Essential Characteristics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> In this video,
00:00
we're going to continue our journey in domain 1,
00:00
which is Cloud computing concepts and architecture.
00:00
We're going to take a look at the NIST model
00:00
for defining Cloud.
00:00
Specifically, we're going to look at
00:00
the five essential characteristics
00:00
that the NIST model defines.
00:00
Then you may recall we looked at
00:00
both the NIST definition in
00:00
the prior lesson as well as the ISO definition.
00:00
The ISO has a sixth essential characteristic,
00:00
and we're going to touch on what that is as well.
00:00
Here we have a visual depiction of the NIST model,
00:00
essential characteristics,
00:00
service models, deployment models.
00:00
The latter two we're going to
00:00
>> cover in subsequent videos,
00:00
>> but in this video, we're focusing on
00:00
that very top square area.
00:00
Let's talk about resource pooling.
00:00
This is where we have that common physical infrastructure
00:00
that's been abstracted through virtualization,
00:00
and gets allocated to many different tenants.
00:00
The physical aspects really are not made
00:00
directly apparent to the Cloud user themselves.
00:00
They have no control over the exact location,
00:00
but they have control over the logical amounts of
00:00
compute of storage and so forth that
00:00
get provisioned to them and provided,
00:00
and that control is given to them through self-service.
00:00
They don't need to directly
00:00
interact with the Cloud administrator,
00:00
the individuals or organization
00:00
that maintains the physical infrastructure
00:00
itself when they want to get
00:00
resources in that pool allocated to them.
00:00
It's usually done through some a web portal
00:00
or an automation.
00:00
This is also referred to as the Cloud management plane.
00:00
We're going to be covering that quite in depth
00:00
in subsequent lessons of this course.
00:00
[NOISE] Moving forward, broad network access,
00:00
this is another key characteristic of Cloud computing.
00:00
Access through standard clients.
00:00
Computers, desktops, laptops,
00:00
mobile devices,
00:00
traditional or Cloud-based software services.
00:00
They're available over the network
00:00
because physical access,
00:00
especially when you're using a public Cloud provider,
00:00
is definitely not feasible.
00:00
Even when you have a private Cloud,
00:00
if you have a distributed company,
00:00
having people walk into the server room
00:00
is not really a good idea.
00:00
Generally, that's going to be quite locked
00:00
down from a security perspective,
00:00
you want access to the physical facilities
00:00
themselves to be minimized
00:00
to a select few of individuals
00:00
who have a reason for doing that.
00:00
Rapid elasticity.
00:00
This is the ability to scale up,
00:00
scale out, or do a little bit of both.
00:00
By scale up, I mean,
00:00
get a more powerful machine,
00:00
more CPU, more RAM.
00:00
Scale out, I mean,
00:00
have higher quantity of machines,
00:00
which could certainly be
00:00
very powerful machines in their own right,
00:00
but they're two different approaches,
00:00
and then of course there's both.
00:00
In Cloud computing,
00:00
the concept of scaling out is a big paradigm around Cloud
00:00
native to really make sure you have
00:00
that resiliency and failover within your applications.
00:00
You don't have to wait for procurement
00:00
to know physical provisioning of a new server,
00:00
or even let's say you
00:00
have a bunch of virtual machines in place,
00:00
but you're managing
00:00
the underlying resource pools yourself,
00:00
there will become a point where you hit that limit of
00:00
the resource pool just
00:00
can't accommodate another virtual machines.
00:00
You have to wait until you get
00:00
additional physical resources to add into that pool,
00:00
go through the provisioning and procurement process.
00:00
With Cloud, your ability to scale out
00:00
becomes not infinite in a true and precise sense,
00:00
but the cloud providers,
00:00
especially the big ones,
00:00
have a whole lot of capacity and they're creating
00:00
some very large pools that they're aggregating
00:00
and distributing across to the various tenants.
00:00
The capacity planning aspect of it,
00:00
instead of being something you need to consider,
00:00
which would be in the case you have
00:00
your own virtual machine farm that
00:00
gets outsourced to the actual Cloud provider,
00:00
and they're doing the capacity planning,
00:00
not just for you yourself,
00:00
but for all the tenants that are
00:00
using that shared resource pool.
00:00
Measured service. Just like the electricity analogy,
00:00
you're going to get your electricity bill
00:00
based on how much you use.
00:00
With the Cloud world,
00:00
this is a key characteristic,
00:00
is being able to have the measure of the service.
00:00
The tenants only use what's allocated to them,
00:00
but they have fees
00:00
associated and calculated based
00:00
on what they do use in fact,
00:00
so this is the utility computing is
00:00
another keyword that you're going to
00:00
want to understand when you're
00:00
going and taking your CCSK.
00:00
The fifth characteristic of
00:00
Cloud computing is on-demand self-service.
00:00
Being able to allocate those resources from
00:00
that pool without human interaction.
00:00
This is often done with
00:00
the Cloud management plan that we
00:00
mentioned a few minutes ago.
00:00
You have a nice interface with programmatic APIs,
00:00
ways to do this without
00:00
having to make that call down to the data center.
00:00
A consumer basically can
00:00
unilaterally provision the computing capabilities.
00:00
This includes things like server allocation,
00:00
memory, CPU, network storage, all that elasticity.
00:00
Being able to do that through a more programmatic means,
00:00
or at least through
00:00
simple interaction with a web portal type interface,
00:00
is the fifth characteristic
00:00
defining on-demand self-service.
00:00
Rolling this out, we're going to examine
00:00
the sixth essential characteristic
00:00
of cloud computing according to the ISO model.
00:00
It's multi-tenancy.
00:00
You have a bunch of resources,
00:00
they're being used by lots of different people.
00:00
You're segregating and you're isolating them,
00:00
what are the aspects relative to
00:00
multi-tenancy that drive this characteristic?
00:00
Starting at the top circle
00:00
here, policy driven enforcement.
00:00
By that we're talking about,
00:00
the Cloud provider and Cloud consumers,
00:00
they define how their environment
00:00
should look using policies.
00:00
These can be implemented in
00:00
the user interface or directly through
00:00
policies enforced through some a formal policy language.
00:00
A lot of the Cloud providers,
00:00
especially public Cloud providers,
00:00
they allow you to create policies,
00:00
security policies, or just usage limitation policies.
00:00
You've provided these end users with
00:00
the ability to self provision machines.
00:00
Well, maybe you and your company,
00:00
you want to make a provision in there or
00:00
create a policy rather that is going
00:00
to prevent these individuals from spinning up
00:00
some super compute machine with
00:00
32 cores and terabyte of RAM,
00:00
which is going to create an extensive bill for you.
00:00
Policies allow you to
00:00
delegate and provide that self-service,
00:00
but also create some guardrails to prevent people
00:00
from creating exuberantly large bills,
00:00
or from creating insecure setups
00:00
and configurations that could
00:00
expose you and your company.
00:00
We'll talk about these more as we proceed.
00:00
Within that, customers they run
00:00
their own segment of the Cloud.
00:00
The multi-tenant environment,
00:00
the provider themselves sanctions
00:00
off and isolates the different tenants themselves.
00:00
Segmentation is how the provider divides
00:00
up the Cloud among those different tenants.
00:00
Isolation is the next element
00:00
and that's where the consumers, in one segment,
00:00
they shouldn't be able to see
00:00
anything running in a different segment,
00:00
and this is a key control of
00:00
the multi-tenant characteristic of Cloud computing.
00:00
Computers in one segment should never see or be
00:00
able to interact with something
00:00
running in a different segment.
00:00
Governance is an overall management model of the Cloud,
00:00
from contacts and service levels to policies and a lot of
00:00
other characteristics that are
00:00
enforcement mechanisms of governance.
00:00
We will talk about those in
00:00
subsequent videos and lessons as well.
00:00
Service levels. What should
00:00
the Cloud user expect in terms of uptime?
00:00
Since the research pool is
00:00
a shared environment, the Cloud provider,
00:00
they need mechanisms to divide up the resources,
00:00
and they also need service levels
00:00
to define who gets what resources.
00:00
Of course, they're managing the physical infrastructure.
00:00
There's going to be some outages,
00:00
there's going to be some blips in
00:00
this very complex infrastructure
00:00
that will affect uptime and reliability.
00:00
Setting those, and providing those to
00:00
the multiple tenants is a key element of multi-tenancy.
00:00
Then last but not least is a chargeback building,
00:00
which is quite comparable to the concept of
00:00
measured service that we were talking about in
00:00
the NIST 5 essential characteristics of Cloud.
00:00
Since the Cloud controller needs to know exactly who is
00:00
using what resources from the pool at all times,
00:00
it is only natural that they have
00:00
this metering in place for billing purposes.
00:00
Just to summarize this video.
00:00
We discussed the five essential characteristics
00:00
common to NIST, resource pooling,
00:00
broad network access,
00:00
rapid elasticity,
00:00
measured service, on-demand self service.
00:00
Then we spent a good amount of time
00:00
talking about multi-tenancy characteristic,
00:00
which is the sixth characteristic in the ISO,
00:00
and all the different considerations
00:00
themselves about what is multi-tenancy
00:00
and what's really important for
00:00
the Cloud provider to ensure when
00:00
they are supporting a multi-tenant environment.
Up Next