1.4.a Traffic path to internal and external cloud services
From the NIST website:
“The NIST definition lists five essential characteristics of cloud computing: on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service. It also lists three “service models” (software, platform and infrastructure), and four “deployment models” (private, community, public and hybrid) that together categorize ways to deliver cloud services.”
Access to public and private cloud happens in the following broad ways:
- Private WAN
- VPN tunnel over the internet
1.4.b Virtual services
There are a few major types of cloud services, they are broadly grouped according to the type of offering.
- Infrastructure as a Service
- Offers storage, network, RAM and CPU as a virtual service which can be created and destroyed rapidly. Often the “Virtual PCs” can be small ( ie 1 CPU, 512MB RAM, 15GB disk) or scale up to incredibly high sizes.
- Software as a Service
- Offers a functioning software service that is pre-configured and runs on the vendors own private infrastructure. The vendor takes care of the maintenance and upgrades of the software.
- Examples of these are Dropbox, Gmail, Microsoft Exchange and WordPress.
- Platform as a Service
- Offers an IaaS but with added software tools pre-configured. Examples are Jenkins continuous integration and Google’s App Engine.
1.4.c Basic virtual network infrastructure
Cloud services run inside Virtual Machines. Virtual Machines emulate all aspects including a machines network connections, creating Virtual Network Interfaces.
Virtual network infrastructure is required to connect the virtual machines or “instances” inside the VM similar to a real network. This involves the use of Virtual Switches, Routers and Firewalls often called “cloud firewalls/routers/switches”.
Virtual networks may actually become larger than their real life counterparts due to the popularity and convenience of cloud services both private and public.