Chapter 7: Operations Elements

Question 1

What need Cloud Data Centers to be?

Answer 1

Cloud data centers have to be robust and resilient to all types of threats.

Question 2

Cloud Data Centers need to be robust and resilient against what types of threats?

Answer 2

Cloud data centers have to be robust and resilient to all types of threats:

• from natural disasters
• hacking attacks
• to underlying infrastructure and utilities failures.

Question 3

What does designing and building your own data center facility allows you to choose?

Answer 3

Designing and building your own facility allows you to choose:

• location
• services
• design elements
  that fit your organizational needs.

Question 4

When organizations consider buid vs buy decisions for data center space, they will often consider what kind of items?

Answer 4

• Cost of the facility or cost to lease space over time
• if the organization may scale up or down (in terms of size or requirements)
• Whether they can be more efficient in terms of:
  
  • power
  • heating and cooling
  • staffing over time
    in their own facility or one they rent
  • Whether there are specific security controls or requirements that fit a build or buy model better.
• whether they have the ability or expertise to staff a datacenter

Question 5

Cloud Service Providers pick data center locations for what kind of reasons?

Answer 5

the availability of inexpensive (or at least lower cost) electricity
- the ability to get high-speed connectivity for the facility
- the likelihood of natural disasters
- likelihood of political stability
- how challenging it will be to provide temperature control inside of the facility
- how close the location is to other data centers they may operate in the area

Question 6

Data center resilience focuses on a broad range of infrastructure and systems components, including utilities like: … ?

Answer 6

• electrical
• water
• connectivty
• heating and cooling
• Staffing
• elements to handle failures (generators, fuel storage, fire suppression systems

Question 7

What is a key concern for data center design?

Answer 7

Ensuring that data centers have both reliable and sufficient power is a key concern for data center design.

Question 8

What 3 critical items at the provider and external infrastructure levels need to be considered?

Answer 8

• Can the data center be connected to multiple grids?
• Are there distinct physical paths for power?
• Is there enough power for the expected load that the data center will create?

Question 9

What are Uninterruptible power supplies?

Answer 9

Power infrastructure for the data center itself is also important. Uninterruptible power supplies that provide battery-based or flywheel-based power are commonly used in data center designs to cover brief power outages.

Question 10

What are generators for?

Answer 10

Generators are typically used to provide power during longer outages, and they need to be powerful enough o keep the data center running.

Generators themselves are typically deployed in redundant designs to ensure that a single generator not working doesn’t stop the data center from functioning. Multiple-generator designs also allow generators to be removed from service for maintenance cycles during longer emergencies.

Question 11

What 5 tasks should be performed to ensure communications redundancy?

Answer 11

• identify their current and likely future bandwidth needs
• Ensure connectivity to their potential data center locations from more than one internet service provider (ISP), a concept the CCSP Outline (Candidate Information Bulletin) calls multi-vendor pathway connectivity
• Ensure that those ISPs do not have shared upstream dependencies
• Assess connectivity paths for environmental dangers and single points of failure
• Design internal systems and networks to support redundant connectivity and resilience.

Question 12

What are three categories of controls?

Answer 12

• physical
• administrative
• logical/technical.

Question 13

Data Center: Physical Access to Devices: Entry and Egress should be …?

Answer 13

• controlled
• monitored
• logged

Question 14

How many Tiers does the Data Center - Uier Classification System have?

Answer 14

• Tier 1
• Tier 2
• Tier 3
• Tier 4

Question 15

Uptime Institute’s Tier Classification System:
The system describes four tiers from Tier 1 to Tier 4, each with increasing requirements for what kind of thigns?

Answer 15

• maintenance
• power
• cooling
• fault tolerance

Question 16

What are the requirements for a Tier 1 Data Center?

Answer 16

A Tier 1 data center is the basic infrastructure required to support an organization that wants to conduct IT operations. Tier 1 has the following requirements:

• an uninterruptible power supply (UPS) system for line conditioning and backup purposes
• An area to house IT systems
• Dedicated cooling systems
• A power generator for extended electrical outages

They are also expected to have redundancy for:

• chillers,
• pumps,
• UPS devices,
• and generators

but are likely to have to shut down for maintenance activities.

Question 17

What are the requirements for a Tier 2 Data Center?

Answer 17

Tier 2 facilities provide more redundancy than Tier 1 facilities, including the following:

• Generators and UPS devices
• Chillers and cooling units
• Pumps
• Fuel tanks and other fuel storage

Unlike Tier 1 facilities, Tier 2 facilities are intended to ensure that critical operations are not interrupted due to planned maintenance.

Question 18

What are the requirements for a Tier 3 Data Center?

Answer 18

The Tier 3 design is known as a “concurrently maintainable site infrastructure.”

As the name indicates, the facility features both the redundant capacity components of a Tier 2 build and the added benefit of multiple distribution paths where only a sole path is needed to serve critical operations at any given time.

Question 19

What are the requirements for a Tier 4 Data Center?

Answer 19

Tier 4 data centers are the highest level described by the Uptime Institute.

They have independent and physically isolated systems providing redundancy and resiliency at both the component and distribution path levels, ensuring that events that compromised one system would not take out the redundant system.

Tier 4 data centers are not disrupted if there is a planned or unplanned event, although the Uptime Institute notes that planned maintenance may increase the risk of an outage if the remaining redundant systems are compromised while the maintenance is in progress.

In addition, Tier 4 data centers are designed around fault tolerance for components, so a system that fails will not result in a failure of a service.

Question 20

What are the two elements of data center logical design that you need to be aware of?

Answer 20

• tenant partitioning
• Access Control

Question 21

What is data center - logical design - tenant partitioning?

Answer 21

The first is tenant partitioning. Commercial data centers and hosting providers often have multiple tenants in the same physical space, requiring methods to partition tenants.

Partitioning may occur at the rack or cage level, where a locked rack or cage is used to separate tenants and provide physical security.

Question 22

Name 7 virtualization Concepts?

Answer 22

• Distributed resource scheduling
• Dynamic optimization
• Maintenance Mode
• High availablity
• Containerization
• Ephemeral computing
• serverless

Question 23

What is distributed resource scheduling?

Answer 23

Distributed resource scheduling, which focuses on providing resources to virtual machines to ensure they can meet performance service level requirements. It also allows migrations of systems to other underlying infrastructure during maintenance and includes monitoring and management capabilities.

In short, distributed resource scheduling is the ability to manage resources across a cluster or environment in a way that optimizes reliable and consistent service delivery.

Question 24

What is Dynamic Optimization?

Answer 24

Dynamic optimization is a term used to describe an optimization process that assesses performance or other factors and takes action to meet desired targets.

Dynamic optimization relies on real-time data and defined goals or objectives to determine configuration and resource changes required to meet those goals.

Question 25

What is Maintenance Mode?

Answer 25

Maintenance mode in virtualization environments allows hosts to be removed from a cluster in a safe way to allow for system or hardware maintenance. Maintenance mode transfers running guest operating systems to other nodes in a cluster, then marks the system as being in maintenance mode, allowing needed work to be performed.

Question 26

Describe High Availability

Answer 26

High availability, or HA, is a major driver in the adoption of both virtualized and cloud-hosted systems and services. As part of that, the availability of guest operating systems is a key feature of virtualization environments.

Question 27

Explain Containerization

Answer 27

Containerization places an application or service, along with all of the libraries and components it needs, together in a form that can be run on an underlying environment.

Question 28

Explain Ephemeral computing

Answer 28

Ephemeral computing is a key concept in many environments. It leverages the ability to quickly stand up virtual systems, then to shut them down when they are no longer needed to meet demand.

Question 29

Explain serverless

Answer 29

Serverless technology replaces constantly running servers with code that runs when needed. Cloud services that provide serverless functionality charge on an as-used basis, allowing for efficient use of resources.

Question 30

What do you need to do to make sure that your hypervsior has appropriate levels of security?

Answer 30

In order to provide appropriate levels of hypervisor security, you should make sure hypervisors are: - configured - updated - patched to vendor standards und use industry best practices. Common elements of this type of effort include: - restricting use of superuser accounts, - requiring multifactor authentication - using logging and alerting capabilities to monitor for improper or malicious use - designing access to hypervisor and management planes to limit access to authorized users. In addition, controls like encrypting virtual machines, using secure boot for the underlying hardware, and performing regular audits of configurations and systems are all important.

Question 31

What is Instance Isolation?

Answer 31

Each virtual machine, whether it is a cloud instance or a VM guest operating system, should be logically isolated from the others with appropriate logical controls. That means limitations on access to other systems as well as the internet, firewalls or security group-based controls, security at the hypervisor layer to ensure that virtual machines can't access resources assigned to others, and similar protections.

Question 32

What is Host Isolation?

Answer 32

All underlying hosts must also be both physically and logically isolated from one another as much as possible. They will obviously still be connected to the network and so will potentially be able to be connected, so those connections should be minimized and secured as much as possible. Moreover, network monitoring should be thorough and detailed, such that any host-escape activity would be immediately recognized and a response would result.

Question 33

Why are most storage devices clustered in groups?

Answer 33

To provide: - increased performance, - flexibility - reliability

Question 34

What are the two types of clustered storage architecture?

Answer 34

- tightly coupled - loosely coupled

Question 35

Storage: What is tightly coupled architecture?

Answer 35

In the tightly coupled architecture, all the storage devices are directly connected to a shared physical backplane, thus connecting all of them directly. Each component of the cluster is aware of the others and subscribes to the same policies and rulesets. A tightly coupled cluster is usually confined to more restrictive design parameters, often because the devices might need to be from the same vendor in order to function properly. Although this may be a limiting factor, a tightly coupled architecture also enhances performances as it scales: the performance of each element is added to the overall performance of the cluster, allowing greater and greater power as it increases in size.

Question 36

Storage: What is loosely coupled architecture?

Answer 36

A **loosely coupled cluster**, on the other hand, allows for greater flexibility. Each node of the cluster is independent of the others, and new mnodes can be added for any purpose or use as needed. They are only logically connected and don't share the same proximate physical framework, so they are only distantly physically connected through communication media. Performance does not necessarily scale, however, because the nodes don't build on one another. But this might not be an important facet of the storage architecture, since storage commands and performance requirements are fairly simple.

Question 37

What are the two general ways to create data proteciton in a cloud storage cluster?

Answer 37

- RAID (redundant array of independent disks) - Data dispersion Both options provide a level of resiliency - that is, a reasonable amount of assurance that although the physical and/or logical environment might be partially affected by detrimental occurrences (outages, attacks, and so on), the overall bulk of data will not be lost permanently.

Question 38

What is RAID?

Answer 38

In most RAID configurations, all data is stored across the various disks in a method known as striping. This allows to be recovered in a more efficient manner because if one of the drives fails, the missing data can be filled in by the other drives. In some RAID schemes, parity bits are added to the raw data to aid in recovery after a drive failure.