Cloud Computing: Concepts, Technology, Security & Architecture
Cloud computing has become an integral and foundational part of information technology. The majority of digital business activity and technology innovation occurs with the involvement of contemporary cloud environments that provide highly sophisticated automated technology infrastructure and a vast range of technology resources. To successfully build upon, interact with, or create a cloud environment requires an understanding of its common inner mechanics, architectural layers, models, and security controls. It also requires an understanding of the business and economic factors that justify the adoption and real-world use of clouds and cloud-based products and services.
In Cloud Computing: Concepts, Technology, Security & Architecture, Thomas Erl, one of the world's top-selling IT authors, teams up with cloud computing expert Eric Barceló Monroy and researchers to break down proven and mature cloud computing technologies and practices into a series of well-defined concepts, technology mechanisms, and technology architectures. Comprehensive coverage of containerization and cybersecurity topics is also included.
All chapters are carefully authored from an industry-centric and vendor-neutral point of view. In doing so, the book establishes concrete, academic coverage with a focus on structure, clarity, and well-defined building blocks for mainstream cloud computing and containerization platforms and solutions. With nearly 370 figures, 40 architectural models, and 50 mechanisms, this indispensable guide provides a comprehensive education of contemporary cloud computing, containerization, and cybersecurity that will never leave your side.
Table of Contents:
Foreword
About the Authors
Acknowledgments
Chapter 1: Introduction
1.1 Objectives of This Book
1.2 What This Book Does Not Cover
1.3 Who This Book Is For
1.4 How This Book Is Organized
Part I: Fundamental Cloud Computing
Chapter 3: Understanding Cloud Computing
Chapter 4: Fundamental Concepts and Models
Chapter 5: Cloud-Enabling Technology
Chapter 6: Understanding Containerization
Chapter 7: Understanding Cloud Security and Cybersecurity
Part II: Cloud Computing Mechanisms
Chapter 8: Cloud Infrastructure Mechanisms
Chapter 9: Specialized Cloud Mechanisms
Chapter 10: Cloud Security and Cybersecurity Access-Oriented Mechanisms
Chapter 11: Cloud Security and Cybersecurity Data-Oriented Mechanisms
Chapter 12: Cloud Management Mechanisms
Part III: Cloud Computing Architecture
Chapter 13: Fundamental Cloud Architectures
Chapter 14: Advanced Cloud Architectures
Chapter 15: Specialized Cloud Architectures
Part IV: Working with Clouds
Chapter 16: Cloud Delivery Model Considerations
Chapter 17: Cost Metrics and Pricing Models
Chapter 18: Service Quality Metrics and SLAs
Part V: Appendices
Appendix A: Case Study Conclusions
Appendix B: Common Containerization Technologies
1.5 Resources
Pearson Digital Enterprise Book Series
Thomas Erl on YouTube
The Digital Enterprise Newsletter on LinkedIn
Cloud Certified Professional (CCP) Program
Chapter 2: Case Study Background
2.1 Case Study #1: ATN
Technical Infrastructure and Environment
Business Goals and New Strategy
Roadmap and Implementation Strategy
2.2 Case Study #2: DTGOV
Technical Infrastructure and Environment
Business Goals and New Strategy
Roadmap and Implementation Strategy
2.3 Case Study #3: Innovartus Technologies Inc.
Technical Infrastructure and Environment
Business Goals and Strategy
Roadmap and Implementation Strategy
PART I: FUNDAMENTAL CLOUD COMPUTING
Chapter 3: Understanding Cloud Computing
3.1 Origins and Influences
A Brief History
Definitions
Business Drivers
Cost Reduction
Business Agility
Technology Innovations
Clustering
Grid Computing
Capacity Planning
Virtualization
Containerization
Serverless Environments
3.2 Basic Concepts and Terminology
Cloud
Container
IT Resource
On Premises
Cloud Consumers and Cloud Providers
Scaling
Horizontal Scaling
Vertical Scaling
Cloud Service
Cloud Service Consumer
3.3 Goals and Benefits
Increased Responsiveness
Reduced Investments and Proportional Costs
Increased Scalability
Increased Availability and Reliability
3.4 Risks and Challenges
Increased Vulnerability Due to Overlapping Trust Boundaries
Increased Vulnerability Due to Shared Security Responsibility
Increased Exposure to Cyber Threats
Reduced Operational Governance Control
Limited Portability Between Cloud Providers
Multiregional Compliance and Legal Issues
Cost Overruns
Chapter 4: Fundamental Concepts and Models
4.1 Roles and Boundaries
Cloud Provider
Cloud Consumer
Cloud Broker
Cloud Service Owner
Cloud Resource Administrator
Additional Roles
Organizational Boundary
Trust Boundary
4.2 Cloud Characteristics
On-Demand Usage
Ubiquitous Access
Multitenancy (and Resource Pooling)
Elasticity
Measured Usage
Resiliency
4.3 Cloud Delivery Models
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Comparing Cloud Delivery Models
Combining Cloud Delivery Models
IaaS + PaaS
IaaS + PaaS + SaaS
Cloud Delivery Submodels
4.4 Cloud Deployment Models
Public Clouds
Private Clouds
Multiclouds
Hybrid Clouds
Chapter 5: Cloud-Enabling Technology
5.1 Networks and Internet Architecture
Internet Service Providers (ISPs)
Connectionless Packet Switching (Datagram Networks)
Router-Based Interconnectivity
Physical Network
Transport Layer Protocol
Application Layer Protocol
Technical and Business Considerations
Connectivity Issues
Network Bandwidth and Latency Issues
Wireless and Cellular
Cloud Carrier and Cloud Provider Selection
5.2 Cloud Data Center Technology
Virtualization
Standardization and Modularity
Autonomic Computing
Remote Operation and Management
High Availability
Security-Aware Design, Operation, and Management
Facilities
Computing Hardware
Storage Hardware
Network Hardware
Carrier and External Networks Interconnection
Web-Tier Load Balancing and Acceleration
LAN Fabric
SAN Fabric
NAS Gateways
Serverless Environments
NoSQL Clustering
Other Considerations
5.3 Modern Virtualization
Hardware Independence
Server Consolidation
Resource Replication
Operating System–Based Virtualization
Hardware-Based Virtualization
Containers and Application-Based Virtualization
Virtualization Management
Other Considerations
5.4 Multitenant Technology
5.5 Service Technology and Service APIs
REST Services
Web Services
Service Agents
Service Middleware
Web-Based RPC
5.6 Case Study Example
Chapter 6: Understanding Containerization
6.1 Origins and Influences
A Brief History
Containerization and Cloud Computing
6.2 Fundamental Virtualization and Containerization
Operating System Basics
Virtualization Basics
Physical Servers
Virtual Servers
Hypervisors
Virtualization Types
Containerization Basics
Containers
Container Images
Container Engines
Pods
Hosts
Host Clusters
Host Networks and Overlay Networks
Virtualization and Containerization
Containerization on Physical Servers
Containerization on Virtual Servers
Containerization Benefits
Containerization Risks and Challenges
6.3 Understanding Containers
Container Hosting
Containers and Pods
Container Instances and Clusters
Container Package Management
Container Orchestration
Container Package Manager vs. Container Orchestrator
Container Networks
Container Network Scope
Container Network Addresses
Rich Containers
Other Common Container Characteristics
6.4 Understanding Container Images
Container Image Types and Roles
Container Image Immutability
Container Image Abstraction
Operating System Kernel Abstraction
Operating System Abstraction Beyond the Kernel
Container Build Files
Container Image Layers
How Customized Container Images Are Created
6.5 Multi-Container Types
Sidecar Container
Adapter Container
Ambassador Container
Using Multi-Containers Together
6.6 Case Study Example
Chapter 7: Understanding Cloud Security and Cybersecurity
7.1 Basic Security Terminology
Confidentiality
Integrity
Availability
Authenticity
Security Controls
Security Mechanisms
Security Policies
7.2 Basic Threat Terminology
Risk
Vulnerability
Exploit
Zero-Day Vulnerability
Security Breach
Data Breach
Data Leak
Threat (or Cyber Threat)
Attack (or Cyber Attack)
Attacker and Intruder
Attack Vector and Surface
7.3 Threat Agents
Anonymous Attacker
Malicious Service Agent
Trusted Attacker
Malicious Insider
7.4 Common Threats
Traffic Eavesdropping
Malicious Intermediary
Denial of Service
Insufficient Authorization
Virtualization Attack
Overlapping Trust Boundaries
Containerization Attack
Malware
Insider Threat
Social Engineering and Phishing
Botnet
Privilege Escalation
Brute Force
Remote Code Execution
SQL Injection
Tunneling
Advanced Persistent Threat (APT)
7.5 Case Study Example
7.6 Additional Considerations
Flawed Implementations
Security Policy Disparity
Contracts
Risk Management
7.7 Case Study Example
PART II: CLOUD COMPUTING MECHANISMS
Chapter 8: Cloud Infrastructure Mechanisms
8.1 Logical Network Perimeter
Case Study Example
8.2 Virtual Server
Case Study Example
8.3 Hypervisor
Case Study Example
8.4 Cloud Storage Device
Cloud Storage Levels
Network Storage Interfaces
Object Storage Interfaces
Database Storage Interfaces
Relational Data Storage
Non-Relational Data Storage
Case Study Example
8.5 Cloud Usage Monitor
Monitoring Agent
Resource Agent
Polling Agent
Case Study Example
8.6 Resource Replication
Case Study Example
8.7 Ready-Made Environment
Case Study Example
8.8 Container
Chapter 9: Specialized Cloud Mechanisms
9.1 Automated Scaling Listener
Case Study Example
9.2 Load Balancer
Case Study Example
9.3 SLA Monitor
Case Study Example
SLA Monitor Polling Agent
SLA Monitoring Agent
9.4 Pay-Per-Use Monitor
Case Study Example
9.5 Audit Monitor
Case Study Example
9.6 Failover System
Active–Active
Active–Passive
Case Study Example
9.7 Resource Cluster
Case Study Example
9.8 Multi-Device Broker
Case Study Example
9.9 State Management Database
Case Study Example
Chapter 10: Cloud Security and Cybersecurity Access-Oriented Mechanisms
10.1 Encryption
Symmetric Encryption
Asymmetric Encryption
Case Study Example
10.2 Hashing
Case Study Example
10.3 Digital Signature
Case Study Example
10.4 Cloud-Based Security Groups
Case Study Example
10.5 Public Key Infrastructure (PKI) System
Case Study Example
10.6 Single Sign-On (SSO) System
Case Study Example
10.7 Hardened Virtual Server Image
Case Study Example
10.8 Firewall
Case Study Example
10.9 Virtual Private Network (VPN)
Case Study Example
10.10 Biometric Scanner
Case Study Example
10.11 Multi-Factor Authentication (MFA) System
Case Study Example
10.12 Identity and Access Management (IAM) System
Case Study Example
10.13 Intrusion Detection System (IDS)
Case Study Example
10.14 Penetration Testing Tool
Case Study Example
10.15 User Behavior Analytics (UBA) System
Case Study Example
10.16 Third-Party Software Update Utility
Case Study Example
10.17 Network Intrusion Monitor
Case Study Example
10.18 Authentication Log Monitor
Case Study Example
10.19 VPN Monitor
Case Study Example
10.20 Additional Cloud Security Access-Oriented Practices and Technologies
Chapter 11: Cloud Security and Cybersecurity Data-Oriented Mechanisms
11.1 Digital Virus Scanning and Decryption System
Generic Decryption
Digital Immune System
Case Study Example
11.2 Malicious Code Analysis System
Case Study Example
11.3 Data Loss Prevention (DLP) System
Case Study Example
11.4 Trusted Platform Module (TPM)
Case Study Example
11.5 Data Backup and Recovery System
Case Study Example
11.6 Activity Log Monitor
Case Study Example
11.7 Traffic Monitor
Case Study Example
11.8 Data Loss Protection Monitor
Case Study Example
Chapter 12: Cloud Management Mechanisms
12.1 Remote Administration System
Case Study Example
12.2 Resource Management System
Case Study Example
12.3 SLA Management System
Case Study Example
12.4 Billing Management System
Case Study Example
PART III: CLOUD COMPUTING ARCHITECTURE
Chapter 13: Fundamental Cloud Architectures
13.1 Workload Distribution Architecture
13.2 Resource Pooling Architecture
13.3 Dynamic Scalability Architecture
13.4 Elastic Resource Capacity Architecture
13.5 Service Load Balancing Architecture
13.6 Cloud Bursting Architecture
13.7 Elastic Disk Provisioning Architecture
13.8 Redundant Storage Architecture
13.9 Multicloud Architecture
13.10 Case Study Example
Chapter 14: Advanced Cloud Architectures
14.1 Hypervisor Clustering Architecture
14.2 Virtual Server Clustering Architecture
14.3 Load-Balanced Virtual Server Instances Architecture
14.4 Nondisruptive Service Relocation Architecture
14.5 Zero Downtime Architecture
14.6 Cloud Balancing Architecture
14.7 Resilient Disaster Recovery Architecture
14.8 Distributed Data Sovereignty Architecture
14.9 Resource Reservation Architecture
14.10 Dynamic Failure Detection and Recovery Architecture
14.11 Rapid Provisioning Architecture
14.12 Storage Workload Management Architecture
14.13 Virtual Private Cloud Architecture
14.14 Case Study Example
Chapter 15: Specialized Cloud Architectures
15.1 Direct I/O Access Architecture
15.2 Direct LUN Access Architecture
15.3 Dynamic Data Normalization Architecture
15.4 Elastic Network Capacity Architecture
15.5 Cross-Storage Device Vertical Tiering Architecture
15.6 Intra-Storage Device Vertical Data Tiering Architecture
15.7 Load-Balanced Virtual Switches Architecture
15.8 Multipath Resource Access Architecture
15.9 Persistent Virtual Network Configuration Architecture
15.10 Redundant Physical Connection for Virtual Servers Architecture
15.11 Storage Maintenance Window Architecture
15.12 Edge Computing Architecture
15.13 Fog Computing Architecture
15.14 Virtual Data Abstraction Architecture
15.15 Metacloud Architecture
15.16 Federated Cloud Application Architecture
PART IV: WORKING WITH CLOUDS
Chapter 16: Cloud Delivery Model Considerations
16.1 Cloud Delivery Models: The Cloud Provider Perspective
Building IaaS Environments
Data Centers
Scalability and Reliability
Monitoring
Security
Equipping PaaS Environments
Scalability and Reliability
Monitoring
Security
Optimizing SaaS Environments
Security
16.2 Cloud Delivery Models: The Cloud Consumer Perspective
Working with IaaS Environments
IT Resource Provisioning Considerations
Working with PaaS Environments
IT Resource Provisioning Considerations
Working with SaaS Services
16.3 Case Study Example
Chapter 17: Cost Metrics and Pricing Models
17.1 Business Cost Metrics
Up-Front and Ongoing Costs
Additional Costs
Case Study Example
Product Catalog Browser
On-Premises Up-Front Costs
On-Premises Ongoing Costs
Cloud-Based Up-Front Costs
Cloud-Based Ongoing Costs
17.2 Cloud Usage Cost Metrics
Network Usage
Inbound Network Usage Metric
Outbound Network Usage Metric
Intra-Cloud WAN Usage Metric
Server Usage
On-Demand Virtual Machine Instance Allocation Metric
Reserved Virtual Machine Instance Allocation Metric
Cloud Storage Device Usage
On-Demand Storage Space Allocation Metric
I/O Data Transferred Metric
Cloud Service Usage
Application Subscription Duration Metric
Number of Nominated Users Metric
Number of Transactions Users Metric
17.3 Cost Management Considerations
Pricing Models
Multicloud Cost Management
Additional Considerations
Case Study Example
Virtual Server On-Demand Instance Allocation
Virtual Server Reserved Instance Allocation
Cloud Storage Device
WAN Traffic
Chapter 18: Service Quality Metrics and SLAs
18.1 Service Quality Metrics
Service Availability Metrics
Availability Rate Metric
Outage Duration Metric
Service Reliability Metrics
Mean Time Between Failures (MTBF) Metric
Reliability Rate Metric
Service Performance Metrics
Network Capacity Metric
Storage Device Capacity Metric
Server Capacity Metric
Web Application Capacity Metric
Instance Starting Time Metric
Response Time Metric
Completion Time Metric
Service Scalability Metrics
Storage Scalability (Horizontal) Metric
Server Scalability (Horizontal) Metric
Server Scalability (Vertical) Metric
Service Resiliency Metrics
Mean Time to Switchover (MTSO) Metric
Mean Time to System Recovery (MTSR) Metric
18.2 Case Study Example
18.3 SLA Guidelines
18.4 Case Study Example
Scope and Applicability
Service Quality Guarantees
Definitions
Usage of Financial Credits
SLA Exclusions
PART V: APPENDICES
Appendix A: Case Study Conclusions
A.1 ATN
A.2 DTGOV
A.3 Innovartus
Appendix B: Common Containerization Technologies
B.1 Docker
Docker Server
Docker Client
Docker Registry
Docker Objects
Docker Swarm (Container Orchestrator)
B.2 Kubernetes
Kubernetes Node (Host)
Kubernetes Pod
Kubelet
Kube-Proxy
Container Runtime (Container Engine)
Cluster
Kubernetes Control Plane
9780138052256 TOC 7/17/2023
