VIRTUALIZATION AND CLOUD SECURITY

ASSIGNMENT-3

Shubham Mishra
2016014585
CSE - I

Q1. What do you mean by cloud computing? Explain different types of cloud
computing models?

In the simplest terms, cloud computing means storing and accessing data and
programs over the Internet instead of your computer's hard drive. It is the practice
of the practice of using a network of remote servers hosted on the Internet to store,
manage, and process data, rather than a local server or a personal computer.

The different types of cloud computing models are:

Software as a Service (SaaS): The SaaS model allows your business to quickly access
cloud-based web applications without committing to installing new infrastructure.
The applications run on the vendor's cloud, which they, of course, control and
maintain. The applications are available for use with a paid licensed subscription, or
for free with limited access. SaaS does not require any installations or downloads in
your existing infrastructure, which in turn eliminates the need to install, maintain,
and update applications on each of your computers.

Platform as a Service (PaaS): With this model, a third-party vendor provides your
business with a platform upon which your business can develop and run applications.
Because the vendor is hosting the cloud infrastructure which supports the platform,
PaaS eliminates your need to install in-house hardware or software. Your business
would not manage or control the underlying cloud infrastructure, but you would
maintain control over the deployed applications (unlike with SaaS).
Infrastructure as a Service (IaaS): IaaS, as the most flexible of the cloud models,
allows your business to have complete, scalable control over the management and
customization of your infrastructure. In the IaaS model, the cloud provider hosts
your infrastructure components that would traditionally be present in an on-site
data center (such as servers, storage and networking hardware). Your business,
however, would maintain control over operating systems, storage, deployed
applications, and possibly limited control of select networking components (e.g. host
firewalls).

Q2. Explain different types of Virtualization.

The different types of virtualization are:

Hardware/Server Virtualization: The basic idea is to combine many small physical

servers into one large physical server so that the processor can be used more
effectively. The operating system that is running on a physical server gets converted
into a well-defined OS that runs on the virtual machine.

Network Virtualization: It refers to the management and monitoring of a computer

network as a single managerial entity from a single software-based administrator’s
console. It is intended to allow network optimization of data transfer rates,
scalability, reliability, flexibility, and security. It also automates many network
administrative tasks. Network virtualization is specifically useful for networks that
experience a huge, rapid, and unpredictable traffic increase. The intended result of
network virtualization provides improved network productivity and efficiency.

Storage Virtualization: In this type of virtualization, multiple network storage

resources are present as a single storage device for easier and more efficient
management of these resources.

Memory Virtualization: It introduces a way to decouple memory from the server to

provide a shared, distributed or networked function. It enhances performance by
providing greater memory capacity without any addition to the main memory. That’s
why a portion of the disk drive serves as an extension of the main memory.

Software Virtualization: It provides the ability to the main computer to run and
create one or more virtual environments. It is used to enable a complete computer
system in order to allow a guest OS to run. For instance letting Linux run as a guest
that is natively running a Microsoft Windows OS (or vice versa, running Windows as
a guest on Linux).

Q3. Differentiate between Public & private clouds?

Private Cloud: A private cloud solution will host your data on a dedicated server with
access and management limited to your business only. The network is protected by a
secure firewall and offers high performance due to its single usage. Customers can
customize the control and maintenance of their service. This means you can tailor
your infrastructure to meet your business needs and to suit any security or
infrastructure requirements you have.

Public Cloud: A public cloud solution stores your information off-site on a shared
server managed and maintained by the service provider. Support and updates are
handled by the Cloud Service Provider and services are paid for on a subscription
basis, reducing the need to invest large amounts of capital and freeing up your in-
house IT resources.

Q4. Write a short note on SaaS.

The SaaS model allows your business to quickly access cloud-based web applications
without committing to installing new infrastructure. The applications run on the
vendor's cloud, which they, of course, control and maintain. The applications are
available for use with a paid licensed subscription, or for free with limited access.
SaaS does not require any installations or downloads in your existing infrastructure,
which in turn eliminates the need to install, maintain, and update applications on
each of your computers.

Q5. How can we secure hypervisor? Explain.

One of the key steps in securing the hypervisor is to monitor your virtual
environment for malicious activities. You need to be monitoring constantly and using
automation to ensure security configurations do not lapse. Always check the
configuration and settings of the hypervisor to minimize threats.
Q6. Explain all virtualization security concerns.

Managing oversight and responsibility: The overarching issue with virtual servers is
responsibility. Unlike physical servers, which are the direct responsibility of the data-
center or IT managers in whose physical domain they sit, responsibility for virtual
servers is often left up in the air.

Patching and maintenance: The most tangible risk that can come out of a lack of
responsibility is the failure to keep up with the constant, labor-intensive process of
patching, maintaining and securing each virtual server in a company. Unlike the
physical servers on which they sit, which are launched and configured by hands-on IT
managers who also install the latest patches, virtual machines tend to be launched
from server images that may have been created, configured and patched weeks or
months before.

Visibility and compliance: Virtual servers are designed to be, if not invisible, then at
least very low profile, at least within the data center. All the storage or bandwidth or
floor space or electricity they need comes from the physical server on which they sit.
To data-center managers not specifically tasked with monitoring all the minute
interactions of the VMs inside each host, a set of virtual servers becomes an invisible
network within which there are few controls.

VM sprawl: Another consequence of the lack of oversight of virtual machines is

sprawl—the uncontrolled proliferation of virtual machines launched, and often
forgotten, by IT managers, developers or business-unit managers who want extra
servers for some specific purpose, and lose track of them later.

Managing Virtual Appliances: One of the very best things about virtual
infrastructures is the ability to buy or test a product from a third-party vendor and
have it up and running in minutes, rather than having to clear space on a test server,
install the software, get it to talk to the operating system and the network and then,
hours later, see whether it does what it's supposed to, MacDonald says.

Q7. Explain IAAS in brief.

IaaS, as the most flexible of the cloud models, allows your business to have
complete, scalable control over the management and customization of your
infrastructure. In the IaaS model, the cloud provider hosts your infrastructure
components that would traditionally be present in an on-site data center (such as
servers, storage and networking hardware). Your business, however, would maintain
control over operating systems, storage, deployed applications, and possibly limited
control of select networking components (e.g. host firewalls).

Q8. Explain PAAS.

With this model, a third-party vendor provides your business with a platform upon
which your business can develop and run applications. Because the vendor is hosting
the cloud infrastructure which supports the platform, PaaS eliminates your need to
install in-house hardware or software. Your business would not manage or control
the underlying cloud infrastructure, but you would maintain control over the
deployed applications (unlike with SaaS).

Q9. How to secure VMware? Explain.

VMware Infrastructure addresses security in a number of ways. Some of these

include:

Compatibility with SAN security practices: VMware Infrastructure enforces security

policies with LUN zoning and LUN masking.

Implementation of secure networking features: VLAN tagging enhances network

security by tagging and filtering network traffic on VLANs, and Layer network security
policies enforce security for virtual machines at the Ethernet layer in a way that is
not available with physical servers.

Integration with Microsoft Active Directory: VMware Infrastructure allows you to

base access controls on existing Microsoft Active Directory authentication
mechanisms.

Custom roles and permissions: VMware Infrastructure enhances security and

flexibility with user-defined roles. You can restrict access to the entire inventory of
virtual machines, resource pools and servers by assigning users to these custom
roles.

Resource pool access control and delegation: VMware Infrastructure secures

resource allocation at different levels in the company. For example, when a top-level
administrator makes a resource pool available to a department-level user, all virtual
machine creation and management can be performed by the department
administrator within the boundaries assigned to the resource pool.
Audit trails: VMware Infrastructure maintains a record of configuration changes and
the administrator who initiated each one. You can export reports for event tracking.

Session management: VMware Infrastructure lets you discover—and if necessary—

terminate VirtualCenter user sessions.