Cloud data center

When we thinking about Cloud Computing the in our mind the question is arise What is data center in cloud technology and computing and how it build and works,

So in this blog we are going to see What is the actual data center in cloud computing and technology.

The cloud provider needs a datacenter from which to provide services to its customers.

The physical plant of the datacenter will include the campus on which the datacenter facility is located, the physical components inside that facility, and the services that support and connect them.

One of the first decisions a cloud provider will have to make is whether to build or buy a facility in which to situate the datacenter. As with all decisions, each option has benefits and risks.

In purchasing a piece of property and building an entirely new datacenter, the cloud provider gets to dictate every aspect of the facility, ensuring it is suited to the purpose.

The provider will have much more control over how the facilities are designed, which can lead to better control over physical access to the property and buildings, as well as the optimized performance of the systems within the datacenter.

This, however, is often much more expensive than purchasing or leasing an existing facility.

It also requires a long term plan for continued growth and development of the business, which often involves purchasing a larger piece of land than is initially needed for the first datacenter, with the understanding that additional datacenters (or additional facilities) might be built on that same property in the future to increase capacity as the business grows.

The alternative, of course, is to purchase or lease an existing facility and retrofit it to the needs of the cloud provider.

Although this may be less costly, especially in the short term, it may include limitations that ownership would not.

For instance, if the property is being leased, the owner may not approve of all changes the provider (as a tenant) would like to make.

Even if the property is owned by the provider, other external forces might limit the extent and type of changes the provider desires.

This is particularly true in meetings? metropolitan settings, where zoning limitations and municipal building codes might be strict and very specific.

Note for better understanding of What is data center in cloud computing?

The notional perspective of cloud datacenter components usually divides the interior physical plant into three groups: compute, storage, and networking. Compute nodes are the hosts, where users will process operational data.

Storage nodes are where the data is securely stored, either for near-term or long-term purposes.

Networking is all the equipment used for connecting the other nodes” the hardware devices such as routers and switches, and the cables that connect them.

How Cloud Provider Responsible for Physical Plant/Architecture in cloud datacenter?

Cloud provider responsibilities in the Physical Plant
Cloud provider responsibilities in the Physical Plant

Manage hardware configuration

As with OS baselining (which we’ll discuss later in this chapter), a template for the secure configuration of each specific device should be constructed, and it should be replicated whenever a new device of that particular type is added to the environment.

The baseline hardware configuration should be saved securely and kept current through the formal change management process (including any required patches and updates).

This is true for each of the nodes, regardless of purpose, including the compute and storage nodes, networking devices, and anything used to connect and monitor each of the nodes.

Set hardware to log events and incidents

While the granularity and specificity of which system events to capture might differ from device to device or customer to customer, the provider should ensure that sufficient data related to the activity on each machine is being saved for possible future use (including incident investigation and forensic purposes).

This event data should be sufficient to determine exactly what occurred and the identity of the users involved in each event (which is also known as attribution).

we need Determine compute component composition by customer need

Some cloud customers might not be suited to a multitenant environment and would prefer to only have their data processed and stored in and on devices specifically and exclusively assigned to them (the customer).

While the use of stand-alone hosts is outside the norm for cloud datacenters, most cloud providers will offer the option, albeit at an increased service fee (the provider will have to deploy and administer those devices and datasets separately from other customers within the same datacenter, which increases the cost of provision).

Unlike stand-alone hosts assigned to specific customers, clustered hosts will provide scalable management benefits, allowing customers who opt for the multitenant environment to realize significant cost savings.

Both stand-alone and clustered hosts must be configured and supported in such a way as to maintain high availability.

This includes ensuring redundancy of the components themselves and the services that support them.

Configure secure remote administrative access

Either the provider or the customer (or both) will likely have to access the hardware to perform some administrative function.

This access will quite often be in the form of a remote connection and will therefore require particular security controls to ensure only authorized users are performing permitted actions.

Security enhancements for remote access might include implementing session encryption for the access connection, strong authentication for remote users and administrators, and enhanced logging for accounts with administrative permissions.

How Cloud Provider Responsible for Secure Networking in cloud datacenter?

Cloud Provider Responsible for Secure Networking
Cloud Provider Responsible for Secure Networking

Of course, To understand what is data center in cloud computing in addition to securing the hardware and logical configurations, the provider will have to ensure that the networking architecture and components are secure.

This will often involve many of the same tactics and methods used in the legacy (non-cloud) environment, as well as some cloud-specific permutations. A brief overview of both these is as follows.

What does “Firewalls” mean in cloud computing?

Firewalls are tools that limit communications based on some criteria.

They can be either hardware or software, or a combination of both.

Firewalls can be stand-alone devices or integrated into other network nodes such as hosts and servers.

The criteria for determining which traffic is allowed and which is not can take the form of rules (such as which services or protocols are allowed, which ports are to be used, from whom and when traffic should be allowed, and so forth),

Or behavior-sensing algorithms (the firewall is taught which behavior is normal for both the environment and the user, and deviations from the normal baseline are noted by the firewall),

Or stateful inspection (the firewall understands the expected pattern of conversation in a protocol, and recognizes deviations), or even inspection of content.

What does “IDS/IPS” mean in cloud computing?

Intrusion-detection systems (IDSs) and intrusion prevention systems (IPSs) are very similar to firewalls in that they monitor network traffic.

These can also use defined rule sets, behavior-based algorithms, content, or stateful inspection to detect anomalous activity.

The explicit difference between an IDS and an IPS is that an IDS usually only reports suspicious activity, alerting responders (such as the security office), whereas the IPS can be set to take defensive action when suspicious activity is recognized (such as closing ports and services), in addition to sending alerts.

In the modern environment, most of these solutions serve both purposes.

What does “Honeypots” mean in cloud computing?

A honeypot is a tool used to detect, identify, isolate, and analyze attacks by attracting tackers.

This is usually a dummy machine with useless data, partially secured and configured as if it was a realistic portion of the production environment.

When attackers penetrate it and attempt nefarious activity (such as installing rootkits or other malware, escalating their privileges, or disabling functionality), the security team can monitor and record the attackers behavior.

This information can be used for defensive purposes in the actual production environment, or as evidence in litigation and prosecution actions.

What does “Vulnerability Assessments” mean in cloud computing?

A vulnerability assessment is a scan of the network to detect known vulnerabilities.

These can, of course, be automated so that they are scalable for networks of any appreciable size.

The unfortunate flaw in vulnerability assessments is that they will only detect what they know to be looking for.

That is, they only detect known vulnerabilities, and any extant vulnerabilities that are not part of the scan will go unnoticed.

Vulnerability assessments cant prevent attackers from discovering previously unknown vulnerabilities in systems and attacking them. These forms of attacks are often referred to as zero-day exploits.

What does “Communication Protection” mean in cloud computing?

The connections between the various nodes and between the datacenter and the rest of the world must also be secured.

As has already been mentioned, data in transit can be protected in several ways:

Encryption 

Data can be encrypted across the network, attenuating the possibility that someone who does not have unauthorized access (an external attacker, perhaps, or a malicious insider) would be able to acquire raw data in plaintext.

If network traffic was encrypted with a sufficient work factor, it would not reveal sensitive data even if someone captured it.

Remote connections can also be encrypted, providing the same kind of protection for user access.

Of course, encryption comes with a cost: the processing overhead increases with the volume of encrypted data, some other security controls (such as DRM, DLP, and IDS/IPS solutions) might not function in the same manner because they cannot recognize the content of the traffic, and key storage is always an issue.

Virtual Private Networks (VPNs) 

Creating a secure tunnel across untrusted networks (such as the Internet) can aid in obviating man-in-the-middle attacks such as eavesdropping and interception of sensitive data, particularly when combined with encryption.

Strong Authentication 

As with the other aspects of securing the cloud datacenter, authentication schema such as the use of robust tokens and requiring multi-factor authentication can reduce the likelihood of unauthorized users gaining access, and restricting authorized users to permitted activities.

How Cloud Provider Responsible for Secure Logical Framework in cloud datacenter?

Cloud Provider Responsible for Secure Logical Framework
Cloud Provider Responsible for Secure Logical Framework

In addition for better understanding of what is data center in cloud computing we need to first look to securing the hardware components, the cloud provider must ensure that the logical elements are likewise protected.

This includes the following: 

How to Install of Virtual OSs in the cloud data center?

The provider must ensure that the virtual OSs installed in the datacenter (on virtual or hardware hosts) are configured and installed securely.

In addition, as virtual OSs are deployed in the environment, virtualization management tools should be installed concurrently, to ensure the providers ability to monitor the virtual environment for both performance and security issues and to enforce configuration policy.

This is particularly important for creating and maintaining a secure hypervisor configuration a weak hypervisor could allow malicious actors to access and attack many of the virtual assets and a great deal of the production data.

Secure Configuration of Various Virtualized Elements 

In addition to the tangible hardware used in the datacenter, any virtual elements must also be configured securely to attenuate potential risks such as data leakage and malicious aggregation.

This is not limited to virtual hosts and OSs, but it should also include any virtualized networking or storage assets.

Leave a comment

Copy link
Powered by Social Snap