Chapter 7
Cloud Compute Infrastructure
CERTIFICATION OBJECTIVES
7.01 Virtualization in the Cloud
7.02 Cloud Virtual Machine Components
7.03 High-Performance Computing
Two-Minute Drill
Q&A Self Test
Virtual machines are the workhorses of cloud computing. In this chapter you will learn about cloud-based compute resources such as virtual machines. Clusters (collections of virtual machine nodes) also fall under the umbrella of cloud compute services.
We will start with a discussion of how cloud virtualization is possible through hypervisors in cloud service provider data centers, followed by a brief overview of how to plan virtual machine sizing to accommodate VM workloads.
Next, we’ll identify specific virtual machine components, such as operating system images, virtual network interfaces, autoscaling, and custom routes. We will also cover remote management of both Linux and Windows cloud VMs in the context of IP addressing and jump boxes.
Finally, we will discuss when and how clusters of parallel processing nodes should be used.
CERTIFICATION OBJECTIVE 7.01
Virtualization in the Cloud
As you will recall from Chapter 1, hypervisors are the physical servers that host guests. Cloud service provider data centers contain vast numbers of Type 1 hypervisors such as VMware ESXi, Microsoft Hyper-V, or the Linux-based Kernel Virtual Machine (KVM). Type 1 hypervisors are also called bare metal hypervisors because they run directly on the physical hardware and do not depend on an existing operating system. Type 2 hypervisors run as an application within an existing operating system.
Cloud compute resources—such as virtual machines—run on these hypervisors. Planning cloud virtual machine deployment and usage depends on the workload that will be running in virtual machines.
Some cloud service providers offer other types of virtualization such as virtual desktop infrastructure (VDI) solutions, which serve up user desktops from a centralized virtualization server; users can connect remotely to access their cloud-stored desktop and applications.
Virtual Machine Sizing
Running a small website with a small number of users on a virtual machine won’t require nearly as much horsepower as running complex data analyses on large datasets. The virtual machine size, sometimes called the instance type, determines virtual machine horsepower. Common VM sizing constituents include
Number of vCPUs
Amount of RAM
Number of supported data disks
Disk IOPS throughput measurement
Number of supported network interfaces
Network performance
You might choose a specialized virtual machine sizing that addresses specific needs such as a graphics-intensive application. Just bear in mind that more VM compute power and speed mean higher cost. Another consideration is that some VM sizes might be available only in some geographical regions, depending on the CSP.
Virtual machine sizing not only should be addressed during planning and deploying but should also be monitored over time to ensure the best fit (one size does not fit all!). You can change virtual machine sizing, as shown in Figure 7-1, even after the VM already exists, though the VM might require a restart to pick up the new setting.
FIGURE 7-1 Selecting the Amazon Web Services virtual machine instance type
While some exam questions might refer to virtual machine sizing, you could see questions refer to instance sizing. Both in the exam and the real world with cloud computing, virtual machine and instance are synonymous.
CERTIFICATION OBJECTIVE 7.02
Cloud Virtual Machine Components
Much like a physical computer consists of many components working together, virtual machines in the cloud also consist of many virtual components. The workload that you plan to run in the virtual machine dictates which virtual components you should use and how you should configure them, as described in this section.
Operating System Selection
Cloud virtual machines use an operating system image. In addition to containing the operating system (OS), the image might have specific OS settings, as well as additional software such as a MySQL database server and support for the Python programming language.
As your cloud use increases, you will most likely find yourself creating custom images that will be used with future cloud VM deployments. Figure 7-2 shows how you can select an OS image during deployment in Microsoft Azure.
FIGURE 7-2 Selecting the Microsoft Azure virtual machine image
Connecting to cloud-based Windows virtual machines for management purposes is done differently than for cloud-based Linux virtual machines. Windows and Linux authentication options also differ, but some cloud-based Windows and Linux configurations, such as VM autoscaling, are not specific to the selected OS.
Remote Management
Whether you deploy a Windows VM or a Linux VM, at some point you may need to manage the OS remotely. If you plan on using an on-premises device to remotely manage cloud VMs, you’ll need a way to contact those VMs either directly through a VM public IP address assigned to each VM (not recommended for security exposure reasons) or through a single VM configured with a public IP address (a jump box), as depicted in Figure 7-3. After you establish a connection to the jump box, you can connect to the internal private IP addresses of cloud VMs.
FIGURE 7-3 Cloud jump box configuration
Windows remote management using Remote Desktop Protocol (RDP) occurs over TCP port 3389. Linux remote management using Secure Shell (SSH) occurs over TCP port 22. Your on-premises firewall needs to allow this type of outbound traffic, and cloud firewalls also need to allow this traffic to the VMs that will be remotely managed.
Linux VM Authentication
Where cloud-based Windows virtual machine authentication is most commonly configured to use usernames and passwords, Linux virtual machines can use one of two authentication methods:
Username and password
SSH public key authentication
Authenticating to Linux through a username and password is single-factor authentication (something you know) and not considered as secure as SSH public key authentication. Public key authentication uses a public and private key pair. Both keys are mathematically related. The public key is stored with the Linux host in the cloud, and only the authorized user (or device) has access to the related private key, which should be backed up to a safe location. Depending on the configuration, authentication might only require possession of the private key, or it might also require a password and a username. Figure 7-4 shows the SSH public key authentication settings when deploying a Linux VM in Azure.
FIGURE 7-4 Linux SSH public key configuration in Microsoft Azure
Virtual Machine Autoscaling
You can deploy sets of VMs together for horizontal scaling. Horizontal scaling comes in two forms:
Scaling out Adding virtual machine nodes
Scaling in Removing virtual machine nodes
When an application is in high demand, virtual machines can be added to handle the workload. When things quiet down, VMs can be removed since they are no longer needed—this also reduces unnecessary cloud costs. Figure 7-5 shows a sample autoscaling configuration.
FIGURE 7-5 Enabling autoscaling for a Microsoft Azure virtual machine scale set
Virtual Network Interface Cards
To communicate on a cloud virtual network, a virtual machine must be associated with a network interface, which is its own cloud resource, as shown in Figure 7-6. This means you can associate and dissociate network interfaces to and from different VMs over time, as needed.
FIGURE 7-6 Microsoft Azure network interfaces
Each network interface has settings to configure details such as the following, as shown in Figure 7-7:
FIGURE 7-7 Microsoft Azure virtual network interface settings
Dynamic or static (unchanging) IP address
DNS name resolution
Firewall rule settings to control network traffic into and out of the network interface
IP forwarding (routing)
Think beyond the straight facts presented in this book. You might get exam questions related to multiple network interfaces associated with a single VM—this is a valid configuration and really no different than using multiple NICs in a physical machine, such as when it is configured as a routing or firewall appliance. In the same way, a single network interface can have multiple IP configurations.
Routing Table Entries
If you need to control network traffic flow, you can configure custom routing table entries. Why would you do this? Normally, you would do so to ensure network traffic is forwarded to a firewall or antimalware appliance of some kind for inspection.
When configuring custom routes, you specify the target network range that must be matched in a network transmission, such as 10.244.0.0/24 in the example shown in Figure 7-8. Any traffic that needs to get to the 10.244.0.0 network will be sent to the next-hop virtual appliance, 10.240.0.4. The emerging pattern is that network settings that were normally configured directly within the OS are no longer configured there; instead, the settings reside in the cloud, and the virtual machine OS consults the cloud network settings.
FIGURE 7-8 Microsoft Azure custom route
CERTIFICATION OBJECTIVE 7.03
High-Performance Computing
In a scenario where individual VMs don’t have the power or ability to run complex tasks that need to be accomplished, such as in medical research or financial modeling, consider grouping high-performance VMs together. The purpose of high-performance computing (HPC) is to speed up complex data analysis of large datasets through a cluster of VM nodes. This is also referred to as big compute or parallel computing—running tasks in parallel simultaneously across multiple VMs.
Each HPC VM uses the fastest vCPU configuration, SSD-based storage (as opposed to the older and slower HDD-based storage), large amounts of RAM, and the fastest network throughput. The HPC cluster needs a way to coordinate tasks among the worker nodes. You can get a sense of the HPC layout in Figure 7-9.
FIGURE 7-9 High-performance computing
HPC clusters can be configured on premises or in the cloud. In the cloud, HPC is a managed service. This means that the complexity of installing and configuring operating system and clustering software to work together is hidden from the cloud customer. Monitoring the performance of cloud-based HPC ensures that complex tasks are processed efficiently with as little cost as possible. An example of monitoring in an AWS cloud environment would be to configure alert notifications through the AWS CloudWatch service. Figure 7-10 shows how an HPC head node can be deployed in Azure by selecting the appropriate OS image.
FIGURE 7-10 Deploying a Microsoft Azure HPC head node
EXERCISE 7-1
Deploy a Windows-Based Virtual Machine in the Cloud
In this exercise, you will create a Windows virtual machine in the Microsoft Azure cloud. This exercise depends on having completed Exercise 1-1.
1. Use your web browser to sign in to the Microsoft Azure portal at https://portal.azure.com.
2. At the top of the navigation pane on the left, click Create a Resource.
3. Click the Compute category and select Virtual Machine. This will launch the Create a virtual machine wizard and place you on the Basics screen.
4. Select an existing resource group or create a new one.
5. Use the following values to deploy the Windows virtual machine:
Name: WinSrv1
Image: Windows Server 2019 Datacenter
Username: admineast1
Password: Enter a password that satisfies requirements as per the web page Note that you will need this password in Exercise 7-2.
Public inbound ports: Allow selected ports, RDP (3389)
6. Click the Next button at the bottom of the screen repeatedly until you arrive at the Management screen of the wizard. Ensure the Boot Diagnostics option is set to Off.
7. Click Review + Create, then click Create.
EXERCISE 7-2
Remotely Manage a Cloud Windows Virtual Machine
In this exercise, you will connect to an existing Windows virtual machine in the Microsoft Azure cloud. This exercise depends on having completed Exercise 7-1.
1. If you are not already in the Microsoft Azure portal, use your web browser to sign in to it at https://portal.azure.com.
2. In the left-hand navigator, click Virtual Machines.
3. From the list, click WinSrv1.
4. On the Overview page, look to the right side of the screen and copy the IP address of the virtual machine displayed in the Public IP Address field, as shown in Figure 7-11.
FIGURE 7-11 Microsoft Azure virtual machine public IP address
5. On your local Windows computer, open the Start menu and launch the Remote Desktop Connection app.
6. Paste the previously copied public IP address into the Computer field.
7. Click Show Options in the lower-left corner and enter admineast1 into the User Name field, then click Connect.
8. When prompted, enter the password configured for admineast1. (This password was established in Exercise 7-1.)
9. If prompted, choose to trust the connection.
10. You are now remotely connected to a Windows VM running in the Microsoft Azure cloud.
11. Move the upper-right corner of the screen and click the X to close the remote desktop connection.
12. In the Azure portal, select WinSrv1. Click the Stop button to prevent unnecessary cloud charges.
INSIDE THE EXAM
Templates and Automation
The CompTIA Cloud Essentials+ CLO-002 exam could present you with questions regarding automation and repetition of cloud administrative tasks. As an example, when manually deploying virtual machines in Microsoft Azure, the last page of the wizard provides an option to save the settings as a template for future deployments. Templates can also be created manually or acquired through a variety of websites, such as https://github.com.
CERTIFICATION SUMMARY
This chapter discussed compute infrastructure in a cloud environment. You learned how hypervisors make operating system virtualization possible and how you should select the appropriate virtual machine sizing based on VM workloads.
You have been exposed to how both Windows and Linux virtual machine images can be deployed and how to manage them over RDP and SSH, respectively, through public IP addresses or a jump box. Cloud-based virtual machines are related to other cloud resources such as virtual network interfaces and custom route tables.
You also learned how autoscaling addresses application performance by scaling out (adding VMs) when the application is busy and scaling in (removing VMs) when demand for the application quiets down.
Finally, you learned how high-performance computing (HPC) can be used to perform large-scale, complex computing tasks across a cluster of VM nodes working together in parallel.
TWO-MINUTE DRILL
Virtualization in the Cloud
Hypervisors run virtual machines.
Virtual desktop infrastructure (VDI) provides user desktops over a network from a central virtualization server.
Virtual machine sizing determines virtual hardware resources such as number of vCPUs, amount of RAM, and disk and network throughput.
The virtual machine “size” is also referred to as “instance type.”
Existing virtual machines can be resized to address compute requirements.
Resizing an existing virtual machine requires restarting the VM after resizing.
Cloud Virtual Machine Components
Virtual machines are based on operating system images.
OS images can contain only OS files for Windows or Linux.
OS images can also contain specific OS settings and additional software beyond the OS software.
Cloud customers can create custom images that are used to deploy virtual machines.
Linux virtual machines are remotely managed using SSH over TCP port 22.
Windows virtual machines are remotely managed using RDP over TCP port 3389.
For remote management, each virtual machine can have a public IP address, but this is not recommended for security reasons.
A jump box is a virtual machine with a public IP address through which technicians can then access the private IP addresses of cloud virtual machines.
Windows virtual machines are normally configured to use username and password authentication
Linux SSH public key authentication stores a public key with the virtual machine in the cloud; the related private key is stored on a user device.
Virtual machines can be grouped together for autoscaling purposes to add and remove VMs in response to application requests.
Cloud virtual machines can be associated with one or more virtual network interfaces.
A virtual network interface can have multiple IP configurations using public and private IP addresses.
Custom routes are used to control network traffic flow.
High-Performance Computing
HPC is also referred to as big compute and parallel processing.
HPC uses a cluster of virtual machine nodes working together to process complex jobs.
HPC cluster head nodes receive job instructions and coordinate them among cluster worker nodes.
SELF TEST
The following questions will help you measure your understanding of the material presented in this chapter. As indicated, some questions may have more than one correct answer, so be sure to read all the answer choices carefully.
Virtualization in the Cloud
1. Which term is used to describe the physical host running guests?
A. Virtualizor
B. Scale set
C. Cluster
D. Hypervisor
2. Which virtualization solution provides user desktops from a centralized virtualization host?
A. SDN
B. CDN
C. VDI
D. VLAN
3. Which type of hypervisor is also called a bare metal hypervisor?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
4. Which virtual machine characteristic determines the amount of compute power?
A. Autoscaling
B. Load balancer
C. Sizing
D. Tagging
Cloud Virtual Machine Components
5. You need to vertically scale a cloud virtual machine to accommodate an increased workload. Which two items should be adjusted?
A. Public IP address
B. RAM
C. vCPU
D. Load balancer
6. You have deployed a Linux virtual machine named LINUX1 in the cloud. Over time, you realize that LINUX1 does not need the amount of hardware resources that it was originally allocated. What should you do to reduce cloud costs?
A. Resize LINUX1
B. Delete and re-create LINUX1 with the correct resources
C. Add LINUX1 to an autoscaling group
D. Add LINUX1 to a load balancer back-end server pool
7. After deploying a Windows virtual machine named WINDOWS1 in the cloud, you cannot connect to it over RDP from your on-premises headquarters network. Other office locations can connect to WINDOWS1 over RDP. What is the most likely cause of the problem?
A. Cloud firewall rules are preventing incoming port 3389 traffic.
B. Cloud firewall rules are preventing incoming port 389 traffic.
C. Headquarters network firewall rules are preventing outbound port 3389 traffic.
D. Headquarters network firewall rules are preventing outbound port 389 traffic.
8. Which statements regarding Linux SSH public key authentication are correct? (Choose two.)
A. The public key is stored on the connecting device.
B. The public key is stored in the cloud.
C. The private key is stored in the cloud.
D. The private key is stored on the connecting device.
9. You have deployed numerous Linux and Windows virtual machines in the cloud. None of the VMs have a public IP address. You need to be able to manage all VMs from your on-premises network while minimizing exposure to network security threats. Which options should you consider? (Choose two.)
A. Assign a public IP address to each virtual machine
B. Deploy a jump box
C. Configure a virtual machine autoscaling group
D. Configure a VPN to the cloud
10. You need to configure an existing Linux virtual machine named FIREWALL1 in the cloud so that it can run as a firewall appliance between two virtual network subnets. What should you do? (Choose two.)
A. Switch the operating system image in FIREWALL1 from Linux to Windows
B. Resize FIREWALL1 to include more vCPUs
C. Add a cloud routing table entry
D. Create a virtual network interface and associate it with FIREWALL1
High-Performance Computing
11. You are the cloud technician for a pharmaceutical research company. Currently, researchers are analyzing vast datasets on premises, but the analysis results are taking too long to generate. What should you propose to speed up analysis results while minimizing IT costs?
A. CSP
B. CDN
C. HPC
D. SDN
12. Which word is the most closely related to HPC in the cloud?
A. Security
B. Clustering
C. NoSQL
D. Template
13. You plan on configuring a cloud HPC cluster to analyze terabytes of climate modeling data. What is the first thing you should do?
A. Deploy an HPC cluster
B. Deploy a load balancer
C. Move data into the cloud
D. Configure virtual machine autoscaling
14. Which type of virtual disk configuration should HPC nodes use?
A. SDN
B. IOPS
C. HDD
D. SSD
15. You are using an Amazon Web Services (AWS) HPC cluster to analyze medical data. Which AWS option should you configure to monitor HPC cluster performance?
A. Direct Connect
B. ExpressRoute
C. CloudWatch
D. CDN
SELF TEST ANSWERS
Virtualization in the Cloud
1. 
D. A hypervisor runs software designed to host guests.
A, B, and C are incorrect. Virtualizor is not a valid term. A scale set groups VMs together for autoscaling purposes. A cluster is a group of VM nodes working together for a single purpose, such as for application high availability or running complex computations.
2. C. Virtual desktop infrastructure (VDI) uses a centralized server to host multiple user desktop environments.
A, B, and D are incorrect. Software-defined networking (SDN) provides a layer between user interfaces that configures underlying network devices, thus hiding those complexities from the cloud user. A content delivery network (CDN) caches content geographically near users that will request that content. A virtual local area network (VLAN) is a logical subdivision of a physical network to reduce network congestion or provide network isolation and security for critical IT systems.
3. A. Type 1 hypervisors run directly on hardware (“bare metal”) to support the running of multiple guests.
B, C, and D are incorrect. Type 2 hypervisors run as an application within an existing operating system. Type 3 and 4 hypervisors are invalid types.
4. C. Virtual machine sizing determines the virtual machine compute power.
A, B, and D are incorrect. Autoscaling adds or removes virtual machines in response to how busy an application is. Load balancing takes incoming client app requests and directs them to the least-busy back-end server. Tagging adds metadata to cloud resources to facilitate searching, filtering, and cost management.
Cloud Virtual Machine Components
5. B and C. Increasing the amount of memory, or RAM, and the number of virtual CPUs (vCPUs) is referred to as “scaling up”—this is vertical scaling.
A and D are incorrect. IP addressing and load balancing are not directly related to VM vertical scaling.
6. A. Resizing a virtual machine either increases or decreases its compute power. Decreasing it reduces cloud costs.
B, C, and D are incorrect. Resizing a VM is a more efficient method of adjusting the required compute power than deleting and re-creating the VM. Autoscaling and load balancing are not directly related to compute power hardware resources.
7. C. Because other offices can successfully connect using RDP, the firewall rules at the headquarters location must be blocking port 3389 RDP traffic.
A, B, and D are incorrect. Cloud firewall rules are not the problem; other offices can successfully connect using RDP. RDP uses port 3389, not 389.
8. B and D. Secure Shell (SSH) public key authentication in the cloud stores public keys with the virtual machine in the cloud. The related private key is stored on the user device.
A and C are incorrect. Public keys are not stored on the connecting device. Private keys are not stored in the cloud.
9. B and D. A jump box provides the public connectivity point for remotely managing cloud virtual machines without exposing each VM directly to the Internet. Configuring a VPN to the cloud uses a single public connectivity point through which VM remote management can be securely conducted.
A and C are incorrect. Virtual machines should not be directly exposed to the Internet, when possible. Autoscaling does not address remote management or security exposure issues.
10. C and D. Custom network routes control network traffic flow, such as to a firewall appliance, which normally has at least two virtual network interfaces.
A and B are incorrect. Switching the operating system image and resizing the virtual machine will not enable a firewall appliance.
High-Performance Computing
11. C. High-performance computing uses groups of virtual machine nodes to run complex tasks for large datasets.
A, B, and D are incorrect. A cloud service provider (CSP), content delivery network (CDN), or software-defined networking (SDN) does not provide the means to analyze large datasets.
12. B. High-performance computing (HPC) uses a cluster of virtual machines to process complex tasks in parallel.
A, C, and D are incorrect. Security, NoSQL, and templates are not as closely related to HPC as the term “cluster” is.
13. C. Before an HPC cluster can process vast datasets in the cloud, the data must first be made available in the cloud.
A, B, and D are incorrect. Deploying the HPC cluster should occur after the relevant data is in the cloud. HPC clusters do not use load balancers. HPC clusters do autoscale as required, but VM autoscaling is configured after moving the target data into the cloud.
14. D. Solid-state drives (SSDs) provide the best disk performance.
A, B, and C are incorrect. Software-defined networking (SDN) is not related to disk performance. Input/output operations per second (IOPS) is not a cloud disk configuration; instead, IOPS increases when SSD is selected. Hard disk drives (HDDs) are slower than SSDs.
15. C. The AWS CloudWatch service is used for cloud resource monitoring.
A, B, and D are incorrect. Direct Connect is the AWS dedicated private network circuit solution; ExpressRoute is Microsoft Azure’s solution. A content delivery network (CDN) caches content near users geographically.