at the end of each module, we're going to spend a few minutes re capping key takeaways for the domain. So let's talk about the cloud computing concepts and architecture domain.
So if we could summarize key things from domain one,
it would be the differences between traditional virtual ization and cloud computing. We went into this quite a bit. We talked about abstraction and automation, the impacts on security. We spent a lot of time reviewing the NIST model for cloud computing, as well as its impact on shared responsibilities between the provider and the customer.
Very important that you have a good bearing on that NIST model.
We talked about the Cloud Security Alliance using the cake to evaluate the cloud providers and what they provide and how they implement controls.
We'll go into this in more detail in a later section of this, of course.
Similarly, the CCM, the club controls matrix, is a utility to assess the security and compliance requirements that your own organization has will also get into that in more detail and later in this course.
And then finally we talked about the cloud security process being a model to select the providers identify what's the provider doing? What are the gaps and therefore, what are the imp compensating controls that we is a cloud customer need to implement to fill those gaps?
So let's discuss some additional tips for the exam specifically as they pertain to domain. One
cloud security alliance makes reference to a lot of external publications. As we're going through the course materials, you don't need to stop and go read those external publications. I will highlight the content of those publications in the most material fax from those publications that you're going to need to be aware of
when taking the CCS K exam.
But to that end, when we look at the NIST
external publication SP 801 45 it's very important that you understand the five essential characteristics of cloud
and then you also recognize that the ice so standard they define 1/6 characteristic that being multi tendency.
Other exam tips include being very familiar with four layers of the logical model infrastructure,
meta structure, apple, a structure and impose structure.
We also talked about the three service models I asked, encompassing physical layer data center hardware. It it takes care of abstracting the hardware pools, virtual machines, virtual networks, and it provides mechanisms for orchestration automating the provisioning using AP ice.
Then above that is the platform as a service layer
virtual machine. It's above the virtual machine layer. When you're using a past service, you're not going to be manipulating and managing the virtual machines directly. And then sitting finally on the very top is the SAS. Often you're gonna only have a Web based mechanism taxes and administer this.
Maybe it will give you a rest or other. AP I based method
to help manage the configuration and customization of software given through the SAS model
and finally, the shared responsibilities between the provider and the customer. They really operate on a sliding scale and understanding the difference between those share responsibilities, depending on your deployment model of I *** Pass or SAS.
But please understand the customer is ultimately responsible for the implementation for the data and for the security of what they're hosting in the cloud.
So let's wrap this all up with a few quiz questions.
First question. In which layer of the logical model does the management plane exist? And hopefully remember what the management plane is if you didn't it is that Web interface that the cloud provider will give to the customer for
procuring virtual machines, configuring platform as a service and potentially even configuring your your SAS style applications and certain settings. Right? That's the management plane managing the capabilities there. So which layer in the logical model does it sit? Infrastructure does, it said at the data center.
Meta structure infrastructure.
Does this sit between Pass and I asked model or at the apple structure layer
And the answer is C, the meta structure layer. So I purposely did not list the different logical layers in their order from top to bottom. But if you recall, the meta structure sits between the infrastructure layer and the apple, a structure layer amongst other things. It's kind of that glue that binds the the orchestration
deals with the abstraction of the actual hardware with its virtual representations.
Above the meta structure layer is the apple structure layer, and above the apple structure layer is the infrastructure info structure. Player Data center is not a layer in the module logical model. Neither is between pass and I s those air Service deployment models past I *** and SAS.
So moving on to the next question. Which of the following is considered a separate characteristic of cloud in I So I. E. C 17788 Resource pooling meter usage on demand Self service, multi tenancy or elasticity
and the answer is D multi tenancy
resource pooling meter uses on demand. Self service elasticity are also attributes in ISO,
but they are part of the five characteristics for the NIST. Multi tendency, however, is that sixth characteristic I in ist cloud security alliance. All these models recognize multi tendency is a key aspect of cloud, but it is only
specifically called out as a characteristic in its own right
in the ice. So definition
and last but not least, scenario for you. If you were asked to build a server with eight sea views and 16 gigabytes of ram, which service model would you use
the M wear V sphere SAS pass I *** or red hat open shift
give you a second and the answer is D infrastructure as a service Veum, where V sphere is a specific technology product often used when you're deploying and building an on Prem Cloud. Instance, SAS is software as a service, so you are definitely
abstracted, not just from the virtual machines but even from the
the apple, a structure layer itself that is not something that's going to be made visible to you or you will be allowed to control Pass. Remember, you're not going to be dealing with virtual machines so much in a past environment I ask We talked about and Red had open shift is, um,
it's a container hosting platform. So in that paradigm, there really is
no such thing as virtual machines because it's for managing clusters of different containers, which then subsequently run on virtual machines. But you wouldn't be using open shift itself to procure or set up virtual machines. So that wraps up the first module,
and I look forward to seeing you in the next video