0% found this document useful (0 votes)
37 views81 pages

Cloud 3-4-5

The document discusses factors to consider when configuring cloud virtual machines, key components of cloud storage architecture including frontend and backend platforms, cloud databases, cloud identity and access management (IAM), cloud service management, cloud security models and threats/risks, cloud security compliance, principles of cloud security architecture, and key components of cloud security architecture including IAM.

Uploaded by

Sanskar Rangole
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
37 views81 pages

Cloud 3-4-5

The document discusses factors to consider when configuring cloud virtual machines, key components of cloud storage architecture including frontend and backend platforms, cloud databases, cloud identity and access management (IAM), cloud service management, cloud security models and threats/risks, cloud security compliance, principles of cloud security architecture, and key components of cloud security architecture including IAM.

Uploaded by

Sanskar Rangole
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 81

Factors Have to Consider while configuring Cloud

Virtual Machine?

•The names of your resources


•The location where the resources are stored
•The size of the virtual machine
•The maximum number of virtual machines that can
be created
•The operating system that the virtual machine runs
•The configuration of the virtual machine after it
starts
•The related resources that the virtual machine needs
Key Components of Cloud Storage
Architecture

1. A frontend platform
2. A backend platform
3. A cloud-based delivery model
4. A network (internet, intranet, or intercloud)
Frontend
• In cloud computing, frontend platforms
contain the client infrastructure—user
interfaces, client-side applications, and the
client device or network that enables users to
interact with and access cloud computing
services. For example, you can open the web
browser on your mobile phone and edit a
Google Doc. All three of these things describe
frontend cloud architecture components.
Backend
On the other hand, the back end refers to the cloud architecture
components that make up the cloud itself, including computing
resources, storage, security mechanisms, management, and
more.
List of Backend Components
1.Application
2.Service
3.Runtime Cloud
4.Storage
5.Infrastructure
6.Management
7.Security
3.4 Cloud Database
• A cloud database is a database that is
deployed, delivered, and accessed in the
cloud. Cloud databases organize and store
structured, unstructured, and semi-structured
data just like traditional on-premises
databases.
Encrypted cloud database architecture.
What Is Cloud IAM?
• A cloud identity management system
comprises the tools, policies, and processes
that protect a company’s critical resources
across cloud services and platforms. In other
words, access management in the cloud
dictates who may access what and when.
What are the components of cloud-based access management?

Cloud-based identity and access management policies control overarching


admin roles, granting roles to groups and users. They address everything
from who has permission to allocate storage to how users are de-
provisioned when they exit. Cloud-based identity management solutions
address components such as:
• Resources: Core parts of cloud services, including storage, processing
power, and analytics
• Permissions: Access to directories, files, or areas within a database
• Roles: Granular permissions assigned to users based on their job functions
• Groups: Overarching permissions that grant access to an entire group of
users, such as a business area or department
• Members: All accounts that may access cloud systems and resources.
Members might have individual, role-, or group-based permissions.
Service management:

1. A system integral of supply chain


management that contents actual company
sales and the customer.
2. The goal of service management is to
maximize service supply chains.
3. The purpose of service management are to
reduce high costs by integrating products and
services and keep inventory levels smaller.
Cloud Service Management

1. Cloud monitoring and cloud service management tools allow cloud


providers to ensure optimal performance, continuity and efficiency
in virtualized, on-demand environments.
2. The delivery of dynamic, cloud-based infrastructure, platform and
application services doesn’t occur in a vacuum.
3. In addition to best practices for effective administration of all the
elements associated with cloud service delivery, cloud service
management and cloud monitoring tools enable providers to keep
up with the continually shifting capacity demands of a highlyelastic
environment.
4. The fig illustrates that service management provides the visibility,
control and automation needed for efficient cloud delivery in both
public and private implementations.
Key Aspects of Cloud Service
Simplify user interaction with it:
The user friendly self-service accelerates time to value.
Service catalogue enables standards which drives consistent service delivery.

Enable policies to lower cost with provisioning:


Automatic allocating and de-allocating of resources will make delivery of services fast.
Provisioning policies allow release and reuse of assets.

Increase system admin productivity:


Providing the benefits to the broker will probably become a critical success factor in cloud computing.
Due to the growth of service brokerage business will increase the ability of cloud consumers to use services in a trustworthy manner.
These cloud mediators will help companies to choose the right platform, deploy the apps across multiple clouds.

Following are the opportunities for cloud brokers:


Cloud service intermediation : The broker must need to manage the additional securities or management capabilities over the cloud.
Cloud aggregation: It includes the deployment of services over multiple cloud platforms.
The ability to group an application across multiple clouds will become important i.e. if one service goes down the another can be
started.
4.1 What is cloud security?

• Cloud security is the set of control-based security


measures and technology protection, designed to
protect online stored resources from leakage, theft,
and data loss. Protection includes data from cloud
infrastructure, applications, and threats.
Cloud Security Models

There are three main cloud security models:

1.Shared responsibility:-
The shared responsibility model is the most commonly used, where the cloud
provider is responsible for the security of the cloud infrastructure and the
customer is responsible for the security of their data and applications
2.Multi-tenancy:-
The multi-tenancy model is used when multiple tenants use the same cloud
infrastructure, where the cloud provider is responsible for the security of the
infrastructure and the tenants are responsible for the security of their own
data.
3.Risk-based:-
The risk-based model identifies and mitigate the risks associated with cloud
computing, and the cloud provider and the customer work together to
identify potential risks and develop a security strategy to address those risks.
Cloud Security Threats and Risks

• A risk is a potential for loss of data or a weak spot.


• A threat is a type of attack or adversary.

You cannot completely eliminate risk; you can only manage it.
Knowing common risks ahead of time will prepare you to deal with
them within your environment.

What are four cloud security risks?


1. Unmanaged Attack Surface
2. Human Error
3. Misconfiguration
4. Data Breach
• A threat is an attack against your cloud assets that
tries to exploit a risk.

What are four common threats faced by cloud security?

1. Zero-Day Exploits
2. Advanced Persistent Threats
3. Insider Threats
4. Cyberattacks
Cloud Security Compliance
• Conduct a risk assessment
• Implement robust security measures
• Develop and implement policies and
procedures
• Conduct regular audits and assessments
• Work closely with cloud service providers
• Use compliance management tools
4.2 Cloud Security Architecture
7 core principles of a cloud security architecture
• Security by design – cloud architecture design should implement security
controls that are not vulnerable to security misconfigurations. For example, if a
cloud storage container holds sensitive data, external access should be locked,
and there should be no way for an administrator to open access to the public
Internet.
• Visibility – many organizations use multi-cloud and hybrid-cloud deployments
that traditional security solutions fail to protect. An effective strategy accounts
for both the tools and the processes to maintain visibility throughout an
organization’s complete cloud-based infrastructure.
• Unified management – security teams are often overworked and understaffed,
and so cloud security solutions must provide unified management interfaces.
Teams must be able to centrally manage a wide range of cloud security solutions
from one pane of glass.
• Network security – the cloud uses a shared responsibility model, and the
organization is responsible for securing traffic flows to and from cloud resources,
and between the public cloud and on-premise networks. Segmenting networks
is also important to limit an attacker’s ability to move laterally once they have
gained access to a network.
• Agility – the cloud fosters development and deployment of
new solutions. Security should not inhibit this agility.
Organizations can use cloud-native security solutions that
integrate seamlessly into the agile development lifecycle.
• Automation – automation is critical to swift provisioning and
updating of security controls in a cloud environment. It can
also help identify and remediate misconfigurations and other
security gaps in real time.
• Compliance – regulations and standards protect both data and
processes in the cloud. Organizations can leverage cloud
provider solutions, but will often need third party solutions to
manage compliance across multiple cloud providers.
5 Key Components of Cloud Computing Security
Architecture
1. Identity and Access Management (IAM)
Identity and Access Management (IAM) involves managing who can access cloud resources and what actions they can perform. IAM
systems can enforce security policies, manage user identities, and provide audit trails, among other functions.
IAM plays a pivotal role in mitigating insider threats. By implementing least privilege access and segregation of duties, organizations can
limit the potential damage caused by malicious insiders. Moreover, IAM can also help detect unusual user behavior, providing early
warning signs of potential security breaches.
2. Network Security
Network security involves protecting the integrity, confidentiality, and availability of data as it moves across the network. Network security
measures include firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and virtual private networks (VPN),
among others. All cloud providers offer a virtual private cloud (VPC) feature which allows an organization to run a private, secure network
within their cloud data center.
In a cloud environment, network security becomes even more critical as data often travels over the internet to reach the cloud. Therefore,
organizations should prioritize implementing robust network security measures to protect their data in transit.
3. Data Security
In a cloud computing security architecture, data security involves protecting data at rest, in transit, and in use. It encompasses various
measures, including encryption, tokenization, data loss prevention (DLP), and secure key management. A critical aspect of data security in
the cloud is applying access controls and secure configuration to cloud storage buckets and cloud databases.
With the proliferation of data breaches and the advent of regulations like the General Data Protection Regulation (GDPR), data security has
become a top priority for organizations, and has an additional compliance aspect. Failing to protect data in the cloud could result in costly
fines and legal implications.
• 4. Endpoint Security
Endpoint security focuses on securing endpoints or user devices that access the
cloud, such as laptops, smartphones, and tablets. Given the shift to remote work
and Bring Your Own Device (BYOD) policies, endpoint security has become a critical
aspect of cloud computing security. Organizations must make sure that users only
access their cloud resources with devices that are properly secured.
• Endpoint security measures include antivirus software, firewalls, and device
management solutions that can enforce security policies on user devices.
Moreover, endpoint security can also involve measures like user training and
awareness, helping users recognize and avoid potential security threats.
• 5. Application Security
Application security is another vital part of a cloud security architecture. It involves
securing applications running in the cloud against various security threats, such as
injection attacks, cross-site scripting (XSS), and Cross-Site Request Forgery (CSRF).
Application security can be achieved through various means, including secure
coding practices, vulnerability scanning (in particular, container image
scanning and infrastructure as code scanning), and penetration testing.
Additionally, runtime application self-protection (RASP) and web application
firewalls (WAF) can provide added layers of protection. Dedicated cloud native
security solutions can help secure cloud native workloads like containers and
serverless functions.Learn more in our detailed guide to cloud security solutions
What Are Cloud Security Controls?

• A cloud security control is a set of security controls that


safeguard cloud environments from vulnerabilities and
minimize the fallout of malicious attacks. Security controls are
a central element in any cloud computing strategy.
Key Elements of Cloud Security Controls
1. Centralized Visibility of Cloud Infrastructure
2. Native Integration Into Cloud Provider Security Systems
3. Security Automation
4. Threat Intelligence Feeds
What is a Cloud Security Audit?

• A cloud audit is a test of a cloud environment, typically


conducted by an independent third-party. During an audit,
the auditor gathers evidence via physical inspection, inquiry,
observation, re-performance, or analytics.
6 Steps to Conducting a Cloud Security Audit

• 1. Evaluate the Cloud Provider’s Security Posture


• 2. Determine The Attack Surface
• 3. Set Strong Access Controls
• 4. Develop External Sharing Standards
• 5.Automate Patching
• 6. Use SIEM to Standardize Cloud Logs
SIEM-Security information and event management (SIEM)
What is cloud data security?
• Cloud data security is the practice of protecting data and
other digital information assets from security threats, human
error, and insider threats. It leverages technology, policies,
and processes to keep your data confidential and still
accessible to those who need it in cloud-based environment
What is data classification?

• Data classification allows you to determine and assign value to your


organization's data and provides a common starting point for governance.
The data classification process categorizes data by sensitivity and business
impact in order to identify risks. When data is classified, you can manage it
in ways that protect sensitive or important data from theft or loss.
• Non-business: Data from your personal life that doesn't belong to
Microsoft.
• Public: Business data that is freely available and approved for public
consumption.
• General: Business data that isn't meant for a public audience.
• Confidential: Business data that can cause harm to Microsoft if overshared.
• Highly confidential: Business data that would cause extensive harm to
Microsoft if overshared.
What Is Cloud Encryption?

• Cloud encryption is a data security process in which plaintext


data is encoded into unreadable ciphertext to help keep it
secure in or between cloud environments. It is one of the
most effective ways to uphold data privacy as well as protect
cloud data in transit or at rest against cyber attacks.
Anywhere, anytime access to apps and data is a key
advantage of the cloud, but such ubiquitous access—often to
sensitive data—requires strong data protection, of which
cloud encryption is a crucial part.
Data Access Control

• Data is one of the most valuable assets for any business. To


protect sensitive information, you need to not only restrict
access to data assets that reside across multiple clouds and
environments, but also verify the authenticity of the
individuals trying to access that data.
• Data access control is a fundamental security tool that
enables you restrict access based on a set of policies. By
implementing robust policies for your data access, you’re
helping keep personally identifiable information (PII),
intellectual property, and other confidential information
from getting into the wrong hands, whether internally or
externally.
How does data access control work?

• Data access control works by verifying the users’ identity to ensure


they are who they claim they are, and ensuring the users have the
right to access the data. The two main components of data access
control are:
• Authentication: Verifies the user identity, which could be done
through a multifactor authentication mechanism
• Authorization: Determines not only the level of access that each
user has to the data based on specified policies but also the
actions the user can take
• For data access control to be effective,
authentication and authorization needs to be applied consistently
across your entire environment — both on premises and in the
cloud.
Cloud Data Backup and Recovery
• Cloud backup is a service in which the data and applications
on a business’s servers are backed up and stored on a remote
server. Businesses opt to back up to the cloud to keep files
and data readily available in the event of a system failure,
outage or natural disaster. Cloud backup for business operates
by copying and storing your server’s files to a server in a
different physical location. A business can back up some or all
server files, depending on its preference.
Types of Backup: Full, Incremental and
Differential Backup
There are three main backup types used to back up all digital assets:
Full backup: The most basic and comprehensive backup method, where all data is sent
to another location.
• Pros
1. Quick restore time
2. Storage management is easy since all the data is stored on a single version
3. Easy version control allows you to maintain and restore different versions
without breaking a sweat
4. File search is easy as it gets
• Cons
1. Demands the most storage space comparatively
2. Depending on their size, it takes a long time to back up files
3. The need for additional storage space makes it the most expensive backup
method
4. The risk of data loss is high since all the data is stored in one place
Incremental backup: Backs up all files that have changed since the last backup
occurred.
• Pros
1. Efficient use of storage space since files are not duplicated in their entirety
2. Lightning-fast backups
3. Can be run as often as desired, with each increment being an individual
recovery point
• Cons
1. Time-consuming restoration since data must be pieced together from
multiple backups
2. Successful recovery is only possible if all the backup files are damage-proof
3. File search is cumbersome – you need to scout more than one backup set
to restore a specific file
Differential backup: Backs up only copies of all files that have changed
since the last full backup.

• Pros
1. Takes less space than full backups
2. Faster restoration than incremental backups
3. Much faster backups than full backups
• Cons
1. Potential for failed recovery if any of the backup sets are incomplete
2. Compared to incremental backups, the backup takes longer and
requires more storage space
3. Compared to full backups, restoration is slow and complex
Cloud Network Security
• Like cloud security, cloud network security
refers to the technology, policies, controls, and
processes used to protect data and solely
focuses on protecting cloud networks from
unauthorized access, modification, misuse, or
exposure.
Cloud security threats
• 1. Data breaches
A data breach occurs when information is accessed without
authorization.
2. Unmanaged attack surface
The term “attack surface” is a new concept born from cloud computing.
Prior to the cloud, data was all stored in one location so it was much
easier to secure the perimeter around the data center.
But cloud computing blurred the boundaries—the cloud is ever-changing,
and it’s not always clear where data is housed or who is responsible for it.
Traditional asset discovery, risk assessment, and vulnerability
management processes were developed when networks were more
stable and centralized. They simply can’t keep up with the speed at which
new vulnerabilities and attack vectors arise in cloud computing. The sum
of these vulnerabilities makes up the attack surface.
• 3. Data loss
Cloud-based systems can also fall victim to data loss—just like
home and office networks. Data loss can happen as a result of
a data breach, natural disaster, or a system-wide
malfunction. Truly protecting your documents means:
• 4. Insufficient access management
Access management is used to authorize access to information
stored in the cloud. It limits:
– Who has access to certain documents
– Where users are allowed to access documents
– Which devices are permitted access
From ensuring only safe devices are able to connect to your network
to creating employee guidelines prohibiting the use of public Wi-Fi,
limiting who has access and where is important for cloud
cybersecurity. Insufficient access management of data stored in the
cloud could result in valuable information ending up in the wrong
hands.
5. Hijacking
Ineffective security resources and protocols could potentially
lead to the hijacking of a cloud network.
Cloud account hijacking occurs when a cyberattacker
manages to gain control of a cloud-based
account. Cybercriminals use phishing scams and botnets to
infiltrate and infect cloud-based systems, taking complete
control once successful. Hackers can then steal your
credentials and information, or in the case of a business,
highly sensitive customer or corporate files.
6. Malware infections
• Today’s hackers have many means to infiltrate
cloud-based systems. One of them is malware,
a type of software that’s installed on a
computer without the user’s consent in order
to disrupt, damage, or take control of the
system.
7. Insider threats
• Unlike insufficient access management, insider threats refer
to those who already have access to your cloud
network. These users ignore the cloud cybersecurity rules
you’ve put in place to protect your privacy and data. They
could be websites you don’t want your guests visiting or files
employees shouldn't share outside of the company network.
• Protecting your cloud network starts with managing how
people within your immediate circle utilize it.
8.Denial-of-Service Attacks
• Denial of service (DoS) attacks involve hackers flooding
systems with automated empty connections, overwhelming
resources and denying service to legitimate users. In the cloud,
because systems are often exposed to public networks, there is
a much larger threat of DoS.
• Attackers can also leverage the massive scalability of the cloud
to drive their attacks. In some cases, attackers compromise
cloud accounts and launch cloud instances to perform DoS
attacks against others. This can result in high cost to the victim,
and legal exposure, because the DoS attack originates from
their own cloud environment.
What are Cloud Application Security Controls?

Effective cloud application security controls are essential for safeguarding cloud-
based applications. Below are some best practices to consider:
• Identity and Access Management (IAM): Implement strong IAM policies to ensure
users have appropriate permissions to access applications and data. Multi-Factor
Authentication (MFA) and Single Sign-On (SSO) enhance security.
• Data Encryption: Use encryption for data in transit and at rest. Implement various
encryption mechanisms to protect sensitive information from unauthorized access.
• Monitoring Threats: Continuously monitor cloud applications in real-time to
detect unusual behavior and respond to threats promptly. Leverage threat
intelligence data to stay ahead of malicious actors.
• Compliance: Ensure your cloud applications comply with industry regulations and
standards,. Regular audits can verify compliance and identify any shortcomings.
• Security Monitoring and Reporting: Implement mechanisms for monitoring and
reporting security-related events in your cloud applications. This helps in early
threat detection and swift response.
5.2 What is edge computing?
• Edge computing is a distributed information
technology (IT) architecture in which client
data is processed at the periphery of the
network, as close to the originating source as
possible.
Benefits of Edge Computing
• Reduced delay and Improved Performance
• Improved Security and Data Privacy
• High Resiliency
• Increased Scalability
• Operational Cost Savings
Edge Computing Challenges

• Ensuring Adequate Network Bandwidth


• Decentralizing Security Policies and Controls
• Reducing Management Complexity
Difference between Edge Computing and Cloud Computing
What is serverless computing?

• Serverless computing is a method of providing backend


services on an as-used basis. A serverless provider allows
users to write and deploy code without the hassle of
worrying about the underlying infrastructure.
• A company that gets backend services from a serverless
vendor is charged based on their computation and do not
have to reserve and pay for a fixed amount of bandwidth
or number of servers, as the service is auto-scaling.
• Note that despite the name serverless, physical servers
are still used but developers do not need to be aware of
them.
What are the advantages of serverless computing?

• Lower costs - Serverless computing is generally very cost-effective, as


traditional cloud providers of backend services (server allocation)
often result in the user paying for unused space or idle CPU time.
• Simplified scalability - Developers using serverless architecture don’t
have to worry about policies to scale up their code. The serverless
vendor handles all of the scaling on demand.
• Simplified backend code - With FaaS, developers can create simple
functions that independently perform a single purpose, like making
an API call.
• Quicker turnaround - Serverless architecture can significantly cut
time to market. Instead of needing a complicated deploy process to
roll out bug fixes and new features, developers can add and modify
code on a piecemeal basis.
What are the challenges of serverless computing?
• Vendor lock-in. It can be difficult to switch to another serverless platform without significant effort and
cost. You need to carefully examine all available providers and choose a platform that is reliable and
offers a good balance between cost, performance, and flexibility.
• Poor security visibility. This might be a major security issue for some businesses because of the shared
responsibility model. You might not see all the security controls that the cloud provider implements.
You have to find a platform that offers various security measures such as encryption, identity and access
management, audits, and monitoring.
• Challenges integrating with existing systems. This is a major limitation when you have legacy systems
that need to be integrated with your new application built on a serverless platform. Consider focusing
on a provider that supports the programming languages and tools you are already using. Also, look for
platforms with APIs that allow for easy integration with your existing systems.
• Cold start. A cold start is a delay that happens when a new function is invoked for the first time. For
instance, it may occasionally take up to ten full seconds to run the first invocation of a JVM-
implemented function. Preemptive warming up could be a solution to this problem, but developers may
pay penalties for getting their serverless code ready to run. For example, some serverless providers may
charge extra fees for keeping functions warm and keep them running.
• Debugging and testing. Since your developers have no control over the provider’s servers, they have
limited opportunities for identifying problems and bottlenecks. After a function is executed, it only
leaves traces in logs recorded by the serverless platform. In addition, there’s a lack of debugging tools
that can operate in serverless environments.
• Limited monitoring and planning of serverless apps. Serverless computing monitoring can be
challenging since your provider is the one who manages the whole infrastructure. This leads to limited
customization options and a lack of control over performance monitoring, bottleneck identification, and
issue diagnostics.
Server vs. Serverless: Side-by-side Comparison
What is an API with example?
• APIs are mechanisms that enable two software
components to communicate with each other using a
set of definitions and protocols. For example, the
weather bureau's software system contains daily
weather data. The weather app on your phone
“talks” to this system via APIs and shows you daily
weather updates on your phone.
What Is the Role of APIs in Cloud Computing?

• APIs enable cloud computing in the


enterprise. You can use enterprise APIs in
cloud computing to enable access to different
platforms and efficiently manage security. You
can even use API gateways to move workloads
across different cloud environments.
How do cloud APIs work?

The process of making an API connection is fairly


complex, but usually follows these steps:
1. An API client (e.g. an application) initiates a request for
specific data, also called an API call.
2. The API call is received by an API endpoint (e.g. a server).
3. The API endpoint authenticates the request to ensure the
call is from a legitimate source and formatted using the
correct API protocol and schema.
4. The API endpoint returns the requested data to the API
client.
What are the main types of cloud APIs?

• Cloud APIs are often labeled by the layer at which they connect cloud services.
Typically, this connection occurs at one of three levels:
• Infrastructure level: Infrastructure-level APIs, also called
infrastructure-as-a-service (IaaS) APIs, help provision and manage cloud-hosted
infrastructure. IaaS APIs may be used to streamline the management of virtual
servers, cloud storage, cloud security, and other infrastructure-level software
and services.
• Service level: Service-level APIs, or platform-as-a-service (PaaS) APIs, connect
this infrastructure to third-party platforms for developing applications. PaaS
APIs allow developers to access development tools, operating systems,
software, and databases so they can build their own applications.
• Application level: Application-level APIs, or software-as-a-service (SaaS) APIs,
connect infrastructure to cloud-based applications that are managed by third-
party providers. SaaS APIs enable users to access fully-built cloud applications
(e.g. Gmail) from a client.
REST API Introduction

• Representational State Transfer (REST) is an architectural


style that defines a set of constraints to be used for
creating web services. REST API is a way of accessing web
services in a simple and flexible way without having
• Working: A request is sent from client to server in the
form of a web URL as HTTP GET or POST or PUT or DELETE
request. After that, a response comes back from the server
in the form of a resource which can be anything like HTML,
XML, Image, or JSON. But now JSON is the most popular
format being used in Web Services. any processing.
JSON- JavaScript Object Notation
• 1. Client-Server Architecture
RESTful APIs are built with a client-server architecture, meaning that the client
sends a request to the server and the server sends back a response. The client
can be any device or application that can make HTTP requests, while the
server is the application that provides the API and responds to client requests.
This characteristic allows for the separation of concerns, making it easier to
develop, maintain, and scale both of these components independently.
• 2. Statelessness
RESTful APIs are stateless, meaning that each request made by the client to
the server contains all the information necessary for the server to fulfill the
request, without relying on any previous requests or server-side storage. This
is why every authenticated REST request has to carry an authentication token
in the request headers.
• This does increase the request size but it lets the server scale without
worrying about storing state information across two separate requests.
• 3. Cacheability
It is important to utilize methods to reduce the load on the server. Therefore,
RESTful APIs implement some sort of caching. This means that the API
responses can be cached by the client, allowing for faster response times in
subsequent requests for the same resource. This reduces the load on the server
and improves performance, as the server does not need to generate the same
response for each request.
As each request in REST has to carry authentication tokens and the relevant
state required to act on the server, the benefits of this characteristic become
visible pretty quickly for any API with decent traffic. Even with a cache timeout
of 5s, you can help prevent thousands or millions of requests over a few
seconds.
• 4. Layered System
Future-proof APIs should be modular and each module should be updatable or
swappable transparently. Hence, REST requires the APIs to be designed as a
layered system, where the client interacts with the server through a single
endpoint, while the server can interact with multiple backend systems. This
provides a separation of concerns and makes it easier to add new backend
systems, change existing ones, or perform maintenance, without affecting the
client. An example of this might be how a server can update the mechanism for
load-balancing but the client doesn't need to be made aware of that. The client
can continue communication the same as before.
• 5. Code-On-Demand
This is an optional characteristic as it can lead to unintended side effects
and exploits. This characteristic means that the server can send back
code to be executed by the client instead of data. This can help extend
the functionality of the client and lead to more dynamic and
customizable interactions. However, this also requires that the client can
understand and execute the code that the server sends back. This has
therefore reduced the frequency with which this characteristic is
adhered to. Moreover, if the server is hacked, the clients will
automatically be hijacked as they will execute whatever the server
responds with. This glaring security gotcha has also hindered the
adoption of Code-On-Demand.
• 6. Uniform Interface
This means that the API uses a common set of methods, such as GET,
POST, PUT, and DELETE, to access resources, and a standard format, such
as JSON or XML, for requests and responses. This makes it easier for
clients to understand and interact with the API, as all resources are
accessed in a consistent manner. The uniform interface also makes it
easier to implement API versioning, as new functionality can be added
by defining new resources and methods, without affecting existing ones
DevOps
• DevOps is a set of practices, tools, and a
cultural philosophy that automate and
integrate the processes between software
development and IT teams. It emphasizes
team empowerment, cross-team
communication and collaboration, and
technology automation.
7 DevOps Principles

1. Collaboration
2. Data-Based Decision Making
3. Customer-Centric Decision Making
4. Constant Improvement
5. Responsibility Throughout the Lifecycle
6. Automation
7. Failure as a Learning Opportunity
1. Collaboration
DevOps in its purest form is the integration of the
development (Dev) and operations (Ops) teams. This means
that collaboration is central to the foundation of DevOps. By
working together, development can better configure the
software for the operations phase and operations can test the
software earlier to ensure it will meet requirements.
2. Data-Based Decision Making
Another central principle of DevOps is informing your
decisions with data. Whether it's selecting the right tech stack
or selecting tools to streamline your pipeline, you should
always collect data around each decision to ensure your
choice agrees with your team's metrics and historical data
3. Customer-Centric Decision Making
The customer should be a central focus in a DevOps lifecycle.
Equally as important as data, decisions should be weighed
with the question, "Will this benefit the customer?" Collecting
feedback from the customer on the existing product will guide
future optimization
4. Constant Improvement
DevOps focuses on constant improvement, or the idea that the team
should continuously focus on new features and upgrades. Another key
idea follows the Agile methodology of incremental releases.Previous
software development strategies would focus on delivering the perfect
product all at once. Though this sounds ideal, in execution it often meant
that software deliveries would be delayed for long periods while issues
were resolved. Instead, incremental releases allow the team to focus on
achieving a minimum viable product (MVP) to meet the customer's core
use case as soon as possible
5. Responsibility Throughout the Lifecycle
In traditional software development models, the development team codes
and builds the application. They then hand it to the operations team to
test, deploy, and deliver to the customer. Any bugs discovered in the
second phase are left to the operations team instead of the developers
who wrote the code.DevOps shows us a more logical approach:
responsibility throughout the lifecycle. The whole team is responsible for
the product from initial planning to its end of life. During this entire
process, the development and operations teams are working hand in hand
to update the software and address issues
6. Automation
A key benefit of the DevOps approach is speed: speed of
software delivery, speed of updates, speed of patches. This
momentum is achieved with automation. DevOps teams aim
to automate every single phase of the process, from code
reviews to handoffs to provisioning and deployment
7. Failure as a Learning Opportunity
DevOps is a flexible approach to development. Processes are
constantly being fine-tuned just as the software itself is
continuously improving. Part of maintaining this flexibility is to
view failure as an opportunity to learn and improve. Rather
than trying to avoid failure at all costs, encourage risk-taking
in the right context
The benefits of DevOps – Cloud Combination

• DevOps and cloud are a perfect match. By combining


the two, businesses can enjoy even more benefits, such
as :
1. Increased Efficiency
2. Improved Communication
3. Scalability
4. Better Quality Control
5. Faster Time to Market
6. Reduced Costs
• Now, Let’s take a closer look at each of these benefits.
• 1. Increased Efficiency: One of the biggest advantages of using DevOps and cloud is increased
efficiency. By combining the two, businesses can streamline their development processes,
getting projects done more quickly and with fewer mistakes. This means that resources will be
used more effectively, which saves money in the long run.
• 2. Improved Communication: When different teams or departments work on a project,
communication is key to its success. But people often get caught up in their day-to-day tasks
and communications start to slip through the cracks. By using DevOps and cloud computing,
teams can keep everyone in the loop so that issues are resolved quickly and projects are
completed on time.
• 3. Scalability: Organizations can more easily scale their operations by using a DevOps cloud
combination. This is because software testers and developers can quickly add or remove
resources as needed in order to respond to changes in demand.
• 4. Better Quality Control: When a business is working with multiple teams and departments,
quality control can be an issue. The best way to make sure that everything is done correctly
and meets the standards of the business is to implement DevOps processes and cloud
computing solutions into your development efforts. This helps ensure higher-quality products
and fewer errors.
• 5. Faster Time to Market: In today’s competitive business landscape, it’s important to get
products and services to market quickly. DevOps and cloud can help you do just that. By
automating processes and using the power of the cloud, businesses can speed up their
development cycles and get new products and services to market faster than ever before.
• 6. Reduced Costs: One of the biggest benefits of using DevOps is that it can help businesses
save money. When development processes are streamlined and automated, there are fewer
opportunities for errors. This means that businesses will spend less on rework and
corrections. In addition, cloud computing can help businesses stay within budget by allowing
them to pay only for the resources they need.
What is containerization?

• Containerization is packaging an application with its


dependencies, such as libraries and other binaries,
into a single unit called a container. Containers (each
package) allow for consistent development and
deployment environments for applications, and they
are isolated from each other and can run on any
platform supporting container technology.
Difference between Virtualization and Containerization
Benefits of Containerization

• Resource Efficiency: Because containers share the kernel of the host operating
system, running a separate operating system for each instance is no longer
necessary. As a result, resource efficiency is greatly improved.
• Rapid Deployment: Containers can be built and deployed rapidly, enabling
seamless integration into continuous integration and delivery pipelines — and
fostering agile development practices.
• Scalability: Containers enable horizontal scaling by
replicating instances across a cluster, effortlessly handling increased workloads,
and facilitating fault-tolerant architectures.
• Portability: Containers encapsulate applications and their dependencies, making
them highly portable across different environments, including development,
testing, and production.
• Easy Management
• Container orchestration tools take care of application management, automating
installation, scaling and management of containerization workloads.
The three characteristics of highly effective containers

1. Containers are much more lightweight than


VMs
2. Containers virtualize at the OS level while
VMs virtualize at the hardware level
3. Containers share the OS kernel and use a
fraction of the memory VMs require
• Unlike a virtual machine (VM), containers don’t need to contain a
separate operating system image. This makes containers lightweight
and portable and significantly reduces the overhead required to
host them. Thanks to this efficiency, containers give you more
virtual runtime environments for the money spent. They offer
dramatically faster start-up time as well as they don’t have to spin
up an operating system when they initiate.
• Being able to run multiple containers on a single OS kernel is
valuable when constructing a cloud-based microservices
architecture. Compared to virtual machines, you can run three
times as many containers on a single server (or on a single virtual
machine). This choice saves a tremendous amount of resources and
server costs.

You might also like