Components of Cloud Infrastructure
Infrastructure as a service (IaaS) is a popular alternative to buying equipment on-premise to handle your applications and data. With the infrastructure, you are covering the main points being, the compute component, the network, the storage, any databases, and the management of the infrastructure.
Compute instances are the beating heart of the computational capability, and this comes in the form of CPU processing, as well as working space RAM. The compute component makes these available to several users for sharing. Cloud infrastructure normally manages anywhere from a small to a large number of physical nodes. All these nodes will be running instances, and each instance can be dedicated to a single workload, or even run multiple workloads in some cases.
The three underlying approaches to implementing compute instances are hypervisor, containers, and bare metal. Hypervisor is among the most common kind of virtualization. A hypervisor will create a number of virtual machines, each complete with their own CPU, memory, network cards, disks, and virtual BIOS. It is the role of the hypervisor to manage all of these resources.
A container is a method for virtualizing the operating system and then running each application within the container, by keeping their space separate, and allowing them to easily share a single kernel space for the execution. This is a more complex method than the hypervisor, but its much more lightweight. Bare metal compute component is when there is no virtualization, and instead, the workloads are run on dedicated hardware. This can be an option from many websites, to purchase a dedicated cloud server.
The security implications are strict for a virtualized workload of applications. It is important that each is kept in strict isolation from each other. Malicious hackers will write code that will often break out of a virtual machine, and take control of the parenting virtualization software, giving them access to any VM in the system. Another security vulnerability is when a hypervisor allows a virtual machine to access the actual contents of physical memory used by one of the virtual machines on the same host node. These are vulnerabilities that have been found in previous versions, and probably many more bugs will be discovered as more companies adopt cloud software.
Another security issue is resource exhaustion, where a malicious user consumes all the CPU and RAM resources of the cloud server. This can even happen accidentally with a program that crashes.
A final security consideration is also the manager of the cloud infrastructure, using the hypervisor approach. With this duty, you have the ability to see, copy, or even modify the information contained in the workload. It is important to vet any individuals that have access to this part of the system.
The network component of cloud infrastructure means that the connectivity between the compute, storage, and other elements can take place seamlessly. There are several techniques to allow you to manage the network topology in your cloud infrastructure. These include virtual switching, the management of the physical network equipment, and software-defined networking applications. The security implications are specific to the isolation of compute instances on the network. They must be kept separate and from communicating with each other in an unauthorized way.
The storage component of cloud infrastructure gives you the ability to store your data, which are made available via virtual machines, which provide a working space for the applications you want to run, and the storage capacity for data you generate. A cloud provider will usually offer some sort of cloud automated backup option. You can even have version control for developers. The way this works is the hypervisor takes snapshots of the image at different points, and these are stored outside of that network or computational node for best practices. The security-related considerations involve the access of the compute instances on the authorized storage areas. This requires a robust network file system permissions.
Databases are found everywhere in m modern cloud applications. The database component of a cloud infrastructure provides a centrally managed system. There is an appropriate level of abstraction in the database component. This means the database code can be separate from the front end, or the back end application code. With the cloud, you can scale your database, whether that be SQL or No SQL easily, and quickly. Different cloud infrastructure technologies give you different levels of support for the various kinds of databases you can use.
Database technologies that are used to help scale are key-value stores, and graph databases. A popular approach in cloud environments is document-oriented databases. Key-value databases are a popular option, and these work by storing data as key/value pairs. The values can be complex such as dictionaries, or hashes. Graph databases store their data as a set of nodes connected by relationships. Social networks are an example of an application that uses this type of database technology.
This management component of cloud infrastructure provides a method by which the users, and the administrators can configure all the managed aspects of the cloud infrastructure. The management component should have the ability to perform all types of configuration operations, to set up and manage the cloud infrastructure. There must be an authentication of different users.