This unit explores cloud technologies and services and the models used to deliver them. Learners will learn about the fundamentals of cloud services and the security protocols used to protect data in organisations. They will also setup and configure a cloud using virtual machines and understand the importance of disaster recovery plans to ensure data can be recovered.
Understand the fundamentals of cloud services.
Characteristics of cloud services: on-demand usage, ubiquitous access, multi-tenancy, resiliency, measured usage, elasticity/scalability.
Types of delivery model: IaaS (infrastructure as a service), PaaS (platform as a service), SaaS (software as a service), DaaS (data as a service).
Types of deployment model: public, community, private, hybrid.
Types of DNS records: A record, CNAME record, TXT record, AAAA record, MXENTRY record.
Identify the characteristics of cloud services.
Explain different types of cloud service delivery and deployment models and their functionality.
Evaluate the benefits and limitations of different types of cloud service delivery and deployment models.
Describe how DNS records are used in cloud services.
Understand cloud security.
Characteristics of passwords: changed regularly, more than eight characters long, unique for each service, not using personal data, combination of alphanumeric characters, cases and symbols.
Configuration and management of passwords: multi-factor authentication, automated password reset, password policy and enforcement.
Management of users and groups: create security groups, configure security groups, cloud connectivity, invite/edit/remove users, manage application access, check login statistics.
Management of cloud identities: identity provisioning (on-boarding and off-boarding), identity management (across multiple organisations, services, devices).
security threats: insider threats (malicious and accidental), denial-of-service (DoS) attacks, SYN flood, HTTP flood,distributed denial-of-service (DDoS) attack, insecure application programming interfaces (APIs), malware, (spyware, worms, Trojans, viruses, adware, ransomware).
Minimise risk: computer usage policies, staff training, access rights/permissions, regular password resetting, malware software/malware checking, certification of APIs, collaboration of user knowledge/experience, using white/grey hat hackers, SYN cookies, collection of reverse proxies.
Describe the characteristics of passwords and how they are configured and managed in cloud services.
Explain how users, groups and identities are managed in cloud services.
Discuss the security threats to cloud services and the methods available to minimise risk.
Apply cloud technologies to virtual environments.
Setup and configuration of virtual machines: types of virtual machines and their characteristics, application, desktop (virtual desktop infrastructure (VDI), hardware (hypervisor), network, storage.
Resource allocation (host, operating system (OS), memory, storage, CPU, network).
Configuration (resource group names, network names, subnet network name, storage account name).
Benefits and limitations of virtual machines:
Benefits familiar interfaces, high availability, scalability, easy cloning, fast backup and recovery.
Limitations: security, potential downtime, oversubscription.
Benefits of cloud-based applications: automated application updates, availability on multiple devices/platforms - increased productivity, collaboration, reduces hardware costs, version control, file compatibility, security, support, automated saving.
Setup and configure a cloud using virtual machines.
Explain the benefits and drawbacks of virtual machines and cloud-based applications.
Apply cloud backup and recovery methods.
Cloud backup policy: location (onsite, offsite), types of backup (full, partial, differential, mirror, incremental), frequency.
disaster recovery plan: identify personnel, assess risks and impacts on each part of the organisation, provide step-by-step protocols (where the plan is to be found, what to do in the event of a disaster and who to contact), identify new location and equipment (where staff can work if unable to open normal place of work, what technology is available, supplier for hardware and software), identify backup locations (personnel involved, backup policies and disk of restore), provide emergency communications (who to contact, how to contact and key messages) agree timescales, service-level agreement (SLA).
Maintaining a disaster recovery plan: keeping information up to date, testing protocols, minimising risks.
Produce a cloud backup policy and disaster recovery plan to meet organisational requirements.