Deployment Models
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:02
>> Welcome back. In this video we're going to talk
00:02
about the four NIST deployment models.
00:02
We'll also learn the different layers
00:02
of the NIST logical model.
00:02
Here's that diagram the NIST infographic,
00:02
and at the very bottom you see
00:02
the four different deployment models are depicted.
00:02
I'm going to take a moment and go through
00:02
each one of the four models left to right.
00:02
Public Cloud, by far the most popular
00:02
and what a lot of people are
00:02
hearing and seeing about when they think Cloud.
00:02
The Cloud infrastructure is available to
00:02
the general public or a large industry group.
00:02
It's owned by organizations that sell the Cloud service.
00:02
This is your AWS, this is your Azure,
00:02
this is your GCP. Those are your big three.
00:02
This is your DigitalOcean, Alibaba,
00:02
are public Cloud providers who will provide
00:02
IaaS and PaaS and other service models.
00:02
But their big thing is that
00:02
they are really open for business for anybody.
00:02
On the flip side you have private Cloud, which is,
00:02
maybe a company or an agency or an organization.
00:02
They want the value of Cloud,
00:02
but they themselves also want to
00:02
maintain control over the physical infrastructure.
00:02
It's operated by a single organization
00:02
solely for the purposes of an organization.
00:02
It might be managed by a third party,
00:02
you may bring in, there was, for example,
00:02
Rackspace was a real big thing years ago and
00:02
you would have that third party
00:02
manage your hardware and your servers.
00:02
This is on that edge of when
00:02
Cloud became what it is today.
00:02
This is the very early evolution of Cloud.
00:02
There's a lot of other third parties that might
00:02
actually manage it for you if they're not your full-time.
00:02
But the big thing is it's dedicated to you.
00:02
It's not co-tenant,
00:02
or the only co-tenants are tenants
00:02
within your own organization.
00:02
You do have to deal with the data center characteristics.
00:02
There's a lot of work that needs to be
00:02
done very similar to
00:02
the traditional data center model
00:02
when you're managing a private Cloud.
00:02
But there's a direction that a lot of
00:02
organizations are moving towards
00:02
and the technology vendors themselves have solutions out
00:02
there to help it make it
00:02
easier for managing a private Cloud.
00:02
For example, such as Azure Stack,
00:02
VMware has a large suite of
00:02
private Cloud products and so
00:02
does HP with their Helium product.
00:02
If we go to the hybrid Cloud,
00:02
this is infrastructure where
00:02
there are two or more Clouds.
00:02
You can have a private Cloud or
00:02
a public Cloud or a community Cloud,
00:02
which we'll get to in a second and they remain unique,
00:02
but they're bound together by
00:02
a standardized proprietary technology
00:02
that will enable the data and application portability.
00:02
Azure Stack, if you were to
00:02
employ that in your private Cloud,
00:02
is actually going to work quite well
00:02
in moving into a hybrid Cloud where you have
00:02
the Azure public Cloud and then you have
00:02
your own private Cloud which is
00:02
using Azure Stack technology,
00:02
and so you can transfer workloads quite a bit.
00:02
Other concepts like Cloud bursting.
00:02
This is I need to get
00:02
large amounts of compute and in my own private Cloud,
00:02
I don't have the capacity to handle that.
00:02
Well, then you're going to just
00:02
lean on the public Cloud provider in
00:02
those burst type situations.
00:02
Hybrid models, they're real and they provide both
00:02
a short-term migration plan you can
00:02
support your existing data center
00:02
and it also is a good way if you're legging
00:02
into your infrastructure in
00:02
a public Cloud because you are an existing company.
00:02
Maybe you're having a good, strong existing footprint in
00:02
the private data center business and
00:02
even just a business comfort depending
00:02
on the information you're storing,
00:02
there may be a real lack of comfort in having
00:02
that reside out there in the public Cloud.
00:02
Last but not least, is the community Cloud edition.
00:02
I personally have not come across this much,
00:02
but it is one of the four deployment model
00:02
is described by NIST.
00:02
I want to make sure that we cover it in case it
00:02
gets touched on when you're taking the CCSK exam.
00:02
In this situation, the Cloud infrastructure
00:02
is made available to the general public,
00:02
a large industry group,
00:02
and it's owned by the organization selling the services.
00:02
They're collaborating together.
00:02
There's several different groups and industry,
00:02
they're coming together and saying we're going to make
00:02
a Cloud that we can all use together.
00:02
It's not open to the general public,
00:02
but it is open to a group.
00:02
Could be four or five,
00:02
could be 10 different individuals.
00:02
No defined rules on that in the NIST specification,
00:02
but there's no single owner of
00:02
the computer and at the same time the intentions aren't,
00:02
we're going to make this compute and
00:02
infrastructure available to the general public.
00:02
If you look at those different models of Cloud,
00:02
there is a big variance in the responsibilities.
00:02
I touched on this when we were talking
00:02
about the SPI-3 and
00:02
what you are responsible for
00:02
versus what the third party is responsible for.
00:02
Say the public Cloud scenario,
00:02
the infrastructure is the responsibility
00:02
of the third party.
00:02
The physical infrastructure,
00:02
the facilities housing, those things.
00:02
The infrastructure is also owned by that third party.
00:02
You do not own those servers.
00:02
You have control over virtual servers and you're
00:02
giving rights and abilities to spin up virtual servers,
00:02
and the data that resides on
00:02
those servers should be owned by you.
00:02
We'll get into some of that when you're talking
00:02
about compliance terms and contract negotiations.
00:02
But it's generally owned by you.
00:02
But the infrastructure, the physical
00:02
stuff that's not owned by
00:02
you and the infrastructure
00:02
is not located on your premise.
00:02
It's owned and located on the Cloud providers premise.
00:02
Or maybe even the Cloud provider is subletting
00:02
physical space from yet another party.
00:02
These are things you're going to want to talk about it
00:02
and we'll get into more as you're
00:02
considering and evaluating
00:02
different public Cloud providers.
00:02
You don't know who you are tenants with.
00:02
It could be somebody very untrusted.
00:02
Then moving down and talking about
00:02
that private Cloud or the community Cloud model.
00:02
The infrastructure can be
00:02
owned and it can be at least
00:02
managed by the organization itself.
00:02
Whether we're talking the community,
00:02
which be a collection or consortium of
00:02
different groups and organizations
00:02
or private or it's just one organization.
00:02
They can manage it or you could sublet and
00:02
farm out those activities to a third party provider.
00:02
Similar with the infrastructure,
00:02
this can go either way.
00:02
You could have a third party provider and say,
00:02
come on in, we're
00:02
going to lease all the hardware from you.
00:02
You're going to manage that hardware,
00:02
but we really want this running on-premise.
00:02
In those circumstances where you have
00:02
the infrastructure working
00:02
on-premise, and then of course,
00:02
the organization itself can own the infrastructure and
00:02
just be hiring out
00:02
the labor to manage that infrastructure.
00:02
As far as the location,
00:02
private Cloud could be on-premise,
00:02
but it can also be off-premise.
00:02
Because the big thing with it is that this pool of
00:02
resources in a private Cloud scenario
00:02
is being allocated just for one entity.
00:02
There really aren't any co-tenants that
00:02
reside outside of that company or organization.
00:02
The physical aspect, whether it's actually
00:02
on-premise where they own the land or they rent the land,
00:02
or maybe there's subleasing racks in
00:02
a major data center by a provider say, AT&T.
00:02
That really doesn't define
00:02
and rule out something as being considered private Cloud.
00:02
Now, in these situations, generally,
00:02
the community of people using
00:02
the Cloud can be a little more trusted.
00:02
If private Cloud, it's your own organization
00:02
and in a community Cloud,
00:02
you're only going to engage in something like this.
00:02
If you can trust those other community members,
00:02
you're coming in and collaborating to
00:02
create this pool of Cloud resources.
00:02
Last but not least, the hybrid Cloud.
00:02
This is a situation where we have a little public Cloud,
00:02
we have a little private Clouds.
00:02
The infrastructure ownership it
00:02
can be both the organization owning
00:02
the private Cloud and also there's going to be
00:02
a shared responsibility of the infrastructure
00:02
that's owned by the public Cloud providers.
00:02
Same goes for the infrastructure ownership
00:02
as well as the management.
00:02
Both of those go into either categories.
00:02
In fact, you could have a scenario that I've
00:02
actually seen where the business
00:02
has a private Cloud and they own
00:02
the actual infrastructure in their private Cloud.
00:02
But then they outsource
00:02
to a public Cloud provider and say,
00:02
we want you to come in here.
00:02
We want you to manage
00:02
our private Cloud infrastructure and then you're also
00:02
going to be managing your public Cloud infrastructure
00:02
and we're going to be creating a hybrid connection.
00:02
You have a single group that's
00:02
providing consistency and management,
00:02
but there is an offset in terms
00:02
of ownership of the physical hardware.
00:02
Finally, as far as the location,
00:02
just like private Cloud can be on-prem or off-prem,
00:02
public Cloud is always going to be
00:02
off-premise that's owned by the public Cloud provider.
00:02
You have a little bit of mix of both in
00:02
the hybrid world and similarly,
00:02
you have trusted and untrusted
00:02
areas and usually you do mark these by
00:02
different boundaries of trust and how
00:02
you're building out your network security as
00:02
well as your workload security and where you put those,
00:02
the elements that you certainly
00:02
want to take into consideration.
00:02
While I wraps it up to talk
00:02
about the different deployment models,
00:02
let's talk about the logical model that NIST uses.
00:02
It's a real simplistic model,
00:02
but it's a great way of looking at
00:02
Cloud and just further refining the way
00:02
you understand of public
00:02
Cloud providers and the spectrum of
00:02
responsibilities and private Clouds
00:02
and the Cloud consumer.
00:02
We have the infrastructure at the very bottom.
00:02
This is the core component of computing.
00:02
This is the foundation that everything else is built on,
00:02
the physical infrastructure, the moving parts.
00:02
Above that we have the metastructure.
00:02
These are the protocols and
00:02
mechanisms that provide the interface
00:02
between the physical infrastructure layer
00:02
and the virtualized.
00:02
This is the glue that ties
00:02
the technology and management and configuration.
00:02
It's a big difference between Cloud
00:02
and traditional computing is,
00:02
is having this metastructure layer in there.
00:02
For example, the management plane
00:02
sits in the metastructure layer.
00:02
Moving up a bit further, the applistructure layer.
00:02
These are the applications are deployed in the Cloud and
00:02
the underlying applications services used to build them.
00:02
For example, platform has
00:02
a service features, message queues.
00:02
That's really your applistructure a
00:02
layer for working on things.
00:02
Then the final piece of the layer
00:02
at the very top is the infostructure.
00:02
This is the data and information,
00:02
the content in the databases themselves,
00:02
the content, the files that are in the storage element.
00:02
The structure of the information, the infostructure.
00:02
Each layer maps to different security focuses.
00:02
Application to the applistructure, for example,
00:02
infostructure to infrastructure,
00:02
metastructure or to management and some change things.
00:02
This has a lot of implications
00:02
on the security responsibilities.
00:02
You can also see how it maps well to
00:02
traditional IT team structures
00:02
where you had an infrastructure team.
00:02
You had a team that is responsible
00:02
for provisioning virtual machines.
00:02
You had teams for
00:02
application management, infrastructure.
00:02
You had teams that were dedicated DBA type teams.
00:02
That wraps up this particular section.
00:02
Just to recap, what did we talk about?
00:02
Well, we talked about public Cloud,
00:02
private Cloud, hybrid Cloud, and community Cloud.
00:02
Characteristics of those, as well
00:02
as responsibilities of those areas of ownership.
00:02
Then we walked through the four layers
00:02
of the logical model.
00:02
This is something you're going to see
00:02
again in future lessons.
00:02
The logical model, as
00:02
well as the concepts of public Cloud,
00:02
private Cloud and hybrid Cloud.
Up Next
Similar Content
