When i say cloud, i am not referring to the white or grey ones in the sky. Instead, i am speaking to the popular term called cloud computing, aka, the cloud.
What is cloud computing?
According to AWS, Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud Service provider. There are several cloud service providers available today, with the leaders being Amazon Web Services (AWS), Microsoft Azure, and Google cloud.
The Cloud and cloud platforms sit extensively and exclusively on the pillars and foundation of virtualization. The cloud is entirely, an infinite amount of virtual computers providing access and services through the use and means of the internet. In order to explain what virtualization is and how it works in the cloud, you need to first have some basic understanding of some general concepts on how a physical computer would operate, but more so its main components: ram, CPU, storage and OS:
Ram-aids in the amount of task you can do simultaneously and how much resource intensive application your system can handle.
CPU- determines how much information can be processed and the processing rate/speed, but on a physical device can determine how much virtualization can be added.
Storage- place to keep files, and documents.
OS- what operating system you use may determine what you can use that system effectively for.
These resources have significant implications on how smoothly a computer runs, how much processing it can perform in a specific time slot, how much software/ applications it can simultaneously run, how much storage space is available and ultimately the kind of OS said computer can handle on a physical system. Now that we went over the physical resources of a computer, what if i tell you that these physical resources can be shared through the use of a technology called a hypervisor?
What is a hypervisor you ask?
It is simply put, sharing physical resources on a system to create a virtual environment where different OS and platforms can be installed and run as if it was a dedicated OS the only one. There are two types of hypervisors, type 1 sits directly on top of the resources like a typical OS would, allowing other OS to be installed on it, while type 2 hypervisor runs on an already installed OS as an application, with similar functionality to install OS on a host system. You may have heard of a few of these hypervisors, such as oracle virtualbox, VMware, or even hyper- v specific to windows systems.
The physical processor and memory resources can be shared between the host and its guests through a virtual environment managed by a hypervisor. There are several ways in which resources are shared, through SMT you can have twice as much logical processors as physical cores, you can prioritize CPUs’ to vm , and even apply overcommitment/oversubscription, to distribute resources logically more than the system posses totally. Similarly with memory, you can have memory ballooning the reallocated unused ram and use it for another vm. All these technologies and configurations depend on the hypervisor and the technology it uses.
These hypervisors need the OS as specific files called a ISO file/ images, which is essentially a exact duplicate of a OS installation disk or image. Careful planning and execution must be used when allocating how much resources to essentially assign to the hypervisor, not to mention the networking and security configurations that need to take place before and during setup. Needless to say, security best practices, guidelines and frameworks must be considered when creating even one single unit through virtualization. To understand more about hypervisors and how to get disk images click below.
The cloud in itself is you hiring someone else (third-party handling) to be responsible for your platform, software, or infrastructure, which can be somewhat risky, but when you think about the rapid rate at which cyber crimes are occurring, you are now just not responsible for a lot of the overhead involved in handling/ protecting your organizations’ data on your own, if at all. In a real world like ours, if you wanted to set up a service that is accessed by many, you would need a lot of physical resources in order to be able to provide supply and demand for your services. You would need a wide range of devices from switches and routers, to load balancers, proxy servers, firewalls, servers, storage, a lot of licenses, and we have not begun to speak about the configuration, security and maintenance of these devices, platforms and services. if you are running a highly confidential proprietary services and need to be in control of your infrastructure, then the cost to create, setup and maintain a datacenter might be a better option. however, even then, there are means and different types of cloud platforms that can facilitate said control and security, but we will get into that at a later time.
There exist several Cloud service provider that can present to you a platform to create a virtual machine(device) in the cloud. This is usually the cheapest way to go about a computer in the cloud. However, you can create your own website, place it on your own server, configure it yourself, ensure you have all the necessary devices for both physical and digital protection, ensure you have constant internet flow, monitor your network traffic and security, providing whatever service you like, and in simple terms, once your website/services are accessible by the internet, it is essentially a computer running in the cloud. The cloud without a doubt eliminates the overhead cost it would to facilitate some form of a data center. The cloud in essence makes the data somewhat more accessible, but at the same time, this calls for CSP’s to be able to stand by their product with extreme defense in depth strategies, to mitigate as much threat to the organizations data, through the implementation of strict guidelines, like NIST 800 63, or RMF, and having an incident response plan to protect the data that they handle for you.
Again, familiarity must exist around that of a physical computer and its inner operations, alongside networking architecture, concepts topology and communications, before one can hope to thoroughly understand what goes on in the sky …. i mean cloud!