Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:03
Welcome back in this video, we're going to talk about the four nous to deployment models. And we also learned the different layers of the NIST logical model.
00:12
And so here is that diagram the NIST info graphic. And at the very bottom, you see the four different deployment models air depicted. I'm gonna take a moment and go through each one of the four models left to right. So public cloud, the
00:27
by far the most popular in what a lot of people are hearing and seeing about when they think cloud right,
00:33
the cloud infrastructure is available to the general public or a large industry group. It's owned by organizations that sell the cloud service. Right. So this is your AWS. This is your azar. This is your DCP right? Those your big three. This is your digital ocean, Ali Baba, the public out providers who will provide
00:52
I *** and pass
00:54
and other service models. But their big thing is that they are really open for business for anybody. On the flip side, you have private cloud witches, maybe a company or an agency or an organization. They want the value of cloud, but they themselves also want to maintain control over the physical infrastructure. So
01:12
it's operated by a single organization solely for the purposes of an organization.
01:18
It might be managed by 1/3 party like you may bring in. There was the for example, Rackspace was a real big thing years ago, and you would have that third party manager hardware in your servers, right? This is kind of on that edge of when cloud became what it is today. This is the very, very early evolution of cloud,
01:38
and there's a lot of other third parties that might actually manage it for you if they're not your full time. But the big thing is, it's dedicated to you, right? It's not co tenant or the only co tenants are tenants within your own organization. So you do have to deal with the data center characteristics. Um,
01:55
and it you know, there's There's a lot of work that needs to be done
02:00
very similar to the traditional data center model when you're managing a private cloud. But there's a direction that a lot of organizations are moving towards, and the technology vendors themselves have solutions out there to help it make it easier for managing a private cloud, for example, such as as? Er stack
02:16
VM ware has a large suite of private cloud
02:21
products and so does HP with their helium product.
02:24
Uh,
02:25
if we go to the hybrid cloud, this is infrastructure. Where there two more clouds. You kind of have, Ah, private cloud or a public cloud or community cloud, which we'll get to in a second and they remain unique. But they're bound together by standardized proprietary technology
02:43
that will enable the data and application portability right. So as their stack, if you were to employ that in your private cloud is actually going to work quite well
02:51
in moving into ah hybrid cloud where you have the Ezer public cloud. And then you have your own private cloud, which is using as their stack technology and so you can transfer workloads quite a bit. Other concepts like cloud bursting. Right. So this is I need to get ah, large amounts of compute and I don't
03:08
in my own private cloud, I don't have the capacity to handle that.
03:13
Well, then you're going to just lean on the public cloud provider in those those burst type situations, you know, hybrid models there, really, and they provide both short term migration plans so you can support your existing data center. And it also is a good way if you're kind of legging into,
03:30
um, your infrastructure in a public cloud because you
03:34
are an existing company, maybe you having a good, strong existing footprint in the private data center business and even just a business comfort. Depending on the kind of information you're storing, there may be a real lack of comfort, and having that reside out there in the public cloud.
03:47
And last but not least, is the Community Cloud Edition. I personally have not come across this much, but it is one of the four deployment models described by NIST, so I want to make sure that we cover it in case it gets touched on when you're taking the CCS K exam. So in this situation, the cloud infrastructure is made available to the General Public, a large industry group,
04:08
and is owned by the organization selling the services.
04:11
So they're collaborating together right there. There's several different groups and industry. They're coming together and saying we're going to make a cloud that we can all use together It's not open to the general public, but it is open to our group. Could be 45 could be 10 different individuals.
04:28
No, no defined rules on that in the NIST specifications.
04:31
But there is no single owner of the computer, and at the same time, the intentions aren't. We're going to make this compute and infrastructure available to the general public.
04:44
So if you look at those different models of cloud,
04:49
there is a big variance in the responsibilities, right? We touched on this when we were talking about the SP I three and what you are responsible for versus what the third party is responsible for. So in, say, the public cloud scenario,
05:05
the infrastructure is the responsibility of the third party, right, that the physical infrastructure, the facilities housing those things.
05:13
The infrastructure is also owned by that third party. You do not own those servers you have control over virtual servers and you're giving rights and abilities to spin a virtual servers, and the data that resides on those servers should be owned by you will get into this some of that when you're talking about compliance terms and contract negotiations.
05:31
But it's generally owned by you.
05:32
But the infrastructure, the physical stuff that's not owned by you and the infrastructure is not located on your premise. It's owned and located on the cloud providers premise. Or maybe even the cloud provider is subletting physical space from yet another party thes air things you're gonna want to talk about it and we'll get into more
05:50
as you're considering and evaluating different power cloud
05:54
public cloud providers. Um
05:57
and you don't know who you are tenants with, right? It could be somebody very untrusted.
06:02
And in moving down, talking about that private cloud or the community cloud model, the infrastructure
06:10
is can be owned. And it can be at least managed by the organization itself, right with whether we're talking the community, which would be a collection or consortium of different groups and organizations, or private where it's just one organization, they can manage it. Or you could sub let and kind of farm out those activities to 1/3 party provider
06:28
similar with the infrastructure, right? I mean, that this Congar Oh, Either way, you could
06:32
have 1/3 party provider and say, Come on in, you're going to put your you're gonna were gonna lease all the hardware from you. You're gonna manage that hardware. But we really want this running on premise. So in those circumstances where you have the infrastructure
06:46
working on premise and then of course, the organization itself can own the infrastructure and just be hiring out the labour to manage that infrastructure.
06:55
And as far as the location, it private cloud could be on premise. But it can also be off premise, right? Cause the big thing with it is that this pool of resource is in a private cloud. Scenario is being allocated just for one entity. There really aren't any co tenants that reside outside of that company or organization
07:13
and the physical aspect, whether it's actually on premise where they own the land or they rent the land.
07:18
Or maybe they're sub leading subleasing racks in a major data center by a provider like, say, A T and T that really doesn't define and rule out something as being considered private cloud.
07:31
Now, in these situations, generally, the community of people using the cloud can be a little more trusted, right? If private cloud is your own organization and in a community cloud, you're only going to engage in something like this. If you can trust those other community members, right, you're coming in and collaborating to create this pool of cloud resource is last but not least,
07:51
the hybrid cloud.
07:54
This is a situation right where we have a little public cloud. We have a little private cloud. So the infrastructure ownership it can be both the organisation owning the private cloud.
08:05
And also there's going to be a shared responsibility of the infrastructure that's owned by the public cloud providers. Same goes for the infrastructure ownership as well as the manage, both of those going to either categories. In fact, you could have a scenario that I've actually seen where the
08:20
business has a private cloud, and they own the actual infrastructure in their private cloud. But then they outsource to a public cloud provider and say, We want you to come in here. We want you to manage our private cloud infrastructure, and then you're also going to be managing your public cloud infrastructure, and we're gonna be creating
08:39
hybrid connection. So you have a single group that's providing consistency and management.
08:45
But there is an offset in terms of ownership of the physical hardware
08:48
and, um, finally, as faras the location, just like Private Cloud, could be on primer off time. Public Cloud is always gonna be off premise that's owned by that public cloud provider. So you have a little bit of mix of both in the hybrid world, and similarly, you have trusted and untrusted areas and usually you d mark thes by different boundaries of trust.
09:07
And, um,
09:09
how you're building out your network security as well as your workload security, where you put those, these will be elements that you certainly want to take into consideration. So while that wraps it up to talk about the different deployment models, let's talk about the logical model that NIST uses is a real simplistic model. But it's a great way of looking a cloud and just
09:30
further refining the way you understand of
09:31
public cloud providers and the spectrum of responsibilities and private clouds and the cloud consumed right, we have the infrastructure at the very bottom. This is the core component of computing. This is the foundation that everything else is built on. The physical infrastructure, the moving parts
09:48
above that we have the meta structure, these air the protocols and mechanisms that provide the interface between the physical infrastructure layer and the virtualized right that they are. This is the glue that ties the technology, and management and configuration is a big difference between cloud and traditional computing. Is
10:05
is having this meta structure layer in there.
10:07
For example, the management plane sits in the meta structure layer,
10:13
moving up a bit further. The apple a structure layer these air. The applications are deployed in the cloud and the underlying applications services used to build them. For example, platform as a service features message queues. That's really your apple structure, kind of a layer for working on things,
10:31
and then the final piece of the layer at the very top is the infrastructure.
10:35
So this is the data and information, the content in the databases themselves, the content, the files that are in the storage element, the structure of the information, the infrastructure and each layer maps to different security focuses application to the apple structure, for example,
10:54
infrastructure to infrastructure, meta structure to management and some change things.
10:58
So this has a lot of implications on the security responsibilities, and you can also see how it kind of maps well to traditional I t team structures where you had an infrastructure team. You have a team that responsible for provisioning virtual machines. He had teams for application management
11:16
infrastructure. You had teams that were dedicated db a type teams,
11:20
and that wraps up this particular section just to recap. What do we talk about? Well, we talked about public cloud, private cloud, hybrid cloud and community cloud characteristics of those a swell as responsibilities of those areas of ownership.
11:37
And then we walked through the four layers of the logical model. This is something you're going to see again in future lessons, that logical model, as well as the concepts of public cloud, private cloud and hybrid cloud.

Up Next

Certificate of Cloud Security Knowledge (CCSK)

This course prepares you to take the Certificate of Cloud Security Knowledge (CCSK) certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor