Deploying and Managing a Cloud Infrastructure Deploying and Managing a Cloud Infrastructure Real World Skills for the CompTIA Cloud+™ Certification and Beyond Zafar Gilani Abdul Salam Salman UI Haq Acquisitions Editor: Kenyon Brown Development Editor: Tom Cirtin Technical Editor: Kunal Mittal Production Editor: Christine O’Connor Copy Editor: Judy Flynn Editorial Manager: Pete Gaughan Production Manager: Kathleen Wisor Associate Publisher: Jim Minatel Media Supervising Producer: Rich Graves Book Designers: Judy Fung and Bill Gibson Compositor: Craig Woods, Happenstance Type-O-Rama Proofreader: Kim Wimpsett Indexer: Nancy Guenther Project Coordinator, Cover: Patrick Redmond Cover Image: Wiley Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-87510-0 ISBN: 978-1-118-87529-2 (ebk.) ISBN: 978-1-118-87558-2 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (877) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com Library of Congress Control Number: 2014951019 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission Cloud+ is a trademark of CompTIA Properties LLC All other trademarks are the property of their respective owners John Wiley & Sons, Inc is not associated with any product or vendor mentioned in this book 10 I dedicate this book to my family and my alma maters: NUST, UPC, and KTH —Zafar Gilani This book is dedicated to my father and mother, for their kindness and devotion and for their endless support when I was busy writing this book Without their prayers and support, it would not have been possible for me to complete this book —Abdul Salam I dedicate this book to my father May he live a long and happy life —Salman Ul Haq Acknowledgments I thank Thomas Cirtin, Kenyon Brown, Christine O’Connor and the rest of Wiley’s editorial team for their important comments and suggestions —Zafar Gilani I would like to express my gratitude to Ms Asifa Akram, for her support, patience, and encouragement throughout the project It is not often that one finds an advisor and friend who always finds the time to listen to the little problems and roadblocks that unavoidably crop up in the course of performing research Her technical advice was essential to the completion of this book and has taught me innumerable lessons and insights on the writing of this technical ebook —Abdul Salam I would like to thank my family for giving me the time and space required to complete chapters of this book The awesome team at Wiley has perfectly managed the execution of this book, especially Thomas Cirtin for reviewing the manuscripts and Jeff Kellum, who initially started with the project but is no longer with Wiley Finally, I would like to thank Zafar for keeping everyone engaged —Salman Ul Haq About the Authors Zafar Gilani is a full-time researcher and a PhD candidate at the University of Cambridge Computer Laboratory Prior to starting his doctoral degree program in 2014, he successfully completed his master of science degree in the field of distributed computing During that time, he was an Erasmus Mundus scholar at Universitat Politècnica de Catalunya (UPC) and Kungliga Tekniska högskolan (KTH) from 2011 to 2013 For his master’s thesis research, he worked on spatio-temporal characterization of mobile web content at Telefonica Research, Barcelona One of the technological use cases of his research became the basis for developing mobile web content pre-staging for cellular networks Prior to starting master’s studies, he worked at SLAC National Accelerator Laboratory as a visiting scientist from 2009 to 2011 At SLAC he was involved in the research and development of Internet performance monitoring techniques and applications for geo-location of IP hosts He graduated from NUST School of Electrical Engineering and Computer Science with a bachelor of science in computer science in 2009 He worked on providing InfiniBand support to MPJ Express (a Java-based MPI-like library) as his bachelor of science thesis research work He can be reached on LinkedIn and at zafar.gilani@cl.cam.ac.uk Abdul Salam is a senior consultant with Energy Services He has more than seven years of broad experience in cloud computing, including virtualization and network infrastructure Abdul’s previous experience includes engineering positions at multinational firms Abdul has authored numerous blogs, technical books and papers, and tutorials as well as web content on IT He earned a bachelor degree in information technology followed by a master of business administration in information technology and technical certifications from Cisco and Juniper Networks You can contact him at LinkedIn Salman Ul Haq is a techpreneur and chief hacker at TunaCode His interest in cloud computing grew when Amazon launched Amazon Web Services (AWS), which ushered in the modern cloud His core expertise is in building computer vision systems and APIs for the cloud He is co-inventor of CUVI and gKrypt SDKs His other interests include big data, especially when combined with advanced AI in the cloud, and data security in the cloud He can be reached at salman@programmerfish.com Index Note to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic Italicized page numbers indicate illustrations A Abiquo, 353 Accenture, 356 access control list (ACL), 24, 329–330 access control methods, 338–340 access network, 99 access pattern, of application, 126 access security, 115–116 access time, for disk, 140–142 account server, in Swift object store, 266 accountability, 356–359 categories, 170–171 delivery models and, 168–171, 179 on layer-by-layer model, 358 accounts and credentials policy, 321 ACL (access control list), 24, 329–330 active-active redundancy, 60 active-passive redundancy, 60 active replication, 262 ad hoc standards, 344 ad-supported software, 350 adaption models, 388 address restricted NAT, 256 Adobe Acrobat Connect, 362, 363 advance provisioning, 292 Advanced Encryption Standard (AES), 337 advisory password policy, 343 AeroSpike, 20 affinity groups, 305 AICPA (American Institute of Certified Public Accountants), 382 air ducts, and security, 61 Akamai, 352, 353 Amazon, 71, 351, 352 data centers, 68 downtime in 2011, 31 policy options for objects, 24 Regions and Availability Zones, 378 Amazon AMI, 15 Amazon CloudWatch, 293 Amazon Elastic Block Store (EBS), 262–264, 297 durability and snapshots, 264 usage and performance, 263 use cases and examples, 278 Amazon Elastic Compute Cloud (EC2), 12, 29, 164, 296–297 cloud services creation with Flume on, 309–317 instance types, 143 outage, 75 Reserved Instances, 377 Spot Instances, 377 Amazon Glacier, 265–266 Amazon Machine Image (AMI), Amazon Relational Database Service (RDS), 297 Amazon Simple Storage Service (S3), 19, 264, 297 data management, 265 durability and reliability, 265–266 object life cycle, 20 use cases and examples, 278 Amazon Virtual Private Cloud (Amazon VPC), 13 Amazon Web Services (AWS), 8, 12, 169 CloudWatch metrics, 148 provisioning Linux server on, 5–6 Storage Gateway, 279 American Institute of Certified Public Accountants (AICPA), 382 antivirus software, 344 Anything as a Service (XaaS), 356 Apache Hadoop, 126, 266 See also Hadoop Distributed File System (HDFS) Apache, Hive table, 274–275 AppDynamics, 353 Appistry, 352 application-optimized traffic flows, 99 application programming interface (API), 17–18 application service providers (ASPs), 353, 360 application-specific rapid deployment strategy, 15, 15 application virtual memory, 149 application, isolation, 47 Apps4Rent, 354 archived data, 256 processing with Hadoop Distributed File System (HDFS), 274–275 tape for, 226 Ars Technica, 70 asset accountability, 105 asymmetric key algorithm, 337 asymmetrical cryptography, 336 asymmetrical network redundancy, 60 asynchronous replication, 366 AT&T, 169, 351 atomicity, 379 attack surface area, outsourcing data storage and, 281 authentication, 24 multifactor, 339 authenticity of object, 21 authorization, 24 authorization server, in Swift object store, 266 auto-provisioning, 224 auto-scaling, fine-tuning rules, 378 automation criteria, for cloud management solution, 96 availability zones, 183, 263 availability, vs downtimes, 31 Avro source, 310 AWS See also Amazon Web Services (AWS) Azure (Microsoft), 8, 29, 164 B Backspace, 352 backup in cloud, 365–366 importance of, 368 image vs file, 193–195, 214, 216 vs real-time replication, 25 selecting method, 195 sites, and geographical diversity, 366–367 backup data store, 254 backup power generators, 58 backup systems, 60 bandwidth, 127, 131–132 aggregation, 132–134, 225 allocation of resources, 230 and on- vs off-premise hosting, 163–164 for online migration, 206 bare metal hypervisors, 33 bare metal infrastructure, 10 basic firm, 361 bastion hosts, 62 Bell-LaPadula security model, 338 418 best practices – cloud data centers best practices change management, 100–105 hypervisor configuration, 148–150 organizational, 320–321 Biba security model, 338 big data, 18 testing, 303–304 focus areas, 304 binaries, selling, 349 binary large object (blob), 22, 248 binding interfaces, 203 BIOS configuration, 222, 242 bit-level striping, with RAID-2, 239 BitTorrent protocol, 265 black-box testing, 301 black holes, 174 blob, 22, 248 block ciphers, 337 block-level striping, with RAID-2, 239 block report, from DataNodes, 268 Block Storage (Cinder), 82 block storage, file system vs., 247 Blockmap file, 272 bonding, 132–133 botnet, 328 bottlenecks, 123 deployment and, 299–300, 300 disk as, 146 end user Internet connection as, 164 identified and removed, 303 and network congestion, 173 bottom line, 70–72 bridged firewall, 331 bridging, 197–198 bring your own device (BYOD), 42, 114, 371–372 browser security policy, 321 browser testing, 302 buckets, on Amazon public cloud, 20 buffer flow, 327 business continuity, 364, 369–372, 373 bring your own device (BYOD), 371–372 in cloud, 370 exam objectives on, 414–415 planning for data center, 61 workshifting, 371 Business in Context (Needle), 385 business models for cloud services, 348, 351–359, 373 accountability and responsibility, 356–359 Anything as a Service (XaaS), 356 Business Process as a Service (BPaaS), 355–356 Communication as a Service (CaaS), 355 Data as a Service (DaaS), 354 Infrastructure as a Service (IaaS), 351–352 Monitoring as a Service (MaaS), 355 Platform as a Service (PaaS), 352–353 Software as a Service (SaaS), 353–354 vs traditional, 357 Business Process as a Service (BPaaS), 355–356 business requirements, for migration to cloud, 205 business, function vs process, 390 C CA Technologies, 280, 352 caching, 129, 130 capacity management, 107–109, 118, 120 capital expenditure (CAPEX) model, 381 Ceilometer, Telemetry, 84 central processing unit (CPU) allocation, 229 failure, 153 number of, 223–224, 242 performance increase, 36 power, and performance, 125 virtual, 211, 219 certificate for Secure Sockets Layer (SSL) data encryption, creating, 306 change documentation of initiatives, 104 process for cultural adaption, 389 proposals, 103 review of, 104 types of, 103 change advisory board (CAB), 104 change management, 118 best practices, 100–105, 120 capacity management and, 108 objectives, 102 change management database (CMDB), 106, 107 change manager, 103–104 channel, for Flume data flow model, 310 chargeback, 8–9 child pool, 233 chunks of data, deduplication for, 256 CIDR (Classless Inter-Domain Routing), 257 Cinder Block Storage, 82 ciphers, 337 Cisco partners, 372 Citrix, 356 XenServer, 33, 39 Classless Inter-Domain Routing (CIDR), 257 clock synchronization, 261 clones, 189–192, 216 creating, 191–192 cloud basic diagram, 94 building, 94–95 history and background, 28–29 running, 95 test environment, 301–304 usage, real world scenario, 167 cloud application stack, 47 cloud architecture, 294, 294–295 See also infrastructure benefits, 295 execution, 316–317 need for, 294 cloud bursting, 13–14, 290 cloud business, 348–351 open-source software for, 349–350 service nature, 348–349 cloud characteristics chargeback, 8–9 distinct, 28–31 elasticity, 2–3 multitenancy, 11–13 on-demand self-service/JIT, 3–4 pay as you grow model, 6–7 rapid deployment, 14–16 templating, 4–6 ubiquitous access, 9–10 cloud collaboration, 360–361 with telepresence, 361–362 cloud computing adapting organization culture for, 385–389 and business model, 348 and end user, 95–96 foundations, 48–50 applications, 50 components, 49 enabling services, 50 infrastructure, 48–49 platform, 49–50 heterogeneous, 283 incorporating in organization culture, 387–389 legal issues, 282–283 vs scalable computing, 54 standards, 324–326 importance of, 324–325 true definer of, 32 cloud computing experts, 94 cloud consumers, 170, 358 cloud data centers construction, 68–70 hardware and infrastructure, 65–67 higher efficiency requirement, 69–70 homogeneous hardware and simple workloads, 68–69 optimization, 57 Cloud Files platform, 81 cloud hardware, vs traditional, 62–65 cloud instances, choosing, 377 cloud integration, 376 avoiding potholes, 392–394 roadblocks to planning, 389–391 cloud management platforms, 88–96, 90 start of, 88 cloud quality assurance policy, 321 Cloud Security Alliance (CSA), 326 cloud service configuration file (.cscfg), 305, 307 cloud service definition file (.csdef), 305 cloud service package (.cspkg), 305, 307 cloud service provider, 164, 169, 178, 358 bandwidth consumption, 173 contract, 84 cloud services business models for, 348, 351–359, 373 Anything as a Service (XaaS), 356 Business Process as a Service (BPaaS), 355–356 Communication as a Service (CaaS), 355 Data as a Service (DaaS), 354 Infrastructure as a Service (IaaS), 351–352 Monitoring as a Service (MaaS), 355 Platform as a Service (PaaS), 352–353 Software as a Service (SaaS), 353–354 creating and deploying, 304–321 with Flume on Amazon EC2, 309–317 with Windows Azure, 305–309 dashboard, 308 exam objectives on, 401 monitoring deployed, 317, 317–320 notification area for status, 308 planning workshop, 91–93, 117 attendees, 93–94 sample agenda, 92–93 cloud setup, 183–204 cloning, 189–192 creating, importing, and exporting templates and VMs, 183–184 image backups vs file backups, 193–195 Cloud Files platform – cylinder switch time importing and exporting service templates, 186–187 installing guest tools, 188–189 snapshots, 189–190 template creation, 184–186 virtual disks, 198–199 virtual local area networks, 200–201 virtual machine configuration for multiple VLANs, 201–203 virtual network interface card (NIC), 195–198 virtual storage area network (VSAN), 203–204 virtual switches, 199–201 cloud storage, 246–250, 284 advantages, 252 orchestration using cloud, 176–177 vs SAN storage, 250–252 technology, 260–278 technology decisions, 277 cloud storage gateway, 278–279 cloud vendor, self-service portal, Cloud9, 353 CloudArray software (TwinStrata), 279 CloudFX, 356 CloudSwitch, 14 CloudWatch, for EBS volumes, 263 cluster rebalancing, in HDFS, 273 clustered storage, 212–213 co-location cloud deployment, 159 Cognizant, 356 cold backup site, 366 communication in adaption process, 387 interserver, 99 Communication as a Service (CaaS), 355 community cloud deployment models, 161, 178, 179, 289 management strategies, 291–292 company culture, 376 compatibility standards and, 325 testing, 302 complexity, 116 CompTIA Cloud+ exam, 398–415 preparing for, 398–399 reviewing objectives, 400–415 taking, 399–400 unanswered questions on, 400 computers, early 1940s estimate of world market, computing power, orchestration using cloud, 176 configuration impact of changes, 151–152 management, 105–111 benefits of, 106 of rapid deployment, 16 standardizing, 100 tracking, 152 419 configuration items (CIs), 106–107 connection teaming, 133 connection teaming server, 133 consultancy, 350 consumer use, of hypervisors, vs enterprise use, 41–43 container server, 298 in Swift object store, 266 contingency, in business continuity, 370 continual service improvement phase, in ITIL framework, 110 cooling infrastructure, 76 cooling requirement, standard for calculating, 59 cooperative caching, real world scenario, 131 CopperEgg custom metrics, 147 server monitoring tool, 147 core network, 99 cores per virtual CPU, number of, 224–225 cores, number of, 242 corruption, of data, 273 CORS (cross-origin resource sharing), 24 cost optimization, 12 cost/user, increase in, costs of data center downtime, 72–76 of data centers, 55 of infrastructure, 289 of maintenance, 56 of offline migration, 206 quantifying for downtime, 73–74 of redundancy, 260 of tape media, 227 CPU See central processing unit (CPU) CPU wait time, 151 Create VM Template icon, 185 critical interpretivism, 385 cross-origin resource sharing (CORS), 24 cryptographic techniques, 281 CSC, 356 cscfg file (cloud service configuration file), 305, 307 csdef file (cloud service definition file), 305 cspkg file (cloud service package), 305, 307 CTERA cloud storage gateway, 279 cultural archetypes, 385–386, 386 customer-attributable outages, 170 customers, cloud computing and, 95–96 customized configurations, for multitenancy, 11–12 CVS, 126 cylinder switch time, 142 420 DAC (discretionary access control) – emerging firm D DAC (discretionary access control), 339 Dashboard (Horizon), 83 data in cloud, security for, 113 deleting important, 368 file-based storage, 16–17 risk of unauthorized access, 281 storing unstructured, 22 structured vs unstructured, 18–19 Data as a Service (DaaS), 354 data cables, 59 data center infrastructure management (DCIM), software, 77 data centers, 161 defining, 55–62 downtime cost, 72–76 factors determining cost, 64 hardware and infrastructure, 56–57 management, hypervisors for, 34 massive size of, 29 monitoring and maintenance, 76–77 planning, 57 business continuity and disaster recovery, 61 floor space, 57 HVAC and fire prevention, 58–59 logical security, 62 network connectivity and security, 59–60 physical security, 61 power issues, 57–58 support and maintenance strategy, 60 schematic, 64 sharing with other organization, 367 traditional vs cloud, 64–65 utilization rate, 63 data deduplication, 256, 366 Data Encryption Standard (DES), 337 data leaks, 254 data legislation, 285 U.S government approach to, 282 data lock-in, 283 data residency, 23 data segregation, in public cloud environment, 173 data store, backup, 254 data transfer rate, 142–143 data vaulting, 61 data/blob, 248 DataNodes in HDFS, 267–268, 272–273 dataset, loading and analyzing, 15 DCIM (data center infrastructure management) software, 71 DDoS (distributed denial of service) attack, 112–113, 165, 328, 328–329 dedicated connections, 300 dedicated IP address, for virtual machine, 197 dedicated server, for semi-private cloud, 159 deduplication, of data, 256, 366 default gateway, 197 defragmentation, 143 deleting, important data, 368 Dell, 169 demilitarized zone (DMZ), 333–334 denial of service (DoS) attacks, 173, 327 deployment models, 288–290, 291 cloud bursting, 13–14, 290 community cloud, 161, 178, 179, 289 management strategies, 291–292 determining best, 381–384 exam objectives on, 401 hybrid cloud, 113, 160, 179, 290 private cloud, 158–159, 288 See also private cloud deployment model public cloud, 160, 289 See also public cloud deployment model testing and monitoring, 301–304 deployment options, 296–304 environment provisioning, 296–298 deployment server, image of, deprovisioning of resources, 165 desktop, virtualization of, 115–116 development scenarios, linked clone for, 191 device driver isolation, in Xen project, 37 diagonal scaling, 139, 140 dinCloud, 354 Direct Client Cooperation, 131 Directive 95/46/EC, 282 directory, removing from HDFS, 270 disaster prevention and recovery plans, 55 disaster recovery, 364–369, 373 change-over mechanism, 369 planning for data center, 61 preparing for, 365–366 in SAN, 251 disaster recovery specialists, 367 discretionary access control (DAC), 339 disk drives, 70 zero-filling of, 282 disk performance, 140–151, 154 access time, 140–142 data transfer rate, 142–143 disk tuning, 143–144, 154 business application for, 146 I/O tuning, 144–146 memory ballooning, 149–150 swap disk space, 144 disk space, for clones, 192 disk storage, 227 disks, virtual, 198–199, 214, 216 distributed computing, and latency, 136 distributed denial of service (DDoS) attack, 112–113, 165, 328, 328–329 distributed file systems, for cloud computing, 78–79 Distributed Management Task Force (DMTF), 326 distributed memory, 210 distributed storage clustering, 213 documentation, 118, 387 for change, 104, 390–391 for deployment, 300 planning for network and IP, 98–100 selling, 349–350 standardizing, 100 of tasks, importance of, 368 donation model for funding, 350 downtime, 31, 66 average length, 73 of data center, cost, 72–76 dual-firewall layout, 333–334 vs single-firewall layout, 334 dual licensing, 350 dynamic capacity, of virtual disks, 199 dynamic provisioning, 292 dynamic resource allocation, 233 E eager replication, 366 Eaton Corporation, 78 EBS See Amazon Elastic Block Store (EBS) EC2 See Amazon Elastic Compute Cloud (EC2) economies of scale, 64, 164 edge network, 99 EditLog transaction log, 272, 273 Eiffel Tower culture, 386 Elance, 350 elasticity, 2–3, 29 hypervisors and, 46 electronic medical record (EMR) application, 30 emergency changes, 103 emerging firm, 361 Emerson Network Power and Ponemon Institute – Green Grid Emerson Network Power and Ponemon Institute, 72 EMM (enterprise mobility management), 114 enciphering, 337 encoding, 337 encryption, 13, 20–21, 281, 282, 334–337, 344 as best practice, 321 ciphers, 337 exam objectives on, 411 Internet Protocol Security (IPSec), 336 password for service templates, 186 public key infrastructure (PKI), 335, 335 Secure Sockets Layer (SSL), 336 for VPN, 330 end point computation speed, 136 end users, 170, 358 energy efficiency, value of, 77–78 enterprise applications, 359–360 enterprise cloud, 116, 359–362, 373 deployment, 13 private, advantages and disadvantages, 381–382 enterprise computing, 161 hypervisors for, 43 vs consumer use, 41–43 enterprise infrastructure, 45 vs cloud technology, 222 enterprise mobility management (EMM), 114 entitlement/quotas (shares), 230–231, 233 environment provisioning, 296–298 environmental reasons for outages, 75–76 equipment See hardware ESX 5.5 hypervisor, 224 /etc/inetd.conf file, 341 Eucalyptus Systems, 352 European Union, Data Protection Directive, 282 eventual consistency, 252, 260 execution environment, refactor code to address necessary changes in, 379 executive sponsor, in planning workshop, 93 exercise adding, removing, and reading data from HDFS, 270–271 clone creation, 191–192 exporting service templates, 187 importing service templates, 187–188 snapshot creation, 190 template creation from virtual disks, 186 template creation from virtual machine, 184–185 expanding firm, 361 expectations, and performance management, 122 exporting service templates, 186–187 Extended File System (EXT), 240 extended metadata, 22–23, 248 external Hive tables, 368 external sources of change, 101 externally attributable outages, 170 F face-to-face meetings, vs telepresence, 362 Facebook, 18 computing infrastructure, 80 data centers, 29 fail-over testing, 302 failback, 369 failover, 369 failure tolerance, of clustered storage, 212 Family culture, 386 FAT16, 17 FAT32, 17 fault tolerance, 261 in cloud storage, 251 FC zoning, 251 federated data storage, 260 federated identity management (FIDM), 340 federation, 340 FedEx, 71 Fibre Channel Protocol (FCP), for SAN, 251 field-programmable gate arrays (FPGAs), 36 file access profile, of application, 126 file backups, vs image backups, 193–195, 214, 216 file-based data storage, 16–17 file systems, 125–127 ACLs, 330 hierarchy, and object store, 247 in tiered system, 239–241 FIPS Publication 140-2, 281 firewalls, 330–332, 334 bottlenecks from, 299 dual-firewall layout, 333–334 preventing ping flood with, 327 single-firewall layout, 333 virtual, 331, 332 fixed disk, virtual, 199 flat address space, 20 Flexiant, 352 floor space, planning, 57 fluid pricing models, 421 Flume architecture, 310 cloud services creation with, 309–317 data flow model, 310 system architecture, 310–316 Flume agent, 309 monitoring, 317–318 sample configuration for, 314–315 Flume collector monitoring, 318–319 sample configuration for, 315 Flume event, 309 Forrester Research, 291 FPGAs (field-programmable gate arrays), 36 fragmentation, 143 avoiding topological, 258–259 FsImage file, 272, 273 full clone, 191 full private cloud deployment model, 158–159 fully automated tools, for P2V conversion, 207 functional testing, 175, 301 functionality on-premise performance vs offpremise, 174–175 validation, 180 G Gartner, Maturity Model for Enterprise Collaboration and Social Software, 361 gateway cloud storage, 278–279 default, 197 GET call, 23 Giga Information Group, 360 GigaSpaces, 353 Git, 126 Glance, Image Service, 83 GNU Zip (GZIP), 274 GoGrid, 351 Goldberg, Robert P., 33 Google, 353 BigQuery, 15 data centers, 68 MapReduce, 126 Google Cloud, 8, 29, 169 governance in change management, 102 criteria for cloud management solution, 96 governance risk compliance testing, 303 graphics processing units (GPUs), 36 Green Grid, 326 422 group policies – Institute of Electric and Electronics Engineers (IEEE) group policies, 23 group reporting, 390 guest hardening techniques, 340–344 guest operating system, 188–189, 198 guest physical memory, 149 guest tools, 216 installing, 188–189 Guided culture, 386 Guru, 350 H HA (High Availability), 29–30, 47 of vSphere, 40 hackers, IRQ process exploited by, 134, 135 Hadoop Distributed File System (HDFS), 266–277 adding, removing, and reading data, exercise, 270–271 architecture, 268, 269 archived data processing with, 274–275 data replication, 268–269, 270 features, 267–268 use cases and examples, 278 hard disk drives, 70 hard limits, 231, 233 hard zoning, 251 hardware, 222–234 allocation of resources, 227–232 central processing unit (CPU), 229 dynamic, 233 entitlement/quotas (shares), 230–231 memory, 228–229 storage, 229–230 exam objectives on, 409 failure, 74 internal compatibility, 225–226, 243 licensing, 231 physical resource redirection, 234 replacements and upgrades, and on- vs off-premise hosting, 164–165 reservations, 231 resource pooling, 231–232 standardizing configuration and documentation, 100 storage media, 226–227 virtual resource allocation by tenant/client, 232–234 HBA, virtual, 209 head switch time, 142 heartbeat messages, from DataNodes, 273 Heat, Orchestration, 84 heating, ventilating and air conditioning (HVAC), planning, 58–59 heterogeneous cloud computing, 283 hierarchical structure, 16–17 High Availability (HA), 29–30, 47 of vSphere, 40 High-Performance Computing (HPC) and Science, 34 high utilization performance, 230 high web traffic, anticipating, real world scenario, 95 Hive table, 274–275, 368 hop counts, 136–137 Horizon, Dashboard, 83 horizontal scaling, 139, 140, 212 host-based IDS, 332 host bus adapters, failure, 152 host hardening techniques, 340–344 host network interface controller, 198 hosted hypervisors, 33 hosting and public cloud service, 34 hosting, on-premise vs off-premise, 161–168, 179 hosts, resource allocation, 243 hot backup site, 367 hot fixing, 344 hot patching, 344 HP, 169, 351 HPC (High-Performance Computing) and Science, 34 HTTP, 265 human-induced disasters, 364 hybrid cloud deployment model, 113, 160, 178, 179, 290 advantages and disadvantages, 384 and cloud bursting, 13 management, 236, 292 Hyper-V, snapshots in, 190 hypervisor-based rootkits, 35 hypervisors, 33–45, 331 benefits of, 35 Citrix XenServer, 39 configuration best practices, 148–150, 156 consumer vs enterprise use, 41–43 for enterprise, 43 exam objectives on, 402 key benefits of implementing, 46–47 KVM (Open Source), 38 Microsoft Windows Server 2012 Hyper-V, 41 and number of vCPUs, 211 and OpenStack Compute, 82 OpenVZ (Open Source), 38 security concerns, 35 type and type 2, 34 use cases and examples, 34 VirtualBox, 39 VMware vSphere/ESXi, 39–41 workstation as service, 43–44 Xen cloud platform, 37–38 I I/O analyzing requirements, 145 objectives in determining profile, 125 parallelism with RAID-0, 238 size, 126 throttling, 150 tuning, 144–146, 156 I/O bound, 144 IaaS See Infrastructure as a Service (IaaS) IBM Linux Technology Center, 35 mainframes, 29 smartphone study, 372 identification for taking exam, 400 Identity Service (Keystone), 83 IDPS, 332 image backups, vs file backups, 193–195, 214, 216 Image Service (Glance), 83 importing service templates, 186–187 Incubator culture, 386 inetd, 341 Infinity Storage, 19 Information Technology Infrastructure Library (ITIL) framework, 105, 107, 109–110 information, creation rate, 16 infrastructure, 78–85 costs, 289 exam objectives on, 405–406 vulnerability cost, 74 Infrastructure as a Service (IaaS), 44–45, 50, 51, 351–352 Amazon EC2 as, 296–297 and work optimization, 379 infrastructure supplier, 358 for public cloud, 169 input/output operations per second (IOPS), 123–124 Instagram, 170 installation of guest tools, 188–189 in rapid deployment, 16 instances, 45 Institute of Electric and Electronics Engineers (IEEE) P2302 workgroup, 325 PKI definition, 335 Standards Association Working Groups, 325 integration See also cloud integration for cloud management solution, 96 of rapid deployment, 16 integrity of data, 273 of system, 253 Intel, 36, 169 intelligent workload management (IWM), 112 inter-rack write traffic, policy limiting, 269 Interactive Intelligence, 355 interface statistics, printing, 341 internal clouds, 291 internal data transfer rate, 142 internal sources of change, 101 Internet Control Management Protocol (ICMP), echo request, 327 Internet Protocol Security (IPSec), 336 Internet sockets, listening for connections on, 341 Internet, network latency calculations, 135 interpretivism, 385 interrupt request (IRQ), 134 interserver communication, 99 intrusion detection system (IDS), 332 intrusion prevention system (IPS), 332 invisibility, of on-premise data centers, 67 iostat (Linux tool), 123 IP address, 196 recycled, and information access, 254 IP masquerading, 196, 256 IP network providers, 169 IP planning document, 98 IP tunnel, limited access, 330 IPSec (Internet Protocol Security), 336 ISO file, 189 IT department responsibility for private cloud, 168 value of, 71 IT Service Management (ITSM) process, 105 IT staff, in planning workshop, 93–94 J Jackson, Michael, impact of death on Internet, 95 integration – mechanical parts Java language HDFS and, 268 IOException, 271 Remote Procedure Call (RPC), 272 for RSS reader, 311–313 JavaScript Object Notation (JSON), 276 for resource provisioning, jitter, 136 Joyent, 352 jumbo frames, 134–135 just-in-time (JIT), 2, 3–4, 295 exercise, 5–6 K Kaavo, 293 Kaseya, 355 kernel-based Virtual Machine (KVM), 38, 82 key-value pairs, 20, 21 Keystone, Identity Service, 83 killing Hadoop job, 271 KVM (kernel-based Virtual Machine), 38, 82 L LAN environment, teaming in, 133 latency rotational, 141 sensitivity, 127 testing, 175, 302 layered organization, of data files, 16 lazy replication, 366 leadership, and change, 102, 390 learning, organizational, 387 leased lines, types of, 59 legacy storage systems, 17, 19 and metadata, 22 Leostream, 207 licensing in cloud computing, 231 dual, 350 life cycle management, 24 Linear Tape File System (LTFS), 226 linearizability, for replicated data, 261 link aggregation, 132 linked clone, 190 usage scenario, 191 Linux server, provisioning on AWS, 5–6 live patching, 344 load balancing, 138 and cloud bursting, 14 423 load testing, 175, 302 local area networks, virtual, 200–201, 214–215 location, for data center, 68 logging, write-ahead, 129 logical network, dividing physical network into, 257–258 logical security, planning for data center, 62 logical unit number (LUN), 250–251 network mapping, 255 M machine IDs, recycled, and information access, 254 magnetic-based physical storage, 24 mainframe providers, 161 mainframes, 28 maintenance, 119 costs, 56 reasons for, 208–209 scheduling, 208, 218 maintenance windows, 120 scheduling, 110–111 malicious software (malware), 35 in image backup, 195 management platform, 89 management strategies, 290–293 community cloud, 291–292 hybrid cloud, 292 private cloud, 291 public cloud, 292 tools for, 293 management styles, 236 Managing People across Cultures (Trompenaars), 385–386 Manchester Business School, 167 mandated password policy, 343 mandatory access control (MAC), 338 manual migration, 207 master images, 253 master/slave architecture, for HDFS, 267 Maturity Model for Enterprise Collaboration and Social Software (Gartner), 361 maximum transmission unit (MTU), 134 McCarthy, John, 161 MD5 checksum, 21 mean time between failures (MTBF), 74, 369 mean time to failures (MTTF), 369 mean time to implement, for hypervisor, 46 mean time to repair (MTTR), 365 mechanical parts, limitations of, 140 424 media rate – offline migration media rate, 142 MegaUpload cloud storage service, 282 memory, 241 allocation of resources, 228–229 failure, 153 limits, 232 minimum capacity and configuration, 223, 242 overcommitment in vSphere ESXi, 40 shared, 210–211, 219 memory ballooning, 149–150 metadata, 20–22, 127–130, 247–248 disk failure, 273 extended, 22–23, 248 persistence, 272 system-defined, 21 metering resource pooling, 10, 11 Microsoft, 353 Azure, 8, 29, 164 Cloud, 169 Hyper-V, 33, 41, 224 Lync, 362, 363 Office 365, 349 Microsoft Operations Framework (MOF), 109, 110 Microsoft Virtual Machine Manager, 207 creating VM templates in, 184–185 Microsoft Windows Server 2012, 41 migration, 215 manual, 207 online vs offline, 206, 217–218 requirements, 217 of software infrastructure to cloud, 253 of storage, 206–207 virtual resource, 204–209 minimum bandwidth, guaranteeing, 230 mirroring without parity checks, with RAID-1, 238–239 mission-critical data, 237 mobile devices hypervisors for, 41–43 managing, 114–116 organizational security policy and, 321 personal for work, 372 Modaff, Daniel, Organizational Communication: Foundations, Challenges, and Misunderstandings, 385 MongoDB, 20 monitoring cloud service, configuration, 305 deployment models, 301–304 Monitoring as a Service (MaaS), 355 Moore's law, 36 motherboards, for Open Compute, 81 MTBF (mean time between failures), 74, 369 MTTF (mean time to failures), 369 MTTR (mean time to repair), 365 MTU (maximum transmission unit), 134 multi-instance, vs multitenancy, 172 multifactor authentication, 339 multihop system, overview, 313 multilevel authorization, 62 Multilink Protocol (MP), 133 multipathing, 137–138, 138 multitenancy, 11–13, 171–172 in cloud storage, 299, 299 network isolation in, 173–174 and security, 253–254 MySQL database, 350 N N_Port ID Virtualization (NPIV), 213 name zoning, 251 NameNode in HDFS, 267–268 conventions, 272–274 NAS, 249 NASA, 81 Nasuni Filter, 279 NAT (Network Address Translation), 256 National Institute of Standards and Technology (NIST) Computing Standards Roadmap, 325 Special Publication (SP) 800-145, 288 native hypervisors, 33 natural disasters, 364 Nebula cloud computing platform, 81 Needle, David, Business in Context, 385 Negios network visualization tool, 149 Netflix, 170 netmask, 197 netstat, 341 NetSuite, 353 network, 260 allocation, 232–233 bandwidth allocation, 230 configuration, 256–259 dividing physical into multiple logical, 257–258 domains for, 99 exam objectives on, 407–408 isolation, 47, 173–174 latency, 135–136 major leased line provider, 66 in Open Compute Project, 80 optimization of, 259–260 OSI model, 258–259 sharing, 255 virtual components, 209–210 virtual vs physical, 196 Network Address Translation (NAT), 256 network and IP planning, 119 network-based IDSs, 332 network connections printing, 341 and security, planning for data center, 59–60 network data frame, default data payload size of, 134 network interface card (NIC), 243 failure, 153 quantity, speeds, and configuration, 225 virtual, 195–198, 209 network operations center (NOC), 61 network resources, orchestration, 177 network service provider, 358 Network System Architects, 57–62 Networking (Neuron), 82–83 networking ACLs, 330 NIC See network interface card (NIC) NIC bonding, 132 NIC teaming, 133 NICE Systems, 355 nmap, 341 NOC (network operations center), 61 non-repudiation, 335 nonfunctional testing, 302–303 normal changes, 103 Nova, compute module, 81–82 NPIV (N_Port ID Virtualization), 213 NTFS, 17 O obfuscation, 329 Object Access Authorization Policy, 24 object ID, 19–20 object-oriented programming (OOP), 18 object storage, 16–25, 82, 246–247 exam objectives on, 402 object store, file hierarchy and, 247 objects Amazon Simple Storage Service for, 264 authenticity of, 21 off-premise hosting, vs on-premise, 161–168 Office Communicator (Microsoft), 362 offline migration, vs online, 206, 217–218 on-demand self-service, 3–4 on-premise hosting, vs off-premise, 161–168 one-to-one NAT, 256 online migration, vs offline, 206, 217–218 OnLive, 115 open compute project, 80–81 Open Rack, 81 open-source software, 349–350 open source, for cloud computing infrastructure design, 79–84 Open Vault, 80 OpenStack, 81–84, 89 Rackspace, 297–298 Swift, 266 use cases and examples, 278 OpenVZ (Open Source), 38 operating expenditure (OPEX) model, 381 optimization, 70–72 of network, 259–260 optimization culture, 394 Oracle, 115, 354, 356 Oracle VM Server, 33 Oracle VM VirtualBox, 33, 189 OrangeScape, 353 Orchestration (Heat), 84 orchestration platforms, 175–177, 180 organization best practices, 320–321 cloud ownership by, 158 organization culture, 395 adapting for cloud, 385–389 incorporating cloud computing, 387–389 mapping adaption plan, 386–387 organization facility for backup, 367 Organizational Communication: Foundations, Challenges, and Misunderstandings (Modaff), 385 OSI model, 258–259 outage accountability, 170 preparing for, and work optimization, 378 outsourcing data storage, attack surface area and, 281 P PaaS See Platform as a Service (PaaS) packets maximum size, 327 stateful vs stateless filtering, 331 page file, 144 on-demand self-service – procedures paging, 144 Panzura, 279 parallel port mapping, 234 parallel workloads, 36 parallelization, 295 paravirtual VM instances, from hypervisor, 38 parent pool, 233 passive backup, vs real-time replication, 25 passive replication, 262 password policy, 343 PAT (Port Address Translation), 257 patches, 344 to servers, 111 pay as you grow model, 6–7 theory vs practice, 7–8 Pearson VUE testing centers, 399–400 per-use pricing, 295 performance, 122–139, 154 See also disk performance bandwidth, 131–132 caching, 130 common issues, 152–153 file system, 125–127 file system read/write, 127 hop counts, 136–137 input/output operations per second (IOPS), 123–124 jumbo frames, 134–135 load balancing, 138 maintenance and, 208 management and monitoring tools, 146–148, 147, 156 measurement, 122 metadata, 127–130 multipathing, 137–138, 138 network latency, 135–136 on-premise vs off-premise, 174–175 quality of service (QoS), 137 read vs write files, 124–125 scaling, 138–139, 140 testing, 175, 302 throughput, 132–134 tiers, 237–238 user increase and, validation, 180 perimeter network, 333 persuasion, phases of, 392 pervasive firm, 361 physical distribution, of data objects, 23 physical layer abstraction, 23 physical memory, 149 physical network dividing into logical networks, 257–258 vs virtual network, 196 physical resources in cloud, exporting with service template, 187 425 physical security, planning for data center, 61 physical switch, assigning VLAN ID to ports of, 202 physical to virtual (P2V) migration, 206–207, 218 Pig, for grouping and joining items based on criteria, 276–277 ping flood, 327–328 ping of death, 327 Pinterest, 170 planning for capacity management, 108 for cloud, 90–94 for network optimization, 259–260 Platform as a Service (PaaS), 50, 352–353 Azure as, 296 and work optimization, 380 platform lock-in, 283 Point-to-Point Protocol (PPP), 133 policies and procedures, 23–24, 97–111, 118 and access control, 248–249 best practices, 320–321 documentation planning for network and IP, 98–100 for multitiered storage system, 238 Popek, Gerald J., 33 Port Address Translation (PAT), 257 port restricted NAT, 257 port scanner, 341 ports, disabling unneeded, 340–343 power as cause of data center downtime, 74 costs, and on- vs off-premise hosting, 163 environmental reasons for outages, 75–76 planning for data center, 58–59 redundant infrastructure, 58 power conditioners, 58 PPP multilink, 133 pre-boot sequence, 222 precision, of resource monitoring component, prefetched data, 130 prefix/route aggregation, 258 preventive maintenance, 208 pricing models, 30 printing, network details, 341 privacy, security and, 280–283 private cloud deployment model, 158–159, 178–179, 288, 381–383 accountability, 168–169 management, 235, 291 security, 171–174 proactive adaption model, 388, 388 procedures See policies and procedures 426 product-attributable outages – sector overhead time product-attributable outages, 171 product/service usage, expansions and contractions of, ProfitBricks, 223 proportionality, for data processing by government, 282 proprietary cloud infrastructure, 84–85 provider-attributable outages, 170 provisioned IOPS, 263 provisioning, 160, 252–260, 284 public cloud deployment model, 160, 178, 179, 289 accountability, 169–170 advantages and disadvantages, 383 data segregation in, 173 lack of physical control, 280–282 management, 234–235 management strategies, 292 security, 171–174 public cloud providers, 45 public-key cryptography, 336 public key infrastructure (PKI), 335, 335 PUT REST API call, 23 PVHVM device drivers, 38 Q Quality of Service (QoS), 137 plan for, 302 Quest vConverter, 207 Qumranet, 38 quotas, 230–231 R rack-aware replica placement policy, 268 racks, 55 Rackspace, 81, 167, 169, 297–298 data centers, 68 RAID (Redundant Array of Independent Disks), 238–239, 243, 251–252 raised flooring, 57 random operations, measurements for, 124 rapid deployment, 14–16, 44 raw data, decision to keep or discard, 368 RBAC (role-based access control), 338 rc.d utility, 342–343 RC4, 337 RC5, 337 RDBMSs (relational database management systems), 19, 22 reactive adaption model, 388 reactive firm, 361 read down, 338 read files, vs write files, 124–125 read request, for HDFS, 269 read up, 338 read/write latency, 17 real-time replication, vs passive backup, 25 recovery point objective (RPO), 193 recovery time objective (RTO), 193, 365 recovery, in business continuity, 370 Red Bend Software, 42 Red Hat Enterprise Linux (RHEL), 38 Reduced Redundancy Storage (RRS), 265 redundancy, 74 cost, 260 planning network connectivity, 59 Redundant Array of Independent Disks (RAID), 238–239, 243, 251–252 redundant power infrastructure, 58 registration authority (RA), 335 relational database management systems (RDBMSs), 19, 22 remote connection, cloud service configured for, 305 Remote Procedure Call (RPC), 272 removing data from HDFS, 270–271 replicas, 24, 248 replication, 261–262, 366 in HDFS, 268–269, 270 Safemode for, 272 Representative State Transfer (REST), 47, 278 request for change (RFC), 102–103 resellers, 170 reservations, 231 resilience, in business continuity, 370 resistance to change, 390 resource consumption monitoring, for chargeback, resource management, exam objectives on, 409–410 resource pooling, 231–232, 233–234 with hypervisor, 46 resource provisioning, 79 for rapid deployment, 16 resources cloud data centers, vs traditional, 63 over- and underutilization, 165 responsibility delivery models and, 168–171, 179 for service impairments, 170 REST (Representative State Transfer), 278 rest APIs, 19–25 revision control systems, 126 RFC (request for change), 102–103 791, 327 RHEL (Red Hat Enterprise Linux), 38 RightScale, 293 risk, 119 managing, 112–113 of unauthorized access to data, 281 Rivest, Shamir, and Adleman (RSA), 337 robotics, tape, 226 role-based access control (RBAC), 338 rotational latency, 141 round-trip time (RTT), 135–136, 136 route summarization, 258 router, cloud virtual, 210 routing tables, printing, 341 routing virtual switch, 210 RPC (Remote Procedure Call), 272 RRS (Reduced Redundancy Storage), 265 RTT (round-trip time), 135–136, 136 Rugullies, Erica, 360 rule-based access control (RB-RBAC), 339 S S3 See Amazon Simple Storage Service (S3) SaaS See Software as a Service (SaaS) SAD (SQL Azure Database), 296 Safemode, for NameNode, 272 SalesForce, 353 SAP, 354 scalability, 18, 62–63, 66–67, 165 with hypervisor, 47 resources for, 235 testing, 302 vertical vs horizontal vs diagonal, 138–139, 140 and virtualization, 31–33 scalable computing, 54–78 vs cloud computing, 54 scheduling maintenance, 208, 218 maintenance windows, 110–111 Schmidt, Eric, 16 ScienceLogic, 355 scripting See JavaScript Object Notation (JSON) SDDC (software-defined data center), 43 Seagate, PowerChoice technology, 70 sector overhead time, 142 sectors in disk media, 141 secure connection, cloud service configured for, 305 Secure Shell (SSH), 10 Secure Sockets Layer (SSL) data encryption, 336 creating SSL certificate for, 306 security, 10, 30, 67, 285, 326–334 See also encryption access control list (ACL), 24, 329–330 and cloud computing, 70 for data in cloud, 113 demilitarized zone (DMZ), 333–334 exam objectives on, 411 firewalls, 330–332 See also firewalls for hybrid cloud deployment, 14 levels of, 281 between models, 180 obfuscation, 329 and privacy, 280–283 private cloud and, 288 private vs public cloud, 171–174 provisioning and, 253–254 service provider policy for, 320 for single tenancy, 13 testing, 302 threats and attacks, 326–329 distributed denial of service (DDoS) attack, 112– 113, 165, 328, 328–329 ping flood, 327–328 ping of death, 327 for user credentials, 343 virtual private network (VPN), 113, 330, 331 security access devices, 61 seek time, for disk, 141 self-healing feature, in Swift, 297 semi-automated tools, for migration, 207 semi-private cloud deployment model, 159 SequenceFile, 274 sequential consistency, 261 sequential operations, measurements for, 124 serial ports, 234 server console, access to, 62 servers account, in Swift object store, 266 authorization, in Swift object store, 266 connection teaming, 133 container, 298 in Swift object store, 266 dedicated, for semi-private cloud, 159 deployment, image of, preconfiguring, sectors in disk media – storage proxy, 333 bottlenecks from, 299 in Swift object store, 266 upgrades and patches, 111 virtual, 29–30 service design phase, in ITIL framework, 109 service-level agreements (SLAs), 25, 67, 97, 137 service levels balancing required, 377 and work optimization, 379–381 service operations phase, in ITIL framework, 110 service-oriented architecture (SOA), 354 service providers, 90 security policy, 320 service strategy phase, in ITIL framework, 109 service subscription policy, 320 service templates, importing and exporting, 186–187 service transition phase, in ITIL framework, 109 ServiceNow, 353 services deploying to cloud, 298–300 disabling unneeded, 340–343 enabling, 50 GUID, in staging environment, 307 impairments and responsibilities, 358 shared resources hypervisors and, 46 memory as, 210–211, 219 storage as, 211–212 silos, for cloud computing, 89 Simple Object Access Protocol (SOAP), 278 simplified network infrastructure, 99–100 single-firewall layout, 333 vs dual-firewall layout, 334 single-instance model, and multitenancy, 11 single point of failure firewall as, 333 NameNode as, 273 single sign-on, 339–340 single-tenant cloud, 12 single-tenant virtual servers, 30 sink, for Flume data flow model, 310 Skype, 362, 364 SLAs (service-level agreements), 25, 67, 97, 137 smartphones hardware refresh, hypervisors and, 42 IBM study, 372 Snapshot Manager, 190 427 snapshots, 189–190, 216 in Amazon Elastic Block Store, 262 in HDFS, 274 SOA (service-oriented architecture), 354 SOAP (Simple Object Access Protocol), 278 soft copy replica, 248 soft limits, 231, 233 soft updates, 129–130 soft zoning, 251 software degradation, 60 migrating infrastructure to cloud, 253 orchestration, 177 security patching, 344 Software as a Service (SaaS), 50, 353–354 management platforms as, 89 selling subscriptions to, 349 virtualization, 219 and work optimization, 380–381 software-based firewall, 331 software-defined data center (SDDC), 43 solid-state drives (SSD), 227 source, for Flume data flow model, 310 SourceForge, 350 SQL Azure Database (SAD), 296 SQL queries, 19 SSD-based storage devices, 24 SSH (Secure Shell), 10 SSL (Secure Sockets Layer) data encryption, 336 creating SSL certificate for, 306 stack overflows, 254 staging environment service's GUID in, 307 test deployment in, 301 stakeholders in change advisory board, 104 in change management, 102 in planning workshop, 93 Stallman, Richard, 280 standard changes, 103 standard configuration, 118 standard IOPS, 263 standards for cloud computing, 324–326 current ad hoc, 325–326 stateful packet filtering, 331 stateless packet filtering, 331 Statement on Auditing Standards (SAS) No 70, 382 storage, 226–227, 243 See also cloud storage allocation of resources, 229–230, 232–233 clustered, 212–213 exam objectives on, 405–406 428 storage area network (SAN) – virtual disk images (VDIs) metadata, 247–248 migration of, 206–207, 217 object, 246–247 and performance, 123 provisioning, 255–256 storage area network (SAN), 249, 249–250 tape, 226–227 tiering, 233 virtualization, 211–213 storage area network (SAN), 250 adding capacity to, 255 vs cloud storage, 250–252 virtual, 203–204 Storage Networking Industry Association (SNIA), Cloud Data Management Interface (CDMI), 326 StorSimple, 279 stream ciphers, 337 stress testing, 175, 302 strided access, 126 strong passwords, 343 structured data, vs unstructured data, 18–19 subnetting, 197 “success disaster,” 112 Sun VirtualBox 3.0, 224 supernetting, 258 supplier lifetime, 283, 285 support contracts, for profits, 349 SVN, 126 swap disk space, 144, 154–155 SwiftStack, 19 switches, virtual, 199–201, 214, 217 routing, 210 Symantes System Recovery, 207 symbolic link (symlink), 248 symmetric key algorithm, 337 symmetric multiprocessing (SMP), in guest operating system, 223, 224 symmetric NAT, 257 symmetrical network redundancy, 60 synchronous metadata, updates, 129 synchronous replication, 366 Sysinternals Disk2vhd, 207 system crashes, and information loss, 128 system-defined metadata, 21 systems life cycle, managing, 109–110, 120 systems management, exam objectives on, 412–414 T tape backups, 61 tape storage, 226–227 task documentation, importance of, 368 TCO See total cost of ownership (TCO) TCP/IP protocol suite, and HDFS, 272 TCP SYN floods, 329 team, cloud collaboration by, 360–361 teaming, 133–134 technology, 348 teleconferencing, 362 Telemetry (Ceilometer), 84 telepresence, cloud collaboration with, 361–362 temperature of environment, and data center location, 68 templates, 4–6, 216 creating, 184–186 terminals, 161 Terremark, 352 testing deployment models, 301–304 maintenance and, 208 types of, 175 throughput, 132–134 calculating, 145 sustained, 142 tiered accounts, 67 tiered network security, 62 tiering, 233, 236–241, 243 file systems for, 239–241 performance levels, 237–238 time to service, for hypervisor, 46 tools lock-in, 283 top management, and strategic planning, 391–392 topological fragmentation, avoiding, 258–259 total cost of ownership (TCO), 56 for data centers, 55–56, 71 on- vs off-premise hosting, 166–168 power consumption and, 163 traditional hardware, vs cloud, 62–65 traditionalism, 385 traffic flow, applicationoptimized, 99 traffic isolation, on network, 173 training, for change, 390–391 transactions, analysis, transparent page sharing (TPS), 229 transparent switching, 13–14 Transport Layer Security (TLS), 336 Trash directory, 270 clearing, 271 trending, 109 Triple Data Encryption Algorithm (3DES/TDEA), 337 Trompenaars, Fons, Managing People across Cultures, 385–386 trust, 107 TwinStrata, CloudArray software, 279 two-factor authentication, 339 U ubiquitous access, 9–10 Ubuntu Horizon dashboard, 83 UI Haq, Salman, 15 unanswered questions on exam, 400 unauthorized access to data, risk of, 281 unauthorized changes, impact of, 151 uninterruptible power supplies (UPSs), 58 University of Michigan, 35 unstructured data, vs structured data, 18–19 updates to metadata, 128 upgrades, 100 maintenance and, 208–209 UPS failure, 74 uptime, for cloud service, 66 USB port mapping, 234 use cases, for cloud storage, 298 user credentials, security for, 343 user-defined metadata, 21 user self-provisioning, 292 utility computing, 79 utilization, maintenance and, 209 V value-added enhancements, 349 vContinuum by InImage Systems, 207 vCPUs, maximum, 224 VDCs (Virtual Data Centers), 45 VDI file type, 198 VDS (Virtual Distributed Switch), 41 vendor lock-in, 283 Verizon, 352 versioning, 24, 265 vertical scaling, 139, 140 VHD file type, 198 video streaming providers, 138 videoconferencing, 362 virtual appliance supplier, 358 virtual central processing unit (vCPU), 241 virtual components of cloud, 209–213 shared memory, 210–211 storage virtualization, 211–213 virtual CPU, 211, 219 virtual network components, 209–210 Virtual Data Centers (VDCs), 45 virtual desktop infrastructure (VDI), 43–44, 115–116 virtual desktop providers, 115 virtual disk images (VDIs), for backup, 366 virtual disks, 198–199, 214, 216 limitations of, 199 Virtual Distributed Switch (VDS), in vSphere, 41 virtual environment, configuration, impact of chanes, 156 virtual firewall, 331, 332 virtual local area networks (VLAN), 200–201, 214–215, 217 virtual machine configuration for multiple VLANs, 201–203 dedicated IP address for, 197 dynamic allocation of memory, 228 snapshot of, 189–190 Virtual Machine File System (VMFS), 240–241 virtual network components, 209–210, 219 vs physical network, 196 virtual network interface card (NIC), 195–198 Virtual PC Network Filer driver, 198 virtual private cloud, advantages and disadvantages, 382–383 virtual private network (VPN), 113, 330, 331 virtual resources allocation by tenant/client, 232–234 mapping physical resources to, 234 migration, 204–209 virtual servers, on demand, 29–30 virtual storage area network (VSAN), 203–204, 215, 217 virtual switches, 199–201, 214, 217 assigning VLAN ID to, 203 binding, 202 virtual to physical (V2P) migration, 207, 218 virtual to virtual (V2V) migration, 207, 218 VirtualBox, 39 Guest Additions, 189 virtualization, 30, 79, 160 of desktop, 115–116 exam objectives on, 402–405 and latency, 136 memory tiers in system, 150 virtual disks – Zyrion of physical resources, 10 and scalability, 31–33 type and type 2, 33, 34 virtualization intermediaries (VIs), 198 virtualized environment, and resource allocation, 17 viruses, in image backup, 195 visibility, of cloud data centers, 67 VLAN (virtual local networks), 200–201, 214–215, 217 VLAN ID setting on VM, 202–203 VMDK file type, 198 VMFS (Virtual Machine File System), 240–241 vMotion, in vSphere, 41 VMware, 115, 353 Bridge protocol, 198 ESX hypervisor, 225 mobile hypervisor, 42 vCenter Converter, 207 vSphere/ESXi, 39–41 Workstation, 33 Vodafone, 169 VPN (virtual private network), 113, 330, 331 VSAN (virtual storage area network), 203–204, 215, 217 VSAN ID, vs VSAN Name, 204 vulnerability of infrastructure, cost, 74 managing, 113 W warm backup site, 367 Watson, Thomas J., web applications, 111–112 white-box testing, 301 white label branding, 350–351 Windows Azure, 296 Quick Create, 306 Windows, and data centers, 61 work optimization, 376–381 optimizing usage, capacity, and cost, 376–379 preparing for outages and, 378 and service levels, 379–381 429 Workday, 354 workforce, 102 workloads, managing, 111–113, 119 workshifting, 371 workstation as a service, 43–44 World Wide ID (WWID), 251 World Wide Number (WWN), 251 World Wide Port Name (WWPN), 213 write-ahead logging, 129 write back, 130 write cost, rack awareness and, 269 write down, 338 write files, vs read files, 124–125 write up, 338 WWID (World Wide ID), 251 WWN (World Wide Number), 251 WWPN (World Wide Port Name), 213 X XaaS (Anything as a Service), 356 Xen cloud platform, 37–38 XenServer, 82 XML file, export templates as, 186 Y Youtube, Z zero-filling of disk drives, 282 Zeus Traffic Controller, 293 zombie processes, 328 avoiding, 271 Zyrion, 355 Free Online Learning Environment Register on Sybex.com to gain access to the free online interactive learning environment and test bank to help you study for your CompTIA Cloud+ certification The online test bank includes: ■■ ■■ ■■ Practice Exam to test your knowledge of the materials Electronic Flashcards to reinforce your learning and provide last-minute test prep before the exam Searchable Glossary gives you instant access to the key terms you’ll need to know for the exam Go to http://sybextestbanks.wiley.com to register and gain access to this comprehensive study tool package ... Practices 10 0 Managing the Configuration 10 5 Managing Cloud Workloads 11 1 Managing Workloads Right on the Cloud 11 1 Managing Risk 11 2 Securing Data in the Cloud 11 3 Managing Devices 11 4 Virtualizing... Desktop 11 5 Enterprise Cloud Solution 11 6 Summary 11 6 Chapter Essentials 11 9 Chapter Diagnosis and Performance Monitoring 12 1 Performance Concepts 12 2 Input/Output Operations per Second (IOPS) 12 3... Interface Card Virtual Disks Virtual Switches 18 1 18 3 18 3 18 4 18 6 18 8 18 9 19 3 19 5 19 8 19 9 Contents xv Configuring Virtual Machines for Several VLANs 2 01 Virtual Storage Area Network 203 Virtual