Transcription
Ixia’s Guide toCloud ComputingTERMS AND ACRONYMS
Cloud Terms & AcronymsSpending on cloud computing is growing faster than ever before and virtually allorganizations have workloads running in one or more clouds. The agility and cost savingsof cloud technology has helped our digital economy grow and thrive. Adopting cloudtechnology is mainstream, but also still a work in progress for many organizations.Even those who are well versed in cloud migration are still learning new practices forsecuring and optimizing workloads in the cloud. This guide to Cloud Computing Terms &Acronyms is designed to clarify concepts you will encounter as you move forward in yourjourney to the cloud.Automation and OrchestrationBlind SpotsAutomation refers to a task or function that isAreas in the network where there is not access toperformed without requiring human intervention.data packets flowing between network devices.Orchestration refers to the coordination orsequencing of automated tasks and/or functionsto accomplish a defined process or workflow. Bothautomation and orchestration are critical technologiesin the cloud, enabling day-to-day tasks, such asprovisioning, patching, and resource management tobe performed at a massive scale—across hundreds ofthousands (even millions) of servers and other cloudcomponents.BackhaulIn cloud computing, backhaul refers to the transferof data and transactions in the cloud back to anon-premises data center for further processing,typically security inspection and performancemonitoring. Most cloud providers charge a substantialfee for moving data out of their physical domain,which discourages customers from readily switchingcloud providers. If there is a large volume of datato transfer, the network pipe needed to bring thedata back in-house may also need to be upgraded,resulting in additional backhaul costs. Read moreabout backhaul in the white paper: Security andPerformance Monitoring in the Cloud.Find us at www.ixiacom.com915-8274-01-5081 Rev AThe two best examples of this are: data that flowsbetween virtual machines on a single server (commonin private cloud environments) and data that flowsbetween two public cloud instances. Packet-leveldata is required for many types of threat detectionand security analysis, as well as for performancemonitoring and application optimization.Cloud Access Security Broker (CASB)A software tool or service that sits between anorganization’s on-premise infrastructure and a cloudprovider’s infrastructure; allowing the organizationto extend the reach of their security policies beyondtheir owned infrastructure.Cloud-based Security ToolsSome vendors of popular security solutions suchas next generation firewalls and intrusion detectionsystems are migrating their technology to cloudplatforms to offer their customers more flexibility,faster scalability, and easier maintenance. Cloudbased security services can be purchased on a payas-you-go basis and fewer trained staff are generallyrequired. Vendors of solutions that have been in themarket for many years have little incentive to migratePage 2
their solutions to cloud, since new development is Containerized: Each part (applications, processes,etc.) is packaged in its own container. Thisfacilitates reproducibility, transparency, andresource isolation. Dynamically orchestrated: Containers are activelyscheduled and managed to optimize resourceutilization. Microservices oriented: Applications aresegmented into microservices. This significantlyincreases the overall agility and maintainability ofapplications.required and overall revenues may end up being lower.This is one of the reasons that some companies stillfind it necessary to backhaul data from the cloud tothe data center for processing.Cloud BurstingCloud bursting relates to hybrid clouds. The idea isthat a given application normally runs in a privatecloud or a local computing environment. If a situationarises where the application needs additionalresources (computing power, storage, etc.), it can“burst” into the public cloud and use cloud computingCloud Computingfor those additional resources.National Institute of Standards and Technology (NIST)defines the following five essential characteristics ofCloud Maturity ModelModel used to segment organizations according totheir adoption and use of cloud computing. Cloud Beginners: Organizations ( 22%) that havestarted working on initial cloud projects, but arestill gaining comfort and experience in the cloud. Cloud Explorers: Organizations ( 25%) thathave deployed multiple applications to the cloudand are exploring opportunities to improve andexpand their cloud strategies. Cloud Focused: Organizations ( 33%) that haveadopted a “cloud first” strategy, and are lookingfor opportunities to further optimize their cloudenvironments while reducing costs. Cloud Watchers: Organizations ( 14%) that aredeveloping their cloud strategies and evaluatingcloud options, but currently do not have anyapplications deployed to the cloud.Cloud-Nativecloud computing: On-demand self-service: Services can beunilaterally and automatically provisioned. Broad network access: Services are available overthe network through various platforms and devices. Resource pooling: Compute, storage, andnetworking resources are pooled to serve varioustenants and demand levels, and are dynamicallyassigned and reassigned, as needed. Rapid elasticity: Services can be provisioned andreleased, in some cases automatically, to scale(up/down and in/out) with demand. Measured service: Resource usage can betransparently monitored, controlled, optimized,and reported.Cloud SecuritySecurity of data and applications is often cited as areason organizations are hesitant to migrate to publiccloud platforms. However, most security analystsTo take advantage of the cloud, organizations mustbelieve public cloud is not inherently less securedesign their applications and services so they arethan the data center, rather both environments aredecoupled from physical resources and capable ofvulnerable to cyberattacks in our highly-connectedmoving easily between virtual machines or clouddigital world. Visibility to all the data flowing throughinstances. This is referred to as being cloud-nativecloud platforms is the first step, combined with the use(Read more at Cloud-Native Visibility for Publicof proven security solutions that can isolate suspiciousCloud). Cloud-native computing uses an open sourcetraffic and quickly contain any attacks that get pastsoftware stack to be:perimeter defenses. Read more in the white paper:What You Can Do to Strengthen Cloud Security.Find us at www.ixiacom.com915-8274-01-5081 Rev APage 3
Cloud SandboxContainersIn general, sandboxes provide an environment toA software technology that allows applicationvalidate untested or unknown code. Sandboxescomponents to be paired with the operating systemprotect production systems and their data from codecomponents necessary to run them in a singlethat is yet unproven or coming from unknown sources.package (known as a container). Containers, such asCloud sandboxes differ from traditional sandboxesDocker, allow applications to be deployed in secondsin that they do not sit on-premise in the data center,and booted up in fractions of a second. The desire forbut on the internet between users and applications,hybrid cloud or cross-cloud integration is a key driveranalyzing unknown code for threats and malware.for container adoption.A cloud sandbox can be operated offline or inline,without backhauling traffic to the data center. ThisContinuous Security Testingreduces the cost of operation.A fast-growing approach to validating security inenvironments with a high degree of change andCloud Service Providers (CSP)variability. Continuous security testing relies on threatA cloud provider is a company that offers somesimulations to expose gaps in security architecturecomponent of cloud computing—Infrastructure asand gives organizations a chance to strengthen theira Service (IaaS), Software as a Service (SaaS), ordefenses before an intruder causes damage. ReadPlatform as a Service (PaaS)—to other businessesmore in the brief: Validate Security Resilience in Cloudor individuals.Environments.Cloud VisibilityDevOpsWhile using network taps and packet brokers toDevOps and cloud computing work together to helpaccess network traffic is well-established, it isorganizations bring new services and applicationsnot as straight-forward to access traffic in cloudto market more quickly, at less cost. DevOps isenvironments. Users do not have control over, orabout streamlining development, while cloud offersaccess to, the underlying physical infrastructure.on-demand resources, automated provisioning, andEnsuring strong security and efficient performance,easy scaling, to accommodate application changes.therefore, requires the ability to access to packet-Many DevOps tools can be acquired on-demand in thelevel data on the traffic flowing from, to, or betweencloud or as part of a larger cloud platform. To supportan organization’s clouds. Sensor and containerhybrid cloud deployment (workloads with an abilitytechnology have made it possible to make copies ofto move between clouds), enterprises should selectcloud traffic to perform traffic inspection and analysis.DevOps platforms with an interface to the cloudThis is referred to as cloud visibility. Read more in theproviders they will use.brief: Get Visibility into Your Clouds.DockerComplianceDocker is the technology responsible for driving theStandards and regulations, such as PCI-DSS, SOX andcontainer movement and is still the market leader.HIPAA, require organizations to take specific action toDocker is open source with several vendors offeringprotect sensitive customer data. In the cloud, however,enhancements and support. Depending on the specificproviders do not generally track or disclose exactlyuse case, alternatives to Docker are CoreOS rkt,where data is stored and workloads are processed,LXD (for Ubuntu Linux), Kubernetes, Cloud Foundrythus impacting the ability to prove and documentGarden, and other container services offered by thecompliance. This means IT teams must proactivelymajor cloud providers (e.g. Azure Container Service).identify processes and solutions to ensure compliancewhen using public cloud.Find us at www.ixiacom.com915-8274-01-5081 Rev APage 4
East-West Trafficapply to other organizations. Synergy Research foundOriginally defined as traffic that never left the data390 web-scale data centers operating worldwide incenter—moving from server to server Now, with the2017, up from 300 in 2016, with no sign of slowingprevalence of virtualization and cloud computing, thedown in 2018. The majority are in the US with 44term has expanded to include traffic that moves frompercent of total. Chinese companies like Tencent andone virtual machine (VM) or application to another.Baidu also operate hyperscale data centers, as well asCisco estimates that 76% of network traffic is of thecompanies in Japan, the UK, Australia, and Germany.east-west type.HypervisorGeneric Routing Encapsulation (GRE) TunnelAlso known as a virtual machine monitor (VMM);Tunneling protocol developed by Cisco that cana hypervisor is computer software, firmware, orencapsulate a wide variety of network layer protocolshardware that creates and runs virtual machines. Ainside virtual point-to-point links over an internetcomputer on which a hypervisor runs one or moreprotocol network.virtual machines is called a host machine, and eachvirtual machine is called a guest machine.GovernanceRefers to the rules for cloud usage, specifically forInfrastructure as a Service (IaaS)defining, continuously monitoring, and auditing theInfrastructure resources owned and operated byrules, policies and processes that allocate, coordinatea third-party and made available to users over theand control the use of cloud resources. Governance isinternet. The user has no physical access to, ordistinct from cloud management, which refers to thecontrol over, the infrastructure and generally does notoperation of cloud environments.know where the infrastructure is located. Examplesinclude: VMs, storage, load balancers, and networking.Horizontal ScaleAbility to connect multiple hardware or softwareInstanceentities, such as servers, so they work as a single logicalRefers to a virtual server instance from a public orunit. This is what software-defined networking (SDN)private cloud network.and other such technologies enables. It is also whatcreates the public cloud structure and makes it unique.KubernetesKubernetes is a portable, open-source platform forHybrid Cloud and Hybrid ITautomating the deployment, scaling and managementHybrid cloud infrastructure refers to the simultaneousof containerized applications. Kubernetes services,use of both public and private cloud environments,support, and tools are widely available. Thewith applications and data sometimes movingplatform provides the building blocks for creating abetween them. Hybrid IT generally refers to a mix of andevelopment environment that preserves user choiceon-premises data center with public and private clouds.and flexibility.HyperscaleLift and ShiftHyperscale generally refers to the architectureIndustry term for when something from a physicalnecessary for companies like Amazon, Apple,environment is migrated to the cloud (vs. a cloud-Facebook, and Google to provide digital services onnative design or a rebuild for cloud).a massive scale, and the same concepts increasinglyFind us at www.ixiacom.com915-8274-01-5081 Rev APage 5
Metadata Application-level: This is primarily about identityand access management. Examples are policiessuch as multifactor authentication. be used to configure or manage cloud workloads.Data-level: No cloud provider is responsibility forprotecting data, but some may offer encryptionDepending on the provider, metadata may not beas an option.In the context of cloud, metadata is information aboutcloud instances, such as operating systems, memory,cloud service provider, and geolocation, that canautomatically provided to cloud users. This lackof transparency can be a challenge for monitoringMultitenancysecurity and performance in the cloud.Commingles the data and processing for multipleclients in a single application instance.MicroservicesLike Service-Oriented Architecture (SOA), microservicesNetwork Security Groupsare application building blocks comprised of small,Groups of cloud instances that are managed byindependent processes and services.applying the same rules and policies.MigrationNorth-South TrafficTerm used to describe the process of moving data,Refers to traffic moving from end-users (clients) toapplications, or other business services processesan organization’s internal resources, once containedfrom an organization’s on-premises data centerin the data center and now likely a distributedto a private or public cloud environment. Theecosystem including data centers, as well as privatemigration can be of the “lift and shift” variety orand public clouds. This type of traffic is primarilycan be accomplished by redesigning the service tocomposed of queries, commands, and specific databe more independent of the underlying processingrequests. Cisco estimates that 17% of enterprisetechnology, such as through the use of containers ornetwork traffic is north-south.microservices.Multi-cloudOpen CloudAn open cloud is not owned by any vendor, butIndustry term for using more than one cloud serviceis created using software that is freely availableprovider. IDC predicts that by 2020, 90% of enterprisefrom a public-facing repository and built usingIT organizations will have multi-cloud architecturesopen application programming interfaces (APIs).(IDC FutureScape, Worldwide 2018 Predictions).Open clouds provide cloud users the right to movedata out of the cloud as they wish, without havingMultilayer Cloud Securityto pay access fees (sometimes referred to asSecurity in the cloud is governed by a “sharedbackhauling). OpenStack is the most popular openresponsibility model” that spreads risks between thecloud environment and is associated with a largecloud provider and the cloud user. For that reason, cloudcommunity of developers. Some cloud providers mayadopters need to consider security at three levels:use open cloud software, but sell differentiated tools, System level: This is about protecting systemlevel components such as operating systems,networks, virtual machines, management services,and containers. Examples are keeping systemscurrent with the latest patches and updates.enhancements, or support.OpenStackA free and open source cloud platform that hasbecome a de facto standard for building cloudsthat are not dependent on any one cloud platformFind us at www.ixiacom.com915-8274-01-5081 Rev APage 6
provider. OpenStack enhancements, services, support,Public Cloudand tools are widely available.A cloud infrastructure that is used by multipleorganizations (multitenant) and is owned, managed,Pay-as-You-Goand operated by a third party (or parties) on thePayment model where customers are charged onlycloud provider’s premises. Popular providers include:for the application or service capacity they really AWS—Amazon Web Servicesorganizations purchased software to run on specific Microsoft Azurehardware platforms in their data centers, generally Google Cloudsized with some ‘headroom’ to handle increasing IBM Clouduse. As distinguished from an earlier model wheredemand. The result was often extra capacity waitingto be used, or delays in getting new capacityconfigured to keep up with growth in demand.Platform as a Service (PaaS)A category of cloud computing services that providesusers with a platform for developing, running, and managingapplications without the complexity of integrating andmaintaining the components normally required.Resilient SecurityAs cyberattacks evolve and become better atavoiding detection, it is not a question of “if” but“when” your network will be attacked. The conceptof resilient security refers to how quickly yourarchitecture and team can identify and contain anattack or breach. While security prevention still needsto be maintained, there has to be equal, if not greater,effort placed on recovering the network and limitingPrivate Cloudthe damage. Learn more in the white paper:A cloud infrastructure that is used exclusively by aBest Practices for Security Resilience.single organization and may be owned, managed,and operated by the organization or a third party (ora combination of both) either on or off premises. Keyprivate cloud technology providers are: RightsizeThe concept of modifying your cloud infrastructureto match actual demand. The on-demand nature ofVMware: Virtualization and cloud computingsoftware provider operated as a subsidiary ofDell Technologies. VMware bases its virtualizationtechnologies on its bare metal hypervisor ESX/ESXi in x86 architecture.cloud computing allows companies to save money byOpenStack: Free and open-source softwareplatform for deploying cloud computing, mostlyinfrastructure as a service (IaaS). The platformconsists of interrelated components thatcontrol diverse, multi-vendor hardware pools ofprocessing, storage, and networking resourcesthroughout a data center.within the source instances that are to be monitored.Hyper-V: A native hypervisor from Microsoft; itcan create virtual machines on systems runningWindows. Hyper-V can be configured to exposeindividual virtual machines to one or morenetworks.application components. SOA enables businesses toFind us at www.ixiacom.com915-8274-01-5081 Rev Aeliminating over-provisioning to handle surges in demand.SensorsContainerized, Docker-based software that sitsSensors and connectors, which sit within instances,are how CloudLens accesses metadata.Service-Oriented Architecture (SOA)Software design in which modular Web services areleveraged across a network to provide variousimprove agility and t
Acronyms is designed to clarify concepts you will encounter as you move forward in your journey to the cloud. Page 3 915-8274-01-5081 Rev A Find us at www.ixiacom.com . than the data center, rather both environments are vulnerable to cyberattacks in our highly-connected dig
