Day: May 11, 2015
What is Cloud Computing?
“Cloud Computing”, by definition, refers to the on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing.
The Basics
Whether you are running applications that share photos to millions of mobile users or you’re supporting the critical operations of your business, the “cloud” provides rapid access to flexible and low cost IT resources. With cloud computing, you don’t need to make large upfront investments in hardware and spend a lot of time on the heavy lifting of managing that hardware. Instead, you can provision exactly the right type and size of computing resources you need to power your newest bright idea or operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.
How Does it Work?
Cloud Computing provides a simple way to access servers, storage, databases and a broad set of application services over the Internet. Cloud Computing providers such as Amazon Web Services own and maintain the network-connected hardware required for these application services, while you provision and use what you need via a web application.
Create an AWS account
Launch a Virtual Machine
Store Media and Files
Six Advantages and Benefits of Cloud Computing:
Trade capital expense for variable expense
Instead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.
Benefit from massive economies of scale
By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers such as Amazon Web Services can achieve higher economies of scale which translates into lower pay as you go prices.
Stop guessing capacity
Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With Cloud Computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.
Increase speed and agility
In a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.
Stop spending money on running and maintaining data centers
Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.
Go global in minutes
Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.
Types of Cloud Computing
Cloud computing has three main types that are commonly referred to as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Selecting the right type of cloud computing for your needs can help you strike the right balance of control and the avoidance of undifferentiated heavy lifting. Learn more about the different types of cloud computing.
Courtesy: Amazon Web Services
What is PureFlex?
IBM PureFlex System is a complete, flexible cloud infrastructure system with integrated expertise. The system integrates and optimises all compute, storage and networking resources to deliver infrastructure-as-a-service (IaaS) out of the box.
- Integration by design: deeply integrated compute, storage, and networking resources so you can deploy in hours instead of days
- Built-in expertise: automated management and deployment expertise for physical and virtual resources so your experts can focus on innovation
- Simplified experience: optimised flexible configurations to accelerate purchase, deployment and time to value for your solution
The IBM PureFlex System combines advanced IBM hardware and systems management software, integrating them into an optimised configuration that is simple to acquire and deploy so you get fast time-to-value for your solution.
Courtesy: http://www-03.ibm.com/systems/in/pureflex/pureflex_overview.html
What is FlexPod?
FlexPod is a integrated computing, networking, and storage solution developed by Cisco and NetApp. Its configurations and workloads are published as Cisco Validated Designs. FlexPod is categorized by established and emerging client needs:
- FlexPod Data Center was developed for large enterprises.
- FlexPod Express serves small and medium-sized enterprises.
- FlexPod Select focuses on high capacity and performance for specialized workloads.
Cisco and NetApp support FlexPod deployments through the Cooperative Support Model.
FlexPod components include Cisco Unified Computing System (Cisco UCS)servers, Cisco Nexus switches, and NetApp unified storage systems.
The FlexPod architecture can scale up or out. And it can be optimized for a variety of mixed workloads in both virtualized and nonvirtualized environments.
Large enterprise data centers need agile platforms with high availability and scalable storage. Along with reducing operating costs, chief information officers want to use a converged infrastructure to support hybrid cloud computing.
Small and medium-sized enterprises need a simplified setup and easy use, access to public cloud services, and greater value for their data center budgets.
Many enterprises also need purpose-built, high-capacity platforms for specialized workloads. Large-scale, real-time data analytics place unique demands on computing stacks. Video surveillance, in-memory databases, and public cloud infrastructures have similar capacity needs.
FlexPod’s architecture can be configured for the growing needs of all these clients. FlexPod is deployed with more than 4100 customers and available in more than 100 countries. For the future, FlexPod customers and partners want configuration guidance, easy ordering, and validation for the configuration that is most aligned with their needs.
To meet these emerging trends, FlexPod delivers three named configurations:
- FlexPod Data Center
- FlexPod Express
- FlexPod Select
Cisco and NetApp support FlexPod through a Cooperative Support Model, receive best in class experience from NetApp, Cisco and our ecosystem partners delivered through collaborative and coordinated support services for your FlexPod integrated infrastructure.
FlexPod benefits from integrated management in the form of Cisco UCS Director.UCS Director supports cohesive, flexible data centers, built on FlexPod, that increase IT and business agility, while reducing operational processes and expenses.
An overview of the FlexPod solution is available through an iPad app.
FlexPod’s architectural flexibility is underpinned by a series of Cisco Validated Designs. These guides cover the important areas of the FlexPod infrastructure, applications on FlexPod, and security.
Featured Validated Designs
- Infrastructure
- FlexPod Datacenter with VMware vSphere 5.5 and Cisco UCS Director(PDF – 12.1 MB)
- FlexPod with Cisco UCS Mini Design Guide (PDF – 2.1 MB)
- FlexPod Datacenter with VMware vSphere 5.5 Update 2 and Cisco Nexus 9000 Application Centric Infrastructure (ACI) Design Guide (PDF – 7.7 MB)
- FlexPod Datacenter with VMware vSphere 5.5 U1 and Cisco Nexus 9000 Series Switches Design Guide (PDF – 2.8 MB)
- FlexPod Datacenter with VMware vSphere 5.5 Update 1 Design Guide (PDF – 3.9 MB)
- FlexPod Datacenter with VMware vSphere 5.5 Update 1 with 7 – Mode (PDF – 7.8 MB)
- FlexPod Data Center with VMware vSphere 5.1U1 and Cisco Nexus 9000 Series Switches Design Guide (PDF – 2.6 MB)
- FlexPod Data Center with VMware vSphere 5.1U1 and Cisco Nexus 6000 Series Switches Design Guide
- FlexPod Data Center with VMware vSphere 5.1 and Nexus 7000 Using FCoE Design Guide
- FlexPod Datacenter with VMware vSphere 5.5 and Cisco UCS Director(PDF – 12.1 MB)
- Security
- FlexPod Data Center with Cisco Secure Enclaves (PDF – 7.0 MB)
- FlexPod Data Center with Cisco Secure Enclaves (PDF – 7.0 MB)
- Microsoft
- FlexPod Datacenter with Microsoft Exchange 2013 and Cisco Application Centric Infrastructure (PDF – 9.2 MB)
- FlexPod Data Center with Microsoft SharePoint 2013 and Cisco ACI Design Guide (PDF – 11.2 MB)
- FlexPod Data Center with Microsoft Private Cloud 4.0 (PDF – 1.3 MB)
- FlexPod Data Center with Microsoft Private Cloud FT 3.0 with 7-Mode Design Guide
- SharePoint 2010 for FlexPod on VMware for 100,000 Users
- FlexPod Datacenter with Microsoft Exchange 2013 and Cisco Application Centric Infrastructure (PDF – 9.2 MB)
- Oracle
- Oracle RAC on FlexPod (PDF – 11.0 MB)
- Oracle JD Edwards on FlexPod with Oracle Linux
- Oracle RAC on FlexPod (PDF – 11.0 MB)
- SAP
- FlexPod Datacenter for SAP Solution (PDF – 12.7 MB)
- FlexPod Datacenter for SAP Solution (PDF – 12.7 MB)
Videos
- Secure Multitenancy and FlexPod (13:29 min)
- FlexPod Management and Automation (5:36 min)
- Introduction to FlexPod Express (2:14 min)
Solution Briefs
- FlexPod with Cisco UCS Mini (PDF – 363 KB)
- FlexPod Datacenter with VMware vSphere 5.5 Update 1
- FlexPod Datacenter with VMware vSphere 5.1 Update 1 and Cisco Nexus 9000 Series Switches
- FlexPod Datacenter with VMware vSphere 5.1U1 and Cisco ACI (PDF – 144 KB)
- FlexPod Data Center with VMware vSphere 5.1, Cisco Nexus 7000 Series Switches, and NetApp MetroCluster for Multisite Deployment
- FlexPod Data Center with VMware vSphere 5.1 Update 1 and Cisco Nexus 6000 Series Switches
- FlexPod Data Center with Citrix XenDesktop (PDF – 193 KB)
- FlexPod Data Center with VMware vSphere 5.1 Update 1
- FlexPod IP Shared Storage Solution for Small and Medium-Size Businesses (PDF – 580 KB)
- FlexPod Data Center with VMware vSphere 5.1 and Cisco Nexus 7000 Series Switches
- FlexPod Data Center with VMware vSphere 5.1, Cisco Nexus 7000 Series Switches, and IP-Based Storage
- FlexPod Express VMWare vSphere (PDF – 1.24 MB)
- FlexPod Express with Microsoft Windows Server 2012 Hyper-V (PDF – 1.56 MB)
Featured Case Studies
- Americas
- Katz, Sapper & Miller (PDF – 558 KB)
- King County (PDF – 563 KB)
- Photobucket (PDF – 457 KB)
- ActioNet (PDF – 394 KB)
- Katz, Sapper & Miller (PDF – 558 KB)
- Asia-Pacific
- County Fire Authority (PDF – 454 KB)
- Energia Communications, Inc.(PDF – 169 KB)
- Duzon Bizon (PDF – 689 KB)
- Swinburne University of Technology (PDF – 382 KB)
- County Fire Authority (PDF – 454 KB)
- EMEAR
- Toyota Tsusho Africa (PDF – 317 KB)
- Groupe Mutuel (PDF – 226 KB)
- Suttons Group (PDF – 273 KB)
- Steria (PDF – 209 KB)
- Toyota Tsusho Africa (PDF – 317 KB)
A more complete listing is available on the Data Center Case Studies.
Courtesy: Cisco
Storage Interview Questions
What is LUN masking?
LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts.
LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA.
Some storage controllers also support LUN Masking.
LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN’s. This can render the LUN’s unusable by other operating systems and can result in data loss.
What is SAN zoning?
SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric.
SAN zoning may be utilized to implement compartmentalization of data for security purposes.
Each device in a SAN may be placed into multiple zones.
What are hard and soft zoning?
Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.
Hard zoning physically blocks access to a zone from any device outside of the zone.
Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.
What is port zoning?
Port zoning utilizes physical ports to define security zones. A users access to data is determined by what physical port he or she is connected to.
With port zoning, zone information must be updated every time a user changes switch ports. In addition, port zoning does not allow zones to overlap.
Port zoning is normally implemented using hard zoning, but could also be implemented using soft zoning.
What is WWN zoning?
WWN zoning uses name servers in the switches to either allow or block access to particular World Wide Names (WWNs) in the fabric.
A major advantage of WWN zoning is the ability to recable the fabric without having to redo the zone information.
WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an attacker is able to spoof the World Wide Name of an authorized HBA.
What is a World Wide Name (WWN)?
A World Wide Name, or WWN, is a 64-bit address used in fibre channel networks to uniquely identify each element in a Fibre Channel network.
Soft Zoning utilizes World Wide Names to assign security permissions.
The use of World Wide Names for security purposes is inherently insecure, because the World Wide Name of a device is a user-configurable parameter.
For example, to change the World Wide Name (WWN) of an Emulex HBA, the users simply needs to run the `elxcfg` command.
What are the classes of attacks against SANs?
- Snooping: Mallory reads data Alice sent to Bob in private
Allows access to data - Spoofing: Mallory fools Alice into thinking that he is Bob
Allows access to or destruction of data - Denial of Service: Mallory crashes or floods Bob or Alice
Reduces availability
What are some attacks against FCP?
- Node Name / Port Name spoofing at Port Login time
- Source Port ID spoofing on dataless FCP commands
- Snooping and spoofing on FC-AL
- Snooping and Spoofing after Fabric reconfiguration
- Denial of Service attacks can be made in User mode
What is FCAP (Fibre Channel Authentication Protocol)?
FCAP is an optional authentication mechanism employed between any two devices or entities on a Fibre Channel network using certificates or optional keys.
What is FCPAP (Fibre Channel Password Authentication Protocol)?
FCPAP (Fibre Channel Password Authentication Protocol) is an optional password based authentication and key exchange protocol which is utilized in Fibre Channel networks.
FCPAP is used to mutually authenticate Fibre Channel ports to each other. This includes E_Port’s, N_Port’s, and Domain Controllers.
What is SLAP (Switch Link Authentication Protocol)?
SLAP is an authentication method for Fibre Channel switches which utilizes digital certificates to authenticate switch ports.
SLAP was designed to prevent the unauthorized addition of switches into a Fibre Channel network.
What is FC-SP (Fibre Channel – Security Protocol)?
Fibre Channel – Security Protocol (FC-SP) is a security protocol for Fibre Channel Protocol (FCP) and fiber connectivity (Ficon).
FC-SP is a project of Technical Committee T11 of the InterNational Committee for Information Technology Standards (INCITS).
FC-SP is a security framework which includes protocols to enhance Fibre Channel security in several areas, including authentication of Fibre Channel devices, cryptographically secure key exchange, and cryptographically secure communication between Fibre Channel devices.
FC-SP is focused on protecting data in transit throughout the Fibre Channel network. FC-SP does not address the security of data which is stored on the Fibre Channel network.
What is ESP over Fibre Channel?
ESP (Encapsulating Security Payload) is an Internet standard for the authentication and encryption of IP packets.
ESP is defined in RFC 2406: IP Encapsulating Security Payload (ESP).
ESP is widely deployed in IP networks and has been adapted for use in Fibre Channel networks. The IETF iSCSI proposal specifies ESP link authentication and optional encryption.
ESP over Fibre Channel is focused on protecting data in transit throughout the Fibre Channel network. ESP over Fibre Channel does not address the security of data which is stored on the Fibre Channel network.
What is DH-CHAP?
DH-CHAP (Diffie Hellman – Challenge Handshake Authentication Protocol) is a forthcoming Internet Standard for the authentication of devices connecting to a Fibre Channel switch.
DH-CHAP is a secure key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication.
DH-CHAP supports MD-5 and SHA-1 algorithm-based authentication.
How are iSCSI, iFCP and FCIP secured over IP networks?
The IETF IP Storage (ips) Working Group is responsible for the definition of standards for the encapsulation and transport of Fibre Channel and SCSI protocols over IP networks.
The IPS Working Group’s charter includes responsibility for data security:
Security including authentication, keyed cryptographic data integrity and confidentiality, sufficient to defend against threats up to and including those that can be expected on a public network. Implementation of basic security functionality will be required, although usage may be optional.
The IPS Working Group has created RFC 3723: Securing Block Storage Protocols over IP.
RFC 3723 defines the use of the existing IPsec and IKE (Internet Key Exchange) protocols to secure block storage protocols over IP.
Lazy Admin Blog 