Big like Google Cloud Physical Infrastructure is more powerful but doesn’t matter the blue print is same for Mid-to-large corporations and government entities, independent system vendors (ISVs), and service providers use cloud infrastructure to build private and public clouds and deliver cloud computing services.
Virtualization provides the foundation for cloud computing, enabling rapid deployment of IT resources from a shared pool and economies of scale.
Integration reduces complexity and administrative overhead and facilitates automation to enable end-user resource provisioning, allocation and reallocation of physical capacity, and information security and protection, without IT staff intervention.
Fully capturing and effectively delivering the benefits of cloud computing requires a tightly integrated infrastructure that is optimized for virtualization, but an infrastructure built for cloud computing provides numerous benefits:
- Flexible and efficient utilization of infrastructure investments
- Faster deployment of physical and virtual resources
- Higher application service levels
- Less administrative overhead
- Lower infrastructure, energy, and facility costs
- Increased security
Google Cloud infrastructure encompasses the computers, storage, network, components, and facilities required for cloud computing and IT as a service (ITaaS).
Google Cloud computing infrastructure includes the following:
- Servers: Physical servers provide host machines for multiple VMs or guests.
- A hypervisor running on the physical server allocates host resources (CPU and memory) dynamically to each VM.
- Virtualization: Virtualization technologies abstract physical elements and location. IT resources—servers, applications, desktops, storage, and networking—are uncoupled from physical devices and presented as logical resources.
- Examples include virtual switches and virtual NICs, as well as the use of software definition for networking and storage.
- Storage: SAN, NAS, and unified systems provide storage for primary block and file data, data archiving, backup, and business continuance.
- Advanced storage software components are utilized for big data, data replication, cloud-to-cloud data movement, and HA.
- Network: Switches interconnect physical servers and storage. Routers provide LAN and wide area network (WAN) connectivity. Additional network components provide firewall protection and traffic load balancing.
- Management: Cloud infrastructure management includes server, network, and storage orchestration, configuration management, performance monitoring, storage resource management, and usage metering.
- Security: Components ensure information security and data integrity, fulfill compliance and confidentiality needs, manage risk, and provide governance.
- Backup and recovery: Virtual servers and virtual desktops are backed up automatically to disk or tape. Advanced elements provide continuous protection, multiple restore points, data deduplication, and DR.
- Infrastructure systems: Pre-integrated software and hardware, such as complete backup systems with deduplication and prepacked platforms containing servers, hypervisor, network, and storage, streamline cloud infrastructure deployment, and further reduce complexity.
Configuring Access Control for Remote Access
Cloud-based systems provide resources to users across many different deployment methods and service models, as has been discussed throughout this article . According to NIST SP 800-145,
“The NIST Definition of Cloud Computing,” the three service models for cloud computing are a software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
The Google Cloud infrastructure contain four cloud deployment methods are private cloud, public cloud, community cloud, and hybrid cloud.
Regardless of the model, deployment method, and scope of the cloud system in use, the need to allow customers to securely access data and resources are consistent.
Your job as a Google Cloud infrastructure professionals is to ensure that all authenticated and authorized users of a cloud resource can access that resource securely, ensuring that confidentiality and integrity are maintained, if necessary, and that availability is maintained at the documented and agreed upon levels for the resource based on the SLA in force.
Some of the threats that the Google Cloud infrastructure professionals needs to consider regarding remote access are as follows:
- Lack of physical security controls
- Unsecured networks
- Infected endpoints accessing the internal network
- External access to internal resources
Given the nature of cloud resources, all customer access is remote. Several methods are available for controlling remote access, including these:
- Tunneling via a VPN IPSec or SSL
- Remote desktop protocol (RDP), which allows for desktop access to remote systems
- Access via a secure terminal
- Deployment of a DMZ
There are several cloud environment access requirements. The cloud environment should provide each of the following:
- Encrypted transmission of all communications between the remote user and the host
- Secure login with complex passwords or certificate-based login
- Two-factor authentication providing enhanced security
- A log and audit of all connections
It is important to establish OS baseline compliance monitoring and remediation. In doing so, determine who is responsible for the secure configuration of the underlying OSs installed in the cloud environment based on the deployment method and service model being used.
Regardless of who is responsible, a secure baseline should be established, and all deployments and updates should be made from a change- and version-controlled master image.
Conduct automated and ad hoc vulnerability scanning and monitoring activities on the underlying infrastructure to validate compliance with all baseline requirements.
This ensures that any regulatory-based compliance issues and risks are discovered and documented. Resolve or remediate any deviation promptly.
Sufficient supporting infrastructure and tools should be in place to allow for the patching and maintenance of relevant infrastructure without impact on the end-user or customer.
Patch management and other remediation activities typically require entry into maintenance mode.
Many virtualization vendors offer OS image baselining features as part of their platforms.
The specific activities and techniques that will be used to create, document, manage and deploy OS image baselines vary by vendor. Follow the best practice recommendations and guidance provided by the vendor.