Technologies used in Cloud Computing

Here are some of the key technologies that underpin cloud computing:

• Virtualization: This technology allows a single physical server to be divided into

multiple virtual servers, each of which can run its own operating system and
applications. This enables efficient resource utilization and scalability.
• Service-Oriented Architecture (SOA): SOA breaks down applications into
smaller, independent services that communicate with each other using
standardized protocols. This modular approach makes it easier to develop,
deploy, and manage cloud applications.
• Grid Computing: This technology pools the resources of multiple computers to
create a single, virtual supercomputer. This can be used for computationally
intensive tasks such as scientific simulations and weather forecasting.
• Utility Computing: Similar to how you pay for electricity based on usage, utility
computing allows you to pay for cloud resources only for as long as you need
them. This provides a cost-effective way to scale resources up or down as
needed.
Nist
NIST stands for the National Institute of Standards and Technology. It's a non-
regulatory agency within the U.S. Department of Commerce. NIST's primary focus is
promoting American innovation and industrial competitiveness by:
• Developing and maintaining technical standards for various industries,
ensuring quality and interoperability.
• Conducting research in various scientific and technological fields, from
nanoscale science to cybersecurity.
• Providing measurement services to ensure the accuracy and consistency of
measurements across different sectors.
Overall, NIST plays a crucial role in supporting U.S. technological advancement and
economic growth.
SAN
A Storage Area Network (SAN) is a dedicated high-speed network that connects
servers to shared storage devices, like disk arrays and tape libraries. It essentially
functions as a centralized pool of storage accessible by multiple servers, appearing to
them as locally attached storage. This allows for:
• Improved storage performance and scalability: Data transfer is faster
compared to traditional storage solutions, and storage capacity can be easily
expanded.
• Increased server flexibility: Servers can be independent of specific storage
devices, simplifying maintenance and upgrades.
• Enhanced disaster recovery: Data can be replicated across storage devices in
the SAN for redundancy and easier recovery in case of failures.
SANs are commonly used in mission-critical applications that require high availability
and performance, such as databases and enterprise applications.
NAS
Network-attached storage (NAS) is a dedicated file-level storage device connected to
a network. It acts like a central hub for storing and sharing data across various devices
on the network. Here's a quick breakdown:
• Centralized storage: NAS provides a single location for storing data, accessible
by authorized users on the network using file protocols like SMB or NFS.
• File-based access: Unlike SANs that work at the block level, NAS allows users
to access and manage files directly, similar to a local hard drive.
• Easy sharing: NAS simplifies data sharing within a network, enabling
collaboration and access to common files for different devices.
• Scalability: Many NAS systems offer options to add additional storage capacity
as needed, making them adaptable to growing data needs.
NAS is a popular choice for home offices, small businesses, and media streaming
due to its user-friendly interface, ease of setup, and cost-effectiveness for file sharing
and backup needs.
Models in Cloud Computing
In cloud computing, "models" primarily refer to the service delivery models, defining
how cloud services are delivered to users. There are three main types:
1. Infrastructure as a Service (IaaS):
• IaaS provides the foundation of cloud computing. It offers virtualized computing
resources like servers, storage, and networking.
• Users have high control and flexibility to manage these resources and deploy
their own applications.
• This model is suitable for organizations needing fine-grained control over their
infrastructure and requiring customization.
2. Platform as a Service (PaaS):
• PaaS builds upon IaaS by providing a development and deployment platform.
It offers tools and frameworks for building, testing, and deploying applications.
• Users have control over their application development process but less
control over the underlying infrastructure.
• This model is ideal for developers who want to focus on application
development without managing the infrastructure.
3. Software as a Service (SaaS):
• SaaS offers ready-to-use applications delivered over the internet. Users
access and use these applications through a web browser or mobile app, without
managing any underlying infrastructure or software.
• SaaS requires minimal user maintenance and is the simplest cloud service
model.
• This model is best for everyday applications like email, CRM, and collaboration
tools, where users need immediate access and minimal technical expertise.
Characteristics and Services for Cloud Models
Characteristics and Services of Cloud Models

Cloud computing models, encompassing Infrastructure as a Service (IaaS), Platform

as a Service (PaaS), and Software as a Service (SaaS), offer distinct characteristics
and service sets:
Characteristics:
 • On-demand self-service: Users can provision and manage resources without
human interaction.
• Broad network access: Services are accessible from various devices and
locations over the internet.
• Resource pooling: Resources are dynamically allocated and shared among
multiple users.
• Rapid elasticity: Resources can be scaled up or down quickly to meet changing
needs.
• Measured service: Resource usage is tracked and billed based on actual
consumption.
Services:
• IaaS: Provides fundamental building blocks like virtual machines, storage,
networking, and security features.
• PaaS: Offers a platform for developing, deploying, and managing
applications, including tools, frameworks, databases, and middleware.
• SaaS: Delivers ready-to-use applications over the internet, accessible through
a web browser or mobile app.

Here's a table summarizing these aspects:

Feature IaaS PaaS SaaS

Characteristics - - -
On-demand self-service Yes Yes Yes
Broad network access Yes Yes Yes
Resource pooling Yes Yes N/A
Rapid elasticity Yes Yes May be limited
Measured service Yes Yes Yes
Services - - -
Virtual Machines Yes N/A N/A
Storage Yes Yes N/A
Networking Yes Yes N/A
Development tools N/A Yes N/A
Databases N/A May be included N/A
Applications N/A N/A Yes
Choosing the right cloud model depends on your specific needs and requirements.
Consider factors like the level of control needed, desired flexibility, technical expertise,
and cost when making your decision.

Public and Private Cloud

Public and private cloud are two main deployment models for cloud computing, differing
in ownership, access, and control:
Public Cloud:
• Ownership: Owned and operated by a cloud service provider (CSP) like
Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform
(GCP).
• Access: Shared infrastructure, accessible to any paying customer over the
internet.
• Control: Limited control for users, primarily focused on configuring and
managing their applications within the provided resources.
• Benefits: Cost-effective, highly scalable, readily available, minimal upfront
investment.
• Drawbacks: Security concerns due to shared environment, less customization,
potential vendor lock-in.
Private Cloud:
• Ownership: Owned and operated by an organization itself or by a third-party
provider dedicated to that organization.
• Access: Exclusive use by a single organization, providing increased control and
security.
• Control: High level of control over infrastructure, configuration, and security
settings.
• Benefits: Enhanced security and privacy, greater customization, improved
compliance, predictable performance.
• Drawbacks: Higher upfront costs for setup and maintenance, potentially less
scalable than public cloud.
Choosing between public and private cloud depends on your specific needs.
Organizations prioritize security, compliance, or sensitive data storage often favor
private cloud. Conversely, cost-effectiveness, ease of use, and rapid scalability often
make public cloud the preferred option for others.

Basics of Virtualization

Virtualization is essentially creating a software simulation of something, typically

computer hardware. Imagine a powerful computer being divided into multiple, isolated
virtual machines, each acting like a separate computer. Here's a breakdown of the
basics:
• Core concept: Divide a physical resource (like a server) into multiple virtual
versions. Each virtual machine acts like an independent computer with its own
operating system and applications.
• Hypervisor: This software layer sits between the physical hardware and the
virtual machines. It manages the allocation of resources (CPU, memory, storage)
and ensures each virtual machine runs smoothly.
• Benefits:
o Increased efficiency: Utilize a single physical server for multiple virtual
machines, maximizing hardware usage and reducing costs.
o Improved flexibility: Easily create, deploy, and manage virtual machines
as needed, promoting agility.
o Enhanced isolation: Each virtual machine operates in its own isolated
environment, improving security and stability.
• Use cases: Virtualization is widely used in various applications, including:
o Server consolidation: Run multiple servers on a single physical machine,
reducing hardware needs and costs.
o Disaster recovery: Create backups of virtual machines for quick recovery
in case of outages.
o Desktop virtualization: Provide users with virtual desktops accessible
from any device.
Virtualization is a fundamental technology in cloud computing, enabling efficient
resource utilization and on-demand service delivery.

Types of Virtualizations

Virtualization comes in various flavors, each suited to a specific need. Here's a quick
overview of some common types:

1. Server Virtualization: This is the most widespread type. It creates virtual

machines on a physical server, allowing you to run multiple operating systems
and applications independently on the same hardware.
2. Desktop Virtualization: This technology delivers virtual desktops to users,
accessible from any device with an internet connection. It offers benefits like
centralized management and improved security.
3. Application Virtualization: This focuses on virtualizing individual applications,
allowing them to run on different operating systems without modification. This
simplifies application deployment and management.
4. Storage Virtualization: This pools physical storage from multiple devices and
presents it as a single, unified storage resource. This enhances storage
utilization and simplifies management.
5. Network Virtualization: This virtualizes network resources like routers,
switches, and firewalls, creating a flexible and scalable network infrastructure. It
allows for efficient network resource allocation and simplified management.

These are just some of the common types of virtualization. The specific type chosen
depends on the desired outcome, such as improved resource utilization, increased
flexibility, or enhanced security.

Azure Fundamentals

Azure Fundamentals refers to a couple of things from Microsoft related to their cloud
platform, Azure:
 1. Learning Path: It's a series of courses offered by Microsoft that introduce you to
the basics of Microsoft Azure. This path is ideal for beginners with no prior cloud
computing knowledge or those new to Azure. It covers:
o Cloud concepts: Explains the core ideas behind cloud computing,
including deployment models (like public, private, and hybrid cloud) and
service models (IaaS, PaaS, SaaS).
o Azure services: Provides an overview of the various services offered by
Azure, categorized into core areas like compute, networking, storage, and
databases.
o Azure management and governance: Introduces you to the tools and
practices used to manage and govern Azure resources, ensuring security
and cost-effectiveness.
2. Certification (AZ-900): After completing the Azure Fundamentals learning path,
you can take the AZ-900 Microsoft Azure Fundamentals certification exam. This
validates your understanding of the foundational concepts of Azure cloud
services and demonstrates your ability to describe them to potential employers.

Overall, Azure Fundamentals equips you with the foundational knowledge to navigate
the Microsoft Azure cloud platform and its core services. It's a stepping stone for further
learning or pursuing cloud-related careers.

Configuring Virtual Machines and Installing OS in Azure.

Configuring virtual machines (VMs) and installing an OS in Azure involves a few key
steps:

1. Create a Virtual Machine:

o Access the Azure portal and navigate to "Virtual Machines" service.
o Click "Create" and choose a meaningful name for your VM.
o Select a subscription (your billing plan) and resource group (organization
for your resources).
2. Choose VM Instance Details:
 o Pick a region closest to your target audience for optimal performance.
o Select a virtual machine image. This pre-configured image contains the
desired OS (Windows, Linux etc.) and saves you installation time.
o Choose a VM size with appropriate processing power, memory, and
storage based on your workload.
3. Configure Settings:
o Define inbound port rules (e.g., open port 3389 for remote desktop access
to Windows VMs).
o Set up administrator credentials (username and password) for initial login.
o Configure networking options by choosing a virtual network and subnet for
your VM.
4. Review and Create:
o Double-check all your configurations before finalizing.
o Click "Create" to provision your virtual machine in Azure.
5. Connect and Install OS (if needed):
o Once deployed, access your VM using tools like Remote Desktop for
Windows or SSH for Linux.
o If you haven't chosen a pre-configured image with OS, you'll need to
install the OS manually through the provided VM console.
Here are some additional points to consider:
• Managed disks: Utilize Azure managed disks for automatic storage provisioning
and management.
• Security groups: Implement security groups to control inbound and outbound
traffic for your VM.
• Public IP address: Assign a public IP if you need external access to your VM.
Microsoft provides detailed documentation and tutorials for each step of this process.
Search for "Create a virtual machine in Azure portal" on Microsoft Docs:
https://learn.microsoft.com/en-us/azure/ for the latest instructions.

SSH and Password Security Levels

SSH and Password Security Level

SSH (Secure Shell) is a secure network protocol for remote login and command-line
execution. It offers a significant improvement over insecure protocols like Telnet by
encrypting all communication between the client and server. This encryption protects
passwords and data from being intercepted by unauthorized users.

However, password security remains a crucial factor in overall SSH security. Here's a
breakdown:

• Strengths of SSH:
o Encryption: Protects passwords and data in transit, making it much harder for
attackers to steal them.
o Authentication methods: SSH supports various authentication methods beyond
passwords, including public key cryptography which can be more secure.
• Weaknesses of Password-based SSH:
o Guessing attacks: Passwords can be vulnerable to brute-force attacks where
attackers try millions of combinations.
o Weak passwords: Users often choose weak passwords which are easier to
guess.
o Phishing attacks: Tricking users into revealing their password through fake login
pages.
Overall Security Level:
SSH with a strong password offers a moderately secure connection compared to
unencrypted protocols. However, it's not foolproof. Here's how to improve security:
• Use strong passwords: Complex passwords with a mix of uppercase, lowercase,
symbols, and numbers are harder to crack.
• Enable public key authentication: This method eliminates the need to transmit
passwords altogether, relying on cryptographic keys for verification.
• Limit login attempts: Configure your SSH server to restrict the number of login
attempts to prevent brute-force attacks.
 • Keep software updated: Ensure your SSH client and server software are updated with
the latest security patches.

By combining SSH with strong password practices and additional security measures,
you can significantly enhance the overall security of your remote connections.

PEM Key

A PEM (Privacy-Enhanced Mail) key is a format for storing cryptographic keys. It's
commonly used to store private keys used for SSH (Secure Shell) connections. Here's
a quick breakdown:
• Function: PEM files contain the base64 encoded version of the actual private
key along with header and footer information identifying it as a PEM encoded
key.
• Security: While PEM itself doesn't provide encryption, the private key within the
file is crucial for decryption in SSH. So, keeping the PEM file secure is essential.
• SSH and PEM: In SSH public key authentication, a pair of keys is used: a public
key (distributed to servers) and a private key (kept secret). The server uses the
public key to encrypt data that only the corresponding private key can decrypt.
PEM files typically store the private key.

Here are some key points about PEM keys:

• Not passwords: PEM keys are an alternative to password-based authentication,

offering potentially stronger security.
• Secure storage: PEM files themselves are not encrypted by default. It's crucial
to store them securely, often using strong permissions on the file system.
• Use with SSH clients: PEM keys are used with SSH clients to connect to
servers securely without needing to enter a password each time.

Overall, PEM keys are a valuable tool for secure remote access using SSH, but proper
storage and management are essential for maintaining strong security.
Securing Cloud machines using Defender

Securing Cloud Machines with Microsoft Defender for Cloud

Microsoft Defender for Cloud, formerly known as Azure Security Center, is a

comprehensive suite of tools designed to help you secure your cloud workloads and
resources in Azure. Here's a glimpse into how Defender helps secure your cloud
machines:

Vulnerability Management:
• Defender scans your VMs for security vulnerabilities in the operating system,
applications, and configurations.
• It prioritizes vulnerabilities based on severity and exploits, allowing you to focus on the
most critical issues first.
• Recommendations for remediation steps are provided to help you patch or address the
vulnerabilities.
Threat Protection:
• Defender continuously monitors your VMs for suspicious activity and potential threats.
• It utilizes machine learning and behavioral analytics to detect malware, unauthorized
access attempts, and other malicious activities.
• Alerts are generated for identified threats, enabling you to take timely action.
Just-in-Time (JIT) Access Control:
• JIT access restricts inbound traffic to your VMs, only allowing access from specific IP
addresses or applications for a limited time.
• This reduces the attack surface and minimizes the window of opportunity for attackers.
Adaptive Application Controls:
• This feature allows you to define rules to control which applications can run on your
VMs.
• This helps prevent unauthorized applications from being executed, potentially containing
malware or vulnerabilities.
Adaptive Network Hardening:
 • Defender dynamically adjusts security policies for your VMs based on real-time threat
intelligence.
• This helps ensure your VMs are protected against the latest threats without
compromising legitimate traffic.
Workload Protection:
• Defender offers additional security features specifically designed for different workloads
like web apps, databases, and containers.
• These features provide deeper insights and tailored security controls for these specific
environments.
Benefits of using Defender:
• Proactive security: Helps identify and address vulnerabilities before they can be
exploited.
• Reduced attack surface: Minimizes the potential entry points for attackers.
• Improved threat detection: Continuously monitors for malicious activity and provides
timely alerts.
• Simplified management: Offers a central console to manage the security of all your
cloud resources.
Overall, Microsoft Defender for Cloud plays a crucial role in securing your cloud
machines in Azure by providing a comprehensive set of security tools and
automated processes. It's important to note that Defender is one piece of the security
puzzle, and it's essential to implement a layered security approach for optimal
protection.

Basic Linux commands for Accessing the remote machine.

Here's a breakdown of the basic Linux command for accessing a remote machine
securely:

Command: ssh user@remote_machine_ip

Explanation:
• ssh: This keyword initiates the Secure Shell connection, the secure protocol for

remote access.
 • user: This represents your username on the remote machine where you're trying

to log in.
• remote_machine_ip: This is the IP address of the machine you want to access

remotely.
Example:
ssh jdoe@192.168.1.100
In this example, jdoe is the username on the remote machine with the IP address
192.168.1.100.

Additional Notes:
• After running this command, you'll be prompted to enter the password associated
with your username on the remote machine.
• Make sure you type the password correctly and it won't be echoed on the screen
for security reasons.
• This command establishes a secure connection and allows you to execute
commands on the remote machine as the specified user.
Important Security Considerations:
• Avoid using password-based authentication for remote access whenever
possible. It's generally recommended to set up SSH key-based authentication for
a more secure and passwordless login experience.
• Public key authentication involves creating a public-private key pair on your local
machine. The public key is added to the authorized_keys file on the remote
machine, and the private key remains on your local machine. During login, the
SSH client uses the private key to sign a message, and the remote server
verifies the signature using the corresponding public key, granting access without
needing a password.
cd ./(place where key is placed)
ssh -i ./(key name) (azure_username)@(IP address)

This is a basic overview of remote access using SSH. For enhanced security and
additional functionalities, explore SSH key-based authentication and consider tools like
paramiko for Python or similar libraries in other programming languages to automate
remote access tasks.