CCSK

Course
Time
9 hours 29 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:01
the third category of virtual ization was storage. This video We're gonna talk about storage area networks, network attached storage
00:09
and specifics of cloud based storage virtualization,
00:18
a storage area network or a sand provides a pool of storage. Resource is that could be centrally managed, it allocated. This technology has been around well before the public cloud. The same consists of a dedicated network of storage devices. These air usually connected using high speed fiber optic cables, hardware and software manage block level storage.
00:37
If you aren't familiar with the term block level, Consider usually takes several blocks to create a file.
00:43
Block storage is a level of detail above the ones and zeroes of binary on physical media, but it is below a file system level of detail.
00:51
Block level storage allows for fast, efficient and reliable data storage, since the device can optimize the layout of blocks for efficient retrieval across different hard drives.
01:02
San networks themselves are constructed in three layers. You have the host layer. This is where the servers take calls from a local area network and cable access to and from the underlying sand fabric
01:14
beneath that is the fabric layer. This is where all the network and components live. Sand network devices include switches, routers, bridges, gateways and even cables.
01:23
Last but not least, is the storage layer. This is where the actual storage devices live and where the data blocks are persisted.
01:30
San and Network Attached Storage, or NASS, are both network based storage solutions. A sand typically uses fibre optic connectivity between the host switch and storage devices, while mass typically ties into the network through standard Ethernet connections. As you now know, the sand stores data at the block level
01:49
while NASA accesses data as files.
01:51
When operating system is connected to a sand, it will typically appear the local disk Onley sealable for that particular machine. On the other hand, the Nass's visible to multiple machines, and it appears as a file server. It is access using protocols like CFS and NFS.
02:07
Providers often used both of these approaches when building their storage, but sometimes they use neither, and they have a more proprietary solution.
02:15
We will cover storage security more in depth later in this training, but let's touch on key points particularly applicable to storage in the cloud. Multiple copies of data spread across multiple stores locations. This creates high levels of resiliency, making it hard to lose data due to hardware failure. If there is an outage, you may not be able to access the data.
02:34
However, the hard drive gets fried.
02:36
You'll still have the data because it is being replicated to multiple different hard drive disks.
02:40
Providers usually encrypt data at a physical level. This addresses concerns if when a providers employee decides to help themselves one of the physical drives or when the provider decides to dispose of a physical drive.
02:53
Data can also be encrypted at the virtual level on a client side, service side application, layer, data base layer and more, all of which we will discuss in the future. The control plane is used to assemble the logical pools of storage coming from the providers physical pool of storage
03:09
policies air then defined in the control plane to manage access to the data in these logical pools.
03:17
Another quiz. What are the major benefits of having the provider encrypt storage drives at the physical layer?
03:27
Multiple answers are correct. Here.
03:29
Prevent data from being compromised as the result of dr theft
03:34
prevents data from being accessed by virtual resource is or exposed to the general Internet
03:39
prevents data from being compromised when old drive is discarded. We were just talking about thes a prevented from compromised of results of theft. That's correct. You take the physical drive, you take a look at it. All the data on that drive is encrypted.
03:55
Similarly, see it prevents the data from being compromised. When old driver discarded, somebody goes through the trash again. It's kind of like a form of theft,
04:03
and you look at the data and it's all encrypted on the drive.
04:08
The prevents data from being accessed by Virtual Resource is or exposed to the general Internet. That is not correct. Onley and sear correct. If you don't establish the appropriate controls on the management plain and associate them with your storage, that could very well be exposed to virtual. Resource is that shouldn't have access
04:27
and even to the general Internet
04:29
and that physical layer encryption gets decrypted when going to the virtual layers. So this is where you want to rely on policies and other strategies will discuss in storage model later.
04:40
But to recap in this video, we talked about storage area networks, network attached storage and storage, virtualization

Up Next

CCSK

This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor