Study Session Number 34! Cloud Computing (And some Virtualization)! #35

IT Deployment Models BEFORE Cloud -

On Premises -

Everything within the network is owned by you, all the equipment is located in the building, connections between offices and internet is dealt with by SP. Equipment is CapEx (Capital Expenditure - Up front, one fee payment). A week to deploy new equipment. Need redundancy.

Co-location services -

Data center which is rented out to customers. Owner provides everything - power, security cooling, physical equipment for the customers networking equipment, storage and servers. The users desktops will still be in the office.

ON PREMISES = OWNED BY COMPANY, ALL PAID FOR.

CO-LOCATION = RENTING OUT DATA CENTER SPACE TO CUSTOMERS THROUGH SLA. BUILDING PROVIDE BY OWNER, IT EQUIPMENT PROVIDED BY YOU.

Cloud computing -

Being able to pull configurable computer resources such as network, servers, storage, applications and services that can be rapidly provisioned and released with minimal effort.

5 Characteristics of Cloud, a cloud service must have all of these  -

• On Demand Self Service
• Rapid Elasticity 
• Broad Network Access 
• Resource Pooling 
• Measured Service 

On Demand Self Service - 

Consumer can get network storage, server time etc automatically whenever needed and be pulled straight from the cloud rather than having to get the SP involved.  

Rapid Elasticity - 

Rapid elasticity allows users to automatically request additional space in the cloud or other types of services. Because of the setup of cloud computing services, provisioning can be seamless for the client or user. Very easy to scale out when provisions are needed and very easy to scale back when not needed, only pay for how much you use (Think of this like an elastic band that you stretch when needed).

Broad Network Access - 

Broad network access refers to resources hosted in a private cloud network (operated within a company's firewall) that are available for access from a wide range of devices, such as tablets, PCs, Macs and smartphones. These resources are also accessible from a wide range of locations that offer online access.

Resource Pooling - 

Resource pooling is an IT term used in cloud computing environments to describe a situation in which providers serve multiple clients, customers or "tenants" with provisional and scalable services. These services can be adjusted to suit each client's needs without any changes being apparent to the client or end user.

Measured Service - 

Measured service is a term that IT professionals apply to cloud computing. This is a reference to services where the cloud provider measures or monitors the provision of services for various reasons, including billing, effective use of resources, or overall predictive planning.

Cloud Service Models - 

Layers 

Data 

Applications 

OS

Hypervisor

Compute 

Storage 

Network 

Facility 

• IaaS - Provider provides all the physical equipment and Hypervisor. Customer deals with Data, Applications and OS.
• PaaS - Same as IaaS except the provider manages the OS. Customer deals with data and applications (Easy to develop software).
• SaaS - Provider manages everything. Customer gets access at application level.

Cloud Deployment Models - 

• Public Cloud - The public cloud is defined as computing services offered by third-party providers over the public Internet, making them available to anyone who wants to use or purchase them.
• Private Cloud - A private cloud consists of computing resources used exclusively by one business or organisation. The private cloud can be physically located at your organisation’s on-site data centre, or it can be hosted by a third-party service provider.
• Hybrid Cloud -  Hybrid clouds combine on-premises infrastructure, or private clouds, with public clouds so that organisations can reap the advantages of both. In a hybrid cloud, data and applications can move between private and public clouds for greater flexibility and more deployment options.
• Community Cloud - A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns, whether managed internally or by a third-party and hosted internally or externally.

Virtualization (Server, Network and Firewall) - 

Type 1 Hypervisor (Bare Metal) = Runs Directly on system hardware (VMWare, Hyper V, Red Hat KVM, Oracle VM server)

Type 2 Hypervisor  = VMWare Workstation, VirtualBox.

For virtualization server virtualization will be used as an example along with network virtualization later then firewall virtualization -

 

In old networks each server application would be created on an individual physical server - say for instance there was three physical servers each with its own application - one for email another for database and another for web, using server virtualization these three physical servers can be consolidated into one server with three instances of virtual servers, the logical layout of the server would look as follows -

Type 1 Hypervisor - Built for Data Center Servers

In the new server each application has been configured to its own individual instance of a virtual machine, three virtual machines = three separate servers. Another bonus of configuring this is that if an individual server goes down only that server is affected this also reduces the costs of running three physical servers as now only one is required.

Type 2 (This isn't relevant to the last scenario just showing what a type 2 looks like logically) - Built for Laptop testing, less powerful more for practice.

Virtual Switch / Router / Firewall- 

Virtual Switch

Take the scenario that was discussed, how does the virtual machines gain access to the internet? The physical device that is hosting the three servers on the type 1 hypervisor will be connected to a switch through physical cabling, the cable then gets set as a trunk port but this still doesn't answer the question as how does the switch know what vlan or address to send data to on the VM's? this is where a virtual switch is created, this handles the switching between VM's and through the physical port on the server allows for traffic to be sent to the physical switch. 

Virtual Router 

With the example earlier a virtual router can also be implemented into the server along with the virtual switch - as this is a lot i'll break it down, right now there is one server, in the server there is three virtualized servers by using a switch and vlans a a virtual switch has been created to allow the virtual machines to be able to send L2 data to the physical switch through a physical trunk port, a virtual router can then be added with sub-interfaces like in a regular vlan routing situation to then control the routing after this the complete config is - one physical server, three virtual servers, one virtual switch, one virtual router all within ONE SERVER.  

Virtual Firewall with ASA

In a virtual environment say there was two servers that were being virtualized on one physical server, each server is owned by a client - configuring a virtual firewall and using contexts (essentially the firewall rules) can be assigned on the server to then filter data, this gives an illusion to the customer that they are the only person using that specific server when in reality the server is being shared by another customer. In the old networking scenario where there was two physical servers each server would have needed its own firewall (increased costs), with a virtual firewall only one virtualized one is needed.

Virtual Routing and Forwarding (VFR)

Allows for a router to be configured with more than one routing table, if a packet came in on an interface we'll say G1/0 that interface could be assigned routing table 1, if another packet was received on a different interface - G2/0 that interface could be assigned routing table 2. 

ONE ROUTER, MULTIPLE ROUTING TABLES.

Clustering - 

Supports multiple physical systems being clustered into one physical device. Increased redundancy & performance. 

Virtualization = Multiple virtual systems on one physical device.

Clustering = Taling multiple physical devices and clustering into one device.