Objective 1.3 Flashcards
Summarize cloud concepts and connectivity options. (20 cards)
IaaS (Infrastructure as a Service):
What is it?
Cloud Service Models
The cloud provider gives you access to the fundamental building blocks of computing: virtual servers (compute), storage, and networking.
You are responsible for managing the operating system, applications, and data.
What is the “Pizza as a Service” analogy for IaaS?
Cloud Service Models
Take and Bake.
The cloud provider gives you the kitchen, oven, and all the raw ingredients (dough, sauce, cheese).
You are responsible for assembling, baking, and serving the pizza.
You have the most control but also the most responsibility.
PaaS (Platform as a Service):
What is it?
Cloud Service Models
The cloud provider manages the underlying hardware and operating systems.
You are only responsible for deploying and managing your own applications and data on their platform.
What is the “Pizza as a Service” analogy for PaaS?
Cloud Service Models
Pizza Delivery.
You just order the pizza. The provider handles making the pizza and bringing it to you.
You are responsible for the table, drinks, and actually eating it.
It’s ideal for developers who don’t want to manage infrastructure.
SaaS (Software as a Service):
What is it?
Cloud Service Models
The cloud provider manages everything.
You are simply a user accessing the software over the internet, typically through a subscription.
Think of Office 365, Gmail, or Salesforce.
What is the “Pizza as a Service” analogy for SaaS?
Cloud Service Models
Dining Out.
You go to a restaurant.
You don’t manage anything. You just show up, order, eat, and leave.
This is the simplest model from a user perspective.
Public Cloud:
What is it?
Cloud Deployment Models
Cloud services are provided over the internet and shared across multiple organizations (multi-tenant).
You pay for what you use.
Examples: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP).
Private Cloud:
What is it?
Cloud Deployment Models
Cloud infrastructure is built and operated exclusively for a single organization (single-tenant).
It provides greater control and security but is more expensive.
It can be hosted on-premises or by a third party.
Hybrid Cloud:
What is it?
Cloud Deployment Models
A combination of public and private clouds, bound together by technology that allows data and applications to be shared between them.
This allows an organization to keep sensitive data in a private cloud while leveraging the vast resources of a public cloud.
NFV (Network Functions Virtualization):
What is this concept?
Core Cloud Networking Concepts
Decoupling network functions (like routing, firewalls, load balancing) from dedicated hardware appliances and running them as software on standard servers.
This is the core principle that makes virtual firewalls and routers in the cloud possible.
VPC (Virtual Private Cloud):
What is it?
Core Cloud Networking Concepts
Your own logically isolated, private section of a public cloud.
It allows you to define your own IP address space, subnets, route tables, and network gateways, giving you full control over your virtual network environment.
What is a simple analogy for a VPC?
Core Cloud Networking Concepts
A fenced-off, private VIP area inside a giant, public park.
You control who comes in and out and how everything is arranged inside your area, but you’re still within the larger park grounds.
Network Security Group (NSG) / Security List:
What is its function?
Core Cloud Networking Concepts
It acts as a virtual, stateful firewall for your cloud resources, like Virtual Machines (VMs).
It controls inbound and outbound traffic based on rules specifying source/destination IP, port, and protocol.
Internet Gateway (IGW):
What is its function?
Core Cloud Networking Concepts
A horizontally scaled and highly available VPC component that allows communication between instances in your VPC and the public internet.
It is the “front door” for public traffic.
NAT Gateway (Network Address Translation Gateway):
What specific problem does it solve?
Core Cloud Networking Concepts
It allows instances in a private subnet to initiate outbound traffic to the internet (e.g., for software updates) but prevents the internet from initiating connections back to those instances.
This provides security for backend systems.
VPN (in a cloud context):
How is it used for connectivity?
Cloud Connectivity Options
A Site-to-Site VPN creates a secure, encrypted tunnel over the public internet to connect an on-premises data center directly to a cloud VPC.
It is a common, cost-effective way to create a hybrid cloud.
Direct Connect:
What is it?
Cloud Connectivity Options
A dedicated, private, physical network connection (typically fiber optic) between an on-premises data center and the cloud provider’s network.
VPN vs. Direct Connect:
Why choose one over the other?
Cloud Connectivity Options
- VPN: Uses the public internet. Cheaper and faster to set up, but performance can be inconsistent.
- Direct Connect: Private, dedicated connection. More expensive and takes longer to set up, but provides guaranteed high bandwidth, low latency, and consistent performance.
Scalability:
What is it?
Key Cloud Characteristics
The ability to increase or decrease IT resources as needed to meet changing demand.
- Vertical Scaling (Scaling Up): Adding more power (CPU, RAM) to an existing server.
- Horizontal Scaling (Scaling Out): Adding more servers to a resource pool.
Elasticity:
What is it, and how does it differ from Scalability?
Key Cloud Characteristics
The ability for the cloud system to automatically provision and de-provision resources based on real-time demand.
Scalability is something you plan for; elasticity is a property that happens automatically.
This prevents you from paying for idle resources.
