Cloud and Datacenter Architecture

# Summarize Cloud Concepts ## Cloud Scalability and Elasticity - What is a Cloud - For the consumer - For the service provider - Scalability - Control cost of resource provision - Scale out vs scale up - up -> adding more resources/power - out -> adding more machines - Elasticity - Ability to map resource provision to demand - Cloud and virtualization ## Cloud Deployment Models - public (Multi-tenant) - CSP - Multi-cloud - Hosted private - Private - On prem or offsite - Community - Hybrid ## Cloud Service Models - IaaS - appliance/server provisioning - SaaS - Software provisioning - PaaS - Database and application server provisioning - Desktop as a Service - Client desktop/app provisioning ## Cloud Connectivity Options - Internet/virtual private network (VPN) - interface with cloud application over the web - use VPN for better security and congestion control - Still limited b y public internet latency and bottlenecks - Direct/private connection/co-location - Direct link between enterprise servers and cloud servers within datacenter ## Infrastructure as Code - Provisioning through standard scripts - Eliminates lack of consistency - Automation - script a single task or build - Orchestration - Sequence of automation scripts - Co-ordinate provisioning across multiple systems ## Cloud Security Implications - Transfer of risk/SLA - Cloud responsibility matrix - Security of the cloud vs security in the cloud (AMAZON) - Legal/regulatory responsibility - Insider threat (from service provider) # Virtualization and Storage Area Network Technologies ## Hypervisor Types [[Virtualization]] Type 2 Hypervisor - Lots of overhead cause the hypervisor has to ask the OS for hardware resources - typical personal use - not so fast, not so reponsive - vmware with kali - vms typically think they are real computers Type 1 Hypervisor (typical in data center) - Hypervisor is the OS, but stripped down alot - Usually only CLI - the hypervisor just allocates resources to each VM - Bare Metal: hypervisor sits right on top of hardware - great reliability and performance ## Virtual NICs and Switches - Guest OS can have one or more virtual network adapters - Guests can be connected to VM-only networks or join the host network - Virtual switch is implemented by hypervisor to connect VMs in different types of networks ## Network Function Virtualization - VMs on virtual networks need the same services as physical networks - Provisioning DHCP services to VMs - Configuring default gateway for VMs - Configuring network firewall for VM segment - Provision virtual appliances - Router, firewall, load balancer, or malware/intrusion detection - Network Function Virtualization (NFV) - Virtual network function (VNF) - NFV infrastructure - Management and orchestration (MANO) ## Storage Area Networks - Block level access to storage resource - Only accessed by application servers - Integrate multiple types of stroage technology - Tiered performance ![[SAN.png|500]] ## SAN Connection Types - Fiber channel - Initiator -> client device of the SAN, such as a file or database server - Target -> network port for a storage device (single storage, RAID drive arrays, tape drives, etc) - FC switch -> provides interconnections between initiators and targets - Fiber Channel over Ethernet (FCoE) - Converged network adapter (CNA) ## iSCSI - tunneling protocol that enables the transfer of SCSI data over an IP-based network - Can be used to link SANs or create low-cost SANs # Datacenter Network Architecture ## Datacenter Network Design - Datacenters - Dedicated location for hosting server infrastructure - Networking, power, climate control, and physical access control features - Traffic flows - North-south (Datacenter) vs east-west (clouds) - Overlay networks - Abstracts physical topology - Encapsulates point-point traffic ## Software Defined Networking - Make components of datacenter fully accessible to automation and orchestration - SDN architecture - Application and infrastructure layers at top and bottom - SDN inserts a control layer - Northbound and southbound APIs - Management plane ## Spine and Leaf Topology - Leaf layer forms a full mesh with spine - Advantages: - Single hop predictability - Loop free multipathing - Top-of-rack switch models ![[Pasted image 20230608091737.png]] ## Datacenter Access Types - Branch office vs on-prem - Servers in hub location and data replicated to branches - Multipoint GRE used to connect branches with head office in VPNs - Colocation - Installing servers to a hosted environment ## Multiprotocol Label Switching - Service Provider VPN solution - Overlay network facilitating point-to-point and point-to-multipoint links over public networks - Traffic shaping ## Software-defined WAN - Secure access to datacenters from multiple remote locations - Overlay network managed by SD-WAN controller - All links authenticated and secured - Can use multiple underlay network technologies