Ixia Guide To Cloud Computing Terms And Acronyms - Keysight
Ixia’s Guide toCloud ComputingTERMS AND ACRONYMS
Cloud Terms & AcronymsSpending on cloud computing is growing faster than ever before and virtually allorganizations have workloads running in one or more clouds. The agility and cost savingsof cloud technology has helped our digital economy grow and thrive. Adopting cloudtechnology is mainstream, but also still a work in progress for many organizations.Even those who are well versed in cloud migration are still learning new practices forsecuring and optimizing workloads in the cloud. This guide to Cloud Computing Terms &Acronyms is designed to clarify concepts you will encounter as you move forward in yourjourney to the cloud.Automation and OrchestrationBlind SpotsAutomation refers to a task or function that isAreas in the network where there is not access toperformed without requiring human intervention.data packets flowing between network devices.Orchestration refers to the coordination orsequencing of automated tasks and/or functionsto accomplish a defined process or workflow. Bothautomation and orchestration are critical technologiesin the cloud, enabling day-to-day tasks, such asprovisioning, patching, and resource management tobe performed at a massive scale—across hundreds ofthousands (even millions) of servers and other cloudcomponents.BackhaulIn cloud computing, backhaul refers to the transferof data and transactions in the cloud back to anon-premises data center for further processing,typically security inspection and performancemonitoring. Most cloud providers charge a substantialfee for moving data out of their physical domain,which discourages customers from readily switchingcloud providers. If there is a large volume of datato transfer, the network pipe needed to bring thedata back in-house may also need to be upgraded,resulting in additional backhaul costs. Read moreabout backhaul in the white paper: Security andPerformance Monitoring in the Cloud.Find us at www.ixiacom.com915-8274-01-5081 Rev AThe two best examples of this are: data that flowsbetween virtual machines on a single server (commonin private cloud environments) and data that flowsbetween two public cloud instances. Packet-leveldata is required for many types of threat detectionand security analysis, as well as for performancemonitoring and application optimization.Cloud Access Security Broker (CASB)A software tool or service that sits between anorganization’s on-premise infrastructure and a cloudprovider’s infrastructure; allowing the organizationto extend the reach of their security policies beyondtheir owned infrastructure.Cloud-based Security ToolsSome vendors of popular security solutions suchas next generation firewalls and intrusion detectionsystems are migrating their technology to cloudplatforms to offer their customers more flexibility,faster scalability, and easier maintenance. Cloudbased security services can be purchased on a payas-you-go basis and fewer trained staff are generallyrequired. Vendors of solutions that have been in themarket for many years have little incentive to migratePage 2
their solutions to cloud, since new development is Containerized: Each part (applications, processes,etc.) is packaged in its own container. Thisfacilitates reproducibility, transparency, andresource isolation. Dynamically orchestrated: Containers are activelyscheduled and managed to optimize resourceutilization. Microservices oriented: Applications aresegmented into microservices. This significantlyincreases the overall agility and maintainability ofapplications.required and overall revenues may end up being lower.This is one of the reasons that some companies stillfind it necessary to backhaul data from the cloud tothe data center for processing.Cloud BurstingCloud bursting relates to hybrid clouds. The idea isthat a given application normally runs in a privatecloud or a local computing environment. If a situationarises where the application needs additionalresources (computing power, storage, etc.), it can“burst” into the public cloud and use cloud computingCloud Computingfor those additional resources.National Institute of Standards and Technology (NIST)defines the following five essential characteristics ofCloud Maturity ModelModel used to segment organizations according totheir adoption and use of cloud computing. Cloud Beginners: Organizations ( 22%) that havestarted working on initial cloud projects, but arestill gaining comfort and experience in the cloud. Cloud Explorers: Organizations ( 25%) thathave deployed multiple applications to the cloudand are exploring opportunities to improve andexpand their cloud strategies. Cloud Focused: Organizations ( 33%) that haveadopted a “cloud first” strategy, and are lookingfor opportunities to further optimize their cloudenvironments while reducing costs. Cloud Watchers: Organizations ( 14%) that aredeveloping their cloud strategies and evaluatingcloud options, but currently do not have anyapplications deployed to the cloud.Cloud-Nativecloud computing: On-demand self-service: Services can beunilaterally and automatically provisioned. Broad network access: Services are available overthe network through various platforms and devices. Resource pooling: Compute, storage, andnetworking resources are pooled to serve varioustenants and demand levels, and are dynamicallyassigned and reassigned, as needed. Rapid elasticity: Services can be provisioned andreleased, in some cases automatically, to scale(up/down and in/out) with demand. Measured service: Resource usage can betransparently monitored, controlled, optimized,and reported.Cloud SecuritySecurity of data and applications is often cited as areason organizations are hesitant to migrate to publiccloud platforms. However, most security analystsTo take advantage of the cloud, organizations mustbelieve public cloud is not inherently less securedesign their applications and services so they arethan the data center, rather both environments aredecoupled from physical resources and capable ofvulnerable to cyberattacks in our highly-connectedmoving easily between virtual machines or clouddigital world. Visibility to all the data flowing throughinstances. This is referred to as being cloud-nativecloud platforms is the first step, combined with the use(Read more at Cloud-Native Visibility for Publicof proven security solutions that can isolate suspiciousCloud). Cloud-native computing uses an open sourcetraffic and quickly contain any attacks that get pastsoftware stack to be:perimeter defenses. Read more in the white paper:What You Can Do to Strengthen Cloud Security.Find us at www.ixiacom.com915-8274-01-5081 Rev APage 3
Cloud SandboxContainersIn general, sandboxes provide an environment toA software technology that allows applicationvalidate untested or unknown code. Sandboxescomponents to be paired with the operating systemprotect production systems and their data from codecomponents necessary to run them in a singlethat is yet unproven or coming from unknown sources.package (known as a container). Containers, such asCloud sandboxes differ from traditional sandboxesDocker, allow applications to be deployed in secondsin that they do not sit on-premise in the data center,and booted up in fractions of a second. The desire forbut on the internet between users and applications,hybrid cloud or cross-cloud integration is a key driveranalyzing unknown code for threats and malware.for container adoption.A cloud sandbox can be operated offline or inline,without backhauling traffic to the data center. ThisContinuous Security Testingreduces the cost of operation.A fast-growing approach to validating security inenvironments with a high degree of change andCloud Service Providers (CSP)variability. Continuous security testing relies on threatA cloud provider is a company that offers somesimulations to expose gaps in security architecturecomponent of cloud computing—Infrastructure asand gives organizations a chance to strengthen theira Service (IaaS), Software as a Service (SaaS), ordefenses before an intruder causes damage. ReadPlatform as a Service (PaaS)—to other businessesmore in the brief: Validate Security Resilience in Cloudor individuals.Environments.Cloud VisibilityDevOpsWhile using network taps and packet brokers toDevOps and cloud computing work together to helpaccess network traffic is well-established, it isorganizations bring new services and applicationsnot as straight-forward to access traffic in cloudto market more quickly, at less cost. DevOps isenvironments. Users do not have control over, orabout streamlining development, while cloud offersaccess to, the underlying physical infrastructure.on-demand resources, automated provisioning, andEnsuring strong security and efficient performance,easy scaling, to accommodate application changes.therefore, requires the ability to access to packet-Many DevOps tools can be acquired on-demand in thelevel data on the traffic flowing from, to, or betweencloud or as part of a larger cloud platform. To supportan organization’s clouds. Sensor and containerhybrid cloud deployment (workloads with an abilitytechnology have made it possible to make copies ofto move between clouds), enterprises should selectcloud traffic to perform traffic inspection and analysis.DevOps platforms with an interface to the cloudThis is referred to as cloud visibility. Read more in theproviders they will use.brief: Get Visibility into Your Clouds.DockerComplianceDocker is the technology responsible for driving theStandards and regulations, such as PCI-DSS, SOX andcontainer movement and is still the market leader.HIPAA, require organizations to take specific action toDocker is open source with several vendors offeringprotect sensitive customer data. In the cloud, however,enhancements and support. Depending on the specificproviders do not generally track or disclose exactlyuse case, alternatives to Docker are CoreOS rkt,where data is stored and workloads are processed,LXD (for Ubuntu Linux), Kubernetes, Cloud Foundrythus impacting the ability to prove and documentGarden, and other container services offered by thecompliance. This means IT teams must proactivelymajor cloud providers (e.g. Azure Container Service).identify processes and solutions to ensure compliancewhen using public cloud.Find us at www.ixiacom.com915-8274-01-5081 Rev APage 4
East-West Trafficapply to other organizations. Synergy Research foundOriginally defined as traffic that never left the data390 web-scale data centers operating worldwide incenter—moving from server to server Now, with the2017, up from 300 in 2016, with no sign of slowingprevalence of virtualization and cloud computing, thedown in 2018. The majority are in the US with 44term has expanded to include traffic that moves frompercent of total. Chinese companies like Tencent andone virtual machine (VM) or application to another.Baidu also operate hyperscale data centers, as well asCisco estimates that 76% of network traffic is of thecompanies in Japan, the UK, Australia, and Germany.east-west type.HypervisorGeneric Routing Encapsulation (GRE) TunnelAlso known as a virtual machine monitor (VMM);Tunneling protocol developed by Cisco that cana hypervisor is computer software, firmware, orencapsulate a wide variety of network layer protocolshardware that creates and runs virtual machines. Ainside virtual point-to-point links over an internetcomputer on which a hypervisor runs one or moreprotocol network.virtual machines is called a host machine, and eachvirtual machine is called a guest machine.GovernanceRefers to the rules for cloud usage, specifically forInfrastructure as a Service (IaaS)defining, continuously monitoring, and auditing theInfrastructure resources owned and operated byrules, policies and processes that allocate, coordinatea third-party and made available to users over theand control the use of cloud resources. Governance isinternet. The user has no physical access to, ordistinct from cloud management, which refers to thecontrol over, the infrastructure and generally does notoperation of cloud environments.know where the infrastructure is located. Examplesinclude: VMs, storage, load balancers, and networking.Horizontal ScaleAbility to connect multiple hardware or softwareInstanceentities, such as servers, so they work as a single logicalRefers to a virtual server instance from a public orunit. This is what software-defined networking (SDN)private cloud network.and other such technologies enables. It is also whatcreates the public cloud structure and makes it unique.KubernetesKubernetes is a portable, open-source platform forHybrid Cloud and Hybrid ITautomating the deployment, scaling and managementHybrid cloud infrastructure refers to the simultaneousof containerized applications. Kubernetes services,use of both public and private cloud environments,support, and tools are widely available. Thewith applications and data sometimes movingplatform provides the building blocks for creating abetween them. Hybrid IT generally refers to a mix of andevelopment environment that preserves user choiceon-premises data center with public and private clouds.and flexibility.HyperscaleLift and ShiftHyperscale generally refers to the architectureIndustry term for when something from a physicalnecessary for companies like Amazon, Apple,environment is migrated to the cloud (vs. a cloud-Facebook, and Google to provide digital services onnative design or a rebuild for cloud).a massive scale, and the same concepts increasinglyFind us at www.ixiacom.com915-8274-01-5081 Rev APage 5
Metadata Application-level: This is primarily about identityand access management. Examples are policiessuch as multifactor authentication. be used to configure or manage cloud workloads.Data-level: No cloud provider is responsibility forprotecting data, but some may offer encryptionDepending on the provider, metadata may not beas an option.In the context of cloud, metadata is information aboutcloud instances, such as operating systems, memory,cloud service provider, and geolocation, that canautomatically provided to cloud users. This lackof transparency can be a challenge for monitoringMultitenancysecurity and performance in the cloud.Commingles the data and processing for multipleclients in a single application instance.MicroservicesLike Service-Oriented Architecture (SOA), microservicesNetwork Security Groupsare application building blocks comprised of small,Groups of cloud instances that are managed byindependent processes and services.applying the same rules and policies.MigrationNorth-South TrafficTerm used to describe the process of moving data,Refers to traffic moving from end-users (clients) toapplications, or other business services processesan organization’s internal resources, once containedfrom an organization’s on-premises data centerin the data center and now likely a distributedto a private or public cloud environment. Theecosystem including data centers, as well as privatemigration can be of the “lift and shift” variety orand public clouds. This type of traffic is primarilycan be accomplished by redesigning the service tocomposed of queries, commands, and specific databe more independent of the underlying processingrequests. Cisco estimates that 17% of enterprisetechnology, such as through the use of containers ornetwork traffic is north-south.microservices.Multi-cloudOpen CloudAn open cloud is not owned by any vendor, butIndustry term for using more than one cloud serviceis created using software that is freely availableprovider. IDC predicts that by 2020, 90% of enterprisefrom a public-facing repository and built usingIT organizations will have multi-cloud architecturesopen application programming interfaces (APIs).(IDC FutureScape, Worldwide 2018 Predictions).Open clouds provide cloud users the right to movedata out of the cloud as they wish, without havingMultilayer Cloud Securityto pay access fees (sometimes referred to asSecurity in the cloud is governed by a “sharedbackhauling). OpenStack is the most popular openresponsibility model” that spreads risks between thecloud environment and is associated with a largecloud provider and the cloud user. For that reason, cloudcommunity of developers. Some cloud providers mayadopters need to consider security at three levels:use open cloud software, but sell differentiated tools, System level: This is about protecting systemlevel components such as operating systems,networks, virtual machines, management services,and containers. Examples are keeping systemscurrent with the latest patches and updates.enhancements, or support.OpenStackA free and open source cloud platform that hasbecome a de facto standard for building cloudsthat are not dependent on any one cloud platformFind us at www.ixiacom.com915-8274-01-5081 Rev APage 6
provider. OpenStack enhancements, services, support,Public Cloudand tools are widely available.A cloud infrastructure that is used by multipleorganizations (multitenant) and is owned, managed,Pay-as-You-Goand operated by a third party (or parties) on thePayment model where customers are charged onlycloud provider’s premises. Popular providers include:for the application or service capacity they really AWS—Amazon Web Servicesorganizations purchased software to run on specific Microsoft Azurehardware platforms in their data centers, generally Google Cloudsized with some ‘headroom’ to handle increasing IBM Clouduse. As distinguished from an earlier model wheredemand. The result was often extra capacity waitingto be used, or delays in getting new capacityconfigured to keep up with growth in demand.Platform as a Service (PaaS)A category of cloud computing services that providesusers with a platform for developing, running, and managingapplications without the complexity of integrating andmaintaining the components normally required.Resilient SecurityAs cyberattacks evolve and become better atavoiding detection, it is not a question of “if” but“when” your network will be attacked. The conceptof resilient security refers to how quickly yourarchitecture and team can identify and contain anattack or breach. While security prevention still needsto be maintained, there has to be equal, if not greater,effort placed on recovering the network and limitingPrivate Cloudthe damage. Learn more in the white paper:A cloud infrastructure that is used exclusively by aBest Practices for Security Resilience.single organization and may be owned, managed,and operated by the organization or a third party (ora combination of both) either on or off premises. Keyprivate cloud technology providers are: RightsizeThe concept of modifying your cloud infrastructureto match actual demand. The on-demand nature ofVMware: Virtualization and cloud computingsoftware provider operated as a subsidiary ofDell Technologies. VMware bases its virtualizationtechnologies on its bare metal hypervisor ESX/ESXi in x86 architecture.cloud computing allows companies to save money byOpenStack: Free and open-source softwareplatform for deploying cloud computing, mostlyinfrastructure as a service (IaaS). The platformconsists of interrelated components thatcontrol diverse, multi-vendor hardware pools ofprocessing, storage, and networking resourcesthroughout a data center.within the source instances that are to be monitored.Hyper-V: A native hypervisor from Microsoft; itcan create virtual machines on systems runningWindows. Hyper-V can be configured to exposeindividual virtual machines to one or morenetworks.application components. SOA enables businesses toFind us at www.ixiacom.com915-8274-01-5081 Rev Aeliminating over-provisioning to handle surges in demand.SensorsContainerized, Docker-based software that sitsSensors and connectors, which sit within instances,are how CloudLens accesses metadata.Service-Oriented Architecture (SOA)Software design in which modular Web services areleveraged across a network to provide variousimprove agility and time-to-market (TTM) and is, thus,well-suited for cloud computing applications.Page 7
Shadow ITSubscription-Based Pricing ModelInfrastructure services within an organization that arePricing model that lets customers pay a fee to usenot supported by the central IT department. Cloudthe service for a particular time period, often usedcomputing has dramatically increased shadow IT,for SaaS services—also called a consumption-basedwhich can introduce security risks when governancepricing model.policies and rules are not applied.Vendor Lock-InSoftware AgentDependency on a specific cloud vendor and difficultyA persistent, goal-oriented computer program thatmoving from one cloud vendor to another due toreacts to its environment and runs without continuouslack of standardized protocols, application programdirect supervision to perform some function for aninterfaces (APIs), data structures, and service models.end user or another program. CloudLens sensorsand connectors are technically agents that areVertical Scalecontainerized.Ability to increase the capacity of existing hardwareor software by adding resources. Vertical scaling isSoftware as a Service (SaaS)limited by the fact that you can only get as big asA software licensing and delivery model in whichthe size of the server. Traditionally, this is all that isaccess to software is provided on a subscription basisavailable with hardware or on-premise solutions.and is delivered over the internet. Maintenance andupgrades are commonly managed by the provider.Virtual Local Area Network (VLAN)Examples include e-mail, customer relationshipNetwork of computers that behave as if they aremanagement (CRM), virtual desktops, and gaming.connected to the same wire even though they maybe physically located on different segments of a localSecurity Operations Center (SOC) orInformation Security Operations Center( ISOC)area network (LAN). VLANs areconfigured throughA centralized unit that deals with the people,extremely flexible. One of the biggest advantages ofprocesses, and technologies to handle the detection,VLANs is that when a computer is physically movedcontainment, and remediation of IT threats. Anto another location, it can stay on the same VLANSOC monitors applications to identify possiblewithout any hardware reconfiguration.software rather than hardware, which makes themcyberattacks or intrusions and will manage anypotential impact to the business.Software-Defined Everything (SDx)Virtual Machine (VM)Software-based server that, like a physical server,runs an operating system and applications. The virtualExtension of virtualization that abstracts anmachine is comprised of a set of specification andapplication or function from its underlying hardware,configuration files and is backed by the physicalseparating the control and data planes and addingresources of a host.programmability. Beginning with software-definednetworking (SDN), SDx now encompasses softwaredefined storage (SDS), software-defined computing,software-defined security, and software-defined datacenters (SDDC), among others.Virtual Network TrafficEast-west and north-south traffic in a virtual network.A virtual network is made up of a virtualized networkinterface controller (NIC) and virtualized local areanetwork (LAN). It consists of one or more virtualmachines that can send data to and receive data fromone another.Find us at www.ixiacom.com915-8274-01-5081 Rev APage 8
Virtual Switch (vSwitch)Software application that allows communicationbetween virtual machines. A vSwitch does morethan just forward data packets; it intelligently directsthe communication on a network by checking datapackets before moving them to a destination.Visibility-as-a-Service (VaaS)Enables IT organizations to access network trafficacross their entire infrastructure on demand, whetherit resides in a public or private cloud, branch office,campus, or data center.vMotionDeveloped by VMware, it enables the live migrationof running virtual machines from one physical serverto another with zero downtime, continuous serviceavailability, and complete transaction integrity.Learn more at: www.ixiacom.comFor more information on Ixia products, applications or services,please contact your local Ixia or Keysight Technologies office.The complete list is available at: www.ixiacom.com/contact/infoFind us at www.ixiacom.com915-8274-01-5081 Rev AI Keysight Technologies, 2018Page 9
Cloud Bursting Cloud bursting relates to hybrid clouds. The idea is that a given application normally runs in a private cloud or a local computing environment. If a situation arises where the application needs additional resources (computing power, storage, etc.), it can "burst" into the public cloud and use cloud computing
Chapter 10 Cloud Computing: A Paradigm Shift 118 119 The Business Values of Cloud Computing Cost savings was the initial selling point of cloud computing. Cloud computing changes the way organisations think about IT costs. Advocates of cloud computing suggest that cloud computing will result in cost savings through
deployed directly in an active/live network segment. Ixia Fabric Controller (IFC): Ixia’s management tool for software-defined visibility. It is available on Vision NPBs, such as Vision ONE and Vision 7300, to enable centralized management. It allows multiple NPBs to work collectively
Cloud Computing J.B.I.E.T Page 5 Computing Paradigm Distinctions . The high-technology community has argued for many years about the precise definitions of centralized computing, parallel computing, distributed computing, and cloud computing. In general, distributed computing is the opposite of centralized computing.
Mobile Cloud Computing Cloud Computing has been identified as the next generation’s computing infrastructure. Cloud Computing allows access to infrastructure, platforms, and software provided by cloud providers at low cost, in an on-demand fashion. Mobile Cloud Computing is introduced as an int
Cloud Computing What is Cloud Computing? Risks of Cloud Computing Practical Applications Benefits of Cloud Computing Adoption Strategies 5 4 3 2 1 Q&A What the Future Holds 7 6 Benefits of Cloud Computing Reduced Cost for Implementation Flexibility Scalability Disaster Relief Multitenancy Virtualization Pay incrementally Automatic Updates
UNIT 5: Securing the Cloud: Cloud Information security fundamentals, Cloud security services, Design principles, Policy Implementation, Cloud Computing Security Challenges, Cloud Computing Security Architecture . Legal issues in cloud Computing. Data Security in Cloud: Business Continuity and Disaster
Cloud computing "Cloud computing is a computing paradigm shift where computing is moved away from personal computers or an individual application server to a "cloud" of computers. Users of the cloud only need to be concerned with the computing service being asked for, as the underlying details of how it is achieved are hidden.
As with all Adonis Index programs the specific exercise selection will optimize your shoulder to waist measurements to get you closer to your ideal Adonis Index ratio numbers as fast as possible. IXP 12 Week Program. Cycle 1 – Weeks 1-3: Intermittent Super Sets. Week 1: 3 Workouts. Week 2: 4 Workouts . Week 3: 5 Workouts. Intermittent super sets are a workout style that incorporates both .
