Introduction
Cloud and virtualization represent crucial components of IT operations and are indispensable daily of an IT professional working in the cybersecurity landscape. The CompTIA Security + Certification has become a worldwide standard for recognizing competence in IT security and cloud and virtualization concepts are a fundamental component of this course.
Definition of Cloud
In general, cloud, also known as cloud computing, is a way that allows running application software and storing data in central computer systems and providing access to them to customers or other users through the Internet.
According to NIST, “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Cloud is everywhere, and its origin is not known. This term became popular in 2008, but the capacity of providing remote access to computing functions through networks dates back to the mainframe time-sharing systems of the 1960s and 1970s [1]. There is no doubt; cloud became a buzzword.
According to NIST, Cloud model is composed of five essential features, three service models, and four deployment models.
Essential Features
The essential features of cloud computing are divided into five principles:
On-demand self-service: On-demand self-service refers to the service provided by cloud computing vendors that enables the provision of cloud resources on-demand whenever they are required. A consumer performs all the actions in the service, such as server time and network storage, without human interaction or going through an IT department, for example.
Broad network access: The access to resources in the Cloud is available through multiple types of devices. This not only includes the most common devices (laptops, workstations, etc.) but also this includes mobile phones, and so on.
Resource pooling: Refers to the scalability in the cloud. This is an IT term used in cloud computing environments to describe a situation in which providers serve multiple clients, customers, or “tenants” with provisional and scalable services.
Rapid elasticity: This is a cloud computing term for scalable provisioning, or the ability to provide scalable services. This characteristic allows users to automatically request additional space in the cloud or other types of services.
Measured service: Allows for aspects of the cloud service to be controlled and monitored by the cloud provider. This is crucial for billing, access control, resource optimization, capacity planning and other tasks.
Cloud Computing Service Models
Cloud computing services have three category groups [2]:
Software as a Service (SaaS): This model provides the ability to the consumer to use the provider’s applications running on a cloud infrastructure over the Internet.
There are two main varieties of SaaS, namely (i) vertical SaaS, which has the capacity to provide a software which response the needs of an activity (e.g., healthcare software, agriculture, finance activities, etc.); and (ii) horizontal SaaS, with products focused on a software category (marketing, sales, developer tools) but are industry agnostic.
Platform as a Service (PaaS): For PaaS, cloud providers offer an on-demand development environment that can be used to develop and test a software application. The software developers use PaaS to create mobile or web applications (known as mPaaS, mobile Platform as a Service).
Infrastructure as a Service (IaaS): This model provides IT infrastructure on rent — hardware is supplied by an external cloud provider and managed by the customer. The infrastructure includes servers, virtual machines, operating systems, storage, network, etc. IaaS results in the use of a cloud orchestration technology. Some resources are Open Stack, Apache Cloudstack or Open Nebula [5].
Deployment Models
Here are the leading cloud deployment models currently defined in the literature.
Public Cloud: Public cloud is based on the standard cloud computing model. The service provider makes resources, such as virtual machines (VMs), applications or storage, available to the worldwide through the Internet. This type of service can be free or offered on a pay-per-usage model.
The main features of the public cloud are:
- Reasonable levels of security
- Easy to implement
- Cost-effective
- Low operational cost
Community Cloud: This cloud infrastructure is provisioned exclusively for a specific community of consumers from organizations that have shared concerns (e.g., security requirements, policy, and compliance considerations).
The main features of the community cloud are:
- Mеmbеrѕ ѕhаrе ѕimilаr privacy, реrfоrmаnсе аnd ѕесuritу concerns
- Mаnаgеd by a third-party provider
- Costs are ѕhаrеd bу thе specific оrgаnizаtiоnѕ within thе community
Private Cloud: Private cloud, is owned and managed by an institution, organization, or enterprise.
Private Cloud’s main features:
- Great reliability and scalability
- Typically devised for enterprises and businesses
- The best control over all cloud infrastructure
- Users get both network access and computational resources
Hybrid Cloud: The Hybrid cloud gives businesses greater flexibility and more data deployment options. This allows workloads to move from private and public clouds as computing needs and costs change.
NASA iѕ оnе example оf a federal аgеnсу that is utilizing the Hybrid Cloud Computing dерlоуmеnt model.
Benefits of Cloud Computing
Some of the benefits of using cloud computing are:
Scalability: Every application or piece of infrastructure can be expanded to handle the increased load.
Control options: Organizations can determine a better level of control with service options. These include software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).
Security features: Virtual private cloud, encryption and API keys help keep data secure.
Accessibility: Applications and data are accessible from any device with an Internet connection.
Better data security: Hardware failures don’t result in data loss because these cloud solutions implemented networked backups.
Speed to market: Developing in the cloud allow users to get their applications to market quickly.
Savings on equipment: Cloud computing uses remote resources, saving organizations the cost of servers and other physical equipment.
Pay structure: Users pay only for the resources they use.
Regular updates: Service providers regularly update offerings to give users the most up-to-date technology.
Definition of Virtualization
Virtualization is generally known as the process of creating a virtual environment on a server to run the desired software, without interfering with any of the other services provided by the server or the host platform to other users. Virtualization refers to the manner of hosting one or more virtual guest operating systems (OS), servers, or other devices on a single host machine. In this way, a single host can run different OS simultaneously, for example, a Windows host that shares resources with several guest Linux OS.
Although virtualization as a form of technology has existed since the 1960s, only recently with the advent of cloud computing has it become a staple in the vocabulary of those involved in the IT industry [10].
Types of Virtualization
There are different types of virtualization, and each one differs according to the element it is based on.
Hardware Virtualization: This refers to the virtualization of operating systems. Hardware virtualization hides the physical characteristics of a computing platform from users and instead shows another abstract computing platform. The software that controls virtualization is called a “hypervisor” or “virtual machine monitor” (VMM).
Types of hardware virtualization:
- Full Virtualization: Guest software; for example, a guest Linux OS; does not require any modifications — hardware is fully simulated.
- Emulation Virtualization: Hardware is simulated, and the virtual machines depend on it. In contrast, guest operating systems do not require any modification.
- Paravirtualization: Hardware is not simulated, and the guest software runs their own isolated domains.
Software Virtualization: This is the most often used method of virtualization to emulate a computer system to allow a guest OS to be run. For example, it allows you to run Android OS on a host machine natively using a Microsoft Windows OS, utilizing the same hardware as the host machine does.
Type of software virtualization:
- Operating System Virtualization: the way of hosting multiple OS on the native OS.
- Application Virtualization: allows hosting individual applications in a virtual environment separate from the native OS.
- Service Virtualization: Type of virtualization that allows hosting specific processes and services related to an application
Memory Virtualization: Different servers’ memory is aggregated into a single memory pool available to any computer in a cluster.
Type of memory virtualization:
- Application-level control: Applications can access the memory pool directly.
- Operating system level control: Access to the memory pool is managed and provided via an OS.
Storage Virtualization: Several physical storage devices are combined in a single storage device. With this manner, some advantages are obtained, such as homogenization of storage across storage devices of multiple capacity and speeds, reduced downtime, load balancing and better optimization of performance and speed.
Type of storage virtualization:
- Block Virtualization: Multiple storage devices are consolidated into one.
- File Virtualization: Storage system grants access to files that are stored over multiple hosts.
Network Virtualization: The process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. This also allows to increase reliability as a disruption in one network doesn’t affect other networks, and further diagnostics are easier.
Types of network virtualization:
- Internal network: Enables a single system to work as a network.
- External network: Grouping multiple networks into one, or segregation of a single network into multiple networks.
Desktop Virtualization: The most common virtualization type that IT employees use daily. Desktop virtualization provides a way to maintain individual desktops accessible from any device or location with Internet connection.
Virtualization Technology
Table 1 presents an overview of the different virtualization products available in the market.
Table 1: Different types of virtualization and technology.
Benefits of Virtualization
Some advantages of virtualization usage are listed below.
- Cost saving in software and hardware (significant energy cost savings).
- Energy consumption — a minor number of computer devices is needed.
- It’s much easier and cost-effectively maintain the security of a single platform than that of multiple platforms.
- Configuration of virtual machines (VMs) is more flexible than that of a physical one.
- Errors inside a VM cannot affect its host system.
- Greatly improved disaster recovery.
- Runs multiple platforms on one server.
- Faster server provisioning and deployment.
- Easier backups.
- Increased productivity.
- And finally: Virtualization is more environmentally friendly.
References
[1] https://www.britannica.com/technology/cloud-computing [2] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf [3] https://www.itworld.com/article/2729056/cloud-computing/what-makes-a-cloud-a-cloud–5-defining-characterstics.html [4] https://dzone.com/articles/cloud-computing-deployment-models [5 ] https://en.wikipedia.org/wiki/Infrastructure_as_a_service [6] https://hackernoon.com/how-to-select-the-perfect-cloud-deployment-model-for-your-business-b66f1e768f8f [7] https://en.wikipedia.org/wiki/Virtualization [8] https://seguranca-informatica.pt/exploring-information-leakage-in-the-cloud-infrastructure [9] https://www.ibm.com/cloud/learn/benefits-of-cloud-computing [10] https://redswitches.com/blog/different-types-virtualization-cloud-computing-explained/
Article published on the infosec resources institute by Pedro Tavares.