Ch07. Virtualization and Cloud Computing (PPT Slides)

Network+ Guide to Networks Objectives
Eighth Edition 7.1 Describe and explain virtualization technologies, including

how virtual machines connect with a network and how
Chapter 7 networking infrastructure devices can be virtualized
Virtualization and Cloud Computing 7.2 Describe cloud computing categories and models, and discuss
concerns regarding cloud connectivity and security
7.3 Secure network connections using encryption protocols
7.4 Configure remote access connections between devices
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as
permitted in a license distributed with a certain product or service or otherwise on a password-protected website for © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
classroom use. 1 distributed with a certain product or service or otherwise on a password-protected website for classroom use.
Virtualization (1 of 5) Virtualization (2 of 5)
• Virtualization
• A virtual, or logical, version of something rather than the actual, or physical, version
• Host
• Physical computer “hosting” a virtual machine
• Guest
• Each virtual machine
• Hypervisor
• Creates and manages a VM
• Manages resource allocation and sharing between a host and any of its guest VMs
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4
Virtualization (3 of 5) Virtualization (4 of 5)
• Two types of hypervisors: • A VM’s software and hardware characteristics are assigned when it is created in
• Type 1—Installs on a computer before any OS and is called a bare-metal hypervisor they hypervisor
• Type 2—Installs in a host OS as an application and is called a hosted hypervisor • You can customize the VM with:
• A guest OS
• Amount of memory
• Hard disk size
• Processor type and other options
Virtualization (5 of 5) Network Connection Types (1 of 9)
• Every VM has its own vNIC (virtual NIC):

• Can connect the VM to other machines
• Operates at the Data Link layer
• Each VM can have several vNICs
• Maximum number depends on the limits imposed by the hypervisor
• When VM’s vNIC is selected:
• Hypervisor creates a connection between that VM and the host
• Connection might be called a bridge or switch (vSwitch)
• One host can support multiple virtual switches
• Controlled by the hypervisor
Network Connection Types (2 of 9) Network Connection Types (3 of 9)
• The way a vNIC is configured determines whether the VM is joined to a virtual

network or attempts to join the physical LAN the host machine is connected to
• Various configurations are called networking modes, the most common are:
• Bridged
• NAT
• Host-only
• Bridged mode:
• vNIC accesses physical network using host machine’s NIC
• Obtains own IP address, default gateway, and netmask from DHCP server on physical
LAN
• VM appears to other nodes as just another client or server on the network
• NAT mode:
• vNIC relies on host machine to act as NAT device
• Obtains IP addressing information from host
• Hypervisor acts as a DHCP server
• Appropriate for VMs that do not need to be accessed at a known address by other
network nodes
• Host-only mode:
• VMs on one host can exchange data with each other and the host
• Cannot communicate with nodes beyond the host
• Never receive or transmit data with host’s physical NIC
Pros and Cons of Virtualization NFV (Network Functions Virtualization) (1 of 2)
• Advantages of virtualization: • Options for virtualizing network devices:

• Efficient use of resources • Virtual firewall—Install a firewall’s OS in a VM on an inexpensive server
• Cost and energy savings • Virtual router—Install a router VM on a server instead of purchasing an expensive
hardware router
• Fault and threat isolation
• Advantages of virtualizing network functions:
• Simple backups, recovery, and replication
• Virtual devices can be quickly and sometimes automatically migrated (moved) from
• Disadvantages: one server to another in the event of hardware failure of maintenance
• Compromised performance • Resources are utilized more efficiently
• Increased complexity • Services can be easily scaled to meet the changing needs of a network
• Increased licensing costs

• Single point of failure
NFV (Network Functions Virtualization) (2 of 2) SDN (Software-Defined Networking) (1 of 4)
• NFV (Network Functions Virtualization): • SDN:

• Merging physical and virtual network architectures • The virtualization of network services
• Provides flexible, cost-saving options for many types of network devices including: - An SDN controller (or network controller) manages these services instead of services being
directly managed by hardware devices
- Virtual servers
• SDN controller integrates all of the network’s virtual and physical devices into one
- Data storage
cohesive system
- Load balancers
• Protocols handle the process of making decisions (called the control plane)
- Firewall
• Physical devices make actual contact with data transmissions as they traverse the
• Keep in mind: network (called the data plane)
• You will need licenses for each virtualized device
• Interaction between physical and virtual devices introduces a small degree of latency
• Some administrators are not comfortable using a virtual firewall to protect an entire
network
SDN (Software-Defined Networking) (2 of 4) SDN (Software-Defined Networking) (3 of 4)
SDN (Software-Defined Networking) (4 of 4) Cloud Computing (1 of 3)
• Primary advantage to separating the control plane from the data plane • Internet is frequently pictured as a cloud
• To provide network technicians with more centralized control of network settings and • Cloud computing
management
• Flexible provision of data storage, applications, and services to multiple clients over a
• SDN creates the potential to implement more sophisticated network functions network
while using less-expensive devices • Cloud computing features:
• SDN architecture has been expanding to include management of network • On-demand service
resources hosted in places other than an organization’s own network
• Support for multiple platforms
• Resource pooling and consolidation
• Metered service
• Elastic services and storage
- Storage capacity can quickly or automatically be scaled up or down
Cloud Computing (2 of 3) Cloud Computing (3 of 3)
• Can provide virtual desktops

• Operating environments hosted virtually
• Developers can load any kind of software on the servers and test it from afar
• Cloud services provider can make sure the development servers are secure and
regularly backed up
• Most cloud service providers use virtualization software to supply multiple
platforms to multiple users
Cloud Computing Categories (1 of 4) Cloud Computing Categories (2 of 4)
• Cloud computing service models are categorized by the types of services

provided:
• Traditional
- All hardware, software, and everything else is located and managed at the organization’s
location
• IaaS (Infrastructure as a Service)
- Hardware services and network infrastructure devices are provided virtually
- Including end user interfaces such as HVDs (hosted virtual desktops)
• PaaS (Platform as a Service)
- OS, runtime libraries or modules the OS provides to applications, and the hardware on which
the OS runs
• SaaS (Software as a Service)
- Applications
Cloud Computing Categories (3 of 4) Cloud Computing Categories (4 of 4)
• XaaS (Anything as a Service or Everything as a Service):

• A broader model
• Cloud can provide any combination of functions
Deployment Models Cloud Connectivity and Security (1 of 2)
• Cloud services are delivered in a variety of deployment models • Potential risks and limitations:
• Public cloud • ISP’s uptime
• Service provided over public transmission lines • ISP-imposed bandwidth limitations
• Private cloud • Cloud provider’s uptime
• Service established on an organization’s own servers in its own data center • Cloud provider’s backup and security systems
• Community cloud • Misconfiguration that exposes one client’s data to another client
• Service shared between multiple organizations • Unauthorized access to data by cloud provider employees or illegitimate users
• Hybrid cloud • Breaches of confidentiality

• Data security regulations
• Combination of the other service models into a single deployment
• Questions over ownership of intellectual property stored in the cloud
• Questions over data maintenance
Cloud Connectivity and Security (2 of 2) Encryption Protocols
• Potential risks and limitations (continued): • Encryption:

• Risks to the network, proprietary data, or customer information caused by BYOC • Use of mathematical code, called a cipher, to scramble data into a format that can be
(bring your own cloud) services on user’s personal devices read only by reversing the cipher
• Reduced consumer confidence, fines, lawsuits, and possibly criminal charges when • Used to keep information private
cloud breaches occur
• Primarily evaluated by three benchmarks:
• Way to reduce risks of cloud computing: - Confidentiality
• Use encryption - Integrity
• Carefully choose the method by which your network connects to your cloud - Availability
resources:
• The principles above form the standard security model called the CIA triad
- Internet
- Remote access connections
- Leased line
- Dedicated connection
Key Encryption (1 of 3) Key Encryption (2 of 3)
• Key: • Private key encryption:

• Random string of characters • Data encrypted using single key
• Woven into original data’s bits - Known only by sender and receiver
• Generates unique data block called ciphertext • Symmetric encryption
• Created according to a specific set of rules (algorithms) - Same key used during both encryption and decryption
• Key encryption can be separated into two categories: • Public key encryption:
• Private key encryption • Data encrypted using two keys
• Public key encryption • Private key: user knows
• Public key: anyone may request
• Public key server:
• Publicly accessible host
• Freely provides users’ public keys
Key Encryption (3 of 3) IPsec (Internet Protocol Security)
• Key pair • IPsec

• Combination of public and private keys • Encryption protocol suite that defines rules for encryption, authentication, and key
• Asymmetric encryption management for TCP/IP transmissions
• Requires two different keys • IPsec creates secure connections in five steps:
• Digital certificate • IPsec initiation
• Holds identification information and the user’s public key • Key management
• CA (certificate authority) • Security negotiations
• Issues, maintains digital certificates • Data transfer
• PKI (Public key Infrastructure) • Termination

• Use of certificate authorities to associate public keys with certain users • Operates in two modes:
• Transport mode
• Tunnel mode
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) (1 of 2) SSL (Secure Sockets Layer) and TLS (Transport Layer Security) (2 of 2)
• Both are methods of encrypting TCP/IP transmissions • DTLS (Datagram Transport Layer Security)
• Including Web pages and data entered into Web forms • A variant of TLS
• Both protocols work side by side and are widely known as SSL/TLS or TLS/SSL • Designed specifically for streaming communications
• When a client and server establish a SSL/TLS connection, they establish a • Applications using DTLS must provide their own means of:
unique session • Packet reordering
• Association between client and server • Flow control
- Defined by agreement • Reliability assurance
- Specific set of encryption techniques
• DTLS includes security levels that are compatible to TLS
• Created by SSL handshake protocol
• DTLS is commonly used by delay-sensitive applications
• Handshake protocol
• Such as VoIP and tunneling applications
• Allows client and server to authenticate
• Similar to a TCP three-way handshake
Remote Access (1 of 4) Remote Access (2 of 4)
• Remote access:
• Service that allows a client to connect with and log on to a server, LAN, or WAN in a
different geographical location
• Requires a type of RAS (remote access server)
• Two types of remote access servers:
• Dedicated devices
• Software running on a server
Remote Access (3 of 4) Remote Access (4 of 4)
• Types of remote access:

• Point-to-point over a dedicated line
• Terminal emulation, also called remote virtual computing
• Virtual private network (VPN)
• Data is often encrypted before it is transmitted over the remote connection:
• Some remote access protocols natively include encryption functionality
• Others must be paired with a specific encryption protocol
Point-to-Point Remote Access Protocols Terminal Emulation (1 of 7)
• An older protocol known as SLIP has been replaced by PPP as the preferred • Terminal emulation (remote virtual computing)
communications protocol for remote access point-to-point connections
• Allows a user on one computer to control another computer across a network
• PPP (Point-to-Point Protocol) connection
• A Data Link layer protocol that directly connects two WAN endpoints • Examples of command-line software:
• PPP can: • Telnet and SSH
• Negotiate and establish a connection between two computers • Examples of GUI-based software:
• Use an authentication protocol to authenticate a client to a remote system • Remote Desktop for Windows
• Support several types of Network layer protocols • join.me
• Encrypt the transmissions, although PPP encryption is considered weak by today’s • VNC
standards
• Team Viewer
Terminal Emulation (2 of 7) Terminal Emulation (3 of 7)
• Telnet: • SSH (continued):

• A terminal emulation utility that allow an administrator or other user to control a • Developed by SSH Communications Security
computer remotely - Version requires license fee
• Provides little security for establishing a connection (poor authentication) • Open source versions available: Open SSH
• Provides no security for transmitting data (no encryption) • Secure connection requires SSH running on both client and server
• SSH (Secure Shell): • Allows for password authentication using public and private key generation
• A collection of protocols that provides for secure authentication and encryption • Configuration options:
• Guards against a number of security threats: • Use one of several encryption types
- Unauthorized access to a host
• Require client password
- IP spoofing
• Perform port forwarding
- Interception of data in transit
- Redirect traffic that would normally use an insecure port to a SSH-secured port
- DNS spoofing
• RDP (Remote Desktop Protocol) and VNC (Virtual Network Computing)

• RDP is a Microsoft proprietary protocol used to connect to and control a remote
computer
• VNC uses the cross-platform protocol RFB (remote frame buffer) to remotely control a
workstation or server
• VNC is open source so many companies have developed their own software that can:
- Run OSes on client computers
- Remotely access computers, tablets, and smartphones
- Remotely control media equipment and surveillance systems
• Management URL using HTTPS: • Remote file access:

• Networking devices are being configured through a connected computer’s browser • FTP (File Transfer Protocol) is not a form of terminal emulation but it does provide
that navigates to a management URL remote file access
- User can make changes directly to the device • Technologies related to FTP:
• Ideally the devices will require encrypted connection over HTTPS - FTPS (FTP Security or FTP Secure)
• Out-of-band management: - SFTP (Secure FTP)
• Relies on a dedicated connection between the network administrator’s computer and - TFTP (Trivial FTP)
each network device
• A remote management card is attached to the network device’s console port
- Or sometimes it is built into the device
• A single device, such as a console server or console router, provides centralized
management of all linked devices
VPNs (Virtual Private Networks) (1 of 6) VPNs (Virtual Private Networks) (2 of 6)
• VPN:
• A network connection encrypted from end to end that creates a private connection to
a remote network
• Sometimes referred to as a tunnel
• VPNs can be classified according to three models:
• Site-to-site VPN
• Client-to-site VPN
- Also called host-to-site VPN or remote-access VPN
• Host-to-host VPN
• A router-based VPN is the most common implementation on UNIX-based

networks
• Server-based VPNs are most often found on Windows networks
• VPN concentrator:
• Authenticates VPN clients
• Establishes tunnels for VPN connections
• Manages encryption for VPN transmissions
• Two primary encryption techniques used by VPNs:
• IPsec
• SSL
• An enterprise-wide VPN can include elements of both client-to-site and site-to-

site models
• DMVPN (Dynamic Multipoint VPN)
• A type of enterprise using Cisco devices
• Dynamically creates VPN tunnels between branch locations as needed
- Instead of requiring constant, static tunnels for site-to-site connections
VPN Tunneling Protocols (1 of 4) VPN Tunneling Protocols (2 of 4)
• To ensure VPNs can carry all types of data securely

• Special VPN protocols encapsulate higher-layer protocols in a process known as
tunneling
• Many VPN tunneling protocols operate at the Data Link layer
• Encapsulate the VPN frame into a Network layer packet
• Some VPN tunneling protocols work at Layer 3
• Enables additional features and options
• Most tunneling protocols rely on an additional encryption protocol to provide
data security
VPN Tunneling Protocols (3 of 4) VPN Tunneling Protocols (4 of 4)
• PPTP (Point-to-Point Tunneling Protocol): • GRE (Generic Routing Encapsulation):

• An older Layer 2 protocol that supports encryption, authentication, and access • Used to transmit PPP, IP and other kinds of messages through the tunnel
services provided by the VPN server
• Used in conjunction with IPsec
• Uses TCP segments at the Transport layer
• Open VPN
• Outdated and is no longer considered secure
• Open-source VPN protocol that uses a custom security protocol called OpenSSL for
• L2TP (Layer 2 Tunneling Protocol): encryption
• Encapsulates PPP data in a similar manner to PPTP • IKEv2:
• Can connect a VPN that uses a mix of equipment types • A component of the IPsec protocol suite
- It is a standard accepted and used by multiple vendors • Offers fast throughput and good stability when moving between wireless hotspots
• Can connect two routers, a router and a RAS, or a client and a RAS
• Implemented with IPsec for security
Remote Access Policies (1 of 2) Remote Access Policies (2 of 2)
• Common requirements: • Common requirements (continued):

• Devices used for remote access must be kept up to date with patches, anti-malware • Encrypted VPN software must be used to remotely access company network
software, and a firewall resources
• Device access must be controlled by a strong password or biometric measures • While remotely connected to the company network, the device must not be
connected to the open Internet or any other network not fully owned or controlled by
• Passwords must be strong and must be changed periodically
the employee
• The device’s internal and external storage devices must be encrypted
• Remote sessions must be terminated when not in use
• Company and customer data that is accessed, transferred, stored, or printed must be
kept secure
• The loss or theft of any devices used for remote access must be reported to the
company immediately
Chapter Summary (1 of 4) Chapter Summary (2 of 4)
• Virtualization is a virtual, or logical, version of something rather than the actual, • Cloud computing covers a broad range of services from hosting websites and
or physical, version database servers to providing virtual servers for collaboration or software
• VMs can go through a virtual switch on the host computer to reach the physical development
network and can communicate with physical or virtual routers, other network • Cloud computing service models are categorized by the type of services they
devices, and other hosts on the local or another network provide
• A bridged vNIC obtains its own IP address, default gateway, and subnet mask • Cloud services are delivered in a variety of deployment models, depending on
from a DHCP server on the physical LAN who manages the cloud and who has access to it
• NFV (Network Functions Virtualization) provides flexible, cost-saving options for • One way to reduce the inherent risks of cloud computing is to use encryption
many types of network devices • The most popular kind of encryption encodes the original data’s bits using a key,
• SDN (software-defined networking) is a centralized approach to networking or a random string of characters to scramble the data and generate a unique
that removes most of the decision-making power from network devices and consistently sized data block called ciphertext
Chapter Summary (3 of 4) Chapter Summary (4 of 4)
• IPsec (Internet Protocol Security) is an encryption protocol suite that defines a • SSH (Secure Shell) is a collection of protocols that does both authentication and
set of rules for encryption, authentication, and key management for TCP/IP encryption
transmissions • RDP (Remote Desktop Protocol) is a Microsoft proprietary protocol used by
• SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are both methods Windows Remote Desktop and Remote Assistance client/server utilities to
of encrypting TCP/IP transmissions en route between the client and server connect to and control a remote computer
using public key encryption technology
• Three remote file access technologies related to FTP include FTPS, SFTP, and TF
• As a remote user, you can connect to a network and its resources via remote TP
access • A VPN is a network connection encrypted from end to end that creates a
• PPP (Point-to-Point Protocol) is a Data Link layer protocol that directly connects private connection to a remote network
two WAN endpoints
• Terminal emulation allows a user on one computer to control another
computer

Ch07. Virtualization and Cloud Computing (PPT Slides)

Uploaded by

Copyright:

Available Formats

Ch07. Virtualization and Cloud Computing (PPT Slides)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ch07. Virtualization and Cloud Computing (PPT Slides)

Uploaded by

Copyright:

Available Formats

Network+ Guide to Networks Objectives

Eighth Edition 7.1 Describe and explain virtualization technologies, including

Virtualization (5 of 5) Network Connection Types (1 of 9)

• Every VM has its own vNIC (virtual NIC):

• The way a vNIC is configured determines whether the VM is joined to a virtual

Network Connection Types (4 of 9) Network Connection Types (5 of 9)

Network Connection Types (8 of 9) Network Connection Types (9 of 9)

• Advantages of virtualization: • Options for virtualizing network devices:

• Increased licensing costs

NFV (Network Functions Virtualization) (2 of 2) SDN (Software-Defined Networking) (1 of 4)

• NFV (Network Functions Virtualization): • SDN:

SDN (Software-Defined Networking) (4 of 4) Cloud Computing (1 of 3)

• Can provide virtual desktops

Cloud Computing Categories (1 of 4) Cloud Computing Categories (2 of 4)

• Cloud computing service models are categorized by the types of services

• XaaS (Anything as a Service or Everything as a Service):

Deployment Models Cloud Connectivity and Security (1 of 2)

• Hybrid cloud • Breaches of confidentiality

• Potential risks and limitations (continued): • Encryption:

Key Encryption (1 of 3) Key Encryption (2 of 3)

• Key: • Private key encryption:

• Key pair • IPsec

• CA (certificate authority) • Security negotiations

• Issues, maintains digital certificates • Data transfer

• PKI (Public key Infrastructure) • Termination

Remote Access (3 of 4) Remote Access (4 of 4)

• Types of remote access:

Terminal Emulation (2 of 7) Terminal Emulation (3 of 7)

• Telnet: • SSH (continued):

• RDP (Remote Desktop Protocol) and VNC (Virtual Network Computing)

Terminal Emulation (6 of 7) Terminal Emulation (7 of 7)

• Management URL using HTTPS: • Remote file access:

VPNs (Virtual Private Networks) (3 of 6) VPNs (Virtual Private Networks) (4 of 6)

• A router-based VPN is the most common implementation on UNIX-based

• An enterprise-wide VPN can include elements of both client-to-site and site-to-

VPN Tunneling Protocols (1 of 4) VPN Tunneling Protocols (2 of 4)

• To ensure VPNs can carry all types of data securely

• PPTP (Point-to-Point Tunneling Protocol): • GRE (Generic Routing Encapsulation):

Remote Access Policies (1 of 2) Remote Access Policies (2 of 2)

• Common requirements: • Common requirements (continued):

Chapter Summary (3 of 4) Chapter Summary (4 of 4)

You might also like