DOCSLIB.ORG

Deploying and Managing a Cloud Infrastructure

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Deploying and Managing a Cloud Infrastructure Deploying and Managing a Cloud Infrastructure Deploying and Managing a Cloud Infrastructure Real World Skills for the CompTIA Cloud+™ Certification and Beyond Zafar Gilani Abdul Salam Salman UI Haq Acquisitions Editor: Kenyon Brown Development Editor: Tom Cirtin Technical Editor: Kunal Mittal Production Editor: Christine O’Connor Copy Editor: Judy Flynn Editorial Manager: Pete Gaughan Production Manager: Kathleen Wisor Associate Publisher: Jim Minatel Media Supervising Producer: Rich Graves Book Designers: Judy Fung and Bill Gibson Compositor: Craig Woods, Happenstance Type-O-Rama Proofreader: Kim Wimpsett Indexer: Nancy Guenther Project Coordinator, Cover: Patrick Redmond Cover Image: Wiley Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-87510-0 ISBN: 978-1-118-87529-2 (ebk.) ISBN: 978-1-118-87558-2 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley .com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically dis- claim all warranties, including without limitation warranties of fitness for a particular purpose. No war- ranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2014951019 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Cloud+ is a trademark of CompTIA Properties LLC. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. 10 9 8 7 6 5 4 3 2 1 I dedicate this book to my family and my alma maters: NUST, UPC, and KTH. —Zafar Gilani This book is dedicated to my father and mother, for their kindness and devotion and for their endless support when I was busy writing this book. Without their prayers and support, it would not have been possible for me to complete this book. —Abdul Salam I dedicate this book to my father. May he live a long and happy life. —Salman Ul Haq Acknowledgments I thank Thomas Cirtin, Kenyon Brown, Christine O’Connor and the rest of Wiley’s editorial team for their important comments and suggestions. —Zafar Gilani I would like to express my gratitude to Ms. Asifa Akram, for her support, patience, and encouragement throughout the project. It is not often that one finds an advisor and friend who always finds the time to listen to the little problems and roadblocks that unavoidably crop up in the course of performing research. Her technical advice was essential to the completion of this book and has taught me innumerable lessons and insights on the writing of this technical ebook. —Abdul Salam I would like to thank my family for giving me the time and space required to complete chapters of this book. The awesome team at Wiley has perfectly managed the execution of this book, especially Thomas Cirtin for reviewing the manuscripts and Jeff Kellum, who initially started with the project but is no longer with Wiley. Finally, I would like to thank Zafar for keeping everyone engaged. —Salman Ul Haq About the Authors Zafar Gilani is a full-time researcher and a PhD candidate at the University of Cambridge Computer Laboratory. Prior to starting his doctoral degree program in 2014, he successfully completed his master of science degree in the field of distributed computing. During that time, he was an Erasmus Mundus scholar at Universitat Politècnica de Catalunya (UPC) and Kungliga Tekniska högskolan (KTH) from 2011 to 2013. For his master’s thesis research, he worked on spatio-temporal characterization of mobile web content at Telefonica Research, Barcelona. One of the technological use cases of his research became the basis for developing mobile web content pre-staging for cellular networks. Prior to starting master’s studies, he worked at SLAC National Accelerator Laboratory as a visiting scientist from 2009 to 2011. At SLAC he was involved in the research and develop- ment of Internet performance monitoring techniques and applications for geo-location of IP hosts. He graduated from NUST School of Electrical Engineering and Computer Science with a bachelor of science in computer science in 2009. He worked on providing InfiniBand support to MPJ Express (a Java-based MPI-like library) as his bachelor of science thesis research work. He can be reached on LinkedIn and at [email protected]. Abdul Salam is a senior consultant with Energy Services. He has more than seven years of broad experience in cloud computing, including virtualization and network infrastruc- ture. Abdul’s previous experience includes engineering positions at multinational firms. Abdul has authored numerous blogs, technical books and papers, and tutorials as well as web content on IT. He earned a bachelor degree in information technology followed by a master of business administration in information technology and technical certifications from Cisco and Juniper Networks. You can contact him at LinkedIn. Salman Ul Haq is a techpreneur and chief hacker at TunaCode. His interest in cloud com- puting grew when Amazon launched Amazon Web Services (AWS), which ushered in the modern cloud. His core expertise is in building computer vision systems and APIs for the cloud. He is co-inventor of CUVI and gKrypt SDKs. His other interests include big data, especially when combined with advanced AI in the cloud, and data security in the cloud. He can be reached at [email protected]. Contents at a Glance Introduction xxiii Chapter 1 Understanding Cloud Characteristics 1 Chapter 2 To Grasp the Cloud—Fundamental Concepts 27 Chapter 3 Within the Cloud: Technical Concepts of Cloud Computing 53 Chapter 4 Cloud Management 87 Chapter 5 Diagnosis and Performance Monitoring 121 Chapter 6 Cloud Delivery and Hosting Models 157 Chapter 7 Practical Cloud Knowledge: Install, Configure, and Manage 181 Chapter 8 Hardware Management 221 Chapter 9 Storage Provisioning and Networking 245 Chapter 10 Testing and Deployment: Quality Is King 287 Chapter 11 Cloud Computing Standards and Security 323 Chapter 12 The Cloud Makes It Rain Money: The Business in Cloud Computing 347 Chapter 13 Planning for Cloud Integration: Pitfalls and Advantages 375 Appendix The CompTIA Cloud+ Certification Exam 397 Index 417 Contents Contents Introduction xxiii It Pays to Get Certified Chapter 1 Understanding Cloud Characteristics 1 Basic Terms and Characteristics 2 Elasticity 2 On-Demand Self-service/JIT 3 Templating 4 Pay as You Grow 6 Pay-as-You-Grow Theory vs. Practice 7 Chargeback 8 Ubiquitous Access 9 Metering Resource Pooling 10 Multitenancy 11 Cloud Bursting 13 Rapid Deployment 14 Object Storage Concepts 16 File-Based Data Storage 16 Object Storage 18 Structured vs. Unstructured Data 18 REST APIs 19 Summary 25 Chapter Essentials 26 Chapter 2 To Grasp the Cloud—Fundamental Concepts 27 The True Nature of the Cloud 28 Elastic 29 Massive 29 On Demand 29 Virtualized 30 Secure 30 Always Available 30 Virtualization and Scalability 31 The True Definer of Cloud Computing 32 Serving the Whole World 32 The Cloud Hypervisor 33 Type 1 and Type 2 33 Use Cases and Examples 34 Benefits of Hypervisors 35 Hypervisor Security Concerns 35 Proprietary vs. Open Source 36 Moore’s Law, Increasing Performance, and Decreasing Enterprise Usage 36 Xen Cloud Platform (Open Source) 37 xii Contents KVM (Open Source) 38 OpenVZ (Open Source) 38 VirtualBox (Open Source) 39 Citrix XenServer (Proprietary) 39 VMware vSphere/ESXi (Proprietary) 39 Microsoft Windows Server 2012 Hyper-V 41 Consumer vs.
Load more

Recommended publications
  • Vsrx Deployment Guide for Google Cloud Platform
    vSRX Deployment Guide for Google Cloud Platform Published 2020-09-22 ii Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. vSRX Deployment Guide for Google Cloud Platform Copyright © 2020 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. iii Table of Contents About the Documentation
    [Show full text]
  • Migrating from Storsimple to Azure Netapp Files and Global File Cache
    REFERENCE ARCHITECTURE Globally Distributed Enterprise File Sharing with Azure NetApp Files and NetApp Global File Cache Evolving from StorSimple to next-gen Azure solutions. Table of contents Introduction 3 Solution overview 3 A New Data Store with Azure NetApp Files 4 Azure NetApp Files features 4 Using Azure NetApp Files to consolidate distributed file servers 5 Accessing the ANF datastore with a Global File Cache fabric 5 NetApp Global File Cache Edge 6 NetApp Global File Cache Edge instance 6 Network connectivity 6 Configuration guidelines 6 Azure NetApp Files with Global File Cache topology 6 Deployment methodologies 7 Operating environment summary 7 User experience 7 Migrate your StorSimple data to Azure NetApp Files 8 Overview of data migration – StorSimple to Azure NetApp Files 8 Getting the data to Azure 8 Volume Clone 8 Create Azure VM 8 Connecting to the Cloud Appliance 8 Create Azure NetApp Files share 9 Data copy 9 Summary 9 2 Document title Streamline and simplify IT storage Solution overview and infrastructure by centralizing NetApp Global File Cache + Azure NetApp Files: unstructured data into Microsoft Azure a “major step” in unstructured data management for the distributed enterprise using Azure NetApp Files to provide 85% of companies are in the process of adopting a fast local and geographically distributed cloud transformation strategy. This means combining access with NetApp Global File Cache™. on-premises, hybrid, and public cloud services and associated storage technologies, like file/block-based and object storage (e.g., Azure BLOB) to host both Introduction structured and unstructured data. Why did people use StorSimple...what are the NetApp and Microsoft recognize the impact on primary use-cases? the organization, end users, distributed IT strategy, • Unstructured file shares that can be more easily datacenter, and cloud operations.
    [Show full text]
  • AWS Risk and Compliance Whitepaper for Additional Details - Policy Available At
    Amazon Web Services: Risk and Compliance January 2017 (Consult http://aws.amazon.com/compliance/resources for the latest version of this paper) Amazon Web Services Risk and Compliance January 2017 This document is intended to provide information to assist AWS customers with integrating AWS into their existing control framework supporting their IT environment. This document includes a basic approach to evaluating AWS controls and provides information to assist customers with integrating control environments. This document also addresses AWS-specific information around general cloud computing compliance questions. Table of Contents Risk and Compliance Overview .......................................................................................................................3 Shared Responsibility Environment ............................................................................................................................................... 3 Strong Compliance Governance ...................................................................................................................................................... 4 Evaluating and Integrating AWS Controls ...................................................................................................4 AWS IT Control Information ........................................................................................................................................................... 5 AWS Global Regions .........................................................................................................................................................................
    [Show full text]
  • Microsoft Storsimple Configuration with Expressroute
    MICROSOFT STORSIMPLE CONFIGURATION WITH EXPRESSROUTE Version: 1.0 Copyright This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy, use and modify this document for your internal, reference purposes. © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows Azure, StorSimple, Hyper-V, Internet Explorer, Silverlight, SQL Server, Windows, Windows PowerShell, and Windows Server are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. Table of contents Introduction .............................................................................................................................................................................................. 4 Physical Appliance High Level Solution Architecture................................................................................................................... 5 Virtual Appliance High Level Solution Architecture ..................................................................................................................... 6 Physical Appliance Detailed Traffic Matrix .....................................................................................................................................
    [Show full text]
  • Building a Cloud-Enabled File Storage Infrastructure
    F5 White Paper Building a Cloud-Enabled File Storage Infrastructure A cloud-enabled infrastructure can help your organization seamlessly integrate cloud storage and maximize cost savings, while also offering significant benefits to your traditional file storage environments. by Renny Shen Product Marketing Manager White Paper Building a Cloud-Enabled File Storage Infrastructure Contents Introduction 3 What Makes a Cloud? 3 Types of Cloud Storage 4 What Makes Cloud Storage Different? 4 Accessing Files Remotely over the Network 5 Accessing Files on Object-Based Storage 5 Unique Cost Structure 6 Where Clouds Make Sense 7 Fitting the Cloud into a Tiered Storage Framework 7 Expanding the Parameters for Tiering with the Cloud 8 Defining Cloud-Enabled 9 Integrating Different Types of Storage 10 Non-Disruptive File Migration 11 Automated Storage Tiering 11 Benefits of a Cloud-Enabled Infrastructure 12 Reduced Storage Costs 12 Reduced Backup Times and Costs 13 Reduced Operational Costs 13 The F5 Cloud Storage Model 13 Creating a Private Cloud 15 Conclusion 18 2 White Paper Building a Cloud-Enabled File Storage Infrastructure Introduction Cloud storage offers enterprise organizations the opportunity to bring constantly rising file storage costs and management burden under control. By moving appropriate types of files to the cloud, organizations can reduce not only the amount of storage capacity that they need to purchase, but also the operational overhead involved in managing it. In addition, the cloud enables storage capacity to be increased on demand, while charging organizations only for the amount of storage that is actually utilized. Cloud storage will bring many changes to the way enterprises manage storage.
    [Show full text]
  • Download (5MB)
    This work is protected by copyright and other intellectual property rights and duplication or sale of all or part is not permitted, except that material may be duplicated by you for research, private study, criticism/review or educational purposes. Electronic or print copies are for your own personal, non- commercial use and shall not be passed to any other individual. No quotation may be published without proper acknowledgement. For any other use, or to quote extensively from the work, permission must be obtained from the copyright holder/s. An assessment model for Enterprise Clouds adoption Usman Nasir PhD (Computer Science) December 2017 Keele University, UK An assessment model for Enterprise Clouds adoption ABSTRACT Context: Enterprise Cloud Computing (or Enterprise Clouds) is using the Cloud Computing services by a large-scale organisation to migrate its existing IT services or use new Cloud based services. There are many issues and challenges that are barrier to the adoption of Enterprise Clouds. The adoption challenges have to be addressed for better assimilation of Cloud based services within the organisation. Objective: The aim of this research was to develop an assessment model for adoption of Enterprise Clouds. Method: Key challenges reported as barrier in adoption of Cloud Computing were identified from literature using the Systematic Literature Review methodology. A survey research was carried out to elicit industrial approaches and practices from Cloud Computing experts that help in overcoming the key challenges. Both key challenges and practices were used in formulating the assessment model. Results: The results have highlighted that key challenges in the adoption of Enterprise Clouds are security & reliability concerns, resistance to change, vendor lock-in issues, data privacy and difficulties in application and service migration.
    [Show full text]
  • Emerging Technology Roundtable - Cloud Computing on the Bulk Electric System November 16, 2016 Agenda - Emerging Technology Roundtable
    Emerging Technology Roundtable - Cloud Computing on the Bulk Electric System November 16, 2016 Agenda - Emerging Technology Roundtable 2 RELIABILITY | ACCOUNTABILITY [email protected] 3 RELIABILITY | ACCOUNTABILITY A Resilient and Trustworthy Cloud and Outsourcing Security Framework for Power Grid Applications Jianhui Wang Energy Systems Division, Argonne National Laboratory NERC Emerging Technologies Roundtables November 16, 2016 Presentation Outline 1. Introduction to Cloud Computing 2. Project Overview 3. Progress to date 4. Conclusions 2 Introduction to Cloud Computing What is it, the Need, Benefits, and Challenges 3 What is Cloud Computing? . Cloud Computing is an umbrella term used to refer to Internet-based development and services – a group of integrated and networked hardware, software and Internet infrastructures – Using the Internet for communication and transport provides hardware, software and networking services to end-users . Cloud platforms hide the complexity of the underlying infrastructure from users by providing simple graphical interfaces 4 Essential Characteristics of Cloud Computing 1. Resource Pooling – No need to have servers in-house – Reduce the need for advanced hardware in-house 2. Broad Network Access – Data is available anytime, anyplace, and anywhere – Secure backup and disaster recovery of data 3. Rapid Elasticity – Quickly scale operations 4. On-Demand Self Service – Pay for only your use 5. Measured Service Characteristics defined by NIST – Resource usage can be monitored, controlled, and reported
    [Show full text]
  • Storsimple & Microsoft
    Building a SharePoint 2013 Public Web Site Presented by Peter Carson President, Envision IT March 27, 2013 Peter Carson • President, Envision IT • SharePoint MVP • Virtual Technical Specialist, Microsoft Canada • [email protected] • http://blog.petercarson.ca • www.envisionit.com • Twitter @carsonpeter • VP Toronto SharePoint User Group Agenda • Envision IT Overview • Example Public Sites • Hosting and Licensing • SharePoint 2013 Web Content Management Features • Christie Medical Business Case • Hosting in Azure • Wrap-up and Q&A Envision IT Services Overview Focused on complex SharePoint solutions, Envision IT is the “go-to” partner for Microsoft SharePoint, building integrated public web sites, Intranets, Extranets, and web applications that leverage your existing systems anywhere over the Internet. Products Public Web Sites and Extranets on SharePoint • Public web sites are pure anonymous sites • Extranets are sites that allow external users to authenticate to consume or contribute content securely • These can be combined in a single site • SharePoint is ideal for all of the above EXAMPLE PUBLIC SITES HOSTING AND LICENSING Hosting Options Site Type On-Premise Office 365 Azure Third-Party Public Web Yes Very simple Yes Yes Site Extranet Yes Yes Yes Yes Combined Yes No Yes Yes Office 365 Notes . Only very simple public web sites can be hosted in Office 365 . Microsoft currently provides up to 10,000 external clients with Windows Live ID access to an Extranet with no additional subscription costs . A combined public web site and Extranet
    [Show full text]
  • Vcloud Air Virtual Private Cloud Ondemand: Vmware, Inc
    FREQUENTLY ASKED QUESTIONS VMware vCloud Air Virtual Private Cloud OnDemand Q. What is Virtual Private Cloud OnDemand? Sign up and you can be configuring VMs in minutes instead of the hours or days required to process a purchase order. For A. VMware vCloud® Air™ Virtual Private Cloud OnDemand is an more information, visit http://vcloud.vmware.com/service- industry-leading infrastructure-as-a-service (IaaS) offering offering/virtual-private-cloud-ondemand that allows customers to consume specific vCPU, vRAM, Storage, Network, IP and even Support as incremental Q. How is this service different from AWS or Microsoft Azure? pay-as- you-go services. Individuals can register to access A. While various IaaS providers share many common core these resources online with a credit card with no upfront capabilities, there are several areas where VMware resource commitment and no upfront cost. Charges will be differentiates itself: incurred as the resources are consumed (metered by minute) and billed on a monthly basis. • Fully Hybrid; Truly extends the customer data center with a hybrid platform that requires no VM conversions, offers Q. What does the service provide? seamless extensible networking, is optimized for BOTH A. Customers have the ability to create and manage new virtual existing apps as well as new apps, and leverages a single data centers and VMs using completely a-la-carte resources common set of management tools and processes. into the region of their choice. Customers can self-provision • Configurable: Enables you to choose exactly the VM amounts of compute, RAM, storage and public IPs as needed dimensions you want with any ratio of CPU, memory and and continue to benefit from the large list of supported disc, as opposed to being forced to choose among pre- Operating Systems and Applications.
    [Show full text]
  • Veeam for the Microsoft Cloud Transforming Data Protection with Integrations for Microsoft Azure and Microsoft Office 365
    Solution Brief Veeam for the Microsoft Cloud Transforming data protection with integrations for Microsoft Azure and Microsoft Office 365 As enterprises accelerate the adoption of a multi-cloud strategy, the need to ensure Availability for any application and any data, across any cloud infrastructure, Overview is more important than ever. Veeam for the Microsoft Cloud Veeam® for the Microsoft Cloud provides tightly integrated solutions for enterprises provides a consolidated solution of all sizes enabling Availability for virtual, physical and cloud-based workloads — for virtual, physical and cloud-based eliminating complexity and simplifying business continuity between your data workloads with integrations for center and the Microsoft Cloud. Microsoft Azure and Office 365. Our seamless solutions provide you the ability to lower costs by archiving data to Veeam Availability Platform Azure, mitigate risk by backing up Office 365, and ensure Availability of cloud-based and the Microsoft Cloud workloads with the protection of Azure virtual machines. We’ve extended the industry Archiving and recovery to Microsoft Azure leading VMware and Hyper-V data protection to deliver #1 Availability Even though most companies realize the importance of backing up their data, many for any app, any data on any cloud! put their businesses at risk by failing to have at least one copy of their data off site and in the cloud. Veeam recognizes the importance of the 3-2-1 Rule, to maintain Providing: at least three copies of data, stored on at least two different types of storage media, • Non-Stop Business Continuity with one copy off site. to instantly recover cross-cloud anything to anywhere Veeam helps you achieve the final step of the 3-2-1 Rule with archives in Microsoft Azure, offering both full and file-level granular recovery back to the customer’s • Digital Transformation Agility on-premises environment or in Microsoft Azure.
    [Show full text]
  • Acronis Backup 12.5
    Acronis Backup 12.5 BEST PRACTICES Revision: 12/12/2019 Table of contents 1 Introduction ....................................................................................................................5 2 Acronis Backup components and architecture ..................................................................5 2.1 Resource usage calculator ......................................................................................................... 8 2.2 Licensing .................................................................................................................................... 9 2.2.1 Policy ................................................................................................................................................................ 9 2.2.2 License Server ................................................................................................................................................ 10 2.2.3 Using Standard and Advanced on one Management Server ..................................................................... 10 3 Single and isolated machines.......................................................................................... 11 3.1 Preparing for deployment .......................................................................................................11 3.1.1 Software requirements for single and isolated machines ......................................................................... 11 3.1.2 Hardware requirements and sizing .............................................................................................................
    [Show full text]
  • Google Cloud Security Whitepapers
    1 Google Cloud Security Whitepapers March 2018 Google Cloud Encryption at Rest in Encryption in Transit in Application Layer Infrastructure Security Google Cloud Google Cloud Transport Security Design Overview in Google Cloud 2 Table of Contents Google Cloud Infrastructure Security Design Overview . 3 Encryption at Rest in Google Cloud . 23 Encryption in Transit in Google Cloud . 43 Application Layer Transport Security in Google Cloud . 75 3 A technical whitepaper from Google Cloud 4 Table of Contents Introduction . 7 Secure Low Level Infrastructure . 8 Security of Physical Premises Hardware Design and Provenance Secure Boot Stack and Machine Identity Secure Service Deployment . 9 Service Identity, Integrity, and Isolation Inter-Service Access Management Encryption of Inter-Service Communication Access Management of End User Data Secure Data Storage . 14 Encryption at Rest Deletion of Data Secure Internet Communication . 15 Google Front End Service Denial of Service (DoS) Protection User Authentication Operational Security . 17 Safe Software Development Keeping Employee Devices and Credentials Safe Reducing Insider Risk Intrusion Detection 5 Securing the Google Cloud Platform (GCP) . .. 19 Conclusion . 21 Additional Reading . 22 The content contained herein is correct as of January 2017, and represents the status quo as of the time it was written. Google’s security policies and systems may change going forward, as we continually improve protection for our customers. 6 CIO-level summary • Google has a global scale technical infrastructure designed to provide security through the entire information processing lifecycle at Google. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.
    [Show full text]