Definitions of Cloud Flashcards
1
Q
SAAS
A
Software as a Service
Risk Mitigation - Reduced local admin and redundancy
Business Continuity - 24/7 access from any location that has internet, synchronization between local and cloud, doesn’t have to go through email
Efficiency -
Deployment - rapidsimplified data retention and admin is the resposibility of CSP
Hardware Resources -economies of scale, don’t have to pay for upgrades, etc, give flexibility and agility
Cost - based on usage, minimal up front costs, pay as you go.
Scalability - easily scale up or down the storage as they needcan be allocateda nd de-allocated dynamically. Can run slower than an inhouse solution due to redundancy and connection
2
Q
PAAS
A
Platform as a Service (Ability to create a testing environment, etc for development)
3
Q
MAAS
A
Management as a Service - ability to see status of systems, etc basically monitoring
4
Q
CAAS
A
Communication as a Service
5
Q
IAAS
A
Infrastructure as a Service - lease hardware, software automatic patch updates
6
Q
Storage as a Service
A
lease storage for data warehousing
7
Q
Security as a Service
A
lease security services
8
Q
CAPEX
A
Capital Expense which ar ecosts associated with acquisition of assets or upgrading existing assets, such as hardare
9
Q
OPEX
A
Operational expense refers to the costs associated with the dat to day running of a copany, ie: bandwidth, etc. can be reoccuring expenses,
10
Q
Traditional Internal IT Infrastrucutre
A
own server room own infrastructure inhouse
11
Q
Colocation Facility
A
owned by a third party that rents out space equipped for housing and running IT infrastructure, also provide network connectivty, backkup power, physical security
12
Q
Managed Services
A
package for full outsourcing of IT Infrastructure. instead of purchasing in colocation you rent the infrastructure, software, hardware and database management
13
Q
Public Cloud
A
fully outsourced solutions for infrastructure, instead of renting physical harware you rent a virtual coputing environment hoste don shared server clusters in the service provider’s datacenter
14
Q
Abstraction
A
system implementation are hidden from the user, applications run on unspecified physical systems and dat is tored in inknown locations ot the end user
15
Q
VMM
A
Virtual machine monitor aka hypervisor
16
Q
VIM
A
a toll that communicates with multiple hosts and their VMs, allowing for centralized admin and efficient operation of the virutal infrastructure ie: OpenNebula
17
Q
Virtual platform
A
VMware Vsphere, Citrix XenServer or Microsoft Hyper V
18
Q
3 types of virtualization
A
client
server
storage
19
Q
Application Packaging Virtualization
A
method of isolating a specific application from the underlying opertaing system. application can’t modify or interact with o/s. provides protection agaist viruses and malware and you can run incompatible applications on a system
20
Q
Application Streaming Virtualization
A
type of client virtualization. hosts necessary applications on servers in a datacetner, and then loads on client demand as if it were locally installed. Also can be used to preven unauthorized software installations from end users
21
Q
Hardware Emulation Virtualization
A
Virtualization software is installed on the client o/s
22
Q
Hypervisor
A
is a program that allows multiple o/s systems to share a single hardware host, each os appears to hav ethe host’s resources ie: processore, memeory, nic etc all to istself
23
Q
Hypervisor Type 1
A
runs directly on top of hardware, provide less overhead and smaller footprint so run more efficiently and also have direct access to hardware resources
24
Q
Hypervisor Type 2
A
run ontop of existing o/s software, ie: microsoft virtual server and vmware workstation
25
DAS
direct attached storage is a traditional storage method and works by connecting hard drives to an actual server
26
NAS
Network attached storage uses a dedicated storage devicewhich you attach to yoru network. can be scalable, configured to provide redundancy. uses standard protocols to connect to your servers
27
SAN
Storage Access Netowrk - dedicated hardware and software on a dedicated high performance network to createa more effective data storage solution that less prone to dataqt outages, host bus adapter or HBA connects a server to a fibre SAN
28
economies of scale
lowering of costs due to an increase in the scale of operations or production
29
vmware
Has a small footprint and is not dependent on any os to run corrrectly
30
Citrix Xne Server
Simplifies and speeds up management of the entire application lifecycle
31
Hyper V
Using os clustering it provides high availability for hosts and their vms
32
IBMS z/vm is a hypoervisor
which is designed to allow the clients to run hundreds to thousands of linux servers on a single mainframe running with other system z oeprating systems
33
Core Network
Provides a logical center point in a datacenter
34
Edge Network
Enables end users to connect to a datacenter
35
Access netwrok
Enables connections to storage networks and computing resources
36
Basic Public Internet
end user, most common way of accessing cloud datacenters. cusotmers access the cloud using their own internet connectiosn, sometimes time requirements cannot be met
37
Accelerated internet
is a set of services and offloads you can add to a standard public internet connection to improve performance, SSL termination and TCP connetion magmt
38
Optimized Internet overlay
lets users access a cloud via the publick internet with connetivity enhanced at the provider's points of presence or POPs
39
site to site vpn
direct connection between a csp and the cloud thorugh a private wan
40
SOA
Service Oriented Architecture is a distributed system architecture in which services interact using a common defined interface, a collection of related sub-systems, it addresses services, data and processes in an IT architecture
41
SOA has 4 main benefits
functionality reuse
agility
monitoring
extensibility
42
Common SOA Architectures
```
Peer to Peer
client Srever
Three Tier
nTier
Tightly coupled
Loose coupling
```
43
Loose copling
enables you to build update or replace individual participants in a system without changing the participants that intract with it
makes system more reliable
44
Loose coupling techniques
asynchronous communication where possible
human readable Unifrom Resoruce Idnetifiers or URLs for service and instance addresses
stateless messaging
vendor and platform independent messages
self-describing messages
well-defined extensible interfaces
45
SOA provides to cloud
testing of a service oriented environment
provides a deployment framework for cloud computing
I enables re-use of the code for particular functions
It provides a high degree of agility
46
planning cloud deployment involves 3 steps
Perfomring a data analysis
identifying and documenting services
determining future cloud architecture
47
data analysis consists of 3 things
where data in your organization is locted
what form the data takes
how the data flows through the neterprise and how it relates to core services and business processes
48
1st step in architectural foundations for good cloud computing begins with
a development of a service directory, which lists the individual services and organization uses
49
Service diretory
```
define each
hardware
scope
design
dependencies
service levels
security
testing
```
50
Process model
link process to the service it uses
| defines business processes and how they link to services
51
steps of migrating data to a cloud
1. Establishing where the data is , what form it takes and how the data flows
2. Doucmenting each serivce in the organizaiton's baseline architecture
3. Groupiing the services into processes that map to the organization's business processes
4. Identifying processes and the services that can be hosted on the cloud
52
Coupling
loosely connected , independence of location, off site hosting , dynamic service discouvery
53
Participant Interfaces
participants that have welldefined interfaces are favorable for a cloud platform. architecture mixture of locally hosted and cloud based systems
54
Security
root secuirty keys and credit card numbers shouldn't be transmitted over apublic network.
55
SAAS Factors to consider before using
Security - Each company has there own, no set standards yet so make sure lines up with company security protocols and guidelines
Liability - SLA's - contract negotiated liablility
reliability - is the csp dependable, reputable, what do you do if they close their doors, etc. solution is to use more than one provider.
56
SAAS Providers
```
Box.net
Amazon Simple Storage Service or S3
Internap XIP Cloud
Nirvanix
DropBox
```
57
Storage as a Service vs SAAS
SAAS - usually block storage over Ip
| Cloud Stoage and also include file-based systems.
58
SAAS Governance
```
Enterprise Risk
Legal Issues
Compliance
Information LifeCycle
Portability and Interoperability
```
59
DAC
authentication and authorization access of data, need to have someone assigned to setup access and removal
60
Data Classification
foundation of information security programs, it requires you to evaluate and then classify company data accourding ot its security needs. ie: confidential data may have to be encrypted, or you decided to keep it in house while allowing other types of data to go to the cloud. etc.
61
Accounting and Auditing
to ensure confidentiality is maintained the csp needs to have appropriate logging adn monitoring facilities for accounting and auditing purposes. This usually means that some form of security info and event magmt system mus tbe in place.
Additionally procedures need to ensure that a separation of duties exists between those who adminiser the sytems and those who monitor the logs within the csp.
62
Encryption of stored data
auditing and key management and key chages are needed to ensure compliance to security on the csp, can call for more administrative activiites and possibly more cost
63
Encryption of data in transit
encryption or tunneling may be required. depends on the sensitivity of the data and the security compliance.
64
OGF
Promotes standardization of distributed high performance computing applications
Open Grid Forum
meets each year grid computing worldwide
Standardizing applied distributed computing environments
65
CSA
Promotes standards and best practices with the aim of ensuring cloud security
Best practices and shared standards in the area of cloud computing security
66
OCC
Operates and manages cloud computing testbeds
Open Cloud Cosortium non profit org support the development of a n open standards based interoperability framework
Standards for cloud interoperability
67
DMTF
Was founded to develop a set of informational standards for managing resources in distributed environments
Is developing standars that facilitate system mgmt in cloud based IT Infrastructures
68
CIM
is a DMTF standard - Common Informtion Model - defines the language and methodology used to describe data mgmt.
69
Cloud Security Alliance aka CSA
non profit org promotes best practices and shard standards in the area of cloud computing secuirty. 3 components:
1. General agreement regarding secuiryt assurances and requirements between end users and cloud service providers
2. Awareness on th eappropriate use of security solutions in a cloud environment
3. Independent research into best practices for cloud computing security
4. Guidance for cloud security assurance
70
Cloud Computing Standards
```
security
browsers
data
virtualization
syndication
communication
solution stacks
messaging
```
71
Cloud Security Protocols typically used now
```
Secure Sockets Layer SSL
Transport Layer Secuirty or TLS
Open Authenitcaiton or OAUth
OepnID
Secuirty Assertion Markup Language or SAML
```
72
Coupling
loose enables participants to function independently of location. May not fail because one part fails. redundancy etc.
It enables location indepenence of participants and dynamic service discovery
73
Partiicpant Interfaces
well defined interfaces are favorable for a cloud platform. well defined interfaces for inputs and outputs to a system allow for suitable intgration points betwen on premises and cloud based services. Ie: mixture of locally hosted and cloud based systems
74
Security
sensitive data should not be transmitted over a public network, ie root security keysand customer credit cards You won't be in control of security mgmt at the cloud level - have to evaluate each situation
75
Enterprise Health
if your infrastructure is unhealthy and you move to a cloud platform it may exacerbate the issues. ie: firewall not configured properly, the system isn't ready to deploy to a cloud, etc.
76
Business factors to consider
```
online applications
deployment urgency
the need for user collaboration
the availability of funding
availability of other business opportunities associated with cloud computintg
```
77
Cloud platform categories
```
dataqbase
governance
management
processes
security
services
storage
```
78
Private Cloud
```
used when concerns about security. internal or enterprise cloud - usyally not pay as you go but pay when setup
disadvantages:
lose ability to scale on demand
legacy apps not suitable
securitymay be less effieint
ongoing technology costs can be high
```
79
virtual private cloud (vpc)
publicly hosted private cloud that is connected to an organizations datacenter via a secure connection
resources are only available to one organization
May connect via vpn
makes sense when resources are grouped by logically grouped ip addresses
ie: Amazon EC2
80
Hybrid cloud
both private and public cloud solution
81
Cloud bursting
when the cloud is shutdown when not in use
82
IAM
Identity and Access Management is the use and managemetn of the same identity inforamation service for all your applications. to authenticate users and grant or deny access rights to data and system resources, to ensure appropriate access to enterprise resources.
83
IAM is based on 3 concepts
authentication - verifiation of the identity of the user or service
Authorization - user or sytem requests access to a soruce or service, or perfomr an operation and is given necessary permissions
Auditing - records and revieing authentication and authorization actions. tests the competence of the IAM system controls, verifies compliance with existing security procedures and policies, detects breaches and suggests contermeasures
84
Trust Boundry
virtual perimeter defining hte ara that falls udner the jurisdiction of its IT Department
85
Identity Federation
the practice of negotiating interactions between entities that are separated by an organization's internal and external trust relationships
86
two reasons to use IAM
improved operational efficiency
| regulatory compliance management
87
IAM Operational Areas
```
Identity mgmt and provisioning
Authentication mgmt
federated identity mgmt
authorization mgmt
compliance mgmt
```
88
Identity mgmt and provisioning
goal is to ensure that authorized users are securly and efectilvely incorporated into a cloud and that unauthorized users are excluded. on boarding and off boarding
89
SPML
service provisioning markup language is xml based used for identity mgmt allows automation of usera nd system access
90
SCIM - Simple Cloud Identity has benefits
simple to use
leveraging representational state transfer or rest
javascript object notation or JSON
exxential create read update and delete statements avoiding the LDAP object class inheritance model
Google and Salesforce.com
91
Authentication Mgmt
goal is to ensure credentials such as passwrods and digital certs are managed securely .
Also manages trust realationships across all cloud services and delgtes authentication where appropriate
92
federated identity mgmt
goal is to authenticate cloud service users using the org selected identity provider or idp. Credential and atrtributes are trnamitted
idp - identity life cycle, token formats, authentication methods, non-repudiation presetn several challenges, the last of these holds enormous potntial fo rthe use of deeration ensures identity assertions orgiinated witha trusted idp
93
SSO part of federated cloud services (Single Sign On)
can be used to authenitcate organizaiotn wide applications and cloud applications to which and organization subscribes
94
Two federated SSO methods
federated public SSO
federated private SSO
Should use a provider that uses SAML (Security Assertion Markup Language)
95
Authorization Management
goal establish access rights , establish a trust relationship between the entities and the cloud service and to ensur that the process can be subjected to auditing
96
XACML - Extensible Access Control Markup Language
basedby OASIs and is used to make authroization policya mgmt and related decisions, uses a schema.
Challenging area of cloud computing because could come from individual, company, etc.
97
Compliance Mgmt
auditing access and rights, implementing access control policies and standards surrounding reporting, periodic monitoring, segregation of duties and access monitoring.
98
IAM is needed
when an org IT Admin uses a csp mgmt console,
An org uses and identity federation
to regain control over dynamic trust boundaries and to improve operational efficiency.
99
csp's face a number of challenges
protect SAAS user's accounts from external threats and provide an API for PAAS Authentication
Prevent duplicate LAAS user idnetities from being created.
Orgs that use federated identities to access LAAS Services should ensure that their CSPs support IAM
100
Considerations in cloud federation are:
using a SSO Scheme
define tunneling technologies
providing computing and storage resources
managing billing and reconciliation
in web services to receive idetnity info from security and identity token services without requiring input from users. must use security token exchange that has to be shared
101
Authentication services aka is
Identity providers
Relying Parties
web apps or services that consume tokens
102
Models for identity federation is provided by
WS-Security
WS- Trust
WS-SecurityPolicy standards
103
2 types of SSO
web based - authenticates across multiple platforms and org boundaries. allows navigation betwen pages without re-authentication. Some countries don't allow sharing of data across companies so SSO shouldn't reveal the identity of an authenticating user and the SSO process should be handled anonymously.
Non-Web Based - used to access legacy applicaitons or aren't supported web based SSO SSO resends the authentication info again to the app
104
SSO benefits
commercial benefits, ie ecommerce users can setup their own accounts, can be usesd to access services from different websites
Effieciency - speed up the app development life cycle. apps cna call a standard authentication procedure instead of more code
105
RSA Secuirty
three components:
Authenticator
Authentication Server
Administration Server
106
IDaas
Identity as a service
107
Presence Information has 3 parts
Identity - user's identity is referred to as that user's presentity. Presentities provide information regarding their whereabouts so others know how and where to contact them.
status - levels of availability ie: online, offline on phone or away. Are they available to communicate and in what context. usually has a graphic indicator
Location - geographical location of a device or entity, as well as what device they are on. can include geo location ifo, gps co-ordinates, in a meeting, on a network, etc, online or offline
108
Presence Protocols
Session Initiation Protocol
Session Initiation Protocol for IM and Presence Leveraging Extensions
Extensible Messaging and Presence Protocol
109
Session Initiation Protocol
widely used signaling protocol designed by the internet Engineering Task Force or IETF to control mulitmedia communication sessions that typically take place across one or more media streams. video conferences, Im, presence info, file transfers or multi media
110
Session Initiation Protocol for Instant Messaging and presence Leveraging Extensions
Aka SIMPLE
is an add on to SIP and uses SIP to leverage presence on the cloud. protocol facilitates real-time, two way communication amoung all cloud users who can be located and identified
111
Extensible Messaging and Presence Protocol
XMPP aka is a messaging protocol based on xml. originally designed to support real time communication betwwen devices using IM, but now is used in Voice over IP or VoIP systems as well
112
Presence Services have 3 parts
Presentity
Watcher
Presence Server
113
publish-and-subscribe or pub-sub
provides info regarding its network status to presence server and then subscribes presence info to relevant subscribers
114
Presence services rely on applications known as watchers
ie: microsoft office live communication server with im platform like office communicator to communicate. these applications to collaborate in real time and to use the range of presence information available
115
Presence Engine
acts as a broker between presence publishers and subscribers. collates infofrom data sources, distributes it to subscribers authorized to receive info,
They must channel encryption and provide strong authorization, authentication and access controls to ensure secure info exchange
116
Securing a presence enabled system
all presence soruces are authenticated before they canupdate an entitiy's presence info
Only authorized sources can update info
Only a Presentity can create and modify its own privacy rules
Only authenticated presentities can specify privacy filters
Confidentiality and integrity of presence info and privacy filters is maintained
117
Key Privacy Concerns with the cloud
```
data Access
Compliance
Data Storage
Data Removal
Data Retention
Auditing and Monitoring
Privacy Breaches
```
118
Data Access with Privacy
ensuring clients have access to their data , making it secure and can't be intercepted
119
Compliance with Privacy
tricky when clouds cross multiple jusridictions and legislation. have to find out what laws and regs pertain
120
Data Storage Privacy
on a cloud data can get moved to different geographical locations so can become harder to keep data private
121
Data Removal Privacy
To ensure data is destroyed without a trace because CSPs store mulitple copies of data across various servers and sites.
122
Data Retention Privacy
decide retention policies, CSP need to ensure they adhere to relevant regs
123
Auditing and Monitoring Privacy
CSPs have to reassure stakeholders that privacy requiremtns have been met. can be difficult when data is in different geograqphical locations or on virtual servers
124
Privacy Breaches
may be hard to determine who is liable
Presence information needs to be kept secure
125
Privacy Document Components
Authorization of Watchers - must be authorized before having access to info
Selective Notificatons - Criteria allowed to watch
Differential Presence Info - what can be distributed
Local and National Rules - any rules/laws need to be outline if pertain
Authorization of Anonymous subscritpions - should allow presentities to authorize anonymous subscribers. Watchers hsould be allowed to hide their identities in order to maintain privacy during certain sessions
126
Data Life Cycle Phases (5)
| Data Life Cycle Management (DLM)
```
Data Creation
Storage
Use
Archiving
Destruction
```
127
key Challenges in regards to security of data
```
Backup and Recovery
Data Discovery
Data Overlaps
Data Persistence
Inference and Aggregation
Location
Security
```
128
ISO 27001
Provides assurance that a CSP is certified and has appropriate and adequate security management processes
129
ISO27002
Provides assurance that a CSP has processes in place for access control and business continuity management
130
SysTrust
Provides auditable assurance that CSPs maintain system availability, integrity, privacy, and confidentiality
131
Cloud implementation requires the client and the CSP to negotiate these items
confidentiality - how will data be transfered and stored? how will it be segregated? Who will have access to the data in the cloud?
Integrity - need to determine permissions - who can modify data in the cloud and specific information on how the CSP hires and monitors its own administrators
Availability - what happens to data if a company goes out of business, is data accessible 24/7, distaster recovery plan of the CSP to ensure rapid recovery.
Authorization - how will access control be handled by CSP and client, only those authorized can access data and apps
Authentication - need to know what authentication measures are in place to ensure only legitimate users are granted access to the data and apps
Auditing - meet regulatory requirements, security measures are in place and the ability to audit the measures to ensure compliance - will they undergo an audit?
132
3 ways to determine responsibility between CSP and client
1. CSPs manage security controls - need to match security compliance of the customer and conform to r3ecognized standards and best practices.
2. Customers supply security controls - Cusotmer supply its own secuirty infrastructure to extend to services hosted by the CSP, Customer provides key secuirty controls and ensuring that local controls can interact with cloud based controls via standards-based interfaces.
3. CSPs provide security to local client system - csp is responsible for creating and managing the local security used by the customer on the customer's local network, in this scenario, confidential data is stored locally with the customer. This can help eliminate certain risks with cloud based data storage
133
SAAS provides organizaitons
email management - anti-malware in the cloud, enforce encryption of outgoing email, catch spam, backing up and archiving email and indexing stored email in a central repository which is useful for e-discovery.
web content filtering - content filtering and virus filtering before entering network and protect against info leakage, can be used to block traffic or reduce bandwidth
Vunerability Management - can be used to identify vulnerabilities and to provide patches and solutions to address them.
134
3 key security areas to address with prospective CSPs
Data Location
Regulatory Compliance
Investigative Support
135
SAAS - Software as a service - challenges and risks associated with it
```
Data Level Security
Physical Asset Control
Virtualization Risks
Mobile Device Security
Compliance Standards
```
136
Basic Security Measures for Saas
```
Physical data center security
Application Security
Virtual Machine Security
Risk Management
Training
Data Security
Access Management
```
137
Physical data center security
should have multilevel including access control mechanism, ie: biometrics, constant visual monitoring, alarms etc
Environmental controls ie: temperature, air flow, fire suppression, electricity supply
policies processes and procedures
138
Application Security
web apps should be developed following open web application security project or OWASP guidelines
apps should lock down prots and unnecessary commands on Linux, Apache, MySQL and PHP (LAMP) stacks in the cloud.
139
Virtual Machine Security
to include integrity monitoring , intrusion detection or prevention systems and log inspection controls good idea to use bi-directional stateful firewalls on VDIs and enable centralized management of server firewall policies
140
csp and client responsibilities
Owners - authority and accountability for protection requiremnts and information assets.
CSPs are responsible and accountable for implementing integrity, availability, and confidentiality and privacy controls
141
Risk Management
conducting and documenting a security risk assessment. prioritize risk mitigation and other risk handling strategies and controls
142
Training
train on security issues and policies, best practices
143
Data Security
```
Data Inventory
Data Classification
Data Analysis
Data Protection, retention, and recovery
Data Privacy
Protocols for destroying data
```
144
Access Management
least privilege - lowest possible access granted to those working with data. end to end identity and trust fromt eh cloud to the enterprise needs to be monitored by the CSP, needs to balance security with ease of access
145
Secure Software Development Life Cycle
| SecSDLC involves 6 phases
```
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance
```
146
Jericho Forum created the Cloud Cube Model
it defines the boundaries of the cloud and the enterprise and consists of:
Internal or External
In House or Outsourced
Proprietary or Open
Perimeterized or deperimeterized
147
Factors that are an issue when using a cloud infrastructure (IaaS)
Lack of network level auditing and monitoring
Loss of traditional network tiers and segregation
Higher incidence of DNS Attacks
Increase in Denial of Service or DoS attacks
148
security with IaaS
Customers have full responsibility for securing applications when using this model. CSPs don't access or review customer apps
custoemrsa are responsible for end point security such as antivirus, account and identity mgmt, browser hardening
CSP should be asked to provide log-in history to facilitate investigations
149
security with PaaS
CSPs manage customers platforms and runtime engines, security of the model, but custoemr is responsible for esecuring its own apps onteh platform
150
Security with SaaS
CSP is responsible for managing the entire suite of applications and security
Customers are usually responsible for account management, operational security, access management
151
Data at Rest
data stored permanently or temporarily within the cloud.
152
Data on the cloud security issues to consider
Data Provenance - data integretity up a notch
Data Lineage - the tracing of datalocationsover time, impratical in the cloud
Data Remanence - traces of data once information has been deleted or connections and hardware have been discarded ie: cahche stores, trash stores and faulty hard drives may be accessed through unauthorized users so needs to be addressed. Guidelines for media sanitationset out by the national Institute of Standards and Technology or NIST or the guidelines set out by a standard such as ISO 27001.
153
two stacks used in cloud computing (stacks are programs when used together allow you to put together a web app)
1. LAMP - open source
154
SOAP aka Simple O bject Access Protocol
is used to structure and exchange info between web services, relies on XML
155
UDDI or Universal Description, Discovery and Integration
XML based directory that businesses can use in conjunction with web services to collaborate, list their organization, find other organizations
156
WSDL or Web Services Description Language
XML Based language used to describe web services as a collection of ports
157
Open Source apps used in multi-tier architectures aka n-tier architectures
client server architecture in which three processes - presentation, data management and application processing are represented logically as separate layers or tiers
an example is OpenStack Software cloud o/s - runs on linux
158
different areas whre open source software is used
```
application tiers
datatcenters
database tiers
systems and network management tiers
web presence
```
159
Open Stack consists of three projects
Compute project
Object Storage
Image Service
160
when adopting VDI you need to consider
```
Demands from a complex multi-tier architecture
Potential for increased downtime
User Profiles in an Organization
Plans for implementation
Design Related Issues
```
161
PCoIP
PC over IP protocol designed for the cloud environment. It is remote desktop protocol. Allows users to add a second monitor, change desktop resolution in a vdi environment
clients are still separated from the cloud server by an IP network but client apps and o/s run as if on a standalone pc. doesn't coompromise session speed or network bandwidth
have to have a monitor that is pcoip processor in it. LCD. can be a software or hardware processor
supported on thin and zero clients
Companies Pano Logic, Teradici, Wyse Technology
