CompTIA Security+ SY0-601 Topic: 2.2 Virtualization and Cloud Computing Concepts Part 2
December 13, 2022
  • IaC

In this video, we’re going to be talking about what is known as “infrastructure” as a code. Some subterms. For that, we’ll take a look at some additional server-based management related to cloud services. Okay? So let’s get started.

So infrastructure as a code and then we’ll talk about STMs. Now before we get into this, we have to understand traditional network infrastructure. So what’s the traditional network infrastructure? Well, let’s say I have an infrastructure here. So let’s say I have physical devices, right? In today’s world, almost all of our devices are physical.

So let’s say this is my router, this is my switch, and this is my access. This is only one device here. So this device does everything for me, right? But imagine I had a router. Let’s say it was one of these. Assume I have a switch or another physical device.

This would be a traditional network where you have so many traditional physical devices. And in today’s large networks, there will be many switches, routers, servers, and other physical devices. So if there’s any manipulation or change to these devices, somebody has to manually go in and configure them.

Somebody has to open up a remote desktop interface and configure that server. Somebody has to telnet into that router to reconfigure it. For example, let’s say at a certain point in the year, like Christmas time, you need to add more resources to your network. You need a boost in resources. So somebody’s got to physically go and add Ram, right?

Maybe they’re doing a product release like when Apple does and everybody floods the Apple website. Traditional infrastructure must be completed by someone. Somebody has to physically go and add more RAM. Somebody has to physically go and configure that router, configure that switch, configure those web servers; that’s a traditional network.

Everything is manual-based. But what happens if you take all of these physical devices and virtualize them? What if you end up with something like the virtual service I have on my desktop here? What if you end up with virtual switches and virtual routers? Right now, you have a virtualized network. Everything is virtualized. All the hardware that was once physical is now virtual. So what does this do? Well, this allows you to manage it as a piece of software.

Right now, your whole network is software. It’s not a hardware-based thing anymore. And because it’s software now, we can configure it as code. So the whole infrastructure as code thing is basically seeing the software as seeing the network, and the infrastructure as a programmable piece of software. which means this: Assume there is an increase in traffic early in the morning. Every morning, a bunch of customers come to your website.

They utilize it all day up until 1:00, and then the customer goes away. Well, if you’re using traditional infrastructure, somebody’s going to have to manually go and boost all the servers’ hardware up and boost all the RAM up. Physically speaking, you have to physically go and put RAM in the server, reboot it, change it, configure it, then, at 2:00 in the afternoon, undo everything. But, if you’re managing as code and have all these virtual devices, imagine you have a script that runs at 8:00 a.m. and adds more resources to these virtual servers, virtual routers, switches, and whatever else you have. And then at 1:00, the script runs and deletes it. All right? It lowers the deck. So it’s a more efficient use because, remember, in cloud computing, it’s a needed service.

In cloud computing, there’s a term called “utility computing,” in which case we are paying for what we’re using. So if you’re doing cloud computing, if you’re not using it, don’t pay for it, don’t have it on, and don’t have it turned on. So you could have code and scripts running in an automated fashion that will allow you to reduce processing power and RAM on machines in an automated fashion. So this is the concept of infrastructure as code. Now, something very similar that we’re going to talk about is known as an SDI (software-defined) network. Now software defines a network.

This is the architecture. It’s a dynamic, manageable, cost-effective, and adaptable network. Now, it’s ideal for the high bandwidth and dynamic nature of today’s applications. So software-defined networking basically requires routers. Now, software-defined networking is basically everything I explained to you here. But let’s get more into the technical aspects of it. So the way this thing works is that they’ll turn it, select a router, and split it into two components. Now, on a router, you have two things that a router basically does. It forwards data, and it determines where to forward the data. So this is a software-defined network. And I want to show you this. I’m going to give you a link here, and I don’t think you need it, but sometimes my students ask me if software that can help me spell would be good.

Have you guys realized I can’t spell very well? Okay, so I’m going to give you guys a link here; just Google “software-defined networking” and Wikipedia; I think it’s more than enough. I don’t think you need to go far for your exam. But what I want to talk to you guys about is what it does: it disassociates the process of forwarding network packets, called data planes, from what is known as the routing process, called control planes.

And you guys can go through this. This is going to give you all the protocols you need. But I’m not going to go through it because you don’t need to know about it for your exam. But really quickly, you have what are called data planes and control planes. As a result, the router by itself Now just let’s talk about a traditional router. A traditional router forwards data, say, from this port to this port.

So it has this process for forwarding data. And then it has a control process where it’s like, “Okay, we have to determine how to forward data.” So that’s what they call control planes and data planes. Basically, an SDN breaks us apart and says, “You know what, now we’re going to create software that does this, and software that does this breaks the router up.” That’s the concept behind it. So now we can control how data is fired and how the routing process works.

Now why do we want SDNs? Well, SDNs are programmable. That’s one of its main things. Now we’re treating it as code. Now we can actually access it and manage it easily. It’s agile. Agile means that it could change very quickly. Agility in software networking means that we could change the elasticity of it very fast. In other words, it can contract when we don’t have a lot of users on our servers. It can expand when we need a lot of CPU power.

Now the good thing is that it’s centrally managed. Generally. We have one central console that’s looking at all these devices across your network—virtual devices across your network. It is, of course, programmable, and it’s all based on open standards. There are a lot of different open-standard protocols that it’s based on. Okay, there are interesting things in SDNs. As you go through your career, you guys are going to learn a lot more about SDNs. You’re going to see it come to life. More and more companies are starting to adapt, especially with this whole cloud computing thing. Okay, the other one here that I have is something known as “software defined visibility.” So this is having the devices make decisions on what to do. Software defines, in essence, gives software the ability to perform actions within the network itself as part of this coded infrastructure.

Consider an identification system that detects a network intrusion. Right now, instead of having the firewall do something or simply sending an alert to the administrator, this software has the visibility to talk to other devices and tell them—you know, stop the bandwidth going to these devices—that there is malware in the network. So now you have software talking to the infrastructure. Software-defined visibility is here. Okay, moving on here. The other term I have is something called “serverless architecture.” This is architecture that doesn’t require a service. This is where you go and start things up in the cloud, where you’re just running the architecture. In other words, you’re not maintaining the server. So in other words, if you’re going to get a web application server where you’re just in charge of running your application with the serverless architecture services, Integration is important because as you manage various services across your network, whether they are payment services or user authentication servers, they must all integrate into one.

At the end of the day, our services must work in a single fashion.When you go to Netflix and log in, there are many different services that are working there. But to you, it’s all female; it all seems like Netflix, but there are many things there that work. You need services to process credit cards, and you need services to display that movie list. You need authentication services to authenticate you.So there are many different services. Okay, I’ve got some links for two things we’re going to do. For you guys, there are going to be resource policies. So what exactly are resource policies? Resource policies are the policies within organisations that are going to govern how they manage resources, particularly for cloud providers.

Cloud providers have their own resource policies. Here’s an example of a sourcing policy from Azure governance management. So they’re telling you what Azureist is going to do. Again, this is the Microsoft cloud. They are telling you what a jurist is going to do in order to secure your data, or how they manage your data, or where they can store the data. We’ll take a look at one of them here. So one of their resource policies says they can define which operating system flavours and versions are deployable in the organization’s environment. They can say they no longer support older versions of Windows,  or they can say they want to limit the number of Linux distros that we can own to a certain set of Linux distros.

Okay, so remember, resource policies are going to tell us how to manage resources. What is it you want? What is it you don’t want in your organization? There is also a wide range of items that can be stored there. The last thing I want to talk about is something called a transit gateway. So I have an example hereof Amazon’s transit gateway. Let’s see what this is. So a transit gateway is basically a central hub. A transit gateway is a central hub that allows you to connect your Amazon virtual private computer and a virtual private service to your on-premises network. So the Amazon essentially allows me to have a single point of contact for all of my various devices. Diagram. Assume you have an AWS Cloud with all of your cloud servers. You have some branch offices with some different data. You have a main office with different data. Well, you need to have the ability for all of these different sites to share data.

So what you do is have a transit gateway. So this transit gateway will connect to AWS and then to the branch office that is linked to the main office. Maybe you have additional AWS sites and accounts all set up. You have one central hub that is allowing all of these things to not share data or share information about all these different sites. Some are virtual, while others are physical. So one thing solves all of them. Okay, in this video, we talked a lot about different things, and the concept of infrastructure is a cloud-based software-defined network, something that you’re going to see proliferate much more. something that you’re going to definitely work with as your IT career progresses. Server less architect. We’re really using that a lot now to deploy applications. We discussed how all integrated organizations, particularly cloud providers, have resource policies. And then, of course, we just saw what exactly the transit gateway is. Guys, make sure to review these terms. These terms are on our exam objectives. Make sure you know them well. So we can take our exam and pass it on the first try. 

7. Virtualization Issues

In this video, we’re going to be talking about some virtualization issues, such as virtual machine sprawl and VM escape, that you should know for your exam. Let’s get started. The first thing up is something called “VM sprawl.” What exactly is this? So, VM sprawl, I’d like to discuss avoidance, but first, let’s define VM sprawl. What is this? Well, VM sprawl occurs when you have too many virtual machines. In other words, you have sprawled people all over the place. So, for example, in an organization, developers create a set of VMs they’re going to use to test that application. But here’s the thing: they never turn them off. Another group of developers creates additional applications to test their app.

Another team of developers creates some test applications. I’m not talking to developers all the time, but I get to help audit network administration guys create a bunch of VMs to figure out issues they may have and test their solutions on. And these are just some of them. But then you start creating VMs for every little service. Maybe you want one for a particular file server. You want one for a particular DHCP server. You quickly accumulate a large number of VMs.

This starts to consume a lot of resources, and a lot of times, these VMs may not even be needed. So how do you prevent this from happening? How do you keep it from growing out of control? And the way to do that, to avoid VM sprawl, is to have good policies, right? P-O-L-I-C-I-E-S. You guys know I can’t spell, okay? Don’t laugh, please. All right, you guys probably laugh. I can’t spell “policy.” Don’t laugh. Okay, don’t laugh. Also, you want to have good policies. You want to have good audits done. I can spell audits. Okay, you want to have good audits done. So let’s talk about this in the organization.

The organization has policies such as how long a VM can be left on after a policy is implemented; once development is completed and the application has been tested within 24 hours, the VM must be raised and not left on indefinitely. Another policy could be that the VMs can only be stored in these locations. That way, it’s easier to find them. Then you have to go through audits at periodic points within the organization.

They have to do audits to detect VMs that are not being used. Perhaps every three months, the organization conducts a full audit that basically shows where that basically looks at all VMs for the purpose of them and sees if they’re needed or not. If they’re not, then just get rid of these virtual machines. Keep in mind the data that’s on them. You don’t want to lose it. So that’s VM sprawl. Okay. By the way, another good example of VM sprawl is me installing Oops. My virtual box here doesn’t want to work—I have a whole bunch of VMs. If you saw me earn a video, you would have noticed that I had a slew of VMs running. So I decided, you know what? I don’t need those VMs. Maybe we can take them out. So imagine I had a whole bunch of those, okay? So the other thing here is VM escape.

Now, let me just give you a way to fix this. This can be remedied with updates. All right? Oops, update. Now, updating means updating the VM software where you use Hyper with Virtual Box. If you use VMware, you’ve got to keep your hypervisor updated. So here’s what VM escape is: So imagine I’m running Windows 10.

Imagine I have Windows 10 that’s running, and I have malicious code. And if you guys know, in the malicious code video I was running some malicious codes, right? We’re infecting some machines. But what happens if the code, quote, unquote, escapes the VM and infects the host machine, and it infects all the other VMs, taking control or creating havoc, chaos, on my computer, on my physical machine, on my virtual machine? That would be an example of a VM escape.

Now, although it’s very, very difficult to get past the virtualization software, it’s possible. And also, very recently, this has been happening with Summer Virtual Box. To avoid this, you’ll need to keep your VM software up to date every time you launch an application and it says, “Hey, there’s a new version of this.” Would you like to upgrade it? Yes. Click yes, because a lot of times when those updates are coming out, they’re fixing a lot of security issues, such as allowing VMs to escape. Okay? So in this video, we learned about what “VM sprawl” is. Remember to have good policies and audits for that. And then, of course, with VM escape, you want to make sure you keep your VM software updated.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!