adam's notes

Cloud Deployment Models

cloud deployment model classifies how a cloud service is owned and provisioned.

  • define the specific architecture of cloud-based services
  • models describe the technology, resources, locations of data, applications, and services a cloud provides

Models

Private Cloud

Private cloud is cloud infrastructure that is completely private to and owned by the organization.

  • one business unit dedicated to managing the cloud,
    • other business units make use of it
  • geared more toward banking and governmental services that require strict access control in their operations
  • could be on-premises or off-site relative to the other business units
    • on-site link
      • can deliver better performance
      • is less likely to be subject to outages
    • dedicated off-site facility may provide better shared access for multiple users in different locations
  • Benefits
    • greater control over the privacy and security of services
    • greater flexibility, scalability, agility
    • gain cost effectiveness of cloud without sharing resources
  • Cons
    • require more up-front capital and ongoing maintenance than a public cloud

Hosted private is cloud infrastructure hosted by a third party for the exclusive use of one organization.

  • aka single tenant
  • more secure and can guarantee a better level of performance
    • more expensive

Public Cloud

Public cloud is deployed for shared use by multiple independent tenants.

  • aka multitenant
  • is a service offered by cloud service providers (CPSs) to cloud consumers (tenants)
  • designed for public access
  • As a shared resource, there are risks regarding performance and security
  • services are hosted on a third-party infrastructure and accessed via the Internet
  • e.g., Amazon AWS, Microsoft Azure, Google Cloud, Linode, IBM Cloud, Oracle Cloud, etc.

Cloud service provider (CSP) is an organization providing infrastructure, application, and/or storage services via an “as a service” subscription-based, cloud-centric offering

  • can offer:
    • subscriptions
    • pay-as-you-go financing
    • lower-tier services free of charge
  • oversubscription means that a cloud provider can sell customers a total capacity that exceeds the actual physical capacity of the infrastructure
    • customers will rarely use all the capacity simultaneously
      • if it does happen, causes performance slowdowns and outages

Multi-Cloud

Multi-cloud architectures are where the consumer organization uses services from more than one CSP.

  • Benefits
    • can take advantage of service and price differences
    • reduced risk of reliance on sole provider
  • Cons
    • added complexity

Community Cloud

Community cloud is where several organizations share the costs of either a hosted private or fully private cloud.

  • done to pool resources for a common concern, such as standardization and security policies
  • not open to public
  • can be provisioned by a third party on behalf of members of a community
    • e.g., CSP offering FedRAMP cloud service for use only by U.S. federal gov customers

Hybrid

Hybrid cloud deployment uses elements of both public and private models.

  • implements some sort of hybrid public/private/community
  • E.g.,
    • travel organization may run a sales website for most of the year using a private cloud but “break out” the solution to a public cloud at times when much higher utilization is forecast
  • may be used to provide some functions via a public cloud
    • but keep sensitive or regulated infrastructure, applications, and data on-premises
  • companies can store data in a private cloud
    • but also leverage the resources of a public cloud when needed

Benefits

  • greater flexibility and scalability
  • cost savings
  • allows for a smoother transition to the cloud for companies that may need more time to migrate all of their data
  • can provide data redundancy features
    • e.g., replicating data across on-premises and cloud infrastructure
    • can achieve data protection
    • can also lead to issues with data consistency stemming from synchronization problems among multiple locations

Cons/Challenges

  • presents security challenges
    • managing multiple cloud environments
      • complex
      • integrating them with on-premises infrastructure
        • can create security gaps
        • increase the risk of data breaches
    • enforcing consistent security policies across all environments
    • potential for unauthorized access to data and applications,
      • particularly when sensitive information is stored in the public cloud
    • often mistakes caused by confusion over the boundary between on-premises and public cloud infrastructure
  • adds additional complexity to data governance and security operations
    • compliance applies to both environments
  • challenging to establish SLAs
    • due to integration of different cloud and on-premises systems
  • concerns related to the hybrid cloud include:
    • potential for increased network latency
      • due to large data transfer volumes between on-premises and cloud environments that impact application performance
    • monitoring the hybrid environment can be more complex
      • due to the requirement for specialized expertise and tools

Security Considerations

Different cloud architecture models have varying security implications to consider when deciding which one to use.

  • Single-tenant architecture
    • provides dedicated infrastructure to a single customer, ensuring that only that customer can access the infrastructure
    • offers the highest level of security
      • customer has complete control over the infrastructure
    • can be more expensive than multi-tenant architecture
    • customer is responsible for managing and securing the infrastructure
  • Multi-tenant architecture
    • multiple customers share the same infrastructure, with each customer’s data and applications separated logically from other customers
    • cost-effective
    • can increase the risk of unauthorized access or data leakage if not properly secured
  • Hybrid architecture
    • uses public and private cloud infrastructure
    • provides greater flexibility and control over sensitive data and applications
      • by allowing customers to
        • store sensitive data on private cloud infrastructure
        • while using public cloud infrastructure for less sensitive workloads
    • requires careful management to ensure proper integration and security between the public and private clouds
  • Serverless architecture
    • cloud provider manages the infrastructure and automatically scales resources up or down based on demand
    • can be more secure than traditional architectures
      • cloud provider manages and secures the infrastructure
    • customers must secure access to their applications and data

Graph View

Backlinks