File Subscriptions

File subscriptions are part of a service that enables your employees and customers to store files (data) in the cloud. This service is considered Software as a Service (SaaS) but also falls under the category of Storage as a Service (STaaS). See the “SaaS” section later in this chapter for more details.

File subscriptions are a popular cloud service, and as a result, many options are available. Google Drive, Microsoft OneDrive, and Dropbox are just a few of the popular options.

Communications

While many people use cell phones to make and receive phone calls, traditional phone calls were placed on land-line devices, and the communication took place over the public switched telephone network (PSTN). This technique, which dates back to the 1800s, uses copper wires and is still commonly used today. However, this medium for communication has limitations (analog voice only) and requires a vast infrastructure that doesn’t exist throughout the world.

A more modern alternative is to use a communication option called voice over IP (VoIP) that is provided by organizations like cloud vendors. With VoIP, phone calls are placed over an Internet broadband connection. This connection requires converting the sound into a digital signal. Cloud vendors like RingCentral, Vonage, and Microsoft 365 Business Voice provide VoIP service. This service is considered a SaaS, but also falls under the category of Communication as a Service (CaaS). See the “SaaS” section later in this chapter for more details.

Collaboration

Collaboration services provide a variety of features all designed to allow organizations to work together to solve problems, create new products, or perform other business-related activities. Most of these tools provide some sort of messaging feature that includes the ability to send messages to an individual or a group. Other features may include video conferencing, forums, file transfer capability, and project management features.

Examples of collaboration tools include Slack, Microsoft Teams, and Trello. Cloud-based collaboration services are considered a SaaS. See the “SaaS” section later in this chapter for more details.

Virtual Desktop Infrastructure (VDI)

At this point you should understand what a virtual machine (VM) is. If not, please review the “Deploying Virtual Machines (VMs) and Custom Images” section later in this chapter. A virtual desktop infrastructure (VDI) leverages the power of a virtual machine to provide virtual desktops to users.

Imagine a scenario in which you are often traveling. You don’t want to carry your system with you, but you want to be able to access the IT infrastructure in your organization. Using a mobile device, you can connect to a virtual machine via the Internet and bring up your desktop environment.

There are several advantages of VDI:

• Because the desktops reside on a virtual machine, the administration of these desktops is easier. With centralized management, updates and patches can be applied easily, by administrators, without the need for regular users to handle these operations.

• Because of the higher level of centralized control, VDI is typically more secure than individual user computers.

• Using a VDI solution can reduce the costs of buying hardware (laptops) for each user. Users can use more affordable devices (mobile phones, tablets, and so on) but can still use a laptop if they choose.

• Given that the virtual desktop is remotely available, it can be reached in most cases wherever an Internet connection is available. Some networking issues (firewalls, for example) may hinder this access.

Note that VDI itself would be considered a Platform as a Service (PaaS), but the virtual machines themselves would be considered an Infrastructure as a Service (IaaS). See the “PaaS” and “IaaS” sections later in this chapter for more details.

Directory and Identity Services

For more information on directory and identity services, see “Directory Services” in Chapter 5, “Identity and Access Management.”

Cloud Resources

Cloud resource is a broad term that refers to some sort of system in the cloud. A resource can be a wide range of things: a virtual machine, an email service, a firewall, or a database. Think about it this way: if it is something in the cloud, it is considered a cloud resource.

IaaS

In an IaaS solution a cloud vendor provides the infrastructure for you to develop or install your software solution. With this solution the cloud vendor essentially provides the hardware structure (compute, networking, and storage), and you manage the rest, including the operating system and the software. Examples of IaaS include using Azure virtual machines and AWS EC2 instances. A major advantage of an IaaS software solution is control. You choose the platform (operating system), the amount of hardware resources used, and how the system is configured. This control may also be considered a disadvantage because you are also tasked with maintaining the operating system and the software.

PaaS

In a PaaS solution the cloud vendor provides a platform that you can use to install or develop a software solution. Examples of PaaS include OpenShift, AWS Elastic Beanstalk, and the Google App Engine. With a PaaS solution the primary advantage is that you can deploy a customized software solution without having to maintain the platform that the software runs on. With a PaaS solution, like the SaaS solution, you still may have concerns regarding control over your data and potential vendor lock-in. However, PaaS does offer more control over these issues, so the concern isn’t as strong as with the SaaS solution.

SaaS

In a SaaS software solution the entire application is hosted and maintained by the cloud vendor. Examples of SaaS include Salesforce, Dropbox, Gmail, Webex, and DocuSign. One advantage of SaaS solutions is that the vendor handles all maintenance of the software. Disadvantages include a lack of control over your data, the inability to customize the software to your organizational needs, and potential vendor lock-in (when your organization is so entrenched in a solution that it is almost impossible to switch to another solution).

Compute

A cloud compute resource is any resource that has a primary goal of performing any sort of computation operation. This typically means virtual machines and containers, both of which are covered in more detail later in this chapter.

Note that cloud computing is a more generic term that means to use cloud resources to perform operations. In other words, the terms cloud compute resource and cloud computing are not synonymous.

Storage

A storage resource is anything that is used in the cloud to store data. There are three different types of cloud storage resources:

• Block storage: This type of storage resource is typically used for compute resources (virtual machines specifically) to store data, including the operating system of the computer resource. If you are used to non-cloud storage devices, think of a block storage resource like a hard disk or a partition. Examples include AWS Elastic Block Storage (EBS), Microsoft Azure Blob storage, and Google Cloud Persistent Disks. Block storage typically is raw storage space and normally requires a filesystem to be placed on the storage resource for it to be used. This typically happens during the installation process of a virtual machine.

• File storage: This type of storage resource acts much like a network filesystem (also referred to as a network-attached storage, or NAS). This type of storage is used when you need to be able to share the files with multiple resources. For example, two virtual machines may need to be able to access the same files (or share files between the two VMs). Examples of file storage include AWS Elastic File System (EFS), Azure Files, and Google Cloud Filestore.

• Object storage: Object storage is a feature in which objects (unstructured data like emails, videos, graphics, text, or any other time of data) can be stored in a cloud environment. Object storage doesn’t use traditional filesystem storage features but rather organizes the data into “groups” (similar to a folder in a filesystem). Data is typically accessed using a URL, like you would use to access a web page. Object storage is durable and highly available, supports encryption, and can be used in a flexible manner that supports different backup and archiving features. Examples include AWS Simple Storage Service (S3), Google Cloud Storage, and IBM Cloud Object Storage.

Note that databases are not included in the list of storage devices. Databases do store data, but they provide more functionality than typical storage devices; therefore, they belong in a separate category of cloud resources.

Network

As with systems within your own IT infrastructure, cloud resources need network configuration to communicate between the resource and to systems on the Internet. However, network cloud provisioning is a bit different from what you might be used to in your own IT infrastructure on-premises.

The network in a typical IT infrastructure on-premises consists of the physical network connections and the individual network settings on each system within the network. In a cloud environment, the physical network is already in place, installed by the cloud provider. However, several different organizations may share that same physical network, so you need to create your own private network within that physical network (such as a VPC in AWS and GCP, and a VNet in Azure).

An entire chapter is devoted to provisioning the network in a cloud environment. Chapter 13, “Cloud Networking Solutions,” covers a variety of cloud networking solutions that are listed in the CompTIA Cloud+ certification exam objectives.

Serverless

See “Serverless” in Chapter 1, “Different Types of Cloud Models.”

OS Templates

An OS template is used to deploy a virtual machine. The questions that you are asked can vary. For example, in AWS you are asked the following:

• The image type for the operating system.

• The instance type, which is how AWS refers to the hardware specifications for the virtual machine (how much RAM, how many virtual CPUs, and so on).

• Additional instance details, such as how many instances and which virtual network to assign the instance(s) to. See Figure 11.1 for an example of some of these details.

• The storage type(s). See the “Persistent Storage” section later in this chapter for more details.

• The tags associated with the instance. You use tags in AWS to group instances together based on identifiers that you define.

• The security group that the instance is associated with. In AWS the security group acts as a virtual firewall.

By creating an OS template, you can automate your installations. This capability is important for situations in which you need to rapidly deploy a virtual machine, such as when using an auto-scaling solution. See “Auto-scaling” in Chapter 3, “High Availability and Scaling in Cloud Environments,” for more details.

Solution Templates

A solution template is designed to deploy a non-OS resource in the cloud. This is a pretty wide field and can include resources like databases, web servers, and virtual networks.

Configure Variables

When you use a template (see the “Templates” section earlier in this chapter), you can use variables to customize the template. You use a variable when you want to have options when deploying the resource using a template.

For example, suppose you want to create a template that will deploy a virtual machine, but you don’t want to answer the question of the type of instance within the template itself. You can tell the template to accept a value that is passed into the template when the template is used. That value is then assigned to a variable that is used to indicate the type of the instance.

Configure Secrets

See the “Secret Management” section in Chapter 5.

Persistent Storage

Recall from the “Storage” section earlier in this chapter that there are three types of storage in the cloud: block, file, and object. When you’re deploying a virtual machine, the operating system is stored on a block storage resource. This storage device is persistent, meaning that even if you power off the virtual machine, the data is still retained on the storage device.

Most cloud vendors have a nonpersistent storage option for additional storage resources. For example, AWS offers a feature called an instance store. This block storage resource is available as long as the virtual machine is running. When the virtual machine is powered off, the instance store is deleted, making this a nonpersistent storage solution.