In today's world, most businesses either use virtualization as it allows them to recover very quickly from a disaster or they have moved to the cloud to avoid spending a vast amount of money on equipment and disaster recovery. In this chapter, we are going to look at cloud concepts and virtualization, which will be broken down into the following topics:

• Overview of Cloud Computing
• Implementing Different Cloud Deployment Models
• Understand Cloud Computing Concepts
• Understanding Cloud Storage
• Selecting Cloud Security Controls
• Exploring the Virtual Network Environments

The demand for cloud computing has risen over the last few years as the workforce has been more mobile; the cloud solution is very cost-effective and maintains the high availability of systems. Before you decide to move to a Cloud Service Provider (CSP), you need to ensure that you trust them 100%.

There are many good reasons why cloud computing has become popular:

• Elasticity: The cloud is like a pay-as-you-go model where one day you can increase resources and then the next day you can scale down the resources. You can even add more processor power, faster disks, more memory, or dual network cards whenever you want – there's no need to wait for delivery times, but the cost increases:

  Example 1: A toy firm is hiring 50 temporary workers from October onward to deal with the rush for toys at Christmas. If the toy company were not on the cloud, they would have to purchase another 50 desktops, but instead, they lease Virtual Machines (VMs...

We will first look at the different cloud models and their characteristics. The most common cloud model is the public cloud, so let's start with that:

• Public Cloud: This is the most common model, where the CSP provides cloud services multiple tenants. This is like being one of many people who rent an apartment in an apartment block. Just like in the public cloud, none of the tenants owns their apartment:

Figure 4.1 – Public cloud

Example: A small company does not want to invest $50,000 in IT systems, so they purchase their cloud package from a cloud provider where they and other companies are hosted by the cloud provider. This is similar to someone renting one apartment in a block from a landlord – you lease but do not own the apartment. This is a multitenant environment where the cloud provider has multiple companies on the same virtual host.

• Private Cloud: A private cloud...

There are different types of cloud services, and these are very heavily tested in the Security+ exam; therefore, we will show screenshots of the types of offerings. We will first look at infrastructure as a service, which is the model that you may have more control over.

Infrastructure as a Service (IaaS)

If you think of network infrastructure, you think of desktops, servers, firewalls, routers, and switches—the hardware devices for a network. When you purchase these devices, they have a default factory setting and these settings need to be reconfigured. Desktops are bare bones, meaning that they have no operating system installed. IaaS is the same; you need to preconfigure these devices, install an operating system, and maintain the patch management. See the pricing (as of writing this book) for IaaS in the screenshot that follows:

Figure 4.5 – Microsoft's IaaS offering (July 2018)

In this section, we are going to look at different cloud computing concepts that may appear in the CompTIA Security+ exam. Make sure that you are familiar with them:

• Cloud Service Provider (CSP): CSPs are entities that resell cloud services to customers. They can provide infrastructure, software, VMs, and other services that a customer needs. Managed Cloud Service Providers (MCSP) will also take over the day-to-day running of your cloud as they have the expertise to do so.
• Managed Security Service Provider (MSSP): An MSSP will maintain the security environment for companies that will include enterprise firewalls, intrusion prevention and detection systems, and SIEM systems. They have a very highly skilled workforce who will take this headache away from a company. At https://wizardcyber.com/blog/managed-security-service-provider/ is an article about choosing an MSSP.
• Fog Computing: Fog computing complements cloud computing by processing...

Cloud storage utilizes SAN for the virtual components used in a cloud network. A SAN is a hardware device that contains a large number of fast disks, such as Solid-State Drives (SSDs), and is isolated from the LAN as it has its own network servers. The disks are set up with some form of redundancy, such as RAID 5, so that the storage space is redundant. Each switch and storage system on the SAN must be interconnected, and the physical interconnections must support bandwidth levels that can adequately handle peak data activities. There are two connection types:

• Fiber Channel: Fast but expensive, as it needs fiber channel switches and fiber cables, which are expensive.
• iSCSi Connector: Runs Small Computer System Interface (SCSI) commands over Ethernet and can connect through normal Ethernet switches and still offer good speed. This is a much cheaper option. The servers that use SAN storage are diskless but use the SAN storage as if they...

To ensure that the cloud environment is as secure as possible, many controls need to be in place. Let's look at some of these controls.

High Availability Access Zones

In a global Azure environment, there are Azure regions. Inside each region, there are high availability zones. These zones are physical locations that may hold two or more data centers and provide high availability within their zone. They are independent of each other with their own networks. Inside each network, they have their own power and Heating Ventilation and Air Conditioning (HVAC) systems that regulate their own cooling using hot and cold aisles. Applications can be distributed across multiple zones so that if one zone fails, the application is still available.

Resource Policies

These are policies that state what access level or actions someone has to a particular resource. This is crucial for resource management and audit. We need to apply the principle of...

A virtual network is very similar to a physical network in many ways but, for the Security+ exam, we must know the concept of virtualization. To be able to host a virtual environment, we must install a hypervisor on a computer hosting the VMs. A hypervisor is software that runs on a virtual host that lets the host run virtual machines. There are two different types of hypervisor:

• Type 1 Hypervisor: This is an enterprise version that can be installed on a computer without an operating system, called bare metal. Examples are VMWare ESX, Microsoft's Hyper-V, or Zen, which is used by AWS.
• Type 2 Hypervisor: This needs an operating system, such as Server 2016 or Windows 10, and then the hypervisor is installed like an application. An example of a Type 2 hypervisor is Oracle's VM VirtualBox.

The main server in a virtual environment is called a host, and the VMs that it hosts are called guests. This is very similar to...

Now it's time to check your knowledge. Answer the questions, and then check your answers, which can be found in the Solutions section at the end of the book:

1. In a cloud environment, what is elasticity?
2. In which cloud environment would you install the software and then have to update the patches?
3. What cloud model would you not be allowed to migrate to?
4. What is the major benefit of using a public cloud?
5. What is a cloud single-tenant model?
6. What is a cloud multi-tenant model?
7. Describe how a community cloud operates.
8. Who is responsible for the disaster recovery of hardware in a cloud environment?
9. What is a Cloud Access Security Broker (CASB)?
10. What model is it if you own the premises and the entire IT infrastructure resides there?
11. What is a hybrid cloud model?
12. What type of cloud service deals with identity management?
13. Where will a diskless virtual host access its storage?
14. If you have a virtual switch...