Cloud Computing: Part 2
Updated: Nov 29, 2021
This is the second post in the series "Why Cloud Computing". In this post, I will continue talking about Cloud Computing but now focus on the different Cloud Service Models (e.g. Infrastructure, Platform, and Software-As-A-Service). For this post, I will focus on Infrastructure-As-A-Service (IAAS).
Cloud Services / IAAS
Infrastructure-As-A-Service (IAAS) -- This service is one of the first services available, which consists of cloud services developed for customers looking for pure processing, storage networking, and compute available resources. All resources are available on-demand based on the cloud providers billing systems e.g. pay-as-you-go billing cycle. Some of the main components within a cloud environment are virtualized technologies and resources that run on top of cloud infrastructure hardware such as network, storage, and compute which are for elasticity and resource pooling purposes. Virtualization within an IAAS environment enables multiple operating systems with different configurations to run on a physical machine at the same time. Virtualization within an IAAS environment is standard. Within this environment system administrators and organizations that want to bypass the cost and complexity of buying and maintaining physical servers and datacenter infrastructure are allowed to do so.
Security Features & Risks
With the flexibility of virtualized environments there are risks and challenges such as the following:
· Application Security - When migrating legacy applications that initially were implemented on physical computer hardware all of the inherent vulnerabilities will be migrated into the virtualized environment. Applications have to be "cloud-ready" e.g. applications will need to be patched and appropriately updated for the cloud environment. Most cloud providers offer customized security features as add-on features.
· Multi-tenancy - Customers within a cloud provider environment have their specific environment operate and function within a multi-tenant environment. The provider has an architecture or software application that operates on compute that services multiple customers e.g. tenants. Due to partitioning virtualized resources cloud providers have now disavowed the practice of sharing resources due to data breaches, denial of services, and other challenges of maintaining data confidentiality, integrity, and availability. Cloud providers have now updated their Service Level Agreements (SLA) and binding contracts to offer single-tenant options and resources through premium charges.
Regions & Availability Zones
Cloud provider IAAS tenant customers may have responsibilities and requirements to limit the risk of loss of application availability if everything is configured within the same fault domain. A fault domain is a location that can be impacted during a catastrophic outage or system malfunction. For this requirement, IAAS cloud providers support localized regions and availability zones. In 2006, Amazon Web Services (AWS) first created these features and concepts. Other cloud providers have adopted the same concept and features under different names.
Regions are known as a set of data center facilities from which cloud customer resources can be provisioned. There are four regions based on geography: US, Latin America, Europe, and Asia. Within a region, there is an availability zone (AZ) that's available. There can be multiple AZs within a single region. Any failure within an AZ "should not" impact the other availability zones within the region.
Availability zones are unique physical locations within a region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking. The best practice for customer cloud design is to place resources across different AZs to allow access to IAAS resources from two AZs within a single region.
My next blog post topics within the series will include the different Cloud Service Models (**e.g. Platform-As-A-Service**) and providers such as AWS, Google, and Microsoft. I hope this blog post was helpful and provides you a detailed insight on Infrastructure-As-A-Service (IAAS) and identifies security challenges and risks of the IAAS Service Model. If you have any questions or comments, feel free to leave a comment. I am always looking for new helpful content, so if you have any ideas for articles or videos, please reach out to me using the comment section.