Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture & Cybersecurity – Module 3 ELO 3.1Identify the different components of a cloud architecture. (Service Offering View and Network View) Figure.

Published byImogen Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "Architecture & Cybersecurity – Module 3 ELO 3.1Identify the different components of a cloud architecture. (Service Offering View and Network View) Figure."— Presentation transcript:

1 Architecture & Cybersecurity – Module 3 ELO 3.1Identify the different components of a cloud architecture. (Service Offering View and Network View) Figure 2 (Architectural View) ELO 3.2Identify a difference between virtual and physical infrastructure. ELO 3.3Identify the features of virtualization. ELO 3.4Identify the 6 steps of Internet service interaction between a user on the DoDIN and a service provided over the Internet. (Figure 2 - High Level Steps of a Generic Service Interaction) ELO 3.5Recall the difference between virtually and physically separated infrastructure, and concerns with multi-tenancy. ELO 3.6Match key architectural terms from the section to appropriate definitions. CLE - Module 3 - Arch & Cybersecurity (a)1

2 TopicsYou should be able to: Module Introduction Recapitulation Cloud Architecture Components Physical and Virtual Infrastructure 6 Steps of Internet Service Interaction Virtually and physically separated infrastructure, and concerns with multi-tenancy Features of Virtualization Key Architectural Terms Summary Module Review Module Summary Questions Identify the different components of a cloud architecture. Identify a difference between virtual and physical infrastructure. Identify the 6 steps of Internet service interaction between a user on the DoDIN and a service provided over the Internet. Identify the features of virtualization. Recall the difference between virtually and physically separated infrastructure, and concerns with multi-tenancy. Match key architectural terms from the section to appropriate definitions. Module – 3: Architecture CLE - Module 3 - Arch & Cybersecurity (a)2

3 Topic You should be able to: Content Questions Review Previous Content Recapitulation of Modules – 1, 2 Overview of Cloud Computing – Characteristics – Service Models – Deployment Models Risks to using Cloud Information Impact Levels CLE - Module 3 - Arch & Cybersecurity (a)3

4 Topic You should be able to: Content Questions CLE - Module 3 - Arch & Cybersecurity (a)4 Cloud Architecture Introduction Introduce cloud model diagram Provide foundation for definitions in module Figure 1 (Next Slide) presents the NIST cloud computing reference architecture, which identifies the major actors, their activities, and their functions in cloud computing. The diagram depicts a generic high-level architecture and is intended to facilitate the understanding of the requirements, uses, characteristics, and standards of cloud computing.

5 Private Cloud (IaaS) CLE - Module 3 - Arch & Cybersecurity (a)5 Virtual Network Cloud Access Point Infrastructure as a Service Virtual Machine Hypervisor Physical Server Virtual Machine Hypervisor Security Boundary users Figure 1 Internet This chart doesn’t look anything like Figure 1 from NIST SP 500-292, nor does the chart in SP 500-292 do what the text says…identifies major actors, their activities, and their functions.

6 Topic You should be able to: Content Questions Cloud Architecture Components 1.MT-060-01: Identify the differences between physical and virtual servers. 2.MT-060-02: Identify the role of the Hypervisor. Cloud Architecture Components Overview graphic (NIST Reference Model graphic) including views of physical and virtual layers Physical Resources include both physical and facilities CLE - Module 3 - Arch & Cybersecurity (a)6

7 Topic You should be able to: Content Questions Cloud Architecture Components -1 1.MT-060-01: Identify the differences between physical and virtual servers. 2.MT-060-02: Identify the role of the Hypervisor. Cloud Architecture Components -1 Overview graphic (NIST Reference Model graphic) including views of physical and virtual layers Physical servers are traditional machines, often mounted in racks in data centers (graphic). Physical servers include CPUs, memory, storage, power supplies and related equipment. Typical physical servers are managed individually as parts of an overall system implementation. Virtual servers act like physical servers but have networks, CPUs, storage and related items which are scalable (up or down) easily. (graphic) Hypervisors create hosts for virtual servers within physical servers so that one physical machine can host many virtual servers. 1.Take-Away: The hypervisor creates hosts for virtual servers within physical servers so that one physical machine can host many virtual servers. CLE - Module 3 - Arch & Cybersecurity (a)7

8 Topic You should be able to: Content Questions CLE - Module 3 - Arch & Cybersecurity (a)8 Cloud Architecture Components -2 1.MT-060-03: Identify the role of the OS. 2.MT-060-04: Identify the role of software development tools Cloud Architecture Components -2 The operating system provides servers (virtual or physical) instructions on what to do. Software development tools provide humans with an interface and way to create programs that access computing resources. These instructions are translated by the operating system to machine instructions for the hardware.

9 Topic You should be able to: Content Questions Review Previous Content -3 1.MT-060-05: Identify common software applications that are provided to users 2.MT-060-06: Identify the role of storage devices and the types that are typically available through cloud services. Cloud Architecture Components -3 Common software applications include desktop tools like word processors, spreadsheets and other business applications. Storage devices provide a place to put and keep information, often in the form of files. Storage devices may be physical hard drives on a server or virtualized storage distributed across a number of resources. Examples include distributed storage using Hadoop. Software applications provided on cloud platforms include Software as a Service (SaaS). Cloud storage is an example of Infrastructure as a Service (IaaS) 1.Several common software applications that can be used as Software as a Service (SaaS) are word processors, spreadsheets and other business applications. 2.Storage devices provide a place to put and keep information. Storage devices may be physical hard drives on a server or virtualized storage distributed across a number of resources. Cloud storage is an example of Infrastructure as a Service (IaaS). CLE - Module 3 - Arch & Cybersecurity (a)9

10 Topic You should be able to: Content Questions Review Previous Content -4 1.MT-060-06: Identify the role of storage devices and the types that are typically available through cloud services. Cloud Architecture Components -4 Cloud storage is an example of Infrastructure as a Service (IaaS) Common physical storage devices include hard drives, DVDs, CDs, disk arrays. Common cloud storage examples include personal file storage, shared file storage, distributed high performance storage, data base storage CLE - Module 3 - Arch & Cybersecurity (a)10

11 Topic You should be able to: Content Questions Physical and Virtual Infrastructure 1.MT-070-01: Identify infrastructure components that can be virtualized 2.MT-070-02: Identify the benefits of virtualizing infrastructure components Physical and Virtual Infrastructure Virtualized components often include storage, RAM, CPUs, Networks, Interfaces and servers. The benefits of virtualization include cost reduction, scale (up or down), transfer of risk (Govt to cloud provider), rapid implementation and decommissioning of IT resources. CLE - Module 3 - Arch & Cybersecurity (a)11

12 Topic You should be able to: Content Questions Features of Virtualization 1.MT-080-01: Identify the concerns with sharing servers 2.MT-080-02: Identify the concerns with sharing storage media 3.MT-080-03: Identify the concerns with sharing networks components Features of Virtualization Shared servers may create cybersecurity risks because they operate on shared resources. While this can be mitigated, risks of cross talk are higher than with physically separated and properly configured components. Shared storage, like servers, also have higher risks of data leakage and breach than physically separated storage. Shared network components also have higher cybersecurity risk than separated networks. In each of these cases the benefits of shared resources (cost, scale etc.) should be balanced with the risks associated with the implementation. Add graphics showing the concerns graphically. Cloud design patterns for each of these risks and alternatives will demonstrate risk areas. CLE - Module 3 - Arch & Cybersecurity (a)12

13 Topic You should be able to: Content Questions 6 Steps of Internet Service Interaction 1.Identify the 6 steps of Internet service interaction between a user on the DoDIN and a service provided over the Internet. 6 Steps of Internet Service Interaction Figure 2 - High Level Steps of a Generic Service Interaction (6 steps) 1.There isn’t a description of the 6 steps CLE - Module 3 - Arch & Cybersecurity (a)13 Internet DoDIN User Web Svr CSO (1) (2) (3) (4) (5) (6)

14 Topic You should be able to: Content Questions CLE - Module 3 - Arch & Cybersecurity (a)14 Virtually and physically separated infrastructure, and concerns with multi-tenancy 1.ELO-080Recall the difference between virtually and physically separated infrastructure, and concerns with multi-tenancy. Virtually and physically separated infrastructure, and concerns with multi-tenancy Virtually separated infrastructure use hypervisors or other management software to operate separate instances of IaaS on common hardware. Physically separated infrastructure operates on equipment in different locations. The location can be a few feet or thousands of miles apart. Clouds that house multiple software instances, virtual machines or customers leverage common equipment. This can result in reduced performance because of the shared nature of cloud systems. This is sometimes referred to as the “noisy neighbor” problem. Add graphic showing images of servers that are separated and virtualized. 1.What software component allows for separate instances of Infrastructure as a Service to operate on common infrastructure yet virtually separated hardware? Hypervisor. 2.Clouds that house multiple software instances, virtual machines or customers leverage common equipment.

15 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)15 ELO-110 Match key architectural terms from the section to appropriate definitions. 1.MT-110-01 Match Hybrid Cloud to the correct definition Key Architectural Terms Hybrid Cloud: A hybrid cloud is an infrastructure that includes links between one cloud managed by the user (typically called “private cloud”) and at least one cloud managed by a third party (typically called “public cloud”). Although the public and private segments of the hybrid cloud are bound together, they remain unique entities. This allows a hybrid cloud to offer the benefits of multiple deployment models at once. Hybrid clouds vary greatly in sophistication. For example, some hybrid clouds offer only a connection between the on premise and public clouds. All the difficulties inherent in the two different infrastructures is the responsibility of operations and application teams. (http://apprenda.com/library/glossary/hybrid- clouds-a-definition/)

16 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)16 ELO-110 Match key architectural terms from the section to appropriate definitions. 1.MT-110-02 Match Hypervisor to the correct definition 2.MT-110-03 Match Lights-Out Data Center to the correct definition Key Architectural Terms A hypervisor is a piece of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor is running one or more virtual machines is defined as a host machine. Each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Multiple instances of a variety of operating systems may share the virtualized hardware resources. (https://en.wikipedia.org/wiki/Hypervisor)https://en.wikipedia.org/wiki/Hypervisor A lights out data center is a server or computer room that is physically or geographically isolated at an organization's headquarters, thereby limiting environmental fluctuations and human access. Unnecessary energy used for lighting and for maintaining a proper climate around frequently used doors can be saved by going lights out. (https://www.techopedia.com/definition/26965/lights- out-data-center)

17 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)17 ELO-110 Match key architectural terms from the section to appropriate definitions. 1.MT-110-04 Match Multi-Tenancy to the correct definition Key Architectural Terms Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers. Each customer is called a tenant. Tenants may be given the ability to customize some parts of the application, such as color of the user interface (UI) or business rules, but they cannot customize the application's code. Multi-tenancy can be economical because software development and maintenance costs are shared. It can be contrasted with single-tenancy, an architecture in which each customer has their own software instance and may be given access to code. With a multi-tenancy architecture, the provider only has to make updates once. With a single- tenancy architecture, the provider has to touch multiple instances of the software in order to make updates. In cloud computing, the meaning of multi-tenancy architecture has broadened because of new service models that take advantage of virtualization and remote access. A software-as-a-service (SaaS) provider, for example, can run one instance of its application on one instance of a database and provide web access to multiple customers. In such a scenario, each tenant's data is isolated and remains invisible to other tenants. (http://whatis.techtarget.com/definition/multi-tenancy)

18 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)18 ELO-115 Match key architectural terms from the section to appropriate definitions. 1.MT-110-05 Match Physical Separation to the correct definition Key Architectural Terms While shared cloud environments provide significant opportunities for DoD entities, they also present unique risks to DoD data and systems that must be addressed. These risks include UNCLASSIFIED exploitation of vulnerabilities in virtualization technologies, interfaces to external systems, APIs, and management systems. These have the potential for providing back door connections and CSP privileged user access to customer’s systems and data (insider threat). While proper configuration of the virtual and physical environment can mitigate many of these threats, there is still residual risk that may or may not be acceptable to DoD. Legal concerns such as e- discovery and law enforcement seizure of non- government CSP customer/tenant’s data pose a threat to DoD data if it is in the same storage media. Due to these concerns, DoD is currently taking a cautious approach with regard to Level 5 information. (DoD CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 page 24-25) 1.This text does not seem to correspond with the ELO or the Major Take-Away.

19 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)19 ELO-115 Match key architectural terms from the section to appropriate definitions. 1.MT-110-06 Match Software-Defined Networking (SDN) to the correct definition Key Architectural Terms Software-defined networking (SDN) is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. The goal of SDN is to allow network engineers and administrators to respond quickly to changing business requirements. In a software-defined network, a network administrator can shape traffic from a centralized control console without having to touch individual switches, and can deliver services to wherever they are needed in the network, without regard to what specific devices a server or other device is connected to. The key technologies are functional separation, network virtualization and automation through programmability. (http://searchsdn.techtarget.com/definition/s oftware-defined-networking-SDN) 1.What is Software Defined Networking? 2.Why is Software Defined Networking important? 3.How is Software Defined Networking achieved?

20 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)20 ELO-115 Match key architectural terms from the section to appropriate definitions. 1.MT-110-07 Match Virtual Machine to the correct definition Key Architectural Terms A virtual machine (VM) is a software implementation of a machine (for example, a computer) that executes programs like a physical machine. Virtual machines are separated into two major classes, based on their use and degree of correspondence to any real machine: A system virtual machine provides a complete system platform which supports the execution of a complete operating system (OS).[1] These usually emulate an existing architecture, and are built with the purpose of either providing a platform to run programs where the real hardware is not available for use (for example, executing on otherwise obsolete platforms), or of having multiple instances of virtual machines leading to more efficient use of computing resources, both in terms of energy consumption and cost effectiveness (known as hardware virtualization, the key to a cloud computing environment), or both. A process virtual machine (also, language virtual machine) is designed to run a single program, which means that it supports a single process. Such virtual machines are usually closely suited to one or more programming languages and built with the purpose of providing program portability and flexibility (amongst other things). An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine—it cannot break out of its virtual environment. (https://en.wikipedia.org/wiki/Virtual_machine) 1.How does this definition of virtual machine correlate with cybersecurity?

21 Topic You should be able to: Content Questions CLE - Module 4 - Arch & Cybersecurity (b)21 ELO-110 Match key architectural terms from the section to appropriate definitions. 1.MT-110-08 Match Virtualization to the correct definition 2.MT-110-09 Match Virtual Separation to the correct definition Key Architectural Terms Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources. (https://en.wikipedia.org/wiki/Virtualization)https://en.wikipedia.org/wiki/Virtualization Virtual Separation: The risks and legal considerations in using virtualization technologies further restrict the types of tenants that can obtain cloud services from a virtualized environment on the same physical infrastructure and the types of cloud deployment models (i.e., public, private, community, and hybrid) in which the various types of DoD information may be processed or stored. While shared cloud environments provide significant opportunities for DoD entities, they also present unique risks to DoD data and systems that must be addressed. These risks include exploitation of vulnerabilities in virtualization technologies, interfaces to external systems, APIs, and management systems. These have the potential for providing back door connections and CSP privileged user access to customer’s systems and data (insider threat). While proper configuration of the virtual and physical environment can mitigate many of these threats, there is still residual risk that may or may not be acceptable to DoD. 1.This slide talks about the cybersecurity risks associated with the technology that allows for cloud solutions.

22 Topic You should be able to: Content Questions Key Architectural Terms Include definitions for: – Server – CPU – Memory – Storage – Hypervisor – Operating System (OS) – Virtualization – Network adaptor – Routers – Switch – Application – VPN – Include listing of references for the section 1.We should provide the definitions CLE - Module 3 - Arch & Cybersecurity (a)22

23 Topic You should be able to: Content Questions Review Module 3 - Review CLE - Module 3 - Arch & Cybersecurity (a)23

24 Topic You should be able to: Content Questions Summary Module 3 – Summary Questions CLE - Module 3 - Arch & Cybersecurity (a)24

25 Topic You should be able to: Content Questions 6 Steps of Internet Service Interaction 1.Identify the 6 steps of Internet service interaction between a user on the DoDIN and a service provided over the Internet. 6 Steps of Internet Service Interaction Figure 2 - High Level Steps of a Generic Service Interaction (6 steps) This is Figure 3 (below): On the left are the *aaS. SaaS - Application. PaaS - Middleware and OS. IaaS - Hypervisor, Databases, Racks, Switches, Devices At the bottom is the DoDIN, a box with a CSO line coming out to the right and a line from the bottom to the letters BODI? At the very bottom are some lollipops, a stack -> SOA -> CLOUD. 1.There isn’t a description of the 6 steps CLE - Module 3 - Arch & Cybersecurity (a)25

Download ppt "Architecture & Cybersecurity – Module 3 ELO 3.1Identify the different components of a cloud architecture. (Service Offering View and Network View) Figure."

Similar presentations

Distributed Data Processing

Distributed Data Processing
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
By Adam Balla & Wachiu Siu

By Adam Balla & Wachiu Siu
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Virtualization and the Cloud

Virtualization and the Cloud
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.

INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.

Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.
Osama Shahid ( ) Vishal ( ) BSCS-5B

Osama Shahid ( ) Vishal ( ) BSCS-5B
For more notes and topics visit:

For more notes and topics visit:
3 Cloud Computing.

3 Cloud Computing.

Similar presentations

Ads by Google