Cloud computing Books

Book Synopsis100 Go Mistakes: How to Avoid Them introduces dozens of techniques for writing idiomatic, expressive, and efficient Go code that avoids common pitfalls. By reviewing dozens of interesting, readable examples and real-world case studies, you'll explore mistakes that even experienced Go programmers make. This book is focused on pure Go code, with standards you can apply to any kind of project. As you go, you'll navigate the tricky bits of handling JSON data and HTTP services, discover best practices for Go code organization, and learn how to use slices efficiently. Your code speed and quality will enjoy a huge boost when you improve your concurrency skills, deal with error management idiomatically, and increase the quality of your tests. About the Technology Go is simple to learn, yet hard to master. Even experienced Go developers may end up introducing bugs and inefficiencies into their code. This book accelerates your understanding of Go's quirks, helping you correct mistakes and dodge pitfalls on your path to Go mastery.Trade Review"This book is one any Golang developer will want on their bookshelf. Far from being dogmatic or prescriptive, it often provides multiple solutions to the reader, leaving some room for flexibility and individual taste." Thad Meyer "Goes beyond the basics with lots of good examples for when concepts are tough to grasp. As someone who's been coding Go for about 2 years, I learned new things." Matt Welke "This book felt catered to me. I'm not a developer by career path, however it provides a LOT of insight into what I should be thinking about as someone without any education or formal training in Software Development. Really, really nice." Francis J. Setash "This book not only points out common mistakes and anti-patterns, it provides solutions—a perfect combination for deeper learning." Kevin Liao "Read this, it'll give you years of experience of Go just learning from the book. Very valuable!" Keith Kim

Read more less

Book SynopsisThis fully updated self-study guide delivers 100% coverage of all topics on the current version of the CCSP examThoroughly revised for the 2022 edition of the exam, this highly effective test preparation guide covers all six domains within the CCSP Body of Knowledge. The book offers clear explanations of every subject on the CCSP exam and features accurate practice questions and real-world examples. New, updated, or expanded coverage includes cloud data security, DevOps security, mobile computing, threat modeling paradigms, regulatory and legal frameworks, and best practices and standards.Written by a respected computer security expert, CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition is both a powerful study tool and a valuable reference that will serve professionals long after the test. To aid in self-study, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient p

Read more less

Book SynopsisTake the fast track in your journey to continuous delivery, with open source tools for Kubernetes and cloud applications. This book explores the tools and techniques you'll need to overcome common cloud native challenges. In Continuous Delivery for Kubernetes you will learn how to: Select the right open source project to solve challenges with your Kubernetes application Package, version, distribute and instant cloud native services using Helm Create and run pipelines using Tekton Plan and implement a multicloud strategy with Crossplane Implement risk-free and progressive upgrades with Knative Utilize Knative for serving, routing, and event-driven applications Automate testing, even when you don't have all your services up and running Troubleshoot and measure application performance Continuous Delivery for Kubernetes lays out a toolbox of free, open source projects you can use to implement continuous delivery for Kubernetes-based applications in the cloud. Each chapter covers a different project, clearly demonstrating how it simplifies essential CD tasks like packaging, building pipelines, and multi-cloud deployment. This book shows developers and architects confidently identify common patterns in successful open source tools so they can pick the right options for their own platforms. about the technology Continuous delivery practices help your team quickly introduce, iterate on, and deploy new features so you can get software into production quickly. The tools in this book help facilitate continuous delivery practices by solving the technical and architectural challenges commonly found when adopting Kubernetes, automating essential dev and deployment tasks, and improving your team's collaboration. about the book Continuous Delivery for Kubernetes accelerates development of cloud-based systems with vibrant open source tools of the Kubernetes ecosystem. You'll use powerful open source projects like Helm, Tekton, Knative, and Crossplane to automate your projects from testing through delivery. Learn how to package services, build and deploy services to a Kubernetes cluster, and combine different tools to solve the complex challenges of CD in a cloud native environment. RETAIL SELLING POINTS Select the right open source project to solve challenges with your Kubernetes application Package, version, distribute and instant cloud native services using Helm Utilize Knative for serving, routing, and event-driven applications Automate testing, even when you don't have all your services up and running Troubleshoot and measure application performance AUDIENCE For developers and software architects familiar with the basics of containers and Kubernetes. Trade Review'A great intro to best practices regarding continuous delivery in the cloud.' Rahul Jain 'The material is really excellent: the explanations are clear and the illustrative examples are practical and relevant.' Alain Lompo 'A great soup-to-nuts book for learning about CD for Kubernetes-native applications.' Kent SpillnerTable of Contentstable of contents detailed TOC READ IN LIVEBOOK 1CLOUD-NATIVE CONTINUOUS DELIVERY READ IN LIVEBOOK 2CLOUD-NATIVE APPLICATION CHALLENGES READ IN LIVEBOOK 3SERVICE AND ENVIRONMENT PIPELINES READ IN LIVEBOOK 4MULTI-CLOUD INFRASTRUCTURE READ IN LIVEBOOK 5RELEASE STRATEGIES READ IN LIVEBOOK 6EVENTS FOR CLOUD-NATIVE INTEGRATIONS READ IN LIVEBOOK 7FUNCTIONS FOR KUBERNETES 8 BUILDING A PLATFORM DESIGNED FOR CD 9 THE ROAD TO CONTINUOUS & PROGRESSIVE DELIVERY

Read more less

Book SynopsisPipelines can be challenging to manage, especially when your data has to flow through a collection of application components, servers, and cloud services. Airflow lets you schedule, restart, and backfill pipelines, and its easy-to-use UI and workflows with Python scripting has users praising its incredible flexibility. Data Pipelines with Apache Airflow takes you through best practices for creating pipelines for multiple tasks, including data lakes, cloud deployments, and data science. Data Pipelines with Apache Airflow teaches you the ins-and-outs of the Directed Acyclic Graphs (DAGs) that power Airflow, and how to write your own DAGs to meet the needs of your projects. With complete coverage of both foundational and lesser-known features, when you’re done you’ll be set to start using Airflow for seamless data pipeline development and management. Key Features Framework foundation and best practices Airflow's execution and dependency system Testing Airflow DAGs Running Airflow in production For data-savvy developers, DevOps and data engineers, and system administrators with intermediate Python skills. About the technology Data pipelines are used to extract, transform and load data to and from multiple sources, routing it wherever it’s needed -- whether that’s visualisation tools, business intelligence dashboards, or machine learning models. Airflow streamlines the whole process, giving you one tool for programmatically developing and monitoring batch data pipelines, and integrating all the pieces you use in your data stack. Bas Harenslak and Julian de Ruiter are data engineers with extensive experience using Airflow to develop pipelines for major companies including Heineken, Unilever, and Booking.com. Bas is a committer, and both Bas and Julian are active contributors to Apache Airflow.

Read more less

Book SynopsisFor nearly 25 years this best seller has been the go-to guide for JavaScript programmers. The seventh edition is fully updated to cover the 2020 version of JavaScript, and new chapters cover classes, modules, iterators, generators, Promises, async/await, and metaprogramming.

Read more less

Book SynopsisASHISH AGRAWAL is a qualified technocrat, offering over two decades of multifaceted experience as a Cloud Engineering and transformation leader, trusted advisor, developer, consultant, and Enterprise Cloud Architect. He drives a profound influence in the cloud technology landscape with provocative thought leadership and communicates his ideas with clarity and passion. He has deep, hands-on technical expertise, having spearheaded numerous successful cloud engagements for global Fortune 500 companies in advisory, presales, consulting, architecture, leadership, and delivery execution, and he has played technology leadership roles in large, complex, cross-functional, and multi-enterprise project teams. GURVINDER SINGH is a Microsoft Certified Azure Solutions Architect with 15 years of diversified IT experience working with the Microsoft Technology stack. In the past several years, Gurvinder has been guiding large enterprises in the transformation of legacy applications into cloudTable of ContentsCHAPTER 1 Design identity, governance, and monitoring solutions CHAPTER 2 Design data storage solutions CHAPTER 3 Design business continuity solutions CHAPTER 4 Design infrastructure solutions

Read more less

Book SynopsisPublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.This effective study guide provides 100% coverage of every topic on the challenging CCSK exam from the Cloud Security AllianceThis highly effective self-study guide covers all domains of the challenging Certificate of Cloud Security Knowledge v4 exam. Written by a cloud security trainer and consultant in collaboration with the Cloud Security Alliance, CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide offers clear explanations, real-world examples, and practice questions that match the content and format of those on the actual exam. To aid in retention, each chapter includes exam tips that highlight key information, a review that serves as a quick recap of salient points, and practice questions tTable of ContentsChapter 1: Cloud Computing Concepts and ArchitecturesChapter 2: Governance and Enterprise Risk ManagementChapter 3: Legal Issues, Contracts, and Electronic DiscoveryChapter 4: Compliance and Audit ManagementChapter 5: Information GovernanceChapter 6: Management Plan E and Business ContinuityChapter 7: Infrastructure SecurityChapter 8: Virtualization and ContainersChapter 9: Incident ResponseChapter 10: Application SecurityChapter 11: Data Security and EncryptionChapter 12: Identity, Entitlement, and Access ManagementChapter 13: Security as a ServiceChapter 14: Related TechnologiesChapter 15: ENISA Cloud Computing: Benefits, Risks and Recommendations for Information SecurityAppendix A: Cloud Security LexiconAppendix B: Cloud Security Standards and CertificationsAppendix C: Sample Cloud Policy

Read more less

Book SynopsisAn expert guide to selecting the right cloud service model for your business Cloud computing is all the rage, allowing for the delivery of computing and storage capacity to a diverse community of end-recipients. However, before you can decide on a cloud model, you need to determine what the ideal cloud service model is for your business. Helping you cut through all the haze, Architecting the Cloud is vendor neutral and guides you in making one of the most critical technology decisions that you will face: selecting the right cloud service model(s) based on a combination of both business and technology requirements. Guides corporations through key cloud design considerations Discusses the pros and cons of each cloud service model Highlights major design considerations in areas such as security, data privacy, logging, data storage, SLA monitoring, and more Clearly defines the services cloud providers offer for each service model andTrade Reviewan invaluable guide to anyone looking to understand how to effectively deploy cloud technologies (RSA Conference, September 2014)Table of ContentsForeword xiii Preface xv Acknowledgments xix About the author xxi Chapter 1 Why Cloud, Why Now? 1 Evolution of Cloud Computing 3 Enter the Cloud 6 Start-Up Case Study: Instagram, from Zero to a Billion Overnight 8 Established Company Case Study: Netflix, Shifting from On-Premises to the Cloud 9 Government Case Study: NOAA, E-mail, and Collaboration in the Cloud 10 Not-for-Profit Case Study: Obama Campaign, Six-Month Shelf-Life with One Big Peak 10 Summary 11 Chapter 2 Cloud Service Models 13 Infrastructure as a Service 13 Platform as a Service 15 Software as a Service 17 Deployment Models 18 Summary 22 Chapter 3 Cloud Computing Worst Practices 23 Avoiding Failure When Moving to the Cloud 23 Migrating Applications to the Cloud 23 Misguided Expectations 27 Misinformed about Cloud Security 29 Selecting a Favorite Vendor, Not an Appropriate Vendor 31 Outages and Out-of-Business Scenarios 31 Underestimating the Impacts of Organizational Change 33 Skills Shortage 35 Misunderstanding Customer Requirements 36 Unexpected Costs 37 Summary 39 Chapter 4 It Starts with Architecture 41 The Importance of Why, Who, What, Where, When, and How 41 Start with the Business Architecture 43 Identify the Problem Statement (Why) 47 Evaluate User Characteristics (Who) 48 Identify Business and Technical Requirements (What) 48 Visualize the Service Consumer Experience (Where) 49 Identify the Project Constraints (When and with What) 51 Understand Current State Constraints (How) 52 Summary 54 Chapter 5 Choosing the Right Cloud Service Model 55 Considerations when Choosing a Cloud Service Model 56 When to Use SaaS 59 When to Use PaaS 62 When to Use IaaS 65 Common Cloud Use Cases 68 Summary 69 Chapter 6 The Key to the Cloud: RESTful Services 71 Why REST? 72 The Challenges of Migrating Legacy Systems to the Cloud 74 Summary 75 Chapter 7 Auditing in the Cloud 77 Data and Cloud Security 78 Auditing Cloud Applications 78 Regulations in the Cloud 80 Audit Design Strategies 83 Summary 85 Chapter 8 Data Considerations in the Cloud 87 Data Characteristics 87 Multitenant or Single Tenant 92 Choosing Data Store Types 95 Summary 98 Chapter 9 Security Design in the Cloud 99 The Truth about Data in the Cloud 100 How Much Security Is Required 101 Responsibilities for Each Cloud Service Model 104 Security Strategies 108 Areas of Focus 110 Summary 118 Chapter 10 Creating a Centralized Logging Strategy 119 Log File Uses 119 Logging Requirements 120 Summary 124 Chapter 11 SLA Management 127 Factors That Impact SLAs 127 Defining SLAs 130 Managing Vendor SLAs 132 Summary 135 Chapter 12 Monitoring Strategies 137 Proactive vs. Reactive Monitoring 137 What Needs to Be Monitored? 138 Monitoring Strategies by Category 139 Monitoring by Cloud Service Level 145 Summary 147 Chapter 13 Disaster Recovery Planning 149 What Is the Cost of Downtime? 149 Disaster Recovery Strategies for IaaS 151 Recovering from a Disaster in the Primary Data Center 152 Disaster Recovery Strategies for PaaS 157 Disaster Recovery Strategies for SaaS 159 Disaster Recovery Hybrid Clouds 160 Summary 162Chapter 14 Leveraging a DevOps Culture to Deliver Software Faster and More Reliably 163 Developing the DevOps Mind-Set 163 Automate Infrastructure 165 Automate Deployments 166 Design Feature Flags 167 Measure, Monitor, and Experiment 167 Continuous Integration and Continuous Delivery 168 Summary 170 Chapter 15 Assessing the Organizational Impact of the Cloud Model 171 Enterprise Model vs. Elastic Cloud Model 172 IT Impact 173 Business Impacts 174 Organization Change Planning 178 Change in the Real World 180 Summary 181 Chapter 16 Final Thoughts 183 The Cloud Is Evolving Rapidly 183 Cloud Culture 185 New Business Models 186 PaaS Is the Game Changer 187 Summary 190 Index 193

Read more less

Book SynopsisWhy cloud computing represents a paradigm shift for business, and how business users can best take advantage of cloud services.Most of the information available on cloud computing is either highly technical, with details that are irrelevant to non-technologists, or pure marketing hype, in which the cloud is simply a selling point. This book, however, explains the cloud from the user's viewpoint—the business user's in particular. Nayan Ruparelia explains what the cloud is, when to use it (and when not to), how to select a cloud service, how to integrate it with other technologies, and what the best practices are for using cloud computing. Cutting through the hype, Ruparelia cites the simple and basic definition of cloud computing from the National Institute of Science and Technology: a model enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources. Thus with cloud computing, businesses can harness information t

Read more less

Book SynopsisTake full advantage of Heroku's cloud-based hosting services. This guide takes you through the inner workings of this PaaS platform and delivers practical advice for architecting your application to work as efficiently as possible.

Read more less

Book SynopsisIn this fully updated and new edition, you’ll get hands-on practice with the basics, including setting up cloud-based virtual machines, deploying web servers, and using hosted data stores. As you work through the book’s 21 carefully planned lessons, you’ll explore big-picture concerns like security, scaling, and automation. Learn Azure in a Month of Lunches, Second Edition teaches you the most important skills you’ll need to write, deploy, and run cloud-based applications in Azure. Key Features · Understand Azure beyond point-and-click processes · Getting started, from your first login · Writing and deploying web servers · Securing your applications and dana · Automating your environment Readers should be able to write and deploy simple web or client/server applications. About the technology With hundreds of features and prebuilt services, the Microsoft Azure cloud platform is vast and powerful. To get started, you need a trustworthy guide. In this hands-on book, Microsoft engineer and Azure trainer Iain Foulds focuses on the core skills you need to create and maintain cloud-based applications. Iain Foulds is an engineer and senior content developer with Microsoft.

Read more less

Book SynopsisThis open access book introduces cloud computing and related technologies from the concept, technology, and architecture of cloud computing, combined with typical application cases of cloud; provides students with a more complete knowledge framework in the field of cloud computing; and lays the foundation for future research, development, and further study in cloud computing, big data, and other related fields. As the world's leading provider of ICT (information and communication technology) infrastructure and intelligence terminals, Huawei's products are already available in a number of areas, including connectivity, security, wireless, storage, cloud computing, intelligent computing, and artificial intelligence.Table of ContentsChapter 1 Introduction to Cloud Computing 1　1.1 Ubiquitous Cloud Computing 1 　1.2 The properties of Cloud Computing 3 1.2.1 On-demand self-service 3 1.2.2 Extensive network access 4 1.2.3 Resource Pooling 4 1.2.4 Fast and elastic scaling 4 1.2.5 Measurable services 5 　1.3 Definition of Cloud Computing 6 　1.4 The emergence and development of Cloud Coputing 9 1.4.1 The history of the network and the Internet 9 1.4.2 The history of computing models 11 1.4.3 The driving force of cloud computing 16 1.4.4 Development of Cloud Computing 18　1.5 云计算的优势 18 　1.6 Classification of Cloud Computing 19 1.6.1 Classification by operating model 19 1.6.2 Classification by service model 21 　1.7 Cloud enabling technology 23 1.7.1 Broadband network and Internet architecture 23 1.7.2 Data Center Technology 25 1.7.3 Virtualization Technology 25 1.7.4 Web Technology 26 1.7.5 Multi-tenant technology 28 1.7.6 Service Technology 28　 1.8 Understanding cloud computing from various perspectives 30 1.8.1 The ternary epistemology of cloud computing 30 1.8.2 Open Source Methodology of Cloud Computing 34 1.9 Exercises 37 Chapter 2 Cloud Computing System 39 　2.1 Cloud infrastructure mechanism 39 2.1.1 Logical network boundary 39 2.1.2 Virtual Server 40 2.1.3 Cloud storage devices 41 2.1.4 Cloud usage monitoring 44 2.1.5 Resource Copy 46 　2.2 Cloud management mechanism 46 2.2.1 Remote management system 47 2.2.2 Resource Management System 48 2.2.3 SLA Management System 49 2.2.4 Billing Management System 49 　2.3 Cloud security mechanism 50 2.3.1 Encryption 50 2.3.2 Hashing 51 2.3.3 Digital Signature 52 2.3.4 Public Key Infrastructure 53 2.3.5 Identity and access management 54 2.3.6 Single sign-on 54 2.3.7 Cloud-based security groups 55 2.3.8 Hardened Virtual Server Image 56 　2.4 Basic Cloud Architecture 57 2.4.1 Load Distribution Architecture 57 2.4.2 Resource Pool Architecture 58 2.4.3 Dynamic Scalable Architecture 58 2.4.4 Flexible resource capacity architecture 59 2.4.5 Service load balancing architecture 60 2.4.6 Cloud Burst Architecture 61 2.4.7 Elastic Disk Supply Architecture 61 2.4.8 Redundant Storage Architecture 62 2.5 Exercises 63 Chapter 3 Virtualization Technology 65 　3.1 Introduction to Virtualization Technology 65 3.1.1 Definition of virtualization 65 3.1.2 Development of virtualization technology 66 3.1.3 Advantages of virtualization technology 67 3.1.4 Common types of virtualization technology 68 　3.2 Basic knowledge of server virtualization 69 3.2.1 System virtualization 69 3.2.2 Server virtualization 70 3.2.3 Typical Implementation 70 3.2.4 Full virtualization 71 3.2.5 Paravirtualization 72 3.2.6 Mainstream server virtualization technology 73 　3.3 Supporting technology of server virtualization 73 3.3.1 CPU virtualization 73 3.3.2 Memory virtualization 75 3.3.3 Device and I/O virtualization 76 3.3.4 Storage virtualization 78 3.3.5 Network virtualization 78 3.3.6 Desktop virtualization 79 　3.4 Main functions of virtual machine 80 3.4.1 Virtual machine snapshot 80 3.4.2 Rapid deployment and cloning of virtual machines 81 3.4.3 Virtual machine backup 82 3.4.4 Virtualization cluster 82 3.4.5 Hot Adding Virtual Machine Resources 83 3.4.6 NUMA 84 　3.5 KVM 84 3.5.1 Introduction to KVM 84 3.5.2 Virtualization Technology of KVM 85 　3.6 FusionCompute 86 3.6.1 Introduction to FusionCompute 86 3.6.2 Computing Virtualization of FusionCompute 88 3.6.3 FusionCompute storage virtualization 91 3.6.4 FusionCompute network virtualization 92 　3.7 Desktop Cloud 93 3.7.1 Overview of Desktop Cloud 93 3.7.2 Desktop Cloud Architecture and Key Technologies 93 3.7.3 Typical Application Cases of Desktop Cloud 94 3.7.4 Introduction to FusionAccess 95 3.8 Exercises 96 Chapter 4 Network Basics in Cloud Computing 97 　4.1 Computer network overview 97 4.1.1 Basic concepts of computer networks 97 4.1.2 The formation and development of computer networks 98 4.1.3 Definition and function of computer network 100 4.1.4 The composition of a computer network 100 4.1.5 Classification of computer networks 101 4.1.6 Computer network topology 103 　4.2 The basic principles of computer networks 104 4.2.1 Network layering and encapsulation 105 4.2.2 Physical layer 106 4.2.3 Data link layer 106 4.2.4 Network layer 107 4.2.5 Transport layer 107 4.2.6 Application layer 108 　4.3 Network interconnection equipment 108 4.3.1 Repeaters and hubs 108 4.3.2 Bridges and switches 109 4.3.3 Router 110 　4.4 Network virtualization 112 4.4.1 Overview of Network Virtualization 112 4.4.2 Traditional network virtualization 112 4.4.3 Virtual network based on virtual switch 116 4.4.4 Network Features of Huawei Virtualization Products 121 　4.5 Software Defined Network 124 4.5.1 Introduction to SDN 124 4.5.2 A Brief History of SDN Development 125 4.5.3 SDN Architecture 127 4.5.4 Key SDN Technologies 128 4.5.5 Advantages of SDN 129 4.6 Exercises 130 Chapter 5 Storage Basics in Cloud Computing 132 　5.1 Basic knowledge of storage 132 5.1.1 Storage development and technological evolution 132 5.1.2 Cutting-edge storage technologies and development trends 135 5.1.3 Common storage products and solutions 136 5.1.4 Data Security Technology of Cloud Storage 137 　5.2 Basic storage unit 138 5.2.1 Mechanical hard disk 138 5.2.2 Solid State Drive 140 　5.3 Network storage 142 5.3.1 DAS 142 5.3.2 SAN 143 5.3.3 NAS 146 　5.4 Storage Reliability Technology 149 5.4.1 Traditional RAID Technology 149 5.4.2 RAID 2.0 + Technology 151 　5.5 Storage virtualization 155 5.5.1 Virtualization of I/O Paths 155 5.5.2 Block-level and file-level storage virtualization 157 5.5.3 Host-based storage virtualization 161 5.5.4 Storage virtualization based on storage devices 161 5.5.5 Network-based storage virtualization 161 5.5.6 Storage virtualization products and applications 162 　5.6 Distributed Storage 163 5.6.1 Overview of Cloud Storage 163 5.6.2 HDFS 164 5.6.3 Peer Storage System 166 5.7 Exercises 168 Chapter 6 OpenStack 169 　6.1 Overview of OpenStack 169 6.1.1 OpenStack Architecture 169 6.1.2 OpenStack core components 170 6.1.3 Logical relationship between OpenStack components 171 　6.2 OpenStack operation interface management 172 6.2.1 Introduction to OpenStack Operation Interface 172 6.2.2 The architecture and functions of the OpenStack operation interface 172 　6.3 OpenStack certification management 173 6.3.1 Introduction to OpenStack Authentication Service 173 6.3.2 Principles of OpenStack Authentication Service 175 　6.4 OpenStack image management 176 6.4.1 Introduction to OpenStack Image Service 176 6.4.2 Principles of OpenStack Image Service 177 　6.5 OpenStack Computing Management 177 6.5.1 Introduction to OpenStack Computing Service 177 6.5.2 Principles of OpenStack Computing Services 178 　6.6 OpenStack storage management 180 6.6.1 Introduction to OpenStack Storage Service 180 6.6.2 Principles of OpenStack Storage Service 181 　6.7 OpenStack Network Management 184 6.7.1 Basics of Linux Network Virtualization 184 6.7.2 Introduction and Architecture of OpenStack Network Services 187 6.7.3 OpenStack network service principle and process 188 6.7.4 Analysis of typical scenarios of OpenStack network services 189 　6.8 OpenStack Orchestration Management 190 6.8.1 Introduction to OpenStack Orchestration Service 190 6.8.2 OpenStack Orchestration Service Architecture 191 6.8.3 Principles of OpenStack Orchestration Service 192 6.8.4 OpenStack orchestration service and configuration management tool integration 192 　6.9 OpenStack fault management 193 6.9.1 OpenStack troubleshooting 194 6.9.2 OpenStack troubleshooting tools 195 6.9.3 OpenStack troubleshooting cases 196 6.9.4 OpenStack troubleshooting related items 198 6.10 Exercises 199 Chapter 7 Container Technology 201 　7.1 Overview of Container Technology 201 7.1.1 Introduction to Container Technology 201 7.1.2 Container Mirroring 7.1.3 Container Network 210 7.1.4 Container storage 213 7.1.5 The underlying implementation technology of the container 216 　7.2 Overview of Kubernetes 217 7.2.1 Introduction to Kubernetes 217 7.2.2 Kubernetes Management Objects 219 7.2.3 Kubernetes Service 7.2.4 Kubernetes Network 223 7.2.5 Kubernetes storage 226 7.2.6 Kubernetes Service Quality 229 7.2.7 Kubernetes Resource Management 231 　7.3 Exercises 234 Chapter 8 Cloud Computing Development Trends 236 　8.1 Cloud Computing Development Trend 236 8.1.1 The development and trend of cloud computing in China 236 8.1.2 The development and trend of cloud computing abroad 237 8.1.3 Problems to be solved and prospects for the future development of cloud computing 238 　8.2 Other fields related to cloud computing 239 8.2.1 The Internet of Things 239 8.2.2 Big Data 241 8.2.3 Artificial Intelligence 243 8.2.4 5G 244 　8.3 Introduction to other emerging technologies 245 8.3.1 Edge computing and fog computing 245 8.3.2 Microservices 247 8.3.3 Serverless Computing 249 8.4 Exercises 251 References 252

Read more less

Book SynopsisUsing Kubernetes as your platform, you'll learn open source technologies that are designed and built for the cloud. Authors Jeff Carpenter and Patrick McFadin provide case studies to help you explore new use cases and avoid the pitfalls others have faced.

Read more less

Book Synopsis

Read more less

Book Synopsis"Don't setup the build pipeline with clicks, read this bookinstead and thank me later!" - Michal Rutka Learn how to think about your development pipeline as amission-critical application, with techniques for implementing code-driven infrastructure and CI/CD systems using Jenkins, Docker, Terraform, andcloud-native services. In Pipeline as Code, you will master: · Building and deploying a Jenkins cluster from scratch · Writing pipeline as code for cloud native applications · Automating the deployment of Dockerized and Serverless applications · Containerizing applications with Docker and Kubernetes · Deploying Jenkins on AWS, GCP and Azure · Managing, securing and monitoring a Jenkins cluster in production · Key principles for a successful DevOps culture Pipeline as Code is a practical guide to automating your development pipeline in a cloud-native, service-driven world. You'll use the latest infrastructure-as-code tools like Packer and Terraform to develop reliable CI/CD pipelines for numerous cloud-native applications. Follow thisbook's insightful best practices, and you'll soon be delivering software that's quicker to market, faster to deploy, and with less last-minute production bugs. about the technology A good deployment pipeline is the backbone of successful DevOps. Using tools such as Jenkins, CI/CD can seamlessly manage the code of multiple developers, with early accuracy checks and error spotting thanks to automated testing. about the book Pipeline as Code teaches you to build your very first CI/CDpipeline with new automation technologies, modern cloud-hosted services, andclassic tools like Jenkins. It's filled with techniques that author and Jenkins contributor Mohamed Labouardy has developed maintaining thousands of production services. Each chapter includes relevant hands-on examples, including writing a CI/CD workflow for serverless AWS Lambda-based applications, and deploying a centralized logging platform based on the ELK stack. You'll explore cutting-edge methods of running Jenkins inside Kubernetes, and packaging Kubernetes applications within CI/CD pipelines. By the time you're done, you'llbe able to deploy a self-healing Jenkins cluster on cloud and take advantage ofyour new pipeline with essential DevOps practices. about the reader For developers familiar with Jenkins and Docker. Examples in Go. about the author Mohamed Labouardy is the CTO and co-founder of Crew.work, and aDevSecOps evangelist. He is the founder of Komiser.io, an author, open-source contributor, and regular conference speaker. Trade Review“Don't setup the build pipeline with clicks, read this book instead and thank me later!” Michal Rutka “If you're interested in learning how to set up your own CI/CD infrastructure, check this book out.” Alexander Koutmos “If you need to make a comprehensive understanding of Jenkins and the pieces it uses, this is a really good resource.” Miguel Montalvo “The book is really useful and holds a lot of good insights tocloud native projects and it will be really useful for AWS users.” MicheleAdduci “If you want to learn the processes of CI/CD from the foundational level this is the book for you, even if you're new to the topic!” Ryan Huber “Read Labouardy's masterpiece if you want to learn how to build modern and efficient pipelines based on Jenkins, Kubernetes and Terraform. Youwill learn as well how to monitor these pipelines using the options that suits your case the most: a must!” Alain Lompo “An excellent in-depth resource on CI/CD with Jenkins.” Tahir Awan “A very useful resource not only in setting up and using Jenkinsfor CI/CD, but also for understanding the importance of Packer, Terraform,Docker and Kubernetes.” Kosmas Chatzimichalis

Read more less

Book SynopsisTo really benefit from the reliability and scalability you get with cloud platforms, your applications need to be designed for that environment. Cloud Native Spring in Action is a practical guide for planning, designing, and building your first cloud native apps using the powerful, industry-standard Spring framework Cloud Native Spring in Action teaches you effective Spring and Kubernetes cloud development techniques that you can immediately apply to enterprise-grade applications. As you develop an online bookshop, you'll learn how to build and test a cloud native app with Spring, containerize it with Docker, and deploy it to the public cloud with Kubernetes. Including coverage of security, continuous delivery, and configuration, this hands-on guide is the perfect primer for navigating the increasingly complex cloud landscape. About the TechnologyModern applications need scalability, resilience, reliability, and zero-downtime. For most large systems, that means you'll take advantage of cloud-based tools and services. For Java developers, Spring helps effortlessly build cloud native, production-ready applications. Combined with Kubernetes, the Spring ecosystem offers numerous built-in features to help out developers migrating or building new cloud native projects efficiently.Trade Review"An excellent practical guide to learn and develop Cloud Native apps using Spring. A must-have for Spring professional." Harinath Kuntamukkala "Curious about writing production grade Cloud Native applications using Spring and don't know where to start? Read this book and thank me later!" Yogesh Shetty "The definitive guide to developing cloud native applications using Spring." Nathan B Crocker "Filled to the brim with real world examples and ready to use code." Mladen Knežić "This book is perfect to understand how to build cloud native architecture using Java and Spring. All the chapters are useful and their content can be applied in real-world scenarios." Gilberto Taccari

Read more less

Book SynopsisRyan Chaney, the lead author on this book, started his Cisco journey in his early 20s, completing his first CCIE (R+S) at the age of 25, before completing his second CCIE (Security) just 2 years later. Before joining Cisco, he worked in a variety of networking roles across the world, including time as a network architect for Visa in London. Ryan spent the first 10 years of his 15 years at Cisco as a systems engineer, educating customers, designing, and building IT solutions. His first experience with Meraki came while volunteering at the Royal Far West Centre for Country Kids, where he designed and built the network for their new headquarters in Manly, Sydney. At the time, no books had been published on Meraki. This experience and wanting to share his learnings with fellow network engineers, like you, became the inspiration for this book. Ryan lives in Bondi Beach, Australia. Simerjit Singh, the contributing author on this book, is a seasoned

Read more less

Book SynopsisJeevan Gheevarghese Joseph is a senior principal product manager in the Containers and Kubernetes Services group within Oracle Cloud Infrastructure. He focuses on product strategy for containers and Kubernetes platforms at OCI. Jeevan also works with strategic customers as an advisor to help them make the most of Oracle's tooling and technology platforms. Jeevan's interests include application architecture, developer tooling, automation, and cross-product integration. Before his current role, he held positions in the Oracle A-Team and Oracle Data Cloud. He routinely speaks at developer events and industry conferences. Adao Oliveira Junior has been working in the technology industry for more than two decades, with five years of experience in cloud native solutions. He is a senior principal solutions architect who excels at gathering high-level requirements and turning them into technical solutions, aiding customers and partners worldwide. AdaoTable of ContentsChapter 1 Introduction to Oracle Cloud Infrastructure 1 Realms, Regions, and Availability Domains 2 Tenancies and Compartments 4 Controlling Access to Resources 5 Cloud Guard and Security Zones 10 Service Limits and Cost Management 11 Getting Started with Your Tenancy 14 Setting Up Users and Groups 14 Setting Up API Keys and Auth Tokens 15 Planning How Your Teams Will Use OCI 16 Summary 18 References 18 Chapter 2 Infrastructure Automation and Management 19 One Set of APIs, Different Ways to Call Them 19 A Quick Terraform Primer 20 A Basic Introduction to the Terraform Language 23 Terraform State Tracking 25 The OCI Terraform Provider 26 Setting Up the OCI Terraform Provider 26 Managing OCI Resources with Terraform 29 Simplifying Infrastructure Management with the Resource Manager Service 31 Helm and Kubernetes Providers 33 Generating Resource Manager Stacks 36 Resource Discovery 36 Drift Detection 38 Generating a User Interface from Terraform Configurations with a Custom Schema 38 Publishing Your Stacks with Deploy Buttons 49 Managing Multiregion and Multicloud Configurations 51 Summary 53 References 54 Chapter 3 Cloud Native Services on Oracle Cloud Infrastructure 55 Oracle Container Image Registry 56 Working with OCIR 58 Image Signing 59 Image Scanning 60 Creating Containers from Images 61 Compute Instances 62 Container Instances 63 Container Engine for Kubernetes 65 Service Mesh 69 Serverless Functions 71 API Gateways 73 Components of an API Gateway 74 Working with the API Gateway Service 75 Messaging Systems 79 Streaming 80 Understanding the Streaming Service 81 Working with the OCI Streaming Service 82 OCI Events Service 88 Summary 91 References 91 Chapter 4 Understanding Container Engine for Kubernetes 93 Monoliths and Microservices 93 Containers 94 Container Orchestration and Kubernetes 95 Oracle Container Engine for Kubernetes 96 OCI-Managed Components and Customer-Managed Components 97 Control Plane 97 Data Plane 98 Billable Components 99 Kubernetes Concepts 100 Cloud Controller Manager 101 Nodes and Node Pools 102 Node Pool Properties 103 Worker Node Images and Shapes 103 Kubernetes Labels 108 SSH Keys 109 Tagging Your Resources 110 Creating a Cluster 110 Quick Create Cluster Workflow 111 Custom Create Cluster Workflow 113 Using the OCI Command-Line Interface 117 Using the Terraform Provider and Modules 122 Automation and Terraform Code Generation 123 Asynchronous Cluster Creation 124 Cluster Topology Considerations 124 Using Multiple Node Pools 124 Scheduling Workloads on Specific Nodes 125 Kubernetes Networking 127 Container Network Interface (CNI) 127 OCI VCN-Native Pod Networking CNI 129 Flannel CNI 130 Kubernetes Storage 130 StorageClass: Flex Volume and CSI Plug-ins 131 Updating the Default Storage Class 131 File System Storage 133 Kubernetes Load Balancer Support 137 Working with the OCI Load Balancer Service 137 SSL Termination with OCI Load Balancer 140 Working with the OCI Network Load Balancer Service 142 Specifying Reserved Public IP Addresses 144 Commonly Used Annotations 144 Understanding Security List Management Modes 146 Using Node Label Selectors 147 Security Considerations for Your Cluster 149 Cluster Topology and Configuration Security Considerations 150 Authorization Using Workload Identity and Instance Principls 156 Securing Access to the Cluster 160 OCI IAM and Kubernetes RBAC 161 Federation with an IDP 162 Summary 162 References 163 Chapter 5 Container Engine for Kubernetes in Practice 165 Kubernetes Version Support 166 Upgrading the Control Plane 167 Upgrading the Data Plane 169 Upgrading an Existing Node Pool 170 Upgrading by Adding a Node Pool 173 Alternative Host OS (Not Kubernetes Version) Upgrade Options 175 Scaling a Cluster 175 Manual Scaling 175 Autoscaling 176 Scaling Workloads and Infrastructure Together 194 Autoscaler Best Practices 195 Cluster Access and Token Generation 196 Service Account Authentication 197 Configuring DNS 199 Configuring Node Local DNS Cache 201 Configuring ExternalDNS 202 Cluster Add-ons 203 Configuring Add-ons 203 Disabling Add-ons 205 Observability: Prometheus and Grafana 205 Monitoring Stack Components 205 Installing the kube-prometheus-stack 205 Operators and OCI Service Operator for Kubernetes 208 Getting Started with Operators on OKE 209 Operators for OCI, Oracle Database, and Oracle WebLogic 210 Troubleshooting Nodes with Node Doctor 214 Configuring SR-IOV Interfaces for Pods on OKE Using Multus 218 Using Bare Metal Nodes 218 Using Virtual Machine Nodes 226 Summary 238 References 239 Chapter 6 Securing Your Workloads and Infrastructure 241 Kubernetes Security Challenges 241 Concepts of Kubernetes Security 242 4Cs of Kubernetes Security 242 Securing Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) 243 Private Clusters 244 Kubernetes Role-Based Access Control (RBAC) with OCI IAM Groups 248 Data Encryption and Key Management Service 250 Audit Logging 253 Security Zones 255 Network Security Groups (NSGs) 256 Web Application Firewall (WAF) 257 Network Firewall 262 Allowed Registries 264 Cloud Guard 266 Hardening Containers and OKE Worker Nodes 267 Container Scanning 268 Container Image Signing 270 Center for Internet Security (CIS) Kubernetes Benchmarks 270 Using SELinux with OKE 272 Worker Nodes Limited Access 275 Securing Your Workloads 275 Security Context 275 syscalls and seccomp 278 Open Policy Agent (OPA) 280 OPA Gatekeeper 283 Open Web Application Security Project (OWASP) 285 Supporting Tools 287 External Container Scanning Tools 287 CIS-CAT Pro Assessor 287 Kube-bench 289 AppArmor 291 Falco 293 Tracee 293 Trivy 294 National Institute of Standards and Technology (NIST) Kubernetes Benchmarks 294 NIST Kubernetes Benchmarks 295 National Checklist Program Repository 296 National Vulnerability Database 296 NIST SP 800-190 Application Container Security Guide 296 Summary 296 References 297 Chapter 7 Serverless Platforms and Applications 299 Container Instances 300 Architecture 300 Using Container Instances 301 Serverless Functions 305 OCI Functions 306 Using OCI Functions 306 Building Your First Function 308 Adding an API Gateway 314 Function Logs and Distributed Tracing 315 Service Mesh 319 Using the Service Mesh 320 Adding a Service Mesh to an Application 321 Summary 330 References 330 Chapter 8 Observability 331 OCI Monitoring 331 Alarms 336 OCI Logging 338 Service Logs 340 Custom Logs 341 Audit Logs 343 Auditing OKE Activity 345 Advanced Observability in OCI 347 Logging Analytics 347 Enabling and Using Logging Analytics 349 Prometheus and Grafana with OKE 349 Using the OCI DataSource Plug-ins for Grafana 353 eBPF-Based Monitoring with Tetragon on OKE 353 Tetragon: eBPF-Based Security Observability and Enforcement 354 Running Tetragon on Oracle Container Engine for Kubernetes (OKE) 355 Summary 359 References 360 Chapter 9 DevOps and Deployment Automation 361 OCI DevOps Service 362 Code Repositories 363 Triggers 364 Build Pipelines 364 Artifacts 368 Environments 370 Deployment Pipelines 370 Elastically Scaling Jenkins on Kubernetes 376 Setting Up Jenkins on OKE 377 GitOps with ArgoCD 380 Setting Up Argo CD on OKE 381 Summary 384 References 384 Chapter 10 Bringing It Together: MuShop 385 Architecture 386 Source Code Structure 388 Services 390 Storefront 390 API 391 Catalog 391 Carts 392 User 392 Orders 393 Fulfillment 393 Payment 394 Assets 394 DBTools 394 Edge Router 394 Events 395 Newsletter Subscription 395 Load 395 Building the Services 395 Infrastructure Automation 398 Helm Charts 399 Utilities and Supporting Components 402 Deploying MuShop 403 Summary 405 References 406 9780137902538 TOC 10/30/2023

Read more less

Book SynopsisMichael Howard is a 30-year Microsoft veteran and is currently a Principal Security Program Manager in the Azure Data Platform team, working on security engineering. He is one of the original architects of the Microsoft Security Development Lifecycle and has helped diverse customers such as government, military, education, finance, and healthcare secure their Azure workloads. He was the application security lead for the Rio 2016 Olympic games, which were hosted on Azure. Heinrich Gantenbein is a Senior Principal Consultant on Cybersecurity in Microsoft's Industry Solutions Delivery. With 30+ years of experience in software engineering and more than 30 years of experience in consulting, he brings a wealth of practical know-how to his role. Heinrich specializes in Azure security, threat modeling, and DevSecOps. Simone Curzi is a Principal Consultant from Microsoft's Industry Solutions Delivery. He has 20+ years of experiTable of ContentsPART I SECURITY PRINCIPLES CHAPTER 1 Secure development lifecycle processes CHAPTER 2 Secure design CHAPTER 3 Security patterns CHAPTER 4 Threat modeling CHAPTER 5 Identity, authentication, and authorization CHAPTER 6 Monitoring and auditing CHAPTER 7 Governance CHAPTER 8 Compliance and risk programs PART II SECURE IMPLEMENTATION CHAPTER 9 Secure coding CHAPTER 10 Cryptography in Azure CHAPTER 11 Confidential computing CHAPTER 12 Container security CHAPTER 13 Database security CHAPTER 14 CI/CD security CHAPTER 15 Network security Appendix A: Core cryptographic techniques

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisThis latest textbook from bestselling author, Douglas E. Comer, is a class-tested book providing a comprehensive introduction to cloud computing. Focusing on concepts and principles, rather than commercial offerings by cloud providers and vendors, The Cloud Computing Book: The Future of Computing Explained gives readers a complete picture of the advantages and growth of cloud computing, cloud infrastructure, virtualization, automation and orchestration, and cloud-native software design.The book explains real and virtual data center facilities, including computation (e.g., servers, hypervisors, Virtual Machines, and containers), networks (e.g., leaf-spine architecture, VLANs, and VxLAN), and storage mechanisms (e.g., SAN, NAS, and object storage). Chapters on automation and orchestration cover the conceptual organization of systems that automate software deployment and scaling. Chapters on cloud-native software cover parallelism, microservices, MapReduce, controlTable of ContentsPreface PART I The Era Of Cloud Computing The Motivations For Cloud 1.1 Cloud Computing Everywhere 1.2 A Facility For Flexible Computing 1.3 The Start Of Cloud: The Power Wall And Multiple Cores 1.4 From Multiple Cores To Multiple Machines 1.5 From Clusters To Web Sites And Load Balancing 1.6 Racks Of Server Computers 1.7 The Economic Motivation For A Centralized Data Center 1.8 Origin Of The Term “In The Cloud” 1.9 Centralization Once Again Elastic Computing And Its Advantages 2.1 Introduction 2.2 Multi-Tenant Clouds 2.3 The Concept Of Elastic Computing 2.4 Using Virtualized Servers For Rapid Change 2.5 How Virtualized Servers Aid Providers 2.6 How Virtualized Servers Help A Customer 2.7 Business Models For Cloud Providers 2.8 Intrastructure as a Service (IaaS) 2.9 Platform as a Service (PaaS) 2.10 Software as a Service (SaaS) 2.11 A Special Case: Desktop as a Service (DaaS) 2.12 Summary Type Of Clouds And Cloud Providers 3.1 Introduction 3.2 Private And Public Clouds 3.3 Private Cloud 3.4 Public Cloud 3.5 The Advantages Of Public Cloud 3.6 Provider Lock-In 3.7 The Advantages Of Private Cloud 3.8 Hybrid Cloud 3.9 Multi-Cloud 3.10 Hyperscalers 3.11 Summary PART II Cloud Infrastructure And Virtualization Data Center Infrastructure And Equipment 4.1 Introduction 4.2 Racks, Aisles, And Pods 4.3 Pod Size 4.4 Power And Cooling For A Pod 4.5 Raised Floor Pathways And Air Cooling 4.6 Thermal Containment And Hot/Cold Aisles 4.7 Exhaust Ducts (Chimneys) 4.8 Lights-Out Data Centers 4.9 A Possible Future Of Liquid Cooling 4.10 Network Equipment And Multi-Port Server Interfaces 4.11 Smart Network Interfaces And Offload 4.12 North-South And East-West Network Traffic 4.13 Network Hierarchies, Capacity, And Fat Tree Designs 4.14 High Capacity And Link Aggregation 4.15 A Leaf-Spine Network Design For East-West Traffic 4.16 Scaling A Leaf-Spine Architecture With A Super Spine 4.17 External Internet Connections 4.18 Storage In A Data Center 4.19 Unified Data Center Networks 4.20 Summary Virtual Machines 5.1 Introduction 5.2 Approaches To Virtualization 5.3 Properties Of Full Virtualization 5.4 Conceptual Organization Of VM Systems 5.5 Efficient Execution And Processor Privilege Levels 5.6 Extending Privilege To A Hypervisor 5.7 Levels Of Trust 5.8 Levels Of Trust And I/O Devices 5.9 Virtual I/O Devices 5.10 Virtual Device Details 5.11 An Example Virtual Device 5.12 A VM As A Digital Object 5.13 VM Migration 5.14 Live Migration Using Three Phase5.15 Running Virtual Machines In An Application 5.16 Facilities That Make A Hosted Hypervisor Possible 5.17 How A User Benefits From A Hosted Hypervisor 5.18 Summary Containers 6.1 Introduction 6.2 The Advantages And Disadvantages Of VMs 6.3 Traditional Apps And Elasticity On Demand 6.4 Isolation Facilities In An Operating System 6.5 Linux Namespaces Used For Isolation 6.6 The Container Approach For Isolated Apps 6.7 Docker Containers6.8 Docker Terminology And Development Tools 6.9 Docker Software Components 6.10 Base Operating System And Files 6.11 Items In A Dockerfile 6.12 An Example Dockerfile 6.13 Summary Virtual Networks 7.1 Introduction 7.2 Conflicting Goals For A Data Center Network 7.3 Virtual Networks, Overlays, And Underlays 7.4 Virtual Local Area Networks (VLANs) 7.5 Scaling VLANs To A Data Center With VXLAN 7.6 A Virtual Network Switch Within A Server 7.7 Network Address Translation (NAT) 7.8 Managing Virtualization And Mobility 7.9 Automated Network Configuration And Operation 7.10 Software Defined Networking 7.11 The OpenFlow Protocol 7.12 Programmable Networks 7.13 Summary Virtual Storage 8.1 Introduction 8.2 Persistent Storage: Disks And Files 8.3 The Disk Interface Abstraction 8.4 The File Interface Abstraction 8.5 Local And Remote Storage 18.6 Two Types Of Remote Storage Systems 8.7 Network Attached Storage (NAS) Technology 8.8 Storage Area Network (SAN) Technology 8.9 Mapping Virtual Disks To Physical Disks 8.10 Hyper-Converged Infrastructure 8.11 A Comparison Of NAS and SAN Technology 8.12 Object Storage 8.13 Summary PART III Automation And OrchestrationAutomation 9.1 Introduction 9.2 Groups That Use Automation 9.3 The Need For Automation In A Data Center 9.4 An Example Deployment 9.5 What Can Be Automated? 9.6 Levels Of Automation 9.7 AIops: Using Machine Learning And Artificial Intelligence 9.8 A Plethora Of Automation Tools 9.9 Automation Of Manual Data Center Practices 9.10 Zero Touch Provisioning And Infrastructure As Code 9.11 Declarative, Imperative, And Intent-Based Specifications 9.12 The Evolution Of Automation Tools 9.13 Summary Orchestration: Automated Replication And Parallelism 10.1 Introduction 10.2 The Legacy Of Automating Manual Procedures 10.3 Orchestration: Automation With A Larger Scope 10.4 Kubernetes: An Example Container Orchestration System 10.5 Limits On Kubernetes Scope 10.6 The Kubernetes Cluster Model 10.7 Kubernetes Pods 10.8 Pod Creation, Templates, And Binding Times 10.9 Init Containers 10.10 Kubernetes Terminology: Nodes And Control Plane 10.11 Control Plane Software Components 10.12 Communication Among Control Plane Components 10.13 Worker Node Software Components 10.14 Kubernetes Features 110.15 SummaryPART IV Cloud Programming ParadigmsThe MapReduce Paradigm 11.1 Introduction 11.2 Software In A Cloud Environment 11.3 Cloud-Native Vs. Conventional Software 11.4 Using Data Center Servers For Parallel Processing 11.5 Tradeoffs And Limitations Of The Parallel Approach 11.6 The MapReduce Programming Paradigm 11.7 Mathematical Description Of MapReduce 11.8 Splitting Input 11.9 Parallelism And Data Size 11.10 Data Access and Data Transmission 11.11 Apache Hadoop 11.12 The Two Major Parts Of Hadoop 11.13 Hadoop Hardware Cluster Model 11.14 HDFS Components: DataNodes And A NameNode 11.15 Block Replication And Fault Tolerance 11.16 HDFS And MapReduce 11.17 Using Hadoop With Other File Systems 11.18 Using Hadoop For MapReduce Computations 11.19 Hadoop’s Support For Programming Languages 11.20 Summary Microservices 12.1 Introduction 12.2 Traditional Monolithic Applications 12.3 Monolithic Applications In A Data Center 12.4 The Microservices Approach 12.5 The Advantages Of Microservices 12.6 The Potential Disadvantages of Microservices 12.7 Microservices Granularity 12.8 Communication Protocols Used For Microservices 12.9 Communication Among Microservices 12.10 Using A Service Mesh Proxy 12.11 The Potential For Deadlock 12.12 Microservices Technologies 12.13 Summary Controller-Based Management Software13.1 Introduction 13.2 Traditional Distributed Application Management 13.3 Periodic Monitoring 13.4 Managing Cloud-Native Applications 13.5 Control Loop Concept 13.6 Control Loop Delay, Hysteresis, And Instability 13.7 The Kubernetes Controller Paradigm And Control Loop 13.8 An Event-Driven Implementation Of A Control Loop 13.9 Components Of A Kubernetes Controller 13.10 Custom Resources And Custom Controllers 13.11 Kubernetes Custom Resource Definition (CRD) 13.12 Service Mesh Management Tools 13.13 Reactive Or Dynamic Planning 13.14 A Goal: The Operator Pattern 13.15 Summary Serverless Computing And Event Processing 14.1 Introduction 14.2 Traditional Client-Server Architecture 114.3 Scaling A Traditional Server To Handle Multiple Clients 14.4 Scaling A Server In A Cloud Environment 14.5 The Economics Of Servers In The Cloud 14.6 The Serverless Computing Approach 14.7 Stateless Servers And Containers 14.8 The Architecture Of A Serverless Infrastructure 14.9 An Example Of Serverless Processing 14.10 Potential Disadvantages Of Serverless Computing 14.11 Summary DevOps 15.1 Introduction 15.2 Software Creation And Deployment15.3 The Realistic Software Development Cycle 15.4 Large Software Projects And Teams 15.5 Disadvantages Of Using Multiple Teams 15.6 The DevOps Approach 15.7 Continuous Integration (CI): A Short Change Cycle 15.8 Continuous Delivery (CD): Deploying Versions Rapidly 15.9 Cautious Deployment: Sandbox, Canary, And Blue/Green 15.10 Difficult Aspects Of The DevOps Approach 15.11 Summary PART V Other Aspects Of Cloud Edge Computing And IIoT 16.1 Introduction 16.2 The Latency Disadvantage Of Cloud 16.3 Situations Where Latency Matters 16.4 Industries That Need Low Latency 16.5 Moving Computing To The Edge 16.6 Extending Edge Computing To A Fog Hierarchy 16.7 Caching At Multiple Levels Of A Hierarchy 16.8 An Automotive Example 16.9 Edge Computing And IIoT 16.10 Communication For IIoT 16.11 Decentralization Once Again 16.12 Summary Cloud Security And Privacy17.1 Introduction 17.2 Cloud-Specific Security Problems 17.3 Security In A Traditional Infrastructure 17.4 Why Traditional Methods Do Not Suffice For The Cloud 17.5 The Zero Trust Security Model 17.6 Identity Management 17.7 Privileged Access Management (PAM) 17.8 AI Technologies And Their Effect On Security17.9 Protecting Remote Access 17.10 Privacy In A Cloud Environment 17.11 Back Doors, Side Channels, And Other Concerns 17.12 Cloud Providers As Partners For Security And Privacy 17.13 Summary Controlling The Complexity Of Cloud-Native Systems 18.1 Introduction 18.2 Sources Of Complexity In Cloud Systems 18.3 Inherent Complexity In Large Distributed Systems 18.4 Designing A Flawless Distributed System 18.5 System Modeling 18.6 Mathematical Models 18.7 An Example Graph Model To Help Avoid Deadlock 18.8 A Graph Model For A Startup Sequence 18.9 Modeling Using Mathematics 18.10 An Example TLA+ Specification 18.11 System State And State Changes 18.12 The Form Of A TLA+ Specification 18.13 Symbols In A TLA+ Specification 18.14 State Transitions For The Example 18.15 Conclusions About Temporal Logic Models 18.16 Summary Index

Read more less

Book SynopsisYour organization can save and thrive in the cloud with this first non-technical guide to cloud computing for business leaders In less than a decade Google, Amazon, and Salesforce.com went from unknown ideas to powerhouse fixtures in the economic landscape; in even less time offerings such as Linkedin, Youtube, Facebook, Twitter and many others also carved out important roles; in less than five years Apple''s iTunes became the largest music retailer in North America. They all share one key strategic decision each of these organizations chose to harness the power of cloud computing to power their drives to dominance. With roots in supercomputing and many other technical disciplines, cloud computing is ushering in an entirely new economic reality technology-enabled enterprises built on low cost, flexible, and limitless technical infrastructures. The Executive''s Guide to Cloud Computing reveals how you can apply the power of cloud computing throughout yoTrade Review“A very timely and invaluable resource for CIOs, CTOs, and Enterprise Architects ... extremely relevant information that will serve readers well now and far into the future.” —Bob Flores, President & CEO Applicology Inc., Former CTO of the Central Intelligence Agency “The authors have done a great job in explaining the cloud concepts. They give historical and technical background to show that cloud computing is really an evolution of numerous technologies and business strategies. It is the combination of these that enables cloud and these new business strategies to happen. This makes the fuzziness of the concept come into focus. The “technical” chapters show the CIO and Technical Architect a model for building your own strategy within the business and a path from concept to deployment with governance and business models thrown in. Darn, I keep hoping for ‘the answer’. Now my questions can dig into the real value for our enterprise and a strategy for moving forward. Great book!!!” —Dave Ploch, CIO, Novus International “‘Executive’s Guide’ is not a code-phrase for an introductory text, but a comprehensive guide for the CIO, IT decision-maker, or project leader. The authors, two entrepreneurs and pioneers in the field, speak from substantial real-world project experience. They introduce the topic and related technologies, highlight cloud drivers and strategy, address relationships to existing initiatives such as Service-Oriented Architectures, detail project phases in the implementation of and evolution to cloud-based enterprise architectures, and offer many reasoned insights along the way.” —Joe Weinman, Strategy and Business Development, AT&T Business Solutions “Executive’s Guide to Cloud Computing is a crystal ball into the future of business. Not a technical treatise but an insightful explanation of how cloud computing can quickly deliver real business value. This book is an instruction manual on how to win business in this ‘born on the web’ world.” —Kevin L. Jackson, Vice President, Dataline LLC and author of Cloud Musings, http://kevinljackson.blogspot.comTable of ContentsPreface xi CHAPTER 1 THE SOUND OF INEVITABILITY 1 A Persistent Vision 5 A Little History 6 Three Ages of Computing 6 Broad Enablers 15 Big Contributions 20 Limitations 21 I Want One of Those 22 Back to the Future? 22 Notes 23 CHAPTER 2 CONCEPTS, TERMINOLOGY,AND STANDARDS 25 Basic Concepts: The Big Stuff 27 Major Layers 34 Where They Live (Deployment Models) 36 Geographic Location 39 Datacenter Innovation 39 The Quest for Green 40 Standards 41 Much Sound and Fury . . . 42 Parting Thoughts 42 Notes 43 CHAPTER 3 CLOUD COMPUTING AND EVERYTHING ELSE 45 The Neighborhood 45 Parting Thoughts 66 Notes 67 CHAPTER 4 STRATEGIC IMPLICATIONS OF CLOUD COMPUTING 69 A Survey of Cloud Implications 70 Business Benefits of Cloud Computing 78 Cloud-Based Business Models 82 Cloud-Enabled Business Models 83 Strategic Implications of Cloud Computing 86 Evolving from SOA into the Cloud 91 When to Do SOA versus Cloud? 98 Cloud Computing Adoption Obstacles 107 Parting Thoughts: Things to Do Tomorrow 109 Notes 110 CHAPTER 5 CLOUD ADOPTION LIFECYCLE 111 Cloud Adoption Lifecycle and Cloud Modeling Framework: Two Necessary Tools for Cloud Success 112 Cloud Adoption Lifecycle 114 Cloud Adoption Lifecycle Summary 144 Parting Thoughts 145 CHAPTER 6 CLOUD ARCHITECTURE, MODELING, AND DESIGN 147 Cloud Adoption Lifecycle Model: Role of Cloud Modeling and Architecture 147 Cloud Industry Standards 149 Standards Monitoring Framework 154 A Cloud Computing Reference Model 155 Exploring the Cloud Computing Logical Architecture 157 Developing a Holistic Cloud Computing Reference Model 162 Cloud Deployment Model 170 Cloud Governance and Operations Model 174 Cloud Ecosystem Model (Supporting the Cloud Reference Model) 179 Consumption of Cloud-Enabled and Cloud Enablement Resources 184 Cloud Computing Reference Model Summary 187 Cloud Computing Technical Reference Architecture 188 Parting Thoughts 192 Notes 193 CHAPTER 7 WHERE TO BEGIN WITH CLOUD COMPUTING 195 Cloud Adoption Lifecycle 195 Where to Begin with Cloud: Using the Cloud Adoption Lifecycle 199 Where to Begin with Cloud: Deployment Model Scenarios 200 Cloud Business Adoption Patterns 204 Where to Begin with Cloud: Consumers and Internal Cloud Providers 209 Cloud Patterns Mapped to Common Cloud Use Cases 213 Parting Thoughts 224 CHAPTER 8 ALL THINGS DATA 227 The Status Quo 228 Cracks in the Monolith 230 Cloud Scale 232 The Core Issues 234 Lessons Learned 237 Solutions and Technologies: A Few Examples 239 A Look Below: Need for Combined Computation/Storage 242 Parting Thoughts 243 Notes 243 CHAPTER 9 WHY INEVITABILITY IS INEVITABLE 245 Driving Scale 27 Objections and Concerns 248 Overwhelming Rationality 253 A Natural Evolution 257 Parting Thoughts 259 Notes 260 Appendix The Cloud Computing Vendor Landscape 263 Infrastructure as a Service (IaaS) 264 Platforms as a Service (PaaS) 264 Software as a Service (SaaS) 265 Systems Integrators 265 Analysts and Services Providers 266 Parting Thoughts 266 Note 266 About the Authors 267 Index 269

Read more less

Book Synopsis

Read more less

Book SynopsisWith this updated edition, you'll learn how to build, deploy, and host a modern, multi-tiered application on OpenShift. Through the course of the book, you'll learn how to use OpenShift and the Quarkus Java Framework to develop and deploy applications using proven enterprise technologies.

Read more less

Book SynopsisThis practical guide provides business leaders and C-level executives with guidance and insights across a wide range of cloud-related topics, such as distributed cloud, microservices, and other open source solutions for strengthening operations.

Read more less

Book SynopsisWith this book, any engineer can learn how to approach software efficiency effectively, professionally, and without stress. Author Bartłomiej Płotka provides the tools and knowledge required to make your systems faster and less resource-hungry.

Read more less

Book SynopsisThe fundamentals for building systems are changing, and although many of the principles that underpin security still ring true, their implementation has become unrecognizable. This practical book provides recipes for AWS, Azure, and GCP to help you enhance the security of your own cloud native systems.

Read more less

Book SynopsisThis practical book helps you understand and manage OpenShift clusters from minimal deployment to large multicluster installations.

Read more less

Book SynopsisWith this practical book, you'll learn how to adopt a holistic security and observability strategy for building and securing cloud native applications running on Kubernetes.

Read more less

Book SynopsisThis practical book describes Microsoft Azure's load balancing options and explains how NGINX can contribute to a comprehensive solution. Cloud architects Derek DeJonghe and Arlan Nugara take you through the steps necessary to design a practical solution for your network.

Read more less

Book SynopsisAuthor Rukmani Gopalan, a product management leader and data enthusiast, guides data architects and engineers through the major aspects of working with a cloud data lake, from design considerations and best practices to data format optimizations, performance optimization, cost management, and governance.

Read more less

Book SynopsisThis practical guide provides over 75 recipes to help you to work with common Azure issues in everyday scenarios. That includes key tasks like setting up permissions for a storage account, working with Cosmos DB APIs, managing Azure role-based access control, governing your Azure subscriptions using Azure Policy, and much more.

Read more less

Book SynopsisSheen Brisals and Luke Hedger outline the serverless adoption requirements for an enterprise, examine the development tools your team needs, and explain in depth the nuances of testing event-driven and distributed serverless services.

Read more less

Book SynopsisExplore the theory and practice of designing and writing serverless applications using examples from the Knative project. With this practical guide, mid-level to senior application developers and team managers will learn when and why to target serverless platforms when developing microservices or applications.

Read more less

Book SynopsisRevised to cover all the latest Kubernetes features, new tooling, and deprecations, this book distills decades of experience from companies that are successfully running Kubernetes in production and provide concrete code examples to back the methods presented in this book.

Read more less

Book SynopsisWith this practical cookbook, you'll learn hands-on Kubernetes recipes for automating the deployment, scaling, and operations of application containers across clusters of hosts. This fully updated second edition provides a problem-solution-discussion format with easy lookups to help you find the detailed answers you need-fast.

Read more less

Book SynopsisLearn in-demand cloud computing skills from industry experts Deploying and Managing a Cloud Infrastructure is an excellent resource for IT professionals seeking to tap into the demand for cloud administrators. This book helps prepare candidates for the CompTIA Cloud+ Certification (CV0-001) cloud computing certification exam. Designed for IT professionals with 2-3 years of networking experience, this certification provides validation of your cloud infrastructure knowledge. With over 30 years of combined experience in cloud computing, the author team provides the latest expert perspectives on enterprise-level mobile computing, and covers the most essential topics for building and maintaining cloud-based systems, including: Understanding basic cloud-related computing concepts, terminology, and characteristics Identifying cloud delivery solutions and deploying new infrastructure Managing cloud technologies, services, and networks Table of ContentsIntroduction xxiii Chapter 1 Understanding Cloud Characteristics 1 Basic Terms and Characteristics 2 Elasticity 2 On-Demand Self-service/JIT 3 Templating 4 Pay as You Grow 6 Pay-as-You-Grow Theory vs. Practice 7 Chargeback 8 Ubiquitous Access 9 Metering Resource Pooling 10 Multitenancy 11 Cloud Bursting 13 Rapid Deployment 14 Object Storage Concepts 16 File-Based Data Storage 16 Object Storage 18 Structured vs. Unstructured Data 18 REST APIs 19 Summary 25 Chapter Essentials 26 Chapter 2 To Grasp the Cloud—Fundamental Concepts 27 The True Nature of the Cloud 28 Elastic 29 Massive 29 On Demand 29 Virtualized 30 Secure 30 Always Available 30 Virtualization and Scalability 31 The True Definer of Cloud Computing 32 Serving the Whole World 32 The Cloud Hypervisor 33 Type 1 and Type 2 33 Use Cases and Examples 34 Benefits of Hypervisors 35 Hypervisor Security Concerns 35 Proprietary vs. Open Source 36 Moore’s Law, Increasing Performance, and Decreasing Enterprise Usage 36 Xen Cloud Platform (Open Source) 37 KVM (Open Source) 38 OpenVZ (Open Source) 38 VirtualBox (Open Source) 39 Citrix XenServer (Proprietary) 39 VMware vSphere/ESXi (Proprietary) 39 Microsoft Windows Server 2012 Hyper-V 41 Consumer vs. Enterprise Use 41 Workstation vs. Infrastructure 43 Key Benefits of Implementing Hypervisors 46 Shared Resources 46 Elasticity 46 Network and Application Isolation 47 Foundations of Cloud Computing 48 Infrastructure 48 Platform 49 Applications 50 Enabling Services 50 Summary 50 Chapter Essentials 51 Chapter 3 Within the Cloud: Technical Concepts of Cloud Computing 53 Technical Basics of Cloud and Scalable Computing 54 Defining a Data Center 55 Traditional vs. Cloud Hardware 62 Determining Cloud Data Center Hardware and Infrastructure 65 Optimization and the Bottom Line 70 The Cloud Infrastructure 78 Open Source 79 Proprietary 84 Summary 85 Chapter Essentials 86 Chapter 4 Cloud Management 87 Understanding Cloud Management Platforms 88 What It Means for Service Providers 90 Planning Your Cloud 90 Building Your Cloud 94 Running Your Cloud 95 What This Means for Customers 95 Service-Level Agreements 97 Policies and Procedures 97 Planning the Documentation of the Network and IP 98 Implementing Change Management Best Practices 100 Managing the Configuration 105 Managing Cloud Workloads 111 Managing Workloads Right on the Cloud 111 Managing Risk 112 Securing Data in the Cloud 113 Managing Devices 114 Virtualizing the Desktop 115 Enterprise Cloud Solution 116 Summary 116 Chapter Essentials 119 Chapter 5 Diagnosis and Performance Monitoring 121 Performance Concepts 122 Input/Output Operations per Second (IOPS) 123 Read vs. Write Files 124 File System Performance 125 Metadata Performance 127 Caching 130 Bandwidth 131 Throughput: Bandwidth Aggregation 132 Jumbo Frames 134 Network Latency 135 Hop Counts 136 Quality of Service (QoS) 137 Multipathing 137 Load Balancing 138 Scaling: Vertical vs. Horizontal vs. Diagonal 138 Disk Performance 140 Access Time 140 Data Transfer Rate 142 Disk Tuning 143 Swap Disk Space 144 I/O Tuning 144 Performance Management and Monitoring Tools 146 Hypervisor Configuration Best Practices 149 Impact of Configuration Changes 151 Common Issues 152 Summary 153 Chapter Essentials 154 Chapter 6 Cloud Delivery and Hosting Models 157 Private 158 Full Private Cloud Deployment Model 158 Semi-private Cloud Deployment Model 159 Public 160 Hybrid 160 Community 161 On-Premises vs. Off-Premises Hosting 161 On-Premises Hosting 162 Off-Premises Hosting 162 Miscellaneous Factors to Consider When Choosing between On- or Off-Premises Hosting 163 Comparing Total Cost of Ownership 166 Accountability and Responsibility Based on Delivery Models 168 Private Cloud Accountability 168 Public Cloud Accountability 169 Responsibility for Service Impairments 170 Accountability Categories 170 Security Differences between Models 171 Multitenancy Issues 171 Data Segregation 173 Network Isolation 173 Functionality and Performance Validation 174 On-Premises Performance 174 Off-Premises Performance 174 Types of Testing 175 Orchestration Platforms 175 Summary 177 Chapter Essentials 178 Chapter 7 Practical Cloud Knowledge: Install, Configure, and Manage 181 Setting Up the Cloud 183 Creating, Importing, and Exporting Templates and Virtual Machines 183 Creating Virtual Machine Templates 184 Importing and Exporting Service Templates 186 Installing Guest Tools 188 Snapshots and Cloning 189 Image Backups vs. File Backups 193 Virtual Network Interface Card 195 Virtual Disks 198 Virtual Switches 199 Configuring Virtual Machines for Several VLANs 201 Virtual Storage Area Network 203 Virtual Resource Migration 204 Establishing Migration Requirements 204 Migrating Storage 206 Scheduling Maintenance 208 Reasons for Maintenance 208 Virtual Components of the Cloud 209 Virtual Network Components 209 Shared Memory 210 Virtual CPU 211 Storage Virtualization 211 Summary 214 Chapter Essentials 215 Chapter 8 Hardware Management 221 Cloud Hardware Resources 222 BIOS/Firmware Configurations 222 Minimum Memory Capacity and Configuration 223 Number of CPUs 223 Number of Cores 224 NIC Quantity, Speeds, and Configurations 225 Internal Hardware Compatibility 225 Storage Media 226 Proper Allocation of Hardware Resources (Host) 227 Proper Virtual Resource Allocation (Tenant/Client) 232 Management Differences between Public, Private, and Hybrid Clouds 234 Public Cloud Management 234 Private Cloud Management 235 Hybrid Cloud Management 236 Tiering 236 Performance Levels of Each Tier 237 Policies 238 RAID Levels 238 File Systems 239 Summary 241 Chapter Essentials 242 Chapter 9 Storage Provisioning and Networking 245 Cloud Storage Concepts 246 Object Storage 246 Metadata 247 Data/Blob 248 Extended Metadata 248 Replicas 248 Policies and Access Control 248 Understanding SAN and NAS 249 Cloud vs. SAN Storage 250 Cloud Storage 251 Advantages of Cloud Storage 252 Cloud Provisioning 252 Migrating Software Infrastructure to the Cloud 253 Cloud Provisioning Security Concerns 253 Storage Provisioning 255 Network Configurations 256 Network Optimization 259 Cloud Storage Technology 260 Data Replication 261 Amazon Elastic Block Store (EBS) 262 Amazon Simple Storage Service (S3) 264 OpenStack Swift 266 Hadoop Distributed File System (HDFS) 266 Choosing from among These Technologies 277 Cloud Storage Gateway 278 Cloud Security and Privacy 280 Security, Privacy, and Attack Surface Area 280 Legal Issues (Jurisdiction and Data) 282 Supplier Lifetime (Vendor Lock-In) 283 Summary 284 Chapter Essentials 284 Chapter 10 Testing and Deployment: Quality Is King 287 Overview of Deployment Models 288 Private Cloud 288 Community Cloud 289 Public Cloud 289 Hybrid Cloud 290 Cloud Management Strategies 290 Private Cloud Strategies 291 Community Cloud Strategies 291 Public Cloud Strategies 292 Hybrid Cloud Strategies 292 Management Tools 293 Cloud Architecture 294 The Need for Cloud Architectures 294 Technical Benefits 295 Business Benefits 295 Cloud Deployment Options 296 Environment Provisioning 296 Deploying a Service to the Cloud 298 Deployment Testing and Monitoring 301 Creating and Deploying Cloud Services 304 Creating and Deploying a Cloud Service Using Windows Azure 305 Deploying and Managing a Scalable Web Service with Flume on Amazon EC2 309 Summary 321 Chapter Essentials 322 Chapter 11 Cloud Computing Standards and Security 323 Cloud Computing Standards 324 Why Do Standards Matter? 324 Current Ad Hoc Standards 325 Security Concepts and Tools 326 Security Threats and Attacks 326 Obfuscation 329 Access Control List 329 Virtual Private Network 330 Firewalls 330 Demilitarized Zone 333 Encryption Techniques 334 Public Key Infrastructure 335 Internet Protocol Security 336 Secure Sockets Layer/Transport Layer Security 336 Ciphers 337 Access Control Methods 338 Role-Based Access Control 338 Mandatory Access Control 338 Discretionary Access Control 339 Rule-Based Access Controls 339 Multifactor Authentication 339 Single Sign-On 339 Federation 340 Implementing Guest and Host Hardening Techniques 340 Disabling Unneeded Ports and Services 340 Secure User Credentials 343 Antivirus Software 344 Software Security Patching 344 Summary 345 Chapter Essentials 345 Chapter 12 The Cloud Makes It Rain Money: The Business in Cloud Computing 347 The Nature of Cloud Business 348 The Service Nature of the Cloud 348 Making Money with Open-Source Software 349 White Label Branding 350 Cloud Service Business Models 351 Infrastructure as a Service (IaaS) 351 Platform as a Service (PaaS) 352 Software as a Service (SaaS) 353 Data as a Service (DaaS) 354 Communication as a Service (CaaS) 355 Monitoring as a Service (MaaS) 355 Business Process as a Service (BPaaS) 355 Anything as a Service (XaaS) 356 Service Model Accountability and Responsibility 356 The Enterprise Cloud 359 Enterprise Applications 359 Cloud Collaboration 360 Collaborating with Telepresence 361 Disaster Recovery 364 Preparing for Failure: Disaster Recovery Plan 365 Backup Sites and Geographical Diversity 366 Change-Over Mechanism: Failover and Failback 369 Business Continuity and Cloud Computing 369 Business Continuity in the Cloud 370 Workshifting in the Cloud 371 Bring Your Own Device 371 Summary 372 Chapter Essentials 373 Chapter 13 Planning for Cloud Integration: Pitfalls and Advantages 375 Work Optimization 376 Optimizing Usage, Capacity, and Cost 376 Which Service Model Is Best for You? 379 The Right Cloud Model 381 Private Cloud 381 Public Cloud 383 Hybrid Cloud 384 Adapting Organizational Culture for the Cloud 385 Finding Out the Current Culture 385 Mapping Out an Adaption Plan 386 Culture Adaption, Propagation, and Maintenance 387 Potholes on the Cloud Road 389 Roadblocks to Planning 389 Convincing the Board 391 Summary 394 Chapter Essentials 394 Appendix The CompTIA Cloud+ Certification Exam 397 Preparing for the Exam 398 Taking the Exam 399 Reviewing the Exam Objectives 400 Index 417

Read more less

Book SynopsisThe essential roadmaps for enterprise cloud adoption As cloud technologies continue to challenge the fundamental understanding of how businesses work, smart companies are moving quickly to adapt to a changing set of rules. Adopting the cloud requires a clear roadmap backed by use cases, grounded in practical real-world experience, to show the routes to successful adoption. The Cloud Adoption Playbook helps business and technology leaders in enterprise organizations sort through the options and make the best choices for accelerating cloud adoption and digital transformation. Written by a team of IBM technical executives with a wealth of real-world client experience, this book cuts through the hype, answers your questions, and helps you tailor your cloud adoption and digital transformation journey to the needs of your organization. This book will help you: Discover how the cloud can fulfill major business needsAdopt a standardized Cloud Adoption Framework and understand the key dimensTable of ContentsForeword xxi Introduction xxiii 1 Business Drivers 1 Addressing Challenges for the Enterprise 1 What Drives a Business to the Cloud? 3 What Do You Gain from Cloud? 5 Implications to the Enterprise 7 Summary 9 2 Framework Overview 11 The Framework 13 Key dimensions of cloud adoption 15 Steps in the adoption journey 16 Ten Key Actions of the Framework 17 1. Involve the right people 17 2. Achieve business and technology alignment 18 3. Take a holistic approach across dimensions 19 4. Assume an outside-in, client-centered approach 20 5. Open the aperture to new possibilities 20 6. Show progress and quick wins 21 7. Collaborate actively 23 8. Balance sustained and disruptive innovation 23 9. Establish success criteria 24 10. Account for a multicloud hybrid model 24 Summary 25 3 Strategy 27 What Does a Cloud Strategy Mean for the CIO? 28 What Do We Really Mean by “Strategy”? 28 Developing a Cloud Strategy 30 What Are the Complete Dimensions of a Cloud Strategy? 31 What Key Considerations Should a Cloud Strategy Address? 34 Service types 35 Deployment models 36 Roles 37 Controls 39 Vendor relationships 41 What Prescriptive Steps Are Required to Develop a Cloud Strategy? 44 Step 1: Define business objectives and constraints 44 Step 2: Complete analysis of your workload portfolio 46 Step 3: Envision your future state and analyze your current state 48 Step 4: Assess your organization’s readiness 50 Step 5: Build an execution framework with defined strategic milestones 52 Step 6: Define proven approaches best suited to your organization 53 Summary 55 4 Culture and Organization 57 What Does the Cloud Mean for Human Resources? 57 What Do We Really Mean by “Culture”? 58 What cultural elements make cloud adoption easier or harder? 59 Talent and flexibility 69 Basic Squad Organization 71 SRE model and squads 73 Tribes and guilds 74 Cultural elements of the squad model 75 Advantages of a COC 77 What are the goals of a COC? 78 Life cycle of a COC 78 When a COC is not the right approach 79 Summary 81 5 Architecture and Technology 83 What Does Cloud Adoption Mean for Enterprise Architects? 83 Role of Enterprise Architects in Cloud Adoption 85 Workload assessment 85 Reference architectures 90 Example Microservices Reference Architecture 94 Style introduction 94 An example reference architecture 95 Reference Implementations 100 DevOps implementation 103 Resiliency patterns 104 Security 104 Management 105 Summary 105 6 Security and Compliance 107 What Does the Cloud Mean to the CISO? 107 Will My People, Processes, Tools, and Approaches Change? 108 How Is Cloud Adoption Affected by Compliance Issues? 111 How Do I Protect Against Data Breaches and Loss? 113 Key management 113 Certificate management 114 Data integrity 115 How Do I Protect Against Networking Vulnerabilities? 116 Cloud-hosted firewalls 116 Intrusion prevention systems 117 Distributed denial of service 117 Microsegmentation 118 What Does a Secure Cloud-Native System Look Like? 118 Identity and Access Management for Applications 120 Authentication 120 Multifactor authentication 121 Directory services 121 Reporting 121 Implementing identity and access for cloud-native applications 122 Secure DevOps 123 Dynamic analysis 124 Static analysis 124 How Do I Get Visibility to My Cloud Applications? 125 Summary 125 7 Emerging Innovation Spaces 127 Innovation as a Business Driver 127 Examples of Innovation 128 Data and analytics 128 Blockchain 130 Containers 132 IoT 134 Cognitive 135 Summary 136 8 Methodology 137 What Does the Cloud Mean for the VP of the VP of Method & and Tools? 137 Introducing the IBM Cloud Garage Method 138 Culture 139 Think 139 Code 140 Deliver 140 Run 141 Manage 141 Learn 142 Connections between Cloud and Agile 142 Lean Startup and Lean Development 144 Why Design Thinking Is the Missing Link 145 Starting a Project with the IBM Cloud Garage Method 146 Wrapping Up the Workshop 150 Our Approach to Project Inception 150 Starting Development 151 The Role of Technology Choices 154 Expanding to Deliver the MVP 154 The Role of Testing in the Squad Model 156 Customer Example 156 Summary 158 9 Service Management and Operations 159 What Does Cloud Mean for the VP of Operations? 159 Operational Transformation 160 Organizational changes 161 Process changes 164 Technology changes 165 Cultural changes 169 New Roles 171 Roles and responsibilities 171 Organizational alignment 173 Operational Readiness 178 Operationalizing the cloud 178 Operationalizing application readiness 180 Incident Management 182 Designing resilient applications for the cloud 182 Taking a fresh approach to incident management 183 Event management 184 Runbooks 185 Log management 187 Dashboards 187 Ticketing 188 Root-Cause Analysis and Postmortems 190 Root-cause analysis 190 Postmortem 192 Deployment, Release Management, and Change Management 194 Deployment 194 Release management 197 Change management 198 Configuration Management 199 Configuration items and relationships 200 CMDB/CMS 200 Discovery 201 Summary 202 10 Governance 203 Cloud Challenges 203 Regulatory requirements 204 Sourcing and standardization issues 204 Threats to security and reputation 205 Aspects of a Governance Model 206 Defining a Governance Model 207 Considerations for your governance model 208 Cloud center of competence 209 Chapters and guilds 211 Summary 213 Conclusion 215 Notes 219 Index 223

Read more less

Book SynopsisDemystify architecting complex blockchain applications in enterprise environments Architecting Enterprise Blockchain Solutions helps engineers and IT administrators understand how to architect complex blockchain applications in enterprise environments. The book takes a deep dive into the intricacies of supporting and securing blockchain technology, creating and implementing decentralized applications, and incorporating blockchain into an existing enterprise IT infrastructure. Blockchain is a technology that is experiencing massive growth in many facets of business and the enterprise. Most books around blockchain primarily deal with how blockchains are related to cryptocurrency or focus on pure blockchain development. This book teaches what blockchain technology is and offers insights into its current and future uses in high performance networks and complex ecosystems. Provides a practical, hands-on approachDemonstrates the power and flexibility of enterprise blockchains such as HTable of ContentsForeword xxi Introduction xxiii Chapter 1 Introduction to Blockchain Technologies 1 What is a Blockchain? 2 My Approach to the Definition3 Technical Audience 3 Business Audience 3 Legal Audience 5 Three Definitions of Blockchain 5 History of Blockchains 5 Blockchain vs Traditional Database 9 Distribution of Trust 10 Consensus and Trust 10 Summary of Differences Between Ledgers and Traditional Databases 10 Cap Theorem 12 Common Properties of Permissionless Blockchains 13 Why the Blockchain is Considered Revolutionary 15 Blockchain Principles 15 Trust or Trustless 16 Transparency and Blockchain 18 Blockchain Transaction Basics 20 Consensus 20 Blocks 20 Types of Blockchains 21 Public, Private, and Hybrid Blockchains 21 Summary 27 Chapter 2 Enterprise Blockchains: Hyperledger, R3 Corda, Quorum, and Ethereum 29 Comparing Enterprise Blockchains 29 Introducing the Hyperledger Project 31 Hyperledger Frameworks 32 Introducing Hyperledger Fabric 35 Hyperledger Fabric Ledger 37 Hyperledger Fabric Consensus 38 Hyperledger Fabric Transactions 38 Hyperledger Fabric Nodes 40 Hyperledger Fabric Business Networks 40 Hyperledger Fabric Chaincode (Smart Contracts) 41 Hyperledger Fabric Development Tools 41 Hyperledger Fabric Governance 43 Introducing R3 Corda 43 R3 Corda Blockchain Fundamentals 46 R3 Corda Network 46 R3 Corda Ledger 47 R3 Corda Consensus 48 R3 Corda Nodes 49 R3 Corda States 49 R3 Corda Transactions 50 R3 Corda Client Applications 50 R3 Corda Smart Contracts 51 R3 Corda Development Tools 52 R3 Corda Governance 53 Introducing Quorum 54 Quorum Blockchain Fundamentals 55 Quorum Ledger 56 Quorum Consensus 56 Quorum Smart Contracts 56 Quorum Tools and Utilities 57 Quorum Governance 58 Introducing Ethereum 58 Ethereum Blockchain Fundamentals 60 Ethereum Ledger 61 Ethereum Node EVM 61 Ethereum Client Apps 63 Ethereum Transactions 64 Ethereum Smart Contracts 64 Ethereum Wallets 66 Ethereum Tools and Utilities 66 Ethereum Governance 68 Summary 68 Chapter 3 Architecting Your Enterprise Blockchain 69 Blockchain Technology Focus Areas 69 Blockchain Success Areas 70 Blockchain Compliance 71 Architecting a Blockchain Solution 71 Blockchain Design Workflow 72 Use Case Potential 72 Blockchain Structure and Components 77 Blockchain Structure 77 Blockchain Core Components 79 Enterprise Blockchain Architectures 81 TOGAF Domains 81 What, Who, and How of Enterprise Architecture 82 Tenets 82 Blockchain Design 83 Enterprise Blockchain Adoption Challenges 84 Risk Management 84 Blockchain as a Hammer 85 Enterprise Blockchain Design Principles 85 Enterprise Blockchain Design Requirements 86 Other Concerns—Deployment Model 90 Hyperledger Fabric 90 Hyperledger Fabric’s Main Selling Points 91 Hyperledger Fabric’s Blockchain Design Considerations 91 Hyperledger Fabric’s Advantages 91 Hyperledger Fabric’s Design Example Architectures 96 R3 Corda 98 R3 Corda’s Main Selling Points 98 R3 Corda’s Design Considerations 98 R3 Corda’s Design Example Architectures 102 Ethereum 104 Ethereum’s Selling Points 104 Ethereum’s Blockchain Design 105 Ethereum’s Design Example Architectures 107 Quorum 109 Quorum’s Selling Points 109 Quorum’s Blockchain Design Principles 111 Quorum’s Design Example Architectures 113 Summary 114 Chapter 4 Understanding Enterprise Blockchain Consensus 117 Blockchain Consensus Methods from a Historical Perspective 118 The Importance of Consensus 118 Byzantine Generals Problem 119 Byzantine Fault Tolerance 121 Comparing Enterprise Blockchain Consensus Methods 121 Proof-of-Work Consensus 122 Proof-of-Stake Consensus 124 Comparing Proof of Work and Proof of Stake 125 Proof of Elapsed Time 126 Delegated Proof of Stake 128 Delegated Byzantine Fault Tolerance 129 Practical Byzantine Fault Tolerance 130 Istanbul Byzantine Fault Tolerance 130 Raft Consensus 131 Directed Acyclic Graph 132 Blockchain Consensus Evaluation 134 Summary 135 Chapter 5 Enterprise Blockchain Sales and Solutions Engineering 137 Enterprise Blockchain Sales Cycle 137 Blockchain Roles (Stakeholders) 139 IT-Based Sales Cycles 141 Presales Tasks 143 Selling Enterprise Blockchain Solutions 152 Sales Engineering Success 159 Summary 162 Chapter 6 Enterprise Blockchain Economics 163 Introduction to Enterprise Blockchain Economics 163 Enterprise Ecommerce Business Models 163 Value Creation 164 Blockchain Payment Gateways 164 Stablecoins 165 Blockchain Funding and Costs 166 CAPEX and OPEX 166 Cost Considerations 168 Enterprise Blockchain Cost Models 173 Return on Investment 174 Total Cost of Ownership 176 ROI vs TCO 177 Potential Cost Efficiencies 177 Reducing Burdened Labor Costs 177 Using OPEX over CAPEX 179 Lower Transaction Costs 179 Costless Verification 179 Intermediary Roles and Blockchain 179 Summary 181 Chapter 7 Deploying Your Blockchain on BaaS 183 Blockchain as a Service Overview 183 Why Use a Blockchain as a Service? 184 Benefits of Using a Blockchain as a Service 184 Negatives of Using a Blockchain as a Service 185 Blockchain as a Service for Sales Teams 186 Blockchain as a Service Providers 186 Amazon Web Services Options 187 AWS Blockchain templates Deployment High-Level Steps 189 Understanding AWS Regions and Availability Zones 189 Deploying Hyperledger on AWS 191 Deploying AWS Managed Blockchain 221 IBM Cloud Blockchain Platforms 231 Blockchain Platform 2.0 231 Summary 239 Chapter 8 Enterprise Blockchain Use Cases 241 Merits of Blockchain Acceptance 241 Technical Merits of Blockchain 242 Business Merits of Blockchain 243 Common Elements of Blockchain Adoption 244 Financial Sector Use Cases 244 Cross-Border Payments 245 Know Your Customer 247 Peer-to-Peer Lending 248 Security Tokenization 248 Logistics Use Cases 249 Supply Chain 250 Internet of Things 250 Farm to Table 251 Government Use Cases 252 City/State of Dubai 252 Country of Georgia 252 Healthcare Use Cases 253 Other Potential Use Cases 254 Zero-Knowledge Proofs 254 Social Impact, Charity, and Fundraising 255 Distributed Cloud Storage 255 Identity Management 255 Summary 256 Chapter 9 Blockchain Governance, Risk, and Compliance (GRC), Privacy, and Legal Concerns 257 Governance, Risk, and Compliance 257 Compliance Benefits 258 Regulatory Oversight 259 Common Compliance Requirements 261 Smart Contract Legal Concerns 271 Smart Contract Enforcement 272 Smart Contract Adaptability 273 Legal Jurisdiction 274 Liability of Services 274 Financial Sector Compliance 275 Handling Customer Data 275 Intellectual Property 275 Auditing and Logging 276 Summary 277 Chapter 10 Blockchain Development 279 Common Programming Languages 279 Most Common Development Languages 280 Less Widely Used Development Languages 282 Summary of Blockchain Platforms 283 Ethereum Development 284 Smart Contracts 284 Ethereum Ecosystem 288 Ethereum Networks 291 Ethereum Nodes 295 Solidity Programming Language 296 Ethereum APIs 297 Ethereum Testing 299 Hyperledger Development 303 Chaincode 303 Hyperledger Fabric Consensus Options 305 Hyperledger Fabric Database Options 305 Client Applications 306 Fabric REST Services 307 Service Discovery 307 Hyperledger Composer 307 R3 Corda Development 310 Corda Consensus Model 311 CorDapps 311 Corda Network and Nodes 312 Corda Service Hub 312 Corda Doorman 313 Corda Flows 313 Client RPC 313 Oracles 313 Corda DemoBench 313 Quorum Development 315 Quorum vs Ethereum 315 Quorum Cakeshop 315 Blockchain Performance 316 Permission or Permissionless Performance 318 Performance Testing 319 Blockchain Integration and Interoperability 320 Data Exchange Methods 321 Hash Timed Locks 321 Relays and Gateways 321 Summary 322 Chapter 11 Blockchain Security and Threat Landscape 323 Blockchain Security Basics 323 Confidentiality, Integrity, and Availability 324 Blockchain Best Practices 325 Blockchain Security Audits 327 Blockchain Security Assumptions 328 Blockchain Cryptography 328 Blockchain Risks 332 Risk Assessment 332 Risk Mitigation 333 Blockchain Threat Landscape 335 51 Percent Attacks 335 Phishing Attacks 336 DDOS Attacks 336 DNS Hijacking Attacks 337 Eclipse Attacks 337 Insider Attacks 338 Replay Attacks 338 Routing Attacks 339 Sybil Attacks 339 Smart Contract Security 339 Smart Contract Legal Prose 339 Smart Contract Vulnerabilities 340 Blockchain-Specific Features 340 Ethereum 341 Hyperledger Fabric 343 R3 Corda Blockchain 344 Quorum 345 Summary 347 Chapter 12 Blockchain Marketplace Outlook 349 Technology Investments 349 Investments in Blockchain350 Blockchain Market Patents 350 Blockchain Market Growth 352 Complementary and Adverse Blockchain Acceptance Drivers 352 Blockchain Expertise Demand 353 Blockchain Market Expertise Expansion 353 Blockchain Certifications 354 Blockchain Institute of Technology 355 Blockchain Council 355 Blockchain Training Alliance 356 Summary 357 Index 359

Read more less

Book SynopsisTable of ContentsChapter 1: What is the Cloud Visual language: minimalist. Cartoon characters on white background. Images are goofy and memorable, such as a Roomba chasing a cat Content: Covers the ubiquity of the cloud in real life (connected/smart home devices, online services, etc) and sets the tone for why we should care that a book is dedicated to this topic. Asks the big questions that will be answered throughout the text: What is the cloud? How does it work? Why should I care? Now that I know that, what should I do? Chapter 2: Evolution of the Cloud (A Prehistory) Visual language: This section will take place in a prehistoric jungle. Tangled vines, volcanoes, dinosaurs, etc. Content: Covers the background of computing, from mainframes through the client/server era up to virtualization Chapter 3: The Internet: A Series of Tubes Visual language: A steampunk mad scientist’s laboratory, with lots of Rube Goldberg-esque tubes and gears Content: Covers the basics of how data gets from you to the cloud and back again, including remote servers, DNS, IP, etc. Chapter 4: Cloud Architecture Visual language: A construction job site. Bricks and mortar. Think Bob the Builder Content: Covers the core building blocks of cloud architecture. Cloud storage, databases, compute. High availability, scalability, and elasticity. Explains why these things are desirable and, in some cases, revolutionary. Chapter 5: Cloud Security Visual language: Noir (black and white, heavy shadows, stark silhouettes) Content: Covers some of the key risks associated with placing your data in the cloud, both personally and professionally. Uses a fictionalized breach to illustrate what can go wrong Chapter 6: The Internet of Things Visual language: Cubist, non-representational Content: Explains the Internet of Things, including why a smart device isn’t always better (lower security, risk of it not being supported) Chapter 7: Artificial Intelligence Visual language: Used future. Think Blade Runner or Terminator. Red-eyed robots, smog, and neon Content: Covers some basics of how the cloud accelerates AI and machine learning through the centralization of data. Gives examples of when that’s good and when it can be bad (for example, reinforcing conscious or unconscious biases) Chapter 8: What Now? Visual language: Minimalist (same as the opening section; ties everything together) Content: Looks ahead to the future of the cloud, particularly increasing levels of abstraction like serverless, voice programming, and automation. Strikes a hopeful tone and finishes by encouraging the reader to go out and build a better cloud.

Read more less

Book SynopsisExplore the latest and most comprehensive guide to securing your Cloud Native technology stack Cloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates. The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about: Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelinesBuilding a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estatesSecuring the most popular container orchestrator, KubernetesHardening cTable of ContentsIntroduction xix Part I Container and Orchestrator Security 1 Chapter 1 What is a Container? 3 Common Misconceptions 4 Container Components 6 Kernel Capabilities 7 Other Containers 13 Summary 14 Chapter 2 Rootless Runtimes 17 Docker Rootless Mode 18 Installing Rootless Mode 20 Running Rootless Podman 25 Setting Up Podman 26 Summary 31 Chapter 3 Container Runtime Protection 33 Running Falco 34 Configuring Rules 38 Changing Rules 39 Macros 41 Lists 41 Getting Your Priorities Right 41 Tagging Rulesets 42 Outputting Alerts 42 Summary 43 Chapter 4 Forensic Logging 45 Things to Consider 46 Salient Files 47 Breaking the Rules 49 Key Commands 52 The Rules 52 Parsing Rules 54 Monitoring 58 Ordering and Performance 62 Summary 63 Chapter 5 Kubernetes Vulnerabilities 65 Mini Kubernetes 66 Options for Using kube-hunter 68 Deployment Methods 68 Scanning Approaches 69 Hunting Modes 69 Container Deployment 70 Inside Cluster Tests 71 Minikube vs. kube-hunter 74 Getting a List of Tests 76 Summary 77 Chapter 6 Container Image CVEs 79 Understanding CVEs 80 Trivy 82 Getting Started 83 Exploring Anchore 88 Clair 96 Secure Registries 97 Summary 101 Part II DevSecOps Tooling 103 Chapter 7 Baseline Scanning (or, Zap Your Apps) 105 Where to Find ZAP 106 Baseline Scanning 107 Scanning Nmap’s Host 113 Adding Regular Expressions 114 Summary 116 Chapter 8 Codifying Security 117 Security Tooling 117 Installation 118 Simple Tests 122 Example Attack Files 124 Summary 127 Chapter 9 Kubernetes Compliance 129 Mini Kubernetes 130 Using kube-bench 133 Troubleshooting 138 Automation 139 Summary 140 Chapter 10 Securing Your Git Repositories 141 Things to Consider 142 Installing and Running Gitleaks 144 Installing and Running GitRob 149 Summary 151 Chapter 11 Automated Host Security 153 Machine Images 155 Idempotency 156 Secure Shell Example 158 Kernel Changes 162 Summary 163 Chapter 12 Server Scanning With Nikto 165 Things to Consider 165 Installation 166 Scanning a Second Host 170 Running Options 171 Command-Line Options 172 Evasion Techniques 172 The Main Nikto Configuration File 175 Summary 176 Part III Cloud Security 177 Chapter 13 Monitoring Cloud Operations 179 Host Dashboarding with NetData 180 Installing Netdata 180 Host Installation 180 Container Installation 183 Collectors 186 Uninstalling Host Packages 186 Cloud Platform Interrogation with Komiser 186 Installation Options 190 Summary 191 Chapter 14 Cloud Guardianship 193 Installing Cloud Custodian 193 Wrapper Installation 194 Python Installation 195 EC2 Interaction 196 More Complex Policies 201 IAM Policies 202 S3 Data at Rest 202 Generating Alerts 203 Summary 205 Chapter 15 Cloud Auditing 207 Runtime, Host, and Cloud Testing with Lunar 207 Installing to a Bash Default Shell 209 Execution 209 Cloud Auditing Against Benchmarks 213 AWS Auditing with Cloud Reports 215 Generating Reports 217 EC2 Auditing 219 CIS Benchmarks and AWS Auditing with Prowler 220 Summary 223 Chapter 16 AWS Cloud Storage 225 Buckets 226 Native Security Settings 229 Automated S3 Attacks 231 Storage Hunting 234 Summary 236 Part IV Advanced Kubernetes and Runtime Security 239 Chapter 17 Kubernetes External Attacks 241 The Kubernetes Network Footprint 242 Attacking the API Server 243 API Server Information Discovery 243 Avoiding API Server Information Disclosure 244 Exploiting Misconfigured API Servers 245 Preventing Unauthenticated Access to the API Server 246 Attacking etcd 246 etcd Information Discovery 246 Exploiting Misconfigured etcd Servers 246 Preventing Unauthorized etcd Access 247 Attacking the Kubelet 248 Kubelet Information Discovery 248 Exploiting Misconfigured Kubelets 249 Preventing Unauthenticated Kubelet Access 250 Summary 250 Chapter 18 Kubernetes Authorization with RBAC 251 Kubernetes Authorization Mechanisms 251 RBAC Overview 252 RBAC Gotchas 253 Avoid the cluster-admin Role 253 Built-In Users and Groups Can Be Dangerous 254 Read-Only Can Be Dangerous 254 Create Pod is Dangerous 256 Kubernetes Rights Can Be Transient 257 Other Dangerous Objects 258 Auditing RBAC 258 Using kubectl 258 Additional Tooling 259 Rakkess 259 kubectl-who-can 261 Rback 261 Summary 262 Chapter 19 Network Hardening 265 Container Network Overview 265 Node IP Addresses 266 Pod IP Addresses 266 Service IP Addresses 267 Restricting Traffic in Kubernetes Clusters 267 Setting Up a Cluster with Network Policies 268 Getting Started 268 Allowing Access 271 Egress Restrictions 273 Network Policy Restrictions 274 CNI Network Policy Extensions 275 Cilium 275 Calico 276 Summary 278 Chapter 20 Workload Hardening 279 Using Security Context in Manifests 279 General Approach 280 allowPrivilegeEscalation 280 Capabilities 281 privileged 283 readOnlyRootFilesystem 283 seccompProfile 283 Mandatory Workload Security 285 Pod Security Standards 285 PodSecurityPolicy 286 Setting Up PSPs 286 Setting Up PSPs 288 PSPs and RBAC 289 PSP Alternatives 291 Open Policy Agent 292 Installation 292 Enforcement Actions 295 Kyverno 295 Installation 296 Operation 296 Summary 298 Index 299

Read more less

Book SynopsisTable of ContentsForeword to the Fourth Edition xxi Introduction xix Chapter 1 Cloud Concepts, Architecture, and Design 1 Understand Cloud Computing Concepts 2 Cloud Computing Definitions 2 Cloud Computing Roles and Responsibilities 3 Key Cloud Computing Characteristics 7 Building Block Technologies 11 Describe Cloud Reference Architecture 14 Cloud Computing Activities 14 Cloud Service Capabilities 15 Cloud Service Categories 17 Cloud Deployment Models 18 Cloud Shared Considerations 21 Impact of Related Technologies 27 Understand Security Concepts Relevant to Cloud Computing 33 Cryptography and Key Management 33 Identity and Access Control 34 Data and Media Sanitization 36 Network Security 37 Virtualization Security 39 Common Threats 41 Security Hygiene 41 Understand Design Principles of Secure Cloud Computing 43 Cloud Secure Data Lifecycle 43 Cloud- Based Business Continuity and Disaster Recovery Plan 44 Business Impact Analysis 45 Functional Security Requirements 46 Security Considerations for Different Cloud Categories 48 Cloud Design Patterns 49 DevOps Security 51 Evaluate Cloud Service Providers 51 Verification against Criteria 52 System/Subsystem Product Certifications 54 Summary 56 Chapter 2 Cloud Data Security 57 Describe Cloud Data Concepts 58 Cloud Data Lifecycle Phases 58 Data Dispersion 61 Data Flows 62 Design and Implement Cloud Data Storage Architectures 63 Storage Types 63 Threats to Storage Types 66 Design and Apply Data Security Technologies and Strategies 67 Encryption and Key Management 67 Hashing 70 Data Obfuscation 71 Tokenization 73 Data Loss Prevention 74 Keys, Secrets, and Certificates Management 77 Implement Data Discovery 78 Structured Data 79 Unstructured Data 80 Semi- structured Data 81 Data Location 82 Implement Data Classification 82 Data Classification Policies 83 Mapping 85 Labeling 86 Design and Implement Information Rights Management 87 Objectives 88 Appropriate Tools 89 Plan and Implement Data Retention, Deletion, and Archiving Policies 89 Data Retention Policies 90 Data Deletion Procedures and Mechanisms 93 Data Archiving Procedures and Mechanisms 94 Legal Hold 95 Design and Implement Auditability, Traceability, and Accountability of Data Events 96 Definition of Event Sources and Requirement of Event Attribution 97 Logging, Storage, and Analysis of Data Events 99 Chain of Custody and Nonrepudiation 100 Summary 101 Chapter 3 Cloud Platform and Infrastructure Security 103 Comprehend Cloud Infrastructure and Platform Components 104 Physical Environment 104 Network and Communications 106 Compute 107 Virtualization 108 Storage 110 Management Plane 111 Design a Secure Data Center 113 Logical Design 114 Physical Design 116 Environmental Design 117 Analyze Risks Associated with Cloud Infrastructure and Platforms 119 Risk Assessment 119 Cloud Vulnerabilities, Threats, and Attacks 122 Risk Mitigation Strategies 123 Plan and Implementation of Security Controls 124 Physical and Environmental Protection 124 System, Storage, and Communication Protection 125 Identification, Authentication, and Authorization in Cloud Environments 127 Audit Mechanisms 128 Plan Disaster Recovery and Business Continuity 131 Business Continuity/Disaster Recovery Strategy 131 Business Requirements 132 Creation, Implementation, and Testing of Plan 134 Summary 138 Chapter 4 Cloud Application Security 139 Advocate Training and Awareness for Application Security 140 Cloud Development Basics 140 Common Pitfalls 141 Common Cloud Vulnerabilities 142 Describe the Secure Software Development Life Cycle Process 144 NIST Secure Software Development Framework 145 OWASP Software Assurance Maturity Model 145 Business Requirements 145 Phases and Methodologies 146 Apply the Secure Software Development Life Cycle 149 Cloud- Specific Risks 149 Threat Modeling 153 Avoid Common Vulnerabilities during Development 156 Secure Coding 156 Software Configuration Management and Versioning 157 Apply Cloud Software Assurance and Validation 158 Functional and Non- functional Testing 159 Security Testing Methodologies 160 Quality Assurance 164 Abuse Case Testing 164 Use Verified Secure Software 165 Securing Application Programming Interfaces 165 Supply- Chain Management 166 Third- Party Software Management 166 Validated Open- Source Software 167 Comprehend the Specifics of Cloud Application Architecture 168 Supplemental Security Components 169 Cryptography 171 Sandboxing 172 Application Virtualization and Orchestration 173 Design Appropriate Identity and Access Management Solutions 174 Federated Identity 175 Identity Providers 175 Single Sign- on 176 Multifactor Authentication 176 Cloud Access Security Broker 178 Summary 179 Chapter 5 Cloud Security Operations 181 Build and Implement Physical and Logical Infrastructure for Cloud Environment 182 Hardware- Specific Security Configuration Requirements 182 Installation and Configuration of Virtualization Management Tools 185 Virtual Hardware–Specific Security Configuration Requirements 186 Installation of Guest Operating System Virtualization Toolsets 188 Operate Physical and Logical Infrastructure for Cloud Environment 188 Configure Access Control for Local and Remote Access 188 Secure Network Configuration 190 Operating System Hardening through the Application of Baselines 195 Availability of Stand- Alone Hosts 196 Availability of Clustered Hosts 197 Availability of Guest Operating Systems 199 Manage Physical and Logical Infrastructure for Cloud Environment 200 Access Controls for Remote Access 201 Operating System Baseline Compliance Monitoring and Remediation 202 Patch Management 203 Performance and Capacity Monitoring 205 Hardware Monitoring 206 Configuration of Host and Guest Operating System Backup and Restore Functions 207 Network Security Controls 208 Management Plane 212 Implement Operational Controls and Standards 212 Change Management 213 Continuity Management 214 Information Security Management 216 Continual Service Improvement Management 217 Incident Management 218 Problem Management 221 Release Management 221 Deployment Management 222 Configuration Management 224 Service Level Management 225 Availability Management 226 Capacity Management 227 Support Digital Forensics 228 Forensic Data Collection Methodologies 228 Evidence Management 230 Collect, Acquire, and Preserve Digital Evidence 231 Manage Communication with Relevant Parties 234 Vendors 235 Customers 236 Partners 238 Regulators 238 Other Stakeholders 239 Manage Security Operations 239 Security Operations Center 240 Monitoring of Security Controls 244 Log Capture and Analysis 245 Incident Management 248 Summary 253 Chapter 6 Legal, Risk, and Compliance 255 Articulating Legal Requirements and Unique Risks within the Cloud Environment 256 Conflicting International Legislation 256 Evaluation of Legal Risks Specific to Cloud Computing 258 Legal Frameworks and Guidelines 258 eDiscovery 265 Forensics Requirements 267 Understand Privacy Issues 267 Difference between Contractual and Regulated Private Data 268 Country- Specific Legislation Related to Private Data 272 Jurisdictional Differences in Data Privacy 277 Standard Privacy Requirements 278 Privacy Impact Assessments 280 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281 Internal and External Audit Controls 282 Impact of Audit Requirements 283 Identify Assurance Challenges of Virtualization and Cloud 284 Types of Audit Reports 285 Restrictions of Audit Scope Statements 288 Gap Analysis 289 Audit Planning 290 Internal Information Security Management System 291 Internal Information Security Controls System 292 Policies 293 Identification and Involvement of Relevant Stakeholders 296 Specialized Compliance Requirements for Highly Regulated Industries 297 Impact of Distributed Information Technology Model 298 Understand Implications of Cloud to Enterprise Risk Management 299 Assess Providers Risk Management Programs 300 Differences between Data Owner/Controller vs. Data Custodian/Processor 301 Regulatory Transparency Requirements 302 Risk Treatment 303 Risk Frameworks 304 Metrics for Risk Management 307 Assessment of Risk Environment 307 Understand Outsourcing and Cloud Contract Design 309 Business Requirements 309 Vendor Management 311 Contract Management 312 Supply Chain Management 314 Summary 316 Index 317

Read more less

Book SynopsisTable of Contents Introduction xxiii Assessment Test xxxii Chapter 1 Architectural Concepts 1 Cloud Characteristics 3 Business Requirements 5 Understanding the Existing State 6 Cost/Benefit Analysis 7 Intended Impact 10 Cloud Computing Service Categories 11 Software as a Service 11 Infrastructure as a Service 12 Platform as a Service 12 Cloud Deployment Models 13 Private Cloud 13 Public Cloud 13 Hybrid Cloud 13 Multi- Cloud 13 Community Cloud 13 Multitenancy 14 Cloud Computing Roles and Responsibilities 15 Cloud Computing Reference Architecture 16 Virtualization 18 Hypervisors 18 Virtualization Security 19 Cloud Shared Considerations 20 Security and Privacy Considerations 20 Operational Considerations 21 Emerging Technologies 22 Machine Learning and Artificial Intelligence 22 Blockchain 23 Internet of Things 24 Containers 24 Quantum Computing 25 Edge and Fog Computing 26 Confidential Computing 26 DevOps and DevSecOps 27 Summary 28 Exam Essentials 28 Review Questions 30 Chapter 2 Data Classification 35 Data Inventory and Discovery 37 Data Ownership 37 Data Flows 42 Data Discovery Methods 43 Information Rights Management 46 Certificates and IRM 47 IRM in the Cloud 47 IRM Tool Traits 47 Data Control 49 Data Retention 50 Data Audit and Audit Mechanisms 53 Data Destruction/Disposal 55 Summary 57 Exam Essentials 57 Review Questions 59 Chapter 3 Cloud Data Security 63 Cloud Data Lifecycle 65 Create 66 Store 66 Use 67 Share 67 Archive 69 Destroy 70 Cloud Storage Architectures 71 Storage Types 71 Volume Storage: File- Based Storage and Block Storage 72 Object- Based Storage 72 Databases 73 Threats to Cloud Storage 73 Designing and Applying Security Strategies for Storage 74 Encryption 74 Certificate Management 77 Hashing 77 Masking, Obfuscation, Anonymization, and Tokenization 78 Data Loss Prevention 81 Log Capture and Analysis 82 Summary 85 Exam Essentials 85 Review Questions 86 Chapter 4 Security in the Cloud 91 Chapter 5 Shared Cloud Platform Risks and Responsibilities 92 Cloud Computing Risks by Deployment Model 94 Private Cloud 95 Community Cloud 95 Public Cloud 97 Hybrid Cloud 101 Cloud Computing Risks by Service Model 102 Infrastructure as a Service (IaaS) 102 Platform as a Service (PaaS) 102 Software as a Service (SaaS) 103 Virtualization 103 Threats 105 Risk Mitigation Strategies 107 Disaster Recovery (DR) and Business Continuity (BC) 110 Cloud- Specific BIA Concerns 110 Customer/Provider Shared BC/DR Responsibilities 111 Cloud Design Patterns 114 Summary 115 Exam Essentials 115 Review Questions 116 Cloud Platform, Infrastructure, and Operational Security 121 Foundations of Managed Services 123 Cloud Provider Responsibilities 124 Shared Responsibilities by Service Type 125 IaaS 125 PaaS 126 SaaS 126 Securing Communications and Infrastructure 126 Firewalls 127 Intrusion Detection/Intrusion Prevention Systems 128 Honeypots 128 Vulnerability Assessment Tools 128 Bastion Hosts 129 Identity Assurance in Cloud and Virtual Environments 130 Securing Hardware and Compute 130 Securing Software 132 Third- Party Software Management 133 Validating Open- Source Software 134 OS Hardening, Monitoring, and Remediation 134 Managing Virtual Systems 135 Assessing Vulnerabilities 137 Securing the Management Plane 138 Auditing Your Environment and Provider 141 Adapting Processes for the Cloud 142 Planning for Cloud Audits 143 Summary 144 Exam Essentials 145 Review Questions 147 Chapter 6 Cloud Application Security 151 Developing Software for the Cloud 154 Common Cloud Application Deployment Pitfalls 155 Cloud Application Architecture 157 Cryptography 157 Sandboxing 158 Application Virtualization and Orchestration 158 Application Programming Interfaces 159 Multitenancy 162 Supplemental Security Components 162 Cloud- Secure Software Development Lifecycle (SDLC) 164 Software Development Phases 165 Software Development Models 166 Cloud Application Assurance and Validation 172 Threat Modeling 172 Common Threats to Applications 174 Quality Assurance and Testing Techniques 175 Supply Chain Management and Licensing 177 Identity and Access Management 177 Cloud Identity and Access Control 178 Single Sign- On 179 Identity Providers 180 Federated Identity Management 180 Multifactor Authentication 181 Secrets Management 182 Common Threats to Identity and Access Management in the Cloud 183 Zero Trust 183 Summary 183 Exam Essentials 184 Review Questions 186 Chapter 7 Operations Elements 191 Designing a Secure Data Center 193 Build vs. Buy 193 Location 194 Facilities and Redundancy 196 Data Center Tiers 200 Logical Design 201 Virtualization Operations 202 Storage Operations 205 Managing Security Operations 207 Security Operations Center (SOC) 208 Continuous Monitoring 208 Incident Management 209 Summary 209 Exam Essentials 210 Review Questions 211 Chapter 8 Operations Management 215 Monitoring, Capacity, and Maintenance 217 Monitoring 217 Physical and Environmental Protection 218 Maintenance 219 Change and Configuration Management 224 Baselines 224 Roles and Process 226 Release and Deployment Management 228 Problem and Incident Management 229 IT Service Management and Continual Service Improvement 229 Business Continuity and Disaster Recovery 231 Prioritizing Safety 231 Continuity of Operations 232 BC/DR Planning 232 The BC/DR Toolkit 234 Relocation 235 Power 237 Testing 238 Summary 239 Exam Essentials 239 Review Questions 241 Chapter 9 Legal and Compliance Issues 245 Legal Requirements and Unique Risks in the Cloud Environment 247 Constitutional Law 247 Legislation 249 Administrative Law 249 Case Law 250 Common Law 250 Contract Law 250 Analyzing a Law 251 Determining Jurisdiction 251 Scope and Application 252 Legal Liability 253 Torts and Negligence 254 U.S. Privacy and Security Laws 255 Health Insurance Portability and Accountability Act 255 The Health Information Technology for Economic and Clinical Health Act 258 Gramm–Leach–Bliley Act 259 Sarbanes–Oxley Act 261 State Data Breach Notification Laws 261 International Laws 263 European Union General Data Protection Regulation 263 Adequacy Decisions 267 U.S.- EU Safe Harbor and Privacy Shield 267 Laws, Regulations, and Standards 269 Payment Card Industry Data Security Standard 270 Critical Infrastructure Protection Program 270 Conflicting International Legislation 270 Information Security Management Systems 272 Iso/iec 27017:2015 272 Privacy in the Cloud 273 Generally Accepted Privacy Principles 273 Iso 27018 279 Direct and Indirect Identifiers 279 Privacy Impact Assessments 280 Cloud Forensics 281 Forensic Requirements 281 Cloud Forensic Challenges 281 Collection and Acquisition 282 Evidence Preservation and Management 283 e-discovery 283 Audit Processes, Methodologies, and Cloud Adaptations 284 Virtualization 284 Scope 284 Gap Analysis 285 Restrictions of Audit Scope Statements 285 Policies 286 Audit Reports 286 Summary 288 Exam Essentials 288 Review Questions 290 Chapter 10 Cloud Vendor Management 295 The Impact of Diverse Geographical Locations and Legal Jurisdictions 297 Security Policy Framework 298 Policies 298 Standards 300 Procedures 302 Guidelines 303 Exceptions and Compensating Controls 304 Developing Policies 305 Enterprise Risk Management 306 Risk Identification 308 Risk Calculation 308 Risk Assessment 309 Risk Treatment and Response 313 Risk Mitigation 313 Risk Avoidance 314 Risk Transference 314 Risk Acceptance 315 Risk Analysis 316 Risk Reporting 316 Enterprise Risk Management 318 Assessing Provider Risk Management Practices 318 Risk Management Frameworks 319 Cloud Contract Design 320 Business Requirements 321 Vendor Management 321 Data Protection 323 Negotiating Contracts 324 Common Contract Provisions 324 Contracting Documents 326 Government Cloud Standards 327 Common Criteria 327 FedRAMP 327 Fips 140- 2 327 Manage Communication with Relevant Parties 328 Summary 328 Exam Essentials 329 Review Questions 330 Appendix Answers to the Review Questions 335 Chapter 1: Architectural Concepts 336 Chapter 2: Data Classification 337 Chapter 3: Cloud Data Security 339 Chapter 4: Security in the Cloud 341 Chapter 5: Cloud Platform, Infrastructure, and Operational Security 343 Chapter 6: Cloud Application Security 345 Chapter 7: Operations Elements 347 Chapter 8: Operations Management 349 Chapter 9: Legal and Compliance Issues 350 Chapter 10: Cloud Vendor Management 352 Index 355

Read more less

Book SynopsisTable of ContentsIntroduction xv Chapter 1 Domain 1: Cloud Concepts, Architecture, and Design 1 Chapter 2 Domain 2: Architecture and Design 23 Chapter 3 Domain 3: Cloud Platform and Infrastructure Security 45 Chapter 4 Domain 4: Cloud Application Security 65 Chapter 5 Domain 5: Cloud Security Operations 85 Chapter 6 Domain 6: Legal, Risk, and Compliance 105 Chapter 7 Practice Test 1 125 Chapter 8 Practice Test 2 151 Appendix Answers to Review Questions 175 Chapter 1: Domain 1: Cloud Concepts, Architecture, and Design 176 Chapter 2: Domain 2: Architecture and Design 188 Chapter 3: Domain 3: Cloud Platform and Infrastructure Security 198 Chapter 4: Domain 4: Cloud Application Security 213 Chapter 5: Domain 5: Cloud Security Operations 223 Chapter 6: Domain 6: Legal, Risk, and Compliance 232 Chapter 7: Practice Test 1 245 Chapter 8: Practice Test 2 259 Index 273

Read more less

Book SynopsisThis book provides a comprehensive overview of the research on anomaly detection with respect to context and situational awareness that aim to get a better understanding of how context information influences anomaly detection. In each chapter, it identifies advanced anomaly detection and key assumptions, which are used by the model to differentiate between normal and anomalous behavior. When applying a given model to a particular application, the assumptions can be used as guidelines to assess the effectiveness of the model in that domain. Each chapter provides an advanced deep content understanding and anomaly detection algorithm, and then shows how the proposed approach is deviating of the basic techniques. Further, for each chapter, it describes the advantages and disadvantages of the algorithm. The final chapters provide a discussion on the computational complexity of the models and graph computational frameworks such as Google Tensorflow and H2O because it is an important issueTable of Contents1 Large-Scale Video Event Detection Using Deep Neural Networks 2 Leveraging Selectional Preferences for Anomaly Detection in Newswire Events 3 Abnormal Event Recognition in Crowd Environments 4 Cognitive Sensing: Adaptive Anomalies Detection with Deep Networks 5 Language-Guided Visual Recognition 6 Deep Learning for Font Recognition and Retrieval 7 A Distributed Secure Machine-Learning Cloud Architecture for Semantic Analysis 8 A Practical Look at Anomaly Detection Using Autoencoders with H2O and the R Programming Language

Read more less

Book SynopsisWritten in a tutorial style, this comprehensive guide follows a structured approach explaining cloud techniques, models and platforms. Popular cloud services such as Amazon, Google and Microsoft Azure are explained in the text. The security risks and challenges of cloud computing are discussed in detail with useful examples. Emerging trends including mobile cloud computing and internet of things are discussed in the book for the benefit of the readers. Numerous review questions, multiple choice exercises and case studies facilitate enhanced understanding. This textbook is ideal for undergraduate and graduate students of computer science engineering, and information technology.Table of ContentsFigures; Tables; Preface; Acknowledgements; 1. Introduction; 2. Evolution and enabling technologies; 3. Benefits and challenges; 4. Cloud computing model; 5. Cloud computing services; 6. Security reference model; 7. Resource virtualization; 8. Resource pooling, sharing and provisioning; 9. Scaling in the cloud; 10. Capacity planning; 11. Load balancing; 12. Service-oriented architecture; 13. File system and storage; 14. Database technology; 15. Content delivery network; 16. Security issues; 17. Privacy and compliance issues; 18. Portability and interoperability issues; 19. Cloud management and a programming model case study; 20. Popular cloud services; 21. Mobile cloud computing and internet of things; Appendix I. Hot research topics; Index.

Read more less