◾ Infrastructure as a Service

We’ll begin our discussion by touching on a few high-level conceptual issues. en we’ll actually break down a cloud infrastructure into its various component pieces. ese components include the compute nodes that actually encapsulate the computational capability of a cloud infrastructure and make it fractionally available to several users for sharing; the

CONTENTS 3.1 Contextual Considerations 38

3.1.1 Greatest Common Denominator 38 3.1.2 User Communities 39 3.1.3 Shared Impact 39

3.2 Components of a Private Cloud Infrastructure 40 3.2.1 Compute 40

3.2.1.1 Hypervisors 40 3.2.1.2 Containers 41 3.2.1.3 Bare Metal 42

3.2.2 Network 42 3.2.2.1 Underlying Approaches 42 3.2.2.2 Security Implications 43

3.2.3 Storage 43 3.2.3.1 Underlying Approaches 43 3.2.3.2 Security Implications 44

3.2.4 Management 44 3.2.4.1 Underlying Approaches 45 3.2.4.2 Security Implications 45

3.3 Summary 46 References 46

network connectivity that allows several compute nodes to communicate with each other and with the outside world while maintaining network layer isolation between unrelated users of the cloud infrastructure; the storage services that provide functionality for applications in the cloud environment to maintain state, usually in the form of virtualized hard drives, that can be used and manipulated by compute nodes and potentially shared over the network capability; and the management layer that lets us manage all the rest. As we look at these component pieces of an infrastructure-as-a-service (IaaS) cloud infrastructure, we’ll take a look at some underlying approaches used by various cloud technologies to deliver each component, and we’ll review some of the key security considerations that pertain to each component. Let’s get started!