network, or
storage. We sometimes call these the “SPI” tiers.
• Amazon EC2, Google Compute Engine, HP Cloud, etc.
Infrastructure as a Service (IaaS)
• It is a category of cloud computing services that provides a
platform allowing customers to develop, run, and manage
applications without the complexity of building and
maintaining the infrastructure typically associated with
developing and launching an app.
• Example: Google App Engine, Windows Azure Cloud Services, etc.
Platform as a Service (PaaS)
• It is a full application that’s managed and hosted by the
provider. Consumers access it with a web browser, mobile
app, or a lightweight client app.
• Example: Google Apps, Microsoft Office 365, etc
Software as a Service (SaaS)
Cloud
Service
Categories
Infrastructure
as
Service(IAAS)
Software as a
service(SAAS)
Platform as a
service(PAAS