Domain 1 - Cloud Computing
Download a FREE Printable PDF of all the CCSP MindMaps!
Your information will remain 100% private. Unsubscribe with 1 click.
Transcript
Introduction
Hey, I’m Rob Witcher from Destination Certification. Welcome to our CCSP MindMap video series!
These MindMap videos are a small part of our complete CCSP MasterClass and they are a review tool for our students. We’re also releasing them for free here on YouTube to help everyone in their CCSP studies.
These MindMaps are definitely not meant to provide you with ALL the information you need to prepare for the CCSP exam - rather the MindMaps highlight critical concepts you need to know and do a great job of visually showing you how all these various topics fit together.
hope these MindMaps will aid in your studies. At the end of this MindMap, I’ll share some great resources that should further aid you in your studies - so watch out for that at the end.
This is the first of five MindMap videos for Domain 1. I have included links to the other MindMap videos in the description below.
Cloud computing has skyrocketed in popularity since Amazon launched what many consider to be the first major cloud service back in 2006. Nowadays, the cloud is pervasive and it’s a major part of almost every organization's infrastructure.
Why is cloud computing so popular? It's convenient, possibly cost-effective, and offers amazing flexibility.
Nailing down an exact definition of cloud computing is difficult. It’s super hard to come up with a nice concise definition of what is cloud. Cloud is many different things to many different people.
Yes, if you want to be pithy you can go with the popular phrase, “There is no cloud. It’s just someone else’s computer.” This is true most of the time, because most cloud is public cloud, which is someone else’s computer. But there is also private cloud which could be your own computers in your own data center.
And a lot of cloud is just accessing applications and you’re not thinking about the computers at all.
Like I said, it’s hard to define exactly what cloud is.
Here’s an official definition from ISO as to what exactly cloud is. But good luck making it through these two sentences without being rendered unconscious from boredom.
Cloud Computing
So what’s a better way of defining cloud?
Characteristics
By defining a series of cloud characteristics. If the service complies with the characteristics, then you can call it cloud. So let's go through these characteristics now. These characteristics are important to know for the CCSP exam!
On-Demand Self Service
The first characteristic is on-demand self-service which means users can request services and sophisticated software at the cloud service provider automatically provisions the service–usually within a matter of milliseconds or seconds. This is a huge shift from how things were done traditionally. It used to be if you wanted, say, a new server provisioned in a large company you had to submit a 17 page form to IT, and it had to be approved in triplicate, and then you had to wait four to six months for the server to be set up. On-demand self-service means basically anyone can request incredibly powerful services and have them provisioned nearly instantly. This is remarkably helpful if you want to innovate, experiment and fail fast. The dark side of on-demand self-service is shadow IT.
Broad Network Access
The next defining characteristic is broad network access which means access to cloud resources is available from multiple device types and from multiple locations. Basically, the primary way we access cloud services is through a web browser across a network. And everything has a web browser built into it and internet access nowadays, so you can access cloud services from basically everywhere.
Resource Pooling
The next defining characteristic is a really important one: resource pooling. There are three primary resources you need to do anything from a technology perspective:
First, you need compute, which is the ability to fetch instructions, decode them, execute them, and store the results. Essentially the ability to execute code.
The second resource is storage. You need to be able to store a bunch of bits somewhere–the data and code.
The third resource is network. You need to be able to move a bunch of bits around everywhere.
These are the three primary resources you need to do anything in the cloud: compute, storage and network. And a major defining characteristic of cloud is that these three primary resources are pooled and shared. As a user of cloud services you don’t typically have direct physical access to any of these resources. You’re not directly accessing a CPU, or directly accessing a hard drive, or directly sending your traffic to a physical switch or a router.
Instead, there is a layer of virtualization between the user and the resources. So instead of directly accessing a physical CPU on a physical server, you are using a virtual machine or a container, or instead of accessing a physical hard drive you’re using a virtual disk or object storage, or instead of accessing a physical switch you’re using a virtual switch. This layer of virtualization allows all the resources of the cloud to be pooled, to be shared among users much more effectively.
Resource pooling is what makes it so easy to provision new services near instantly or rapidly increase or decrease your usage of compute, storage and network.
Rapid Elasticity
This brings us to the fourth characteristic: rapid elasticity and scalability. You have the ability in the cloud to quickly provision and deprovision resources. If you need access to a bunch of additional bandwidth, it’s no problem–you can rapidly gain access to vast amounts of additional bandwidth. The same applies if you need terabytes of additional storage. You can also just as easily deprovision the resources–you can rapidly increase and decrease your usage of cloud services.
Measured Service
The final characteristic is measured service which means the cloud service provider is closely monitoring your usage of the cloud and you only pay for what you use. Resource usage is monitored and reported to the consumer, providing visibility and transparency of usage rates and costs.
Multi-tenancy
There is one more characteristic that applies to most cloud, but not all–multi-tenancy. As I mentioned earlier, most cloud is public cloud, and public cloud is a multi-tenancy environment. Anyone and everyone has access to the public cloud. However, there is also private cloud. Private cloud is reserved for one customer. Private cloud is not multi-tenancy. So, that’s why this sixth characteristic applies to most cloud but not all!
Roles
An incredibly important requirement of security is to have clearly defined roles and responsibilities. This is especially true in the cloud where you are relying on a cloud provider to properly protect your valuable data and systems. So let's talk about some important terminology that you need to know about in the cloud.
Accountability vs. Responsibility
Accountability and responsibility.
Accountability is about having ultimate ownership for an asset, activity or decision. Accountability means ultimate answerability–blameworthiness. Accountability means the throat that gets choked if something goes wrong. In other words, the accountable person is ultimately who will be in trouble if something goes wrong. Accountability can never be delegated to anyone else. This is the crucial part to remember in relation to cloud. If an owner of some data or system transfers it to the cloud, the owner remains accountable for that data or system. The cloud provider will only be responsible.
So what is responsibility? The responsible party are the ones who implement and enforce controls based on the direction of those that are accountable. So in the cloud, the cloud service provider will be responsible for data and systems. Responsibility can be given or received.
Customer / Consumer
Okay, now onto the roles. Starting at a high level: The cloud consumer is the individual or organization who is accessing cloud services or resources within a cloud. Again, the cloud consumer will ultimately remain accountable for any of their systems or data in the cloud.
Provider
The cloud service provider is the organization which is providing cloud services or resources to consumers. The cloud provider will be responsible for a consumer’s systems and data.
Broker
Cloud brokers are intermediaries between cloud consumers and providers. Brokers are essentially proxies sitting between a consumer and their provider. This allows brokers to serve a number of different roles from negotiating relationships between cloud service providers and cloud consumers, to layering on additional capabilities on top of what the cloud provider offers, or even restricting what cloud services a consumer can access.
Here are three specific types of cloud broker roles that you need to know about:
Aggregation
Aggregation is a cloud broker that combines multiple cloud services into one or more composite services to meet the needs of the customer.
Arbitrage
Arbitrage is a cloud broker that dynamically selects and switches between cloud providers to optimize cost and performance for the customer.
Intermediation
Intermediation is a cloud broker that enhances existing cloud services by adding value through additional features such as security, monitoring, or identity management.
Okay now onto a bit of a painful list of specific roles. I would highly recommend that you remember the key differences between these roles. We’ve created a downloadable PDF of these roles that highlights the differences.
Cloud Developer
Cloud developers are responsible for the development of the cloud infrastructure (for example: compute, storage, network).
Cloud Administrator
Cloud administrators are responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports.
Cloud Service Manager
Cloud service managers are responsible for the provisioning and delivery of cloud services, and the overall management of cloud services.
Cloud Service Business Manager
Cloud service business managers are responsible for gathering metrics on cloud services, managing cloud deployments and the deployment process, and defining the environments and processes.
Cloud Service Deployment Manager
Cloud service deployment managers are responsible for overseeing business and billing administration, customer relationships, purchasing cloud services, and requesting audit reports when necessary.
Cloud Service Integrator
Cloud service integrators are responsible for connecting and integrating existing on-premise systems and services with a cloud environment.
Cloud Regulator
Cloud regulators are responsible for overseeing the compliance, security, and operational standards for cloud computing environments to ensure that providers and users adhere to regulatory requirements and best practices.
Service Models
Ok, now onto the cloud service models. These are the various ways cloud computing resources are provided to users. Each service model offers different levels of control, flexibility, and management responsibilities.
IaaS
Starting with infrastructure as a service which is a virtualized environment where customers can deploy virtualized servers, appliances, storage, and networking components in a similar manner to a physical data center. Virtual firewalls, virtual routers, virtual switches, virtual machines, etc. The cloud consumer has the greatest amount of control in infrastructure as a service.
PaaS
Platform as a service provides the services and functionality for customers to develop and deploy their own custom applications.
SaaS
Software as a service is software offered by a cloud service provider that is available on demand, typically via the Internet. Essentially a cloud consumer is simply renting access to an application. Accordingly, the cloud consumer has the least amount of control in software as a service.
Here’s a summary of the three major service models.
And here is where two additional important service models, that we are going to talk about in detail in domain 3, fit in.
Containers as a service fits in roughly between infrastructure as a service and platform as a service. Functions as a service fits in roughly between platform as a service and software as a service.
XaaS: IDaaS, NaaS, CompaaS
Beyond these service models, there are dozens, hundreds, maybe thousands of other service models in the cloud, such as database-as-a-service (DBaaS), network-as-a-service (NaaS), monitoring-as-a-service (MaaS), and the list goes on and on.
Deployment Models
Let’s now move on to talk about the deployment models. These are the different configurations in which cloud services are made available to users, determining how resources are managed, owned, and accessed. Essentially who owns and manages the cloud infrastructure, and who has access to it.
Public Cloud
Public cloud is the easiest: it’s accessible by anyone and everyone. It’s accessible by the public. The cloud infrastructure will be owned and operated by a cloud service provider.
Private Cloud
Private cloud is only accessible by one cloud customer. That’s the simple part. Who owns and manages the infrastructure is where things get very complicated. Private cloud could be infrastructure owned and fully operated by a company in their own data center. Or it could be infrastructure owned and operated by a cloud service provider on behalf of the customer–and everything in between. For example, Amazon can ship customers pre-built racks of Amazon equipment which runs Amazon’s cloud services, but running from racks of equipment installed in the customers data center. Just remember the simplest definition of private cloud: cloud which is reserved for and only accessible by a single customer.
Community Cloud
Community cloud is a deployment model where the infrastructure is shared among several organizations that have similar requirements, such as security, compliance, or jurisdiction, allowing them to collaborate on projects and share resources efficiently.
Hybrid-cloud
A hybrid cloud deployment model combines public and private clouds, allowing data and applications to be shared between them for greater flexibility and optimization of existing infrastructure, security, and compliance. This model enables organizations to leverage the scalability and cost-efficiency of public clouds while maintaining the control and security of private clouds.
Multi-cloud
The final deployment model is multi-cloud, which means using multiple public cloud services from different public cloud providers to optimize performance, avoid vendor lock-in, and enhance reliability. This approach allows organizations to distribute workloads across various cloud platforms, leveraging the strengths of each provider while maintaining flexibility and redundancy.
Here is a summary of the cloud deployment models.
And that is the first of our MindMaps in the series covering the most critical concepts you need to know for the exam.
As promised here is a really great - entirely free - resource that I think you’ll find super helpful in your studies.
We have detailed write-ups for each of the six CCSP domains on our website.
For each domain we go into way more detail on the topics you need to know for the exam. And there are tons of tables and diagrams included.
Links to the domain summaries are in the description of this video - So them out, I think you’ll find it really helpful in your studies!
IIf you found this video helpful you can hit the thumbs up button and if you want to be notified when we release additional videos in this CCSP MindMaps series, then please subscribe and hit the bell icon to get notifications.
If you’re looking for the easiest way to achieve your CCSP certification, then checkout our CCSP MasterClass. Link is in the description below.
All the best in your studies!