CCNA Cloud

CCNA
Cloud
CLDFND 210-451
Official Cert Guide
GUSTAVO A. A. SANTANA, CCIE No. 8806
Cisco Press
800 East 96th Street
Indianapolis, IN 46240
ii CCNA Cloud CLDFND 210-451 Official Cert Guide
CCNA Cloud CLDFND 210-451

Official Cert Guide
Gustavo A. A. Santana
Copyright© 2016 Pearson Education, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval
system, without written permission from the publisher, except for the inclusion of brief quotations in a
review.
Printed in the United States of America
First Printing April 2016
Library of Congress Control Number: 2015957536
ISBN-13: 978-1-58714-700-5
ISBN-10: 1-58714-7009
Warning and Disclaimer

This book is designed to provide information about the CCNA Cloud CLDFND 210-451 exam. Every
effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness
is implied.
The information is provided on an “as is” basis. The author, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately
capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a
term in this book should not be regarded as affecting the validity of any trademark or service mark.
Publisher: Paul Boger Associate Publisher: Dave Dusthimer
Business Operation Manager, Cisco Press: Jan Cornelssen Acquisitions Editor: Denise Lincoln
Managing Editor: Sandra Schroeder Development Editor: Ellie Bru
Project Editor: Mandie Frank Copy Editor: Bill McManus
Technical Editors: Fernando de Almeida, Adilson Silva Editorial Assistant: Vanessa Evans
Designer: Mark Shirar Composition: Trina Wurst
Senior Indexer: Cheryl Lenser Proofreader: The Wordsmithery LLC

iii
Figure Attributions
Figure 4-15: “airplane cockpit” [92430886] © Sergey Bogdanov
Figure 5-1: “Процессор” [77587032]© Bashkirov, “Some module DDR RAM memory computer on
white background” [77697137] © peuceta, “HDD on whitre” [75921949] © Natalia Merzlyakova, “con-
nectivity problem concept with lan cable & network card” [54429846] © Bacho Foto
Figure 8-1: “Stack of DDR RAM sticks on isolated background” [57415022] © finallast, “Computer hard
drives stack” [73144222] © destina, “data center” [54917331] © kubais
Figure 8-11: “disco duro” [38666746] © estionx, “Connectors cable ATA and IDE interface for com-
puter” [53636918] © dmitrydesigner
Figure 8-12: “Harddisk drive, close up image of device” [68745710] © charcomphoto, “SATA cable”
[8713125] © Vladimir Agapov
Figure 14-5: “Auto parts store. Automotive basket shop” [64856957] © Oleksandr Delyk, “Red body car”
[60704600] © Cla78, “Red roadster” [62654792] © Vladimir Kramin
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may
include electronic versions; custom cover designs; and content particular to your business, training goals,
marketing focus, or branding interests), please contact our corporate sales department at corpsales@
pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact [email protected].
For questions about sales outside the United States, please contact [email protected].
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise
of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at [email protected]. Please make sure to include the book title and ISBN in your
message.
We greatly appreciate your assistance.

iv CCNA Cloud CLDFND 210-451 Official Cert Guide
About the Author

Gustavo A. A. Santana, CCIE No. 8806, is the author of Data Center Virtualization
Fundamentals (CiscoPress, 2013) and a Cisco Technical Solutions Architect working in
enterprise and service provider data center projects that require a greater integration among
multiple technology areas such as networking, application optimization, storage, and servers.
With more than 18 years of experience in the data center industry, Gustavo has led and
coordinated a team of specialized Cisco engineers in Brazil. A true believer of education
as a technology catalyst, he has also dedicated himself to the technical development
of many IT professionals from customer, partner, and strategic alliance organizations.
In addition to holding three CCIE certifications (Data Center, Storage Networking,
and Routing & Switching), Gustavo is an SNIA Certified Storage Networking Expert
(SCSN-E). A frequent speaker at Cisco Live and data center industry events, he holds a
degree in computer engineering from Instituto Tecnológico de Aeronáutica (ITA-Brazil)
and an MBA in strategic IT management from Fundação Getúlio Vargas (FGV-Brazil).
Gustavo maintains a personal blog in which he discusses topics related to data center vir-
tualization technologies at http://gustavoaasantana.net.
About the Technical Reviewers

Fernando de Almeida, CCIE No. 8831 (R&S and SP), has more than 18 years of experi-
ence in telecommunications and networking. Fernando joined Cisco in 2000 as a TAC
engineer and moved on to other functions in Advanced Services, focusing on service
providers and enterprise customers. He has had active participation in design and imple-
mentation of the biggest service providers in Latin America, in technologies such as
MPLS, TE, VPLS, QoS, and BGP, and has worked as a Solutions Architect for the big-
gest banks in Brazil, integrating key environments, such as core wide-area networks, data
center networks, network security, and wireless networks. He has been a speaker at vari-
ous network conferences (including Cisco Live), and he is currently involved in Internet
of Things projects, mainly in Smart Grid. Before joining Cisco, Fernando worked as a
pre-sales engineer and instructor at Nortel. He graduated with an electrical engineering
degree and an MBA in IT management from Universidade de São Paulo.
Adilson Silva, CCIE No. 30110, is a Cisco Technical Solutions Architect at Cisco
Systems involved in public and hybrid cloud Cisco architectures as well as cloud man-
aged services solutions through Cisco partners. Adilson’s expertise includes data center
virtualization, routing and switching, hypervisor solutions, and hybrid cloud using Cisco
Intercloud Fabric solutions for business as well as for providers including Cisco Powered
partners, Cisco Cloud Architecture for Microsoft, and OpenStack, which includes Cisco
Metapod solutions for private customer clouds.
During his more than 14 years of experience in the networking industry, Adilson spent
his last 7 years at Cisco Systems. In the last 3 years he has covered Cloud & Managed
Services for the whole of the Latin America region.
In addition to holding his CCIE certification (Routing & Switching), Adilson holds a
degree in science computing from Estácio University (Brazil) and an MBA in communica-
tion services from Universidade Federal Fluminense (UFF-Brazil).
v
Dedications
This book is dedicated to my wife and true love, Carlene. Besides being my unconditional
supporter, she is also my co-author on two wonderful long-term projects: our daughters
Carolina and Cecília. I wholeheartedly dedicate this writing to both of them, too.
I also dedicate this publication to my parents, Honorio and Cleia, who have taught me
that one can only learn by being fearless and humble.
Finally, this book is dedicated to every person who is (or once was) a CCNA candidate.
Your passion, commitment, and integrity are the strong threads that wove our connected
world together.
vi CCNA Cloud CLDFND 210-451 Official Cert Guide
Acknowledgments
Although the cover of this book exhibits a single author, the many months of writing
would be fruitless without the support of an entire network of relatives, friends, and
professionals who are acknowledged here.
First, I would like to thank my sister Raquel and brother André for the family support
during this book writing.
I would also like to express my gratitude to my friend and trusted advisor Alexandre M.
S. P. Moraes, who has always shared with me his invaluable insights and experiences as a
technical author.
Many thanks to Andrey Lee for the wonderful illustrations in Chapters 1 and 14.
Sincere thanks to my manager, Renier Souza, for actively helping me coordinate my pro-
fessional life and this writing.
My thanks to the technical reviewers Adilson Silva and Fernando Almeida for their
outstanding contributions and focus to make this work more effective for its targeted
readership.
A personal thanks to the data center tiger team at Cisco Brazil, which has always served
as my treasured “brain trust” for best practices and innovative ideas.
I am also very grateful to Simon Richards, Gordon Hirst, and all professionals behind
Cisco Demo Cloud (dCloud), which was an inestimable tool for this book development.
Thanks to all the Pearson production team, especially Ellie Bru, Mandie Frank, and Bill
McManus who helped me to create the final version of this book.
I will always be grateful to Mary Beth Ray and Anand Sundaram for giving me the
unique opportunity of becoming a Cisco Press author back in 2012.
A very special thank you goes to Denise Lincoln, for trusting me with the honor of writ-
ing this book and for the amazing support during its development.
vii
Contents at a Glance
Introduction xxi
Part I Cloud Concepts

Chapter 1 What Is Cloud Computing? 3
Chapter 2 Cloud Shapes: Service Models 29
Part II Cloud Deployments

Chapter 3 Cloud Heights: Deployment Models 57
Chapter 4 Behind the Curtain 87
Part III Server Virtualization for Cloud

Chapter 5 Server Virtualization 119
Chapter 6 Infrastructure Virtualization 149
Chapter 7 Virtual Networking Services and Application Containers 187
Part IV Cloud Storage

Chapter 8 Block Storage Technologies 221
Chapter 9 File Storage Technologies 265
Part V Architectures for Cloud

Chapter 10 Network Architectures for the Data Center: Unified Fabric 301
Chapter 11 Network Architectures for the Data Center: SDN and ACI 363
Chapter 12 Unified Computing 407
Chapter 13 Cisco Cloud Infrastructure Portfolio 457
Chapter 14 Integrated Infrastructures 493
Chapter 15 Final Preparation 517
Glossary 523
Appendix A Answers to Pre-Assessments and Quizzes 539
Appendix B Memory Tables 543
Appendix C Answers to Memory Tables 561
Index 578
Appendix D Study Planner CD

viii CCNA Cloud CLDFND 210-451 Official Cert Guide
Contents
Introduction xxi
Part I Cloud Concepts
Chapter 1 What Is Cloud Computing? 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Welcome to the Cloud Hype 7
Historical Steps Toward Cloud Computing 9
The Many Definitions of Cloud Computing 11
The Data Center 12
Common Cloud Characteristics 14
On-Demand Self-Service 14
Rapid Elasticity 16
Resource Pooling 17
Measured Service 19
Broad Network Access 20
Multi-tenancy 21
Classifying Clouds 22
Around the Corner: Agile, Cloud-Scale Applications, and DevOps 24
Further Reading 26
Exam Preparation Tasks 27
Review All the Key Topics 27
Complete the Tables and Lists from Memory 27
Define Key Terms 27
Chapter 2 Cloud Shapes: Service Models 29

Foundation Topics 32
Service Providers and Information Technology 32
Service-Level Agreement 34
Cloud Providers 34
Infrastructure as a Service 36
Regions and Availability Zones 38
IaaS Example: Amazon Web Services 39
Platform as a Service 43
PaaS Example: Microsoft Azure 45
Software as a Service 49
SaaS Examples 50
Around the Corner: Anything as a Service 52
Further Reading 53
ix

Define Key Terms 54
Part II Cloud Deployments

Chapter 3 Cloud Heights: Deployment Models 57
Public Clouds 61
Risks and Challenges 62
Security 62
Control 63
Cost 64
Private Clouds 65
Community Clouds 67
Hybrid Clouds 69
Cisco Intercloud 70
Cisco Intercloud Fabric 73
Intercloud Fabric Architecture 74
Intercloud Fabric Services 76
Intercloud Fabric Use Cases 83
Around the Corner: Private Cloud as a Service 83
Further Reading 83
Define Key Terms 84
Chapter 4 Behind the Curtain 87

Cloud Computing Architecture 89
Cloud Portal 90
Cloud Orchestrator 94
Cloud Meter 97
Cloud Infrastructure: Journey to the Cloud 99
Consolidation 100
Virtualization 102
Standardization 103
x CCNA Cloud CLDFND 210-451 Official Cert Guide
Automation 103
Orchestration 104
Application Programming Interfaces 105
CLI vs API 106
RESTful APIs 111
Around the Corner: OpenStack 115
Further Reading 116
Define Key Terms 117
Part III Server Virtualization for Cloud

Chapter 5 Server Virtualization 119
Introduction to Servers and Operating Systems 122
What Is a Server? 122
Server Operating Systems 124
Server Virtualization History 125
Mainframe Virtualization 126
Virtualization on x86 127
Server Virtualization Definitions 128
Hypervisor 129
Hypervisor Types 130
Virtual Machines 130
Virtual Machine Manager 132
Hypervisor Architectures 132
VMware vSphere 133
Microsoft Hyper-V 133
Linux Kernel-based Virtual Machine 134
Multi-Hypervisor Environments 135
Server Virtualization Features 136
Virtual Machine High Availability 136
Virtual Machine Live Migration 137
Resource Load Balancing 140
Virtual Machine Fault Tolerance 140
Other Interesting Features 141
xi
Cloud Computing and Server Virtualization 142

Self-Service on Demand 142
Resource Pooling 143
Elasticity 144
Around the Corner: Linux Containers and Docker 144
Further Reading 145
Review All Key Topics 146
Chapter 6 Infrastructure Virtualization 149

Virtual Machines and Networking 152
An Abstraction for Virtual Machine Traffic Management 152
The Virtual Switch 154
Distributed Virtual Switch 157
Virtual Networking on Other Hypervisors 158
Networking Challenges in Server Virtualization Environments 159
Cisco Nexus 1000V 161
Cisco Nexus 1000V Advanced Features 166
Cisco Nexus 1000V: A Multi-Hypervisor Platform 168
Virtual eXtensible LAN 171
VXLAN in Action 173
How Does VXLAN Solve VLAN Challenges? 177
Standard VXLAN Deployment in Cisco Nexus 1000V 177
VXLAN Gateways 180
Around the Corner: Unicast-Based VXLAN 181
Further Reading 184
Chapter 7 Virtual Networking Services and Application Containers 187

Virtual Networking Services 190
Service Insertion in Physical Networks 190
xii CCNA Cloud CLDFND 210-451 Official Cert Guide
Virtual Services Data Path 192

Cisco Virtual Security Gateway 193
Cisco Adaptive Security Virtual Appliance 197
Cisco Cloud Services Router 1000V 199
Citrix NetScaler 1000V 201
Cisco Virtual Wide Area Application Services 205
vPath Service Chains 208
Virtual Application Containers 210
Around the Corner: Service Insertion Innovations 217
Further Reading 218
Part IV Cloud Storage

Chapter 8 Block Storage Technologies 221
What Is Data Storage? 224
Hard Disk Drives 225
RAID Levels 226
Disk Controllers and Disk Arrays 228
Volumes 231
Accessing Blocks 233
Advanced Technology Attachment 234
Small Computer Systems Interface 235
Fibre Channel Basics 237
Fibre Channel Topologies 238
Fibre Channel Addresses 239
Fibre Channel Flow Control 241
Fibre Channel Processes 241
Fabric Shortest Path First 243
Fibre Channel Logins 245
Zoning 246
SAN Designs 247
Virtual SANs 250
VSAN Definitions 251
VSAN Trunking 253
xiii
Zoning and VSANs 254

VSAN Use Cases 255
Internet SCSI 256
Cloud Computing and SANs 258
Block Storage for Cloud Infrastructure 258
Block Storage as a Service 259
Around the Corner: Solid-State Drives 260
Further Reading 261
Chapter 9 File Storage Technologies 265

What Is a File? 268
File Locations 269
Main Differences Between Block and File Technologies 270
Building a File System 271
File Namespace 272
Linux File Naming Rules 272
Windows File Naming Rules 273
Volume Formatting 274
Extended Filesystems 274
FAT and NTFS 278
Permissions 281
Linux Permissions 281
NTFS Permissions 282
Accessing Remote Files 285
Network File System 286
Common NFS Client Operations 287
Common NFS NAS Operations 289
Server Message Block 289
Common SMB Client Operations 292
Common SMB NAS Operations 292
Other File Access Protocols 293
Cloud Computing and File Storage 294
File Storage for Cloud Infrastructure 294
xiv CCNA Cloud CLDFND 210-451 Official Cert Guide
File Hosting 294

OpenStack Manila 295
Around the Corner: Object Storage 297
Further Reading 298
Part V Architectures for Cloud
Chapter 10 Network Architectures for the Data Center: Unified Fabric 301
Attributes of Data Center Networks 304
The Three-Tier Design 305
Device Virtualization 307
Why Use VDCs? 309
Creating VDCs 310
Allocating Resources to VDCs 312
Virtual PortChannels 313
Link Aggregation 315
Creating vPCs 317
Adding vPCs to the Three-Tier Design 319
Fabric Extenders 320
Top-of-Rack Designs 320
End-of-Row and Middle-of-Row Designs 321
Enter the Nexus 2000 322
High-available Fabric Extender Topologies 325
Overlay Transport Virtualization 326
Layer 2 Extension Challenges 327
I Want My OTV! 329
Configuring OTV 332
OTV Site Designs 335
I/O Consolidation 336
Data Center Bridging 338
Priority-based Flow Control 338
Enhanced Transmission Selection 339
Data Center Bridging Exchange 340
Fibre Channel over Ethernet 341
FCoE Definitions 341
xv
Deploying I/O Consolidation 343

I/O Consolidation Designs 346
FabricPath 349
Address Learning with FabricPath 351
Configuring FabricPath 352
FabricPath and Spanning Tree Protocol 354
Introduction to Spine-Leaf Topologies 356
Around the Corner: VXLAN Fabrics 358
Further Reading 360
Chapter 11 Network Architectures for the Data Center: SDN and ACI 363
Cloud Computing and Traditional Data Center Networks 366
The Opposite of Software-Defined Networking 367
Network Programmability 369
Network Management Systems 369
Automated Networks 370
Programmable Networks 371
SDN Approaches 374
Separation of the Control and Data Planes 375
The OpenFlow Protocol 376
OpenDaylight 378
Software-based Virtual Overlays 381
Application Centric Infrastructure 382
Problems Not Addressed by SDN 382
ACI Architecture 383
ACI Policy Model 385
Concerning EPGs 388
Concerning Contracts 389
Cisco APIC 391
Fabric Management 392
Integration 394
Visibility 395
A Peek into ACI’s Data Plane 396
Integration with Virtual Machine Managers 398
xvi CCNA Cloud CLDFND 210-451 Official Cert Guide
Around the Corner: OpenStack Neutron 399

Further Reading 403
Chapter 12 Unified Computing 407

Physical Servers in a Virtual World 410
X86 Microarchitecture 411
Physical Server Formats 413
Server Provisioning Challenges 414
Infrastructure Preparation 415
Pre-Operating System Installation Operations 417
Introducing the Cisco Unified Computing System 418
UCS Fabric Interconnects 419
UCS Manager 424
UCS B-Series 426
UCS C-Series 430
UCS Virtual Interface Cards 432
UCS Server Identity 436
Building a Service Profile 437
Policies 442
Cloning 443
Pools 444
Templates 445
UCS Central 449
Cloud Computing and UCS 451
Around the Corner: OpenStack Ironic 453
Further Reading 453
Chapter 13 Cisco Cloud Infrastructure Portfolio 457

xvii
Cisco MDS 9000 Series Multilayer Directors and Fabric Switches 460
Cisco Nexus Data Center Switches 462
Cisco Nexus 1000V Series Switches 462
Cisco Nexus 1100 Cloud Services Platforms 463
Cisco Nexus 2000 Series Fabric Extenders 464
Cisco Nexus 3000 Series Switches 466
Cisco Prime Data Center Network Manager 478
Cisco Unified Computing System 479
Cisco UCS 6200 and 6300 Series Fabric Interconnects 480
Cisco UCS 5100 Series Blade Server Chassis 481
Cisco UCS 2200 Series Fabric Extenders 481
Cisco UCS B-Series Blade Servers 482
Cisco UCS C-Series Rack Servers 482
Cisco UCS Invicta 483
Cisco UCS M-Series Modular Servers 484
Cisco Virtual Networking Services 486
Cisco Adaptive Security Virtual Appliance 486
Cisco Cloud Services Router 1000V 487
Citrix NetScaler 1000V 488
Cisco Virtual Wide-Area Application Services 489
Virtual Security Gateway 490
Chapter 14 Integrated Infrastructures 493

Modular Data Centers 497
Pool of Devices 497
Custom PODs vs. Integrated Infrastructures 501
FlexPod 503
Vblock 506
VSPEX 508
UCS Integrated Infrastructure for Red Hat OpenStack 510
xviii CCNA Cloud CLDFND 210-451 Official Cert Guide
Around the Corner: Hyperconvergence 510

Further Reading 512
Before We Go 512
Chapter 15 Final Preparation 517

Tools for Final Preparation 517
Pearson Cert Practice Test Engine and Questions 517
Companion Website 517
Pearson IT Certification Practice Test Engine and Questions 518
Install the Software 518
Activate and Download the Practice Exam 519
Activating Other Exams 520
Assessing Exam Readiness 520
Premium Edition eBook and Practice Tests 520
Premium Edition 520
The Cisco Learning Network 520
Memory Tables 521
Chapter-Ending Review Tools 521
Suggested Plan for Final Review/Study 521
Using the Exam Engine 522
Summary 522
Glossary 523
Appendix A Answers to Pre-Assessments and Quizzes 539
Appendix B Memory Tables 543
Appendix C Answers to Memory Tables 561
Index 578
Appendix D Study Planner CD

xix
Icons Used in This Book
Branch Office Employee/ End User Running Network Clouds

Accounting and Sales Person
PC Web Laptop CiscoWorks Newton

Server Workstation
File Application 10GE/FCoE Mainframe Database UCS 5108 Blade MUX

Server Chassis
10GE
Nexus UCS C-Series Workgroup Nexus Nexus 2000

7000 Switch 5000 10GE
Nexus 2000 Router Nexus Cisco ASA System

Fabric Extender 1KV VSM 5500 Controller
Multilayer Bridge Firewall FC Storage Server Load

Switch Balancer
Wide Area Nexus Cisco MDS Cisco MDS Multilayer UCS 6200 Series
Application 1000 Multilayer Fabric Switch Fabric Interconnect
Engine Director
xx CCNA Cloud CLDFND 210-451 Official Cert Guide
Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these conven-
tions as follows:
■ Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).
■ Italic indicates arguments for which you supply actual values.
■ Vertical bars (|) separate alternative, mutually exclusive elements.
■ Square brackets ([ ]) indicate an optional element.
■ Braces ({ }) indicate a required choice.
■ Braces within brackets ([{ }]) indicate a required choice within an optional element.
xxi
Introduction
Working as an information technology professional for many years, I have pursued a con-
siderable number of certifications. However, I have always reserved a special place in my
heart for my first one: Cisco Certified Network Associate (CCNA).
Back in 1999, I was thrilled to discover that having obtained this certification was going
to radically change my career for the better. Undoubtedly, I was being recognized by the
market as a tested network professional, and better job opportunities immediately started
to appear.
What surprised me the most was that the CCNA certification did not dwell too much on
products. Instead, it focused on foundational networking concepts, which I still use today
on a daily basis. Smartly, Cisco had already realized that technologies may quickly change,
but concepts remain consistent throughout the years, like genes that are passed through
uncountable generations of life forms.
Fast forwarding 17 years, the world has turned its attention to cloud computing and all
the promises it holds to make IT easy and flexible. But contrarily to the late 1990s, the
explosion of information and opinions that currently floods on the Internet causes more
confusion than enlightenment in professionals interested in understanding any IT related
topic with reasonable depth.
Bringing method and objectivity to such potential chaos, Cisco has launched a brand-new,
associate-level certification: CCNA Cloud. And fortunately, the invitation to write this
book has given me not only the opportunity to systematically explore cloud computing,
but also the personal satisfaction of positively contributing to my favorite certification.
Goals and Methods

Obviously, the primary objective of this book is to help you pass the CCNA Cloud
CLDFND 210-451 Exam. However, as previously mentioned, it is also designed to facili-
tate your learning of foundational concepts underlying cloud computing that will carry
over into your professional job experience; this book is not intended to be an exercise in
rote memorization of terms and technologies.
With the intention of giving you a holistic view of cloud computing and a more reward-
ing learning experience, the order in which I present the material is designed to provide
a logical progression of explanations from basic concepts to complex architectures.
Notwithstanding, if you are interested in covering specific gaps in your preparation for
the exam, you can also read the chapters out of the proposed sequence.
Each chapter roughly follows this structure:
■ A description of the business and technological context of the explained technology,

approach, or architecture.
■ An explanation of the challenges addressed by such technology, approach, or
architecture.
■ A detailed analysis that immerses the reader in the main topic of the chapter, including
its characteristics, possibilities, results, and consequences.
xxii CCNA Cloud CLDFND 210-451 Official Cert Guide
■ A thorough explanation of how this technology, approach, or architecture is applicable

to real-world cloud computing environments.
■ A section called “Around the Corner” that points out related topics, trends, and technol-
ogies that you are not specifically required to know for the CCNA Cloud CLDFND 210-
451 exam, but are very important for your knowledge as a cloud computing professional.
Who Should Read This Book?

CCNA Cloud certification candidates are the target audience for this book . However, it is
also designed to offer a proper introduction to fundamental concepts and technologies for
engineers, architects, developers, analysts, and students that are interested in cloud computing.
Strategies for Exam Preparation

Whether you want to read the book in sequence or pick specific chapters to cover knowl-
edge gaps, I recommend that you include the following guidelines in your study for the
CCNA Cloud CLDFND 210-451 exam each time you start a chapter:
■ Answer the “Do I Know This Already?” quiz questions to assess your expertise in the
chapter topic.
■ Check the results in Appendix A, “Answers to the Pre-Assessments and Quizzes.”
■ Based on your results, read the Foundation Topics sections, giving special attention to
the sections corresponding to the questions you have not answered correctly.
■ After the first reading, try to complete the memory tables and define the key terms
from the chapter, and verify the results in the appendices. If you make a mistake in a
table entry or the definition of a key term, review the related section.
Remember: discovering gaps in your preparation for the exam is as important as address-
ing them.
Additionally, you can use Appendix D, “Study Planner,” to control the pace of your study
during the first reading of this certification guide as whole. In this appendix, you can
establish goal dates to read the contents of each chapter and reserve time to test what you
have learned through practice tests generated from the Pearson Cert Practice Test engine.
How This Book Is Organized

In times where blog posts and tweets provide disconnected pieces of information, this
book intends to serve a complete learning experience, where order and consistency
between chapters do matter.
For such purpose, Chapters 1 through 15 cover the following topics:
■ Chapter 1, “What Is Cloud Computing?”—Unfortunately, massive hype surround-

ing cloud computing in the past several years has resulted in more distraction than
certainty for the majority of IT professionals. With lots of different vendors claiming
that cloud environments can only exist via their products, many fundamental aspects of
cloud computing have been simply glossed over or, even worse, undiscovered.
xxiii
Peeling away these marketing layers, this chapter focuses on the history of cloud com-
puting, from its humble beginnings to its widespread adoption during this decade. As a
theoretical foundation, it explores NIST’s definition of cloud computing and the essen-
tial common characteristics of cloud computing environments.
■ Chapter 2, “Cloud Shapes: Service Models”— Besides using services from established
cloud providers such as Amazon Web Services (AWS) and Microsoft Azure, IT depart-
ments are becoming true cloud service providers within their own organizations. This
chapter examines the implications of this responsibility, analyzing the well-known
cloud service models (Infrastructure as a Service [IaaS], Platform as a Service [PaaS], and
Software as a Service [SaaS]). To put such concepts into practice, all service models are
explained through illustrative real-world examples.
■ Chapter 3, “Cloud Heights: Deployment Models”—An organization may choose to
build a cloud environment for its own exclusive use or choose to share another cloud
environment with one or many other companies. This chapter describes the main
characteristics of private, community, public, and hybrid clouds while also discussing
the reasons for choosing each of these deployment models. Additionally, it dedicates
special focus to the benefits of the Cisco Intercloud strategy, and presents the main
characteristics of the Cisco Intercloud Fabric solution.
■ Chapter 4, “Behind the Curtain”—Building on the conceptual basis provided in the
previous three chapters, this chapter introduces you to the most important implemen-
tation and operation challenges of a cloud computing environment. The chapter pres-
ents the main software and hardware components of a cloud project, the data center
journey into a cloud-based architecture, and essential requirements such as application
programming interfaces (APIs).
After reading this chapter, you will be fully prepared to clearly understand how each
of the technologies explained in the subsequent chapters fit into cloud computing
deployments.
■ Chapter 5, “Server Virtualization”—The exploration of cloud computing infrastruc-
ture begins in earnest with this chapter, which analyzes server virtualization as a major
enabling technology of cloud computing environments. After quickly addressing the
origins and main features of server virtualization, the chapter explains how it differs
from cloud computing and, most importantly, what must be done to adapt server virtu-
alization environments to the automation required by cloud computing environments.
■ Chapter 6, “Infrastructure Virtualization”—Data exchange is essential to any
application, regardless of whether it belongs to a server virtualization environment.
Nevertheless, connectivity presents particular challenges when virtual machines must
communicate with each other and with the outside world. On the other hand, cloud
networking faces additional constraints because standardization and automation have
become required design factors in such projects. This chapter presents the main prin-
ciples of and new technologies for virtual and cloud networking through practical
examples and clear explanations.
■ Chapter 7, “Virtual Networking Services and Application Containers”—As virtual and
cloud networking have evolved, networking services that used to be deployed only as
physical appliances can now be ported into virtual machines. These virtual networking
services leverage the advantages of server virtualization environments to offer benefits that
xxiv CCNA Cloud CLDFND 210-451 Official Cert Guide
were unimaginable with their physical counterparts. Besides exploring these services using
real-world examples, this chapter also addresses the concept of application containers,
which can be used to secure tenants within a cloud computing environment.
■ Chapter 8, “Block Storage Technologies”—Data processing, transmission, and stor-
age technologies have always been intertwined in computer science: any change to one
technology will always produce effects on the other two. Consequently, storage tech-
nologies have evolved to keep pace with the liberal use of virtual servers and virtual
networks in cloud computing.
This chapter explores block storage provisioning concepts and the most widely used
technologies within such context, such as SAN and disk arrays.
■ Chapter 9, “File Storage Technologies”—Files are arguably the most popular method
of data storage due to their simplicity and scale. This chapter explores concepts and
technologies that support file systems for cloud computing, such as NAS and file shar-
ing protocols.
■ Chapter 10, “Network Architectures for the Data Center: Unified Fabric”—In
the late 2000s, Cisco introduced numerous innovations to data center networking
through its Unified Fabric architecture. This chapter focuses on the most impactful of
these modernizations, including device virtualization (VDCs and their relationship to
VLANs and VRF instances), virtual PortChannels, Fabric Extenders, Overlay Transport
Virtualization (OTV), and Layer 2 Multipathing with FabricPath.
■ Chapter 11, “Network Architectures for the Data Center: SDN and ACI”—Cloud
networking requires a robust physical infrastructure with intrinsic support for dynamic
and scalable designs. This chapter explains two cutting-edge architectures for data
center networks: Software-Defined Networking (SDN) and Cisco Application Centric
Infrastructure (ACI).
■ Chapter 12: “Unified Computing”—Although many IT professionals may view servers
as self-sufficient devices within a data center, Cisco Unified Computing System (UCS)
encompasses technologies that closely interact with all architectures presented in the
previous chapters. This chapter introduces the main components of Cisco UCS and
explains why this solution was designed from the ground up to be the best server archi-
tecture for cloud computing environments.
■ Chapter 13, “Cisco Cloud Infrastructure Portfolio”—This chapter briefly describes
the Cisco products that are used to build optimal cloud computing infrastructures. It is
designed to provide a quick reference guide of the ever-evolving family of Cisco prod-
ucts and to materialize the theoretical concepts explained in the previous chapters.
■ Chapter 14: “Integrated Infrastructures”—Cloud computing environments require
levels of speed and elasticity that have challenged how data centers are designed and
expanded. Using the concept of pool of devices (POD), multiple companies have
formed alliances to provide standardized integrated platforms that include server, net-
working, storage, and virtualization software as a predictable cloud module. This chap-
ter explains the advantages of such an approach and explores the main similarities and
differences between FlexPod (Cisco and NetApp), Vblock (VCE), VSPEX (EMC), and
UCSO (Cisco and Red Hat).
xxv
■ Chapter 15: “Final Preparation”— Considering you have learned the content
explained in the certification guide, this chapter includes guidelines and tips that are
intended to support your study until you take your exam.
Certification Exam Topics and This Book

Although this certification guide covers all topics from the CCNA Cloud CLDFND 210-
451 Exam, it does not follow the exact order of the exam blueprint published by Cisco.
Instead, the chapter sequence is purposely designed to enhance your learning through a
gradual progression of concepts.
Table I-1 lists each exam topic in the blueprint along with a reference to the book chapter
that covers the topic.
Table I-1 CLDFND Exam 210-451 Topics and Chapter References

CLDFND 210-451 Exam Topic Chapter(s) in Which
Topic Is Covered
1.0 Cloud Characteristics and Models 1, 2
1.1 Describe common cloud characteristics 1
1.1.a On-demand self-service 1
1.1.b Elasticity 1
1.1.c Resource pooling 1
1.1.d Metered service 1
1.1.e Ubiquitous network access (smartphone, tablet, mobility) 1
1.1.f Multi-tenancy 1
1.2 Describe Cloud Service Models 2
1.2.a Infrastructure as a Service (IaaS) 2
1.2.b Software as a Service (SaaS) 2
1.2.c Platform as a Service (PaaS) 2
2.0 Cloud Deployment 3
2.1 Describe cloud deployment models 3
2.1.a Public 3
2.1.b Private 3
2.1.c Community 3
2.1.d Hybrid 3
2.2 Describe the Components of the Cisco Intercloud Solution 3
2.2.a Describe the benefits of Cisco Intercloud 3
2.2.b Describe Cisco Intercloud Fabric Services 3
xxvi CCNA Cloud CLDFND 210-451 Official Cert Guide

Topic Is Covered
3.0 Basic Knowledge of Cloud Compute 5, 12, 13
3.1 Identify key features of Cisco UCS 12, 13
3.1.a Cisco UCS Manager 12
3.1.b Cisco UCS Central 12
3.1.c B-Series 12, 13
3.1.d C-Series 12, 13
3.1.e Server identity (profiles, templates, pools) 12
3.2 Describe Server Virtualization 5
3.2.a Basic knowledge of different OS and hypervisors 5
4.0 Basic Knowledge of Cloud Networking 6, 7, 10, 11, 13
4.1 Describe network architectures for the data center 10, 11, 13
4.1.a Cisco Unified Fabric 10, 13
4.1.a.1 Describe the Cisco nexus product family 10, 13
4.1.a.2 Describe device virtualization 10
4.1.b SDN 11
4.1.b.1 Separation of control and data 11
4.1.b.2 Programmability 11
4.1.b.3 Basic understanding of Open Daylight 11
4.1.c ACI 11
4.1.c.1 Describe how ACI solves the problem not addressed by SDN 11
4.1.c.2 Describe benefits of leaf/spine architecture 10
4.1.c.3 Describe the role of APIC Controller 11
4.2 Describe Infrastructure Virtualization 6, 7, 13
4.2.a Difference between vSwitch and DVS 6
4.2.b Cisco Nexus 1000V components 6, 13
4.2.b.1 VSM 6, 13
4.2.b.2 VEM 6, 13
4.2.b.3 VSM appliance 6, 13
4.2.c Difference between VLAN and VXLAN 6
4.2.d Virtual networking services 7
4.2.e Define Virtual Application Containers 7
xxvii

Topic Is Covered
4.2.e.1 Three-tier application container 7
4.2.e.2 Custom container 7
5.0 Basic Knowledge of Cloud Storage 8, 9, 10, 13, 14
5.1 Describe storage provisioning concepts 8
5.1.a Thick 8
5.1.b Thin 8
5.1.c RAID 8
5.1.d Disk pools 8
5.2 Describe the difference between all the storage access 8, 9
technologies
5.2.a Difference between SAN and NAS; block and file 9
5.2.b Block technologies 8
5.2.c File technologies 9
5.3 Describe basic SAN storage concepts 8
5.3.a Initiator, target, zoning 8
5.3.b VSAN 8
5.3.c LUN 8
5.4 Describe basic NAS storage concepts 9
5.4.a Shares / mount points 9
5.4.b Permissions 9
5.5 Describe the various Cisco storage network devices 8, 10, 13
5.5.a Cisco MDS family 8, 13
5.5.b Cisco Nexus family 10, 13

5.5.c UCS Invicta (Whiptail) 8, 13
5.6 Describe various integrated infrastructures 14
5.6.a FlexPod (NetApp) 14
5.6.b Vblock (VCE) 14
5.6.c VSPEX (EMC) 14
5.6.d OpenBlock (Red Hat) 14
The CCNA Cloud CLDFND 210-451 exam can have topics that emphasize different
functions or features, and some topics can be rather broad and generalized. The goal
xxviii CCNA Cloud CLDFND 210-451 Official Cert Guide
of this book is to provide the most comprehensive coverage to ensure that you are well
prepared for the exam. Although some chapters might not address specific exam topics,
they provide a foundation that is necessary for a clear understanding of important top-
ics. Your short-term goal might be to pass this exam, but your long-term goal should be
to become a qualified cloud professional.
It is also important to understand that this book is a “static” reference, whereas the exam
topics are dynamic. Cisco can and does change the topics covered on certification exams
often.
This exam guide should not be your only reference when preparing for the certifica-
tion exam. You can find a wealth of information available at Cisco.com that covers each
topic in great detail. If you think that you need more detailed information on a specific
topic, read the Cisco documentation that focuses on that topic.
Taking the CCNA CLDFND 210-451 Exam

As with any Cisco certification exam, you should strive to be thoroughly prepared
before taking the exam. There is no way to determine exactly what questions are on the
exam, so the best way to prepare is to have a good working knowledge of all subjects
covered on the exam. Schedule yourself for the exam and be sure to be rested and ready
to focus when taking the exam.
The best place to find out about the latest available Cisco training and certifications is
under the Training & Events section at Cisco.com.
Tracking Your Status

You can track your certification progress by checking http://www.cisco.com/go/
certifications/login. You must create an account the first time you log in to the site.
Cisco Certifications in the Real World

Cisco is one of the most widely recognized names in the IT industry. Cisco Certified
cloud specialists bring quite a bit of knowledge to the table because of their deep under-
standing of cloud technologies, standards, and designs. This is why the Cisco certifica-
tion carries such high respect in the marketplace. Cisco certifications demonstrate to
potential employers and contract holders a certain professionalism, expertise, and dedi-
cation required to complete a difficult goal. If Cisco certifications were easy to obtain,
everyone would have them.
Exam Registration
The CCNA Cloud CLDFND 210-451 exam is a computer-based exam, with around 55
to 65 multiple-choice, fill-in-the-blank, list-in-order, and simulation-based questions.
You can take the exam at any Pearson VUE (http://www.pearsonvue.com) testing center.
xxix
According to Cisco, the exam should last about 90 minutes. Be aware that when you
register for the exam, you might be instructed to allocate an amount of time to take the
exam that is longer than the testing time indicated by the testing software when you
begin. The additional time is for you to get settled in and to take the tutorial about the
test engine.
Companion Website
Register this book to get access to the Pearson IT Certification test engine and other study
materials plus additional bonus content. Check this site regularly for new and updated
postings written by the author that provide further insight into the more troublesome top-
ics on the exam. Be sure to check the box that you would like to hear from us to receive
updates and exclusive discounts on future editions of this product or related products.
To access this companion website, follow the steps below:
Step 1 Go to www.pearsonITcertification.com/register and log in or create a new

account.
Step 2 Enter the ISBN: 9781587147005
Step 3 Answer the challenge question as proof of purchase.
Step 4 Click on the “Access Bonus Content” link in the Registered Products section
of your account page, to be taken to the page where your downloadable
content is available.
Please note that many of our companion content files can be very large, especially image
and video files.
If you are unable to locate the files for this title by following the steps at left, please
visit www.pearsonITcertification.com/contact and select the “Site Problems/ Comments”
option. Our customer service representatives will assist you.
Pearson IT Certification Practice Test Engine and

Questions
The companion website includes the Pearson IT Certification Practice Test engine—software
that displays and grades a set of exam-realistic multiple-choice questions. Using the Pearson
IT Certification Practice Test engine, you can either study by going through the questions in
Study Mode, or take a simulated exam that mimics real exam conditions. You can also serve
up questions in a Flash Card Mode, which will display just the question and no answers, chal-
lenging you to state the answer in your own words before checking the actual answers to
verify your work.
The installation process requires two major steps: installing the software and then activat-
ing the exam. The website has a recent copy of the Pearson IT Certification Practice Test
engine. The practice exam (the database of exam questions) is not on this site.
Technet24.ir
xxx CCNA Cloud CLDFND 210-451 Official Cert Guide
NOTE: The cardboard case in the back of this book includes a piece of paper. The paper
lists the activation code for the practice exam associated with this book. Do not lose the
activation code. On the opposite side of the paper from the activation code is a unique, one-
time-use coupon code for the purchase of the Premium Edition eBook and Practice Test.
Install the Software

The Pearson IT Certification Practice Test is a Windows-only desktop application. You
can run it on a Mac using a Windows virtual machine, but it was built specifically for the
PC platform. The minimum system requirements are as follows:
■ Windows 10, Windows 8.1, or Windows 7

■ Microsoft .NET Framework 4.0 Client
■ Pentium-class 1GHz processor (or equivalent)
■ 512MB RAM
■ 650MB disk space plus 50MB for each downloaded practice exam
■ Access to the Internet to register and download exam databases
The software installation process is routine as compared with other software installation pro-
cesses. If you have already installed the Pearson IT Certification Practice Test software from
another Pearson product, there is no need for you to reinstall the software. Simply launch
the software on your desktop and proceed to activate the practice exam from this book by
using the activation code included in the access code card sleeve in the back of the book.
The following steps outline the installation process:
Step 1 Download the exam practice test engine from the companion site.
Step 2 Respond to windows prompts as with any typical software installation

process.
The installation process will give you the option to activate your exam with the activa-
tion code supplied on the paper in the cardboard sleeve. This process requires that you
establish a Pearson website login. You need this login to activate the exam, so please do
register when prompted. If you already have a Pearson website login, there is no need to
register again. Just use your existing login.
Activate and Download the Practice Exam

Once the exam engine is installed, you should then activate the exam associated with this
book (if you did not do so during the installation process) as follows:
Step 1 Start the Pearson IT Certification Practice Test software from the Windows
Start menu or from your desktop shortcut icon.
Step 2 To activate and download the exam associated with this book, from the My
Products or Tools tab, click the Activate Exam button.
xxxi
Step 3 At the next screen, enter the activation key from paper inside the cardboard
sleeve in the back of the book. Once entered, click the Activate button.
Step 4 The activation process will download the practice exam. Click Next, and then
click Finish.
When the activation process completes, the My Products tab should list your new exam.
If you do not see the exam, make sure that you have selected the My Products tab on the
menu. At this point, the software and practice exam are ready to use. Simply select the
exam and click the Open Exam button.
To update a particular exam you have already activated and downloaded, display the
Tools tab and click the Update Products button. Updating your exams will ensure that
you have the latest changes and updates to the exam data.
If you want to check for updates to the Pearson Cert Practice Test exam engine software,
display the Tools tab and click the Update Application button. You can then ensure that
you are running the latest version of the software engine.
Activating Other Exams

The exam software installation process, and the registration process, has to happen only
once. Then, for each new exam, only a few steps are required. For instance, if you buy
another Pearson IT Certification Cert Guide, extract the activation code from the card-
board sleeve in the back of that book; you do not even need the exam engine at this
point. From there, all you have to do is start the exam engine (if not still up and running)
and perform Steps 2 through 4 from the previous list.
Assessing Exam Readiness

Exam candidates never really know whether they are adequately prepared for the exam until
they have completed about 30% of the questions. At that point, if you are not prepared, it
is too late. The best way to determine your readiness is to work through the “Do I Know
This Already?” quizzes at the beginning of each chapter and review the foundation and key
topics presented in each chapter. It is best to work your way through the entire book unless
you can complete each subject without having to do any research or look up any answers.
Premium Edition eBook and Practice Tests

This book also includes an exclusive offer for 70% off the Premium Edition eBook and
Practice Tests edition of this title. Please see the coupon code included with the card-
board sleeve for information on how to purchase the Premium Edition.
Technet24.ir
This chapter covers the following topics:
■ Welcome to the Cloud Hype
■ Historical Steps Toward Cloud Computing
■ The Many Definitions of Cloud Computing
■ The Data Center
■ Common Cloud Characteristics
■ Classifying Clouds
This chapter covers the following exam objectives:
■ 1.1 Describe common cloud characteristics

■ 1.1.a On-demand self service
■ 1.1.b Elasticity
■ 1.1.c Resource pooling
■ 1.1.d Metered service
■ 1.1.e Ubiquitous network access (smartphone, tablet, mobility)
■ 1.1.f Multi-tenancy
CHAPTER 1
What Is Cloud Computing?

Not too long ago (2011), many technology enthusiasts were predicting that cloud
computing would address all information technology challenges. And rather loudly, they
had already declared the cloud as the decade’s panacea.
Although I had been led astray earlier in my career by hyperbolic statements predicting
the revolutionary impact of one technology or another on the future of IT, it was hard not
to be impressed by all the promises associated with cloud computing: agility, simplicity,
efficiency, and control. It just seemed the perfect fit for the exceedingly complex world of
IT, especially in my area of specialization: data centers.
But like other seasoned IT professionals, I now have a healthy level of skepticism and thus
have braced myself for the front of “cloud computing” offerings from literally thousands
of manufacturers, vendors, integrators, and service providers. Many of these companies
have latched onto the cloud movement in hope of rebranding their standard products and
services with the new and hot “cloud” moniker…and many of their customers are buying
into the hype.
Thankfully, within a relatively short time, informed CIOs and IT managers realized that
cloud computing is not a miraculous product, solution, or technology but rather a model
that enables them to exploit computing resources in a new and cost-efficient manner. And
through the efforts of organizations such as the U.S. National Institute of Standards and
Technologies (NIST), cloud computing has been appropriately defined as a new access
model for IT, created to solve problems that are ingrained in the manual operations that still
creep IT departments from myriad organizations in the world.
The CLDFND exam requires knowledge about the common characteristics of cloud
computing as defined by NIST: on-demand self-service, rapid elasticity, resource pooling,
broad network access, and measured service. It also demands understanding about a
subtopic of resource pooling, multi-tenancy, and its importance to cloud implementations.
To help you master these concepts, this chapter contextualizes the perception of cloud
computing during its hype in the late 2000s, presents some of the historical milestones in
the evolution of computing toward cloud computing, and explains each one of the cloud
essential characteristics using real examples and concepts picked from the daily routine of
an IT professional.
“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this
entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in
doubt about your answers to these questions or your own assessment of your knowledge
of the topics, read the entire chapter. Table 1-1 lists the major headings in this chapter and
their corresponding “Do I Know This Already?” quiz questions. You can find the answers in
Appendix A, “Answers to Pre-Assessments and Quizzes.”
Technet24.ir
4 CCNA Cloud CLDFND 210-451 Official Cert Guide
Table 1-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section Questions
Welcome to the Cloud Hype 1
Historical Steps Toward Cloud Computing 2
The Many Definitions of Cloud Computing 3
The Data Center 4
Common Cloud Characteristics 5–10
Classifying Clouds 11
1. The year 2009 saw a huge interest in cloud computing. Which of the following events
was the biggest influence in creating this “cloud hype”?
a. Cisco Unified Computing System launch in 2009
b. VMware vSphere release 4.0 in 2009
c. Amazon Web Services launch in 2006
d. World financial crisis in 2007-2008
e. Microsoft Windows Server 2008
2. Which of the following options does not represent a fundamental milestone toward
cloud computing in the history of computing?
a. Mainframe time-sharing
b. “Computation as a public utility” (John McCarthy, 1961)
c. “Intergalactic computer network” (J.C.R. Licklider, 1963)
d. Virtual local-area networks (Bellcore, 1984)
e. Salesforce.com launch in 2009
3. Which of the following represents NIST’s definition of cloud computing?

a. “Cloud computing refers to the on-demand delivery of IT resources and
applications via the Internet with pay-as-you-go pricing.”
b. “Cloud computing, often referred to as simply ‘the cloud,’ is the delivery
of on-demand computing resources—everything from applications to data
centers—over the Internet on a pay for use basis.”
c. “IT resources and services that are abstracted from the underlying infrastructure
and provided ‘on-demand’ and ‘at scale’ in a multitenant environment.”
d. “Cloud computing refers to the use of networked infrastructure software and
capacity to provide resources to users in an on-demand environment.”
e. “Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction.”
Chapter 1: What Is Cloud Computing? 5
4. Which of the following are data center resources that can be offered through cloud
computing? (Choose all that apply.)
1
a. Building
b. Server
c. Raised floor
d. Cooling system
e. Data storage
f. Network bandwidth
g. Server cabinets
5. Which of the following tools gives cloud end users access to request resources?
a. Service catalog in web portal
b. Mailer group
c. 1-800 telephone number
d. None; requests are always delegated to the IT department
e. SLA
6. Which of the following options characterizes elasticity according to the NIST

definition of cloud computing?
a. Identical cloud resources are provisioned in different cloud computing
environments.
b. Cloud computing resources can be expanded but never decreased.
c. Cloud capabilities can be scaled rapidly outward and inward according to
demand.
d. Cloud resources are doubled after at least 24 hours.
e. The leasing period of a resource can be extended for free.
7. What option best defines the opposite of the NIST essential characteristic “resource
pooling” for cloud computing?
a. Resource clusters
b. Sharing
c. Resources that can be easily reassigned
d. Grouping of similar resources
e. Silos
Technet24.ir
8. Which of the following options are direct benefits from the cloud computing
measured service characteristic? (Choose all that apply.)
a. Automatic control
b. Elasticity
c. Resource optimization
d. Security
e. Risk management
f. Transparency between provider and consumer
9. Which of the following options represent devices that can utilize cloud resources?
(Choose all that apply.)
a. Personal computer
b. Mobile phones
c. Tablets
d. Mainframe terminal
e. Offline laptop
10. What is a tenant in the context of cloud computing?

a. An organization
b. A single user account
c. Any application that requires isolation from other tenants
d. A department
e. A community of users
11. Which of the following options represent NIST methods of classifying cloud
implementations? (Choose all that apply.)
a. Providers
b. Deployment models
c. OPEX and CAPEX
d. Service models
Foundation Topics
1
Welcome to the Cloud Hype
It has been a while since IT was considered just a boring subject restricted to water cooler
conversations. As the 21st century welcomed a new generation unaware of a world without
the Internet or mobile phones, IT naturally became an integral part of the strategy of business
corporations and public sector companies. And with almost the totality of their transactions
based on electronic data and applications, these organizations realized that the content of the
data center has become much more valuable than all of their combined material assets.
At the time of this writing, IT bears a striking resemblance to the fashion industry, where inno-
vative concepts and paradigm shifts are introduced to huge acclaim and are strongly promoted
as the latest trend (even if they may appear unsuitable for present needs). Some of these
campaigns are so overwhelming that they end up fomenting a period of hype in which many
organizations include the technology du jour into their short-term IT plan (sometimes without
having enough time to understand its true value to the company objectives).
Although the precise origins of the term cloud computing are fittingly nebulous, its hype
certainly peaked around 2011, as Figure 1-1 demonstrates.
Figure 1-1 Peak of the Cloud Hype
Figure 1-1 depicts results from Google Trends, a tool that expresses the interest in particular
keywords over time based on the history of searches conducted via its wildly popular
search engine. As you can see, interest in the term cloud computing arose at the end of
2008, a year whose mere mention gives you a hint as to the root cause of the cloud hype.
Contrary to what many vendors may claim, no technological innovation was able to
raise more interest in cloud computing than the 2007-2008 global financial crisis, which
prompted an immediate period of corporate belt-tightening that throttled investment in IT.
Technet24.ir
During this period of diminished investment, traditional IT management challenges became

even more difficult for chief information officers (CIOs) around the world. Table 1-2
describes the three main challenges.
Table 1-2 Traditional IT Challenges

Challenge Description
Low Although IT systems are fairly expensive, their overall utilization is relatively low
efficiency because hardware and software are sized according to business activity peaks.
High costs While other parts of the organization already use consumption-based models, IT
usually requires heavy investment before any system is actually available.
Lack of Due to its extreme complexity, IT remains the least flexible link in the chain
agility when compared to other parts of the organization.
Meeting these challenges under the new budget constraints led CIOs (and their
bosses) to search for cost-efficient alternatives, and the proponents of cloud
computing were eager to guide them, claiming results that could help CIOs overcome
all of their budgetary obstacles. You can easily relate to this situation if you imagine
hearing speeches such as the following (preferably in the “movie trailer guy” voice):
“In a world where information technology is expensive, complex, and rigid,

cloud computing allows end users to immediately provision any IT resources
without any previous investment from you. Almost unbelievably, you will only
pay for the actual use of these resources, which can be easily decommissioned
as soon as the users do not need them.”
Figure 1-2 graphically represents the explosion of cloud services soon being offered to the
IT community to meet their every need.
In technical diagrams, cloud drawings are generally used to hide specific implementation
details from the viewer, specifically turning his attention to the global function of the
discussed system. Cloud computing applies the exact same principle to real IT deployments,
relieving users and IT managers from the complexities related to the provisioning of
computing resources, which includes, for example, servers, file repositories, desktops,
development platforms, business applications, collaboration tools, audio streaming, and just
about any other derivative from data processing, storage, and communication.
Avoiding the usual traps many IT departments get caught in, a cloud computing deployment
does not expose convoluted operational details. Instead, through radical simplification,
cloud computing connects end users directly to their required IT services.
As is true of many other revolutions in the world of computing, cloud computing was not
the result of a sudden burst of creativity. In the next section, you will learn about several
conceptual leaps and technological innovations that paved the road for such transformation.
Figure 1-2 Cloud Computing Proposition
Historical Steps Toward Cloud Computing

Unbeknownst to many of its ardent devotees, some of the concepts that support cloud
computing were developed more than 50 years ago, as Figure 1-3 illustrates.
“Intergalactic Computer
Network” (J.C.R. Salesforce.com is
Licklider) launched
1963 1999
Mainframe Personal
Time-sharing ARPANET Computers
1957 Early
1969
80s
1950s 1960s 1970s 1980s 1990s 2000s
1961 Mid 90s

“Computation as a World Wide Web
public utility” (John (WWW) and
McCarthy) 1973 Virtual Private 2006
Networks
Virtual Machine (VPNs) Amazon
(IBM) Web Services
is launched
Figure 1-3 Computing Milestones Toward Cloud Computing

Technet24.ir
Figure 1-3 shows a timeline of some of the achievements that coalesced into the cloud
computing model. IBM’s creation of time-sharing for its mainframes in 1957 arguably
initiated the path to cloud because, before this technology, a mainframe end user had
exclusive use of the whole computer for a certain time period to execute his tasks. Another
user could not use the computer resource until the previous user had released it.
Ingeniously, time-sharing offered small slices of time of the mainframe resources to multiple
different users. Repeatedly, the mainframe halted a user job, saved the job state in memory,
and loaded the state of another user to execute it. Because these operations occurred at a very
fast rate, the users had the perception of accessing a dedicated resource although they were
sharing the same system. Such illusion is central to cloud computing environments.
The evolution to cloud computing happened not only through technological innovation, but
also via visionary contributions from computer scientists such as Professor John McCarthy,
the creator of the term “artificial intelligence.” In 1961, he introduced the concept of
computation as a public utility that advocated the offer of computing resources as a public
utility, like water, electricity, and telephony.
Another computer science luminary, J. C. R. Licklider (the first director of the Information
Processing Techniques Office at the U.S. Department of Defense’s Advanced Research
Projects Agency [ARPA]) envisioned the Intergalactic Computer Network, a radical
extrapolation of the concept of connected computers. Foreseeing the Internet, Licklider
explored the concept of using remote processing capacity, which is a fundamental aspect
of cloud computing. Not coincidentally, the first computer network was created in 1969
within Licklider’s own organization and given the proper name of ARPANET.
History got one big step closer to cloud computing with another contribution from IBM. In
1972, the company officially released mainframe virtualization along with its new generation
of processors (System/370). Through a concept called virtual machine, a mainframe could
emulate hardware through software, allowing users to deploy their own set of software
(including operating system and developed applications) over a single computing resource.
NOTE Although further details about operating systems and virtualization of computing
resources are out of the scope of the present discussion, Chapter 5, “Server Virtualization,”
will address these topics in detail.
Another huge milestone in the progression toward cloud computing was the widespread
adoption of personal computers (PCs) during the 1980s. Computing processing left the
confinements of a few organizations and became pervasive in offices and households, lead-
ing to exponential growth in the number of computer users and the advent of the consumer
market for IT resources.
The intense exchange of knowledge about computers in the 1980s prepared the world for
the Internet revolution of the 1990s, enabling users to adapt easily to the concept of the
World Wide Web, a key component of cloud computing. However, in its infancy, the “net-
work of networks” hardly represented a secure communication medium. The introduction
of virtual private networks (VPNs) led to the development of a set of security-related stan-
dards, including Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL), which
brought trust to business transactions over the Internet.
With these concepts in position, it was only a matter of time before a corporation
combined them all to offer IT services via the Internet. It first happened in 1999, with the
1
launch of Salesforce.com, a company that has specialized in offering customer relationship
management (CRM) software as a service. In its proposal model, Salesforce.com customers
do not have to use any special software or infrastructure to manage their respective data.
Instead, the company provided this complete infrastructure, the only requirements for its
users being a functional web browser and an Internet connection.
In 2003, Amazon (the world biggest Internet-based retailer) began to pursue a broader
approach to offer IT services through the Internet, through an internal project that would
originate Amazon Web Services (AWS). Just like other retail companies, Amazon has
its biggest sales peaks during Christmas seasons. Realizing that huge amounts of unused
capacity exist in its data centers during all other periods of the year, Amazon’s internal
project aimed to rent “pure” computing resources to remote users in an effort to monetize
all that unused capacity. The release of the first AWS products occurred in 2006: Elastic
Compute Cloud (EC2) and Simple Storage Service (S3). These services, respectively, offer
processing and storage services through the Internet, with very fast provisioning, scalable
capabilities, and monthly payments according to resource usage.
Sensing an untapped opportunity, companies such as Rackspace and Terremark (a subsidiary

of Verizon) followed suit and started offering services in a similar way to AWS. And a new
market was born under the name of cloud computing.
The Many Definitions of Cloud Computing

As I briefly mentioned in the section “Welcome to the Cloud Hype,” the huge interest in cloud
computing also produced adverse effects for prospective users. For example, it spawned a huge
number of vendors vying for their business who had neither the technology nor the expertise
to offer anything similar to the services offered by Salesforce.com and Amazon. Consequently,
many organizations interested in cloud computing instead found themselves in a fog of
confusion and endless discussions about what exactly characterized a cloud computing service.
A quick search of the Internet demonstrates what prompted such bewilderment, as you
behold proposed definitions for cloud computing such as the following:
“No matter which provider you choose, you’ll find that almost every cloud
has these core characteristics: it’s virtual, it’s flexible and scalable, it’s open (or
closed), it can be secure, it can be affordable, it can be secure AND affordable.”
“Cloud computing refers to the use of networked infrastructure software and

capacity to provide resources to users in an on-demand environment.”
“Cloud computing refers to the on-demand delivery of IT resources and appli-

cations via the Internet with pay-as-you-go pricing.”
Although these definitions may share some similarities, they subtly bend the term according
to the offered solutions of each company. But with rapid maturation of cloud computing
in recent years, it is fairly easy to point out examples that contradict these definitions, such
as cloud computing services that can offer direct access to physical hardware or that are
accessible from private networks instead of the Internet.
Technet24.ir
To dispel the confusion about what constitutes cloud computing, several standards
organizations have devoted efforts to formally define and categorize cloud computing
implementations. Officially launched in 2008, the U.S. National Institute of Standards and
Technology (NIST) Cloud Computing Program (NCCP) has generated Special Publications
(SPs) containing definitions, reference architectures, and classification criteria for cloud
environments.
Though NIST created these standards to accelerate the adoption of cloud computing in the
U.S. federal government, they constitute a crowning achievement in the theoretical study
of this subject. For example, NIST Special Publication 800-145 (The NIST Definition of
Cloud Computing) states that
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of configurable computing resources (e.g., net-
works, servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.”
One important aspect of this definition is the fact that NIST characterizes cloud computing
as an access model for computing resources rather than a technology. Besides that subtle
but important distinction, SP 800-145 cites five essential characteristics that all cloud
computing scenarios must share:
■ On-demand self-service
■ Rapid elasticity
■ Resource pooling
■ Measured service
■ Broad network access
Before we delve into each of these characteristics, allow me to describe the environment
where computing resources are actually allocated and provisioned for cloud end users.
The Data Center

The infrastructure that makes cloud computing possible is the data center. In summary, a
data center is a special facility conceived to house, manage, and support critical computing
resources for one or more organizations. A particularly complex entity, a typical data center
encompasses special building structures, power backup structures, cooling systems, special-
purpose rooms (entrance and telecommunications, for example), equipment cabinets, struc-
tured cabling, network devices, storage systems, servers, data security systems, mainframes,
application software, physical security devices, monitoring centers, and many other support
systems. All these resources and their interaction are (locally or remotely) managed by spe-
cialized personnel.
Figure 1-4 depicts the physical view of a data center.

Entrance Room
Power Backup Telecommunications Room 1
Systems
Cooling System
Raised Floor
Racks
Figure 1-4 Data Center
Table 1-3 lists and describes the data center components depicted in Figure 1-4.
Table 1-3 Data Center Physical Components

Component Description
Power backup Provide electrical power for the data center in the case of a major
systems failure in the main power source. These systems are generally powered
by diesel and special batteries.
Entrance room Allows physical access for data center operational teams and includes
security measures to exclude everyone else.
Telecommunications Encases all devices that are responsible for the data center external
room communication. For high-availability purposes, this room offers access
to at least two telecommunication service providers.
Cooling systems Decrease the temperature of data center equipment such as servers,
storage systems, and network switches to improve performance and
avoid overheating. Typical cooling systems operate by recirculating air
throughout the data center.
Racks Physically support devices such as servers, storage systems, and
network switches.
Raised floor Creates an elevated structured floor to provide a hidden space for the
accommodation of mechanical, electrical, and networking material.
Whereas Figure 1-4 portrays a single data center computer room, numerous data centers contain
several of these rooms spread across different floors or buildings. Besides size, data centers can
also vary in their infrastructure robustness, depending on how critical their supported systems are.
Technet24.ir
Standard data center locations are designed to support business applications such as busi-
ness intelligence (BI), CRM, data warehouse (DW), e-commerce, enterprise resource plan-
ning (ERP), supply chain management (SCM), and many others. By contrast, data centers
dedicated to cloud computing are equipped to support whichever applications an organiza-
tion is offering to cloud end users. Notwithstanding, these services will surely employ the
basic computing resources installed in the facility: processing, storage, and networking.
Common Cloud Characteristics

In the following sections, you will learn about each essential characteristic of cloud comput-
ing as described by NIST Special Publications 800-145 and 800-146 (Cloud Synopsys and
Recommendations). In addition, I will discuss another aspect of these environments that
is extremely important: multi-tenancy. Although NIST does not explicitly designate multi-
tenancy as an essential characteristic of cloud computing, the CLDFND exam objectives list
it as a common cloud characteristic.
Within the discussion of a particular characteristic, I will refer to some real-world examples
for the sake of clarity. In addition, I will use an interesting tool for explaining abstract con-
cepts: exploring direct opposites to highlight the main distinctions between cloud comput-
ing and traditional IT practices.
On-Demand Self-Service
Clearly speaking, on-demand means “when required” while self-service can be understood
as a service system where customers select goods for themselves. Together, these terms
form one of the central principles of cloud computing: end users autonomously request
cloud resources, which are promptly serviced to them.
By contrast, end users of traditional IT systems must request these resources through formal
and numerous sequential channels of communication. Figure 1-5 exhibits an example of
such “catered” IT services.
3
We want to hire a service.
•
Contracts and • Negotiation Sales and
Acquisitions • Contracts
Final Contract
Technical Project
2 4
Specifications Characteristics
IT IT
I need more
1 5 Deployment
resources!
Computing
End User Resources
Enterprise Service Provider
Figure 1-5 Catered IT Service Example

In the scenario shown in Figure 1-5, an employee of an enterprise wants to use a computing
resource combining processing, storage, and networking capabilities. Because the company’s
1
internal policy requires the hiring of an external organization (service provider) to fulfill
such requests, the end user must follow a predefined procedure to gain access to the
resource:
1. The employee requests the resource through a telephone call, e-mail, or an online
form.
2. The request reaches the IT department in the corporation, which technically details
what the end user needs.
3. With these details in hand, the contracts and acquisitions department submits a
formal request for these resources to a service provider. After a lengthy negotiation,
both companies sign an agreement.
4. The service provider sales department requests its own IT department to provision the
requested computing resources.
5. If there are not enough resources to honor the request, the service provider orders more
servers, storage systems, or networking devices. The provider IT team provisions the
resources, and the end user can finally use them according to his original purposes.
This process of interactions and formal agreements not only takes a significant amount of
time, but also introduces the possibility of mistakes at any stage of the human transactions.
According to NIST, a cloud computing deployment cannot function under such conditions.
As SP 800-145 succinctly states, on-demand self-service means end users “can unilaterally
provision computing capabilities…as needed automatically without requiring human
interaction with each service provider.”
Consequently, a cloud end user has a very different experience, as demonstrated in Figure 1-6.
Cloud Provider
Cloud Portal
I need Automatic
resources! Deployment
Cloud
End User
Figure 1-6 Cloud On-Demand Self-Service

Technet24.ir
In Figure 1-6, the cloud end user uses a web browser to access a portal containing a catalog
of available services for her account. After she submits her request to the portal, the cloud
provider automatically provisions the resources without any manual interactions.
Rapid Elasticity
Elasticity denotes the quality of an object to change and adapt to a new situation. In
cloud computing, an end-user change request for already provisioned resources commonly
initiates such transformation.
Continuing our comparison of traditional IT and cloud computing, as an example of the

rigidity present in traditional IT provisioning, Figure 1-7 depicts what happens in the
same scenario presented in Figure 1-5 when the end user needs a change in the already
provisioned computing resources.
This change was

not specified in
the contract.
I need more
resources! Sales and
Contracts
We need to buy
more resources to
fulfill the change.
End User
IT
Enterprise Service Provider
Figure 1-7 Traditional IT Rigidity Example
Unsurprisingly, the enterprise internal policies require the repetition of many of the
previously described human interactions, including the creation of a new end-user request
for the enterprise IT department and, probably, a new technical specification.
As soon as the service provider is involved in the change request, one of the following
situations is bound to happen:
■ If the change was not specified in the agreement, the companies will probably conduct a
new negotiation to modify it.
■ If the agreement already envisaged the change, the service provider will verify if
enough computing resources are available to fulfill the change; if not, it must buy more
resources.
Because this example represents a simplified version of real-world change negotiations,

you can easily deduce that the end user requesting more resources is facing a long and slow
1
process for obtaining them. With such rigidity, many end users have the impulse to request
a surplus of resources up front to avoid asking for subsequent changes. Such behavior
actually reduces the already lackluster efficiency of traditional IT environments because
surplus resources typically remain untapped for a while.
NIST SP 800-145 defines rapid elasticity as follows: “Capabilities can be elastically

provisioned and released, in some cases automatically, to scale rapidly outward and inward
commensurate with demand. To the consumer, the capabilities available for provisioning
often appear to be unlimited and can be appropriated in any quantity at any time.”
As an illustration, Figure 1-8 clarifies how a cloud deployment enables the rapid elasticity
of resources.
Cloud Provider
Cloud Portal
I need MORE Changes

resources!
End User
Figure 1-8 Cloud Elasticity
As Figure 1-8 explains, cloud end users are empowered to request computing resource
changes, which the cloud provider will automatically execute. As NIST points out, the rapid
elasticity of a cloud deployment creates the perception of infinite resource availability
for its consumers. Requests for additional resources and requests to release resources can
happen at any time and with practically immediate results.
Resource Pooling
Pooling generically means the grouping of resources to maximize advantages and minimize
risks for the users of those resources. In IT, resource pooling refers to a set of computing
resources (such as storage, processing, memory, and network bandwidth) that work in
tandem as one big resource shared by many users.
It is easy to imagine an antagonistic scenario for this concept, as Figure 1-9 exhibits.
Technet24.ir
Service Provider
Company 1
(Consumer)
Resource Silo for Company 1
Company 2
(Consumer)
Resource Silo for Company 2
Figure 1-9 Resource Silos Example
In Figure 1-9, a service provider organization provides computing resources for two
different consumers (Company 1 and Company 2). Because the provider does not
implement resource pooling, it separates these resources into silos (perhaps the direct result
of separate acquisitions, to fulfill the agreements with each company). Because silos cannot
be shared per definition, if Company 1 is not using the totality of its assigned resources,
Company 2 cannot access them, worsening resource efficiency as a whole for the service
provider.
By contrast, cloud computing deployments greatly benefit from resource pooling, as

demonstrated in Figure 1-10.
Service Provider
1
Company 1
(Consumer)
Resource
Pool
Resources Allocated
for Company 1
Company 2
(Consumer)
Resources Allocated
for Company 2
Figure 1-10 Cloud Resource Pooling
In a cloud computing provider, cloud end users have access to resource pools that group all
computing resources, which are dynamically assigned and reassigned according to consumer
demand. Therefore, if Company 1 decommissions a certain resource, the cloud provider can
return it to the pool and later allocate it to another consumer, such as Company 2.
As NIST comments in SP 800-145, with resource pooling, cloud end users generally have
“no control or knowledge over the exact origin of the provisioned resources.”
TIP Depending on the cloud computing implementation, an end user may be able to spec-
ify locations at a higher level of abstraction, such as locations and availability zones, as you
will learn in Chapter 2, “Cloud Shapes: Service Models.”
Measured Service
Although many IT departments may take exception to this statement, careful measurement
of computing resource usage is not standard practice. The considerable complexity of
IT management, attending to the plethora of menial operations, typically leads to service
metering being relegated to “some time later.” For this reason, many organizations seek
to increase visibility over their true IT demand through service outsourcing to specialized
providers. Nevertheless, considering the characteristics of traditional IT practices pointed
out in the previous sections (catered IT, rigidity, and resource silos), even these providers
tend to size resource capacity according to peaks of utilization, as depicted in Figure 1-11.
Technet24.ir
Computing
Resource
Utilization
Provisioned
Resource
End User
T1 T2 T3 Time
Figure 1-11 Resource Utilization Example
The example in Figure 1-11 represents the utilization of a certain computing resource
assigned to an end user. Even if service metering exists for this user, the level of utilization
in T3 defines how much of this resource must be allocated to her. Due to the lack of agility,
this allocation is probably fixed and the consumer billing follows a capital expenditure
(CAPEX) model, where a business expense must first occur to create future benefit. This
leads to the underutilization of the resource shown in T1 and T2.
With metered service being one of the essential characteristics of cloud computing, end
users have access to detailed information about their past resource usage. Consequently,
the cloud provider can plan more effectively the resource capacity of the cloud through the
correlation of this data for all of the consumers.
Moreover, one of the most attractive aspects of cloud computing is the fact that it normally
applies the operational expenditure (OPEX) model to charge end users. With such a billing
method, a cloud consumer only pays for resources after they are used.
In a nutshell, when resource utilization is systematically monitored, controlled, and

reported, it guarantees transparency for both the provider and consumer of the cloud
service.
Broad Network Access

When mainframes ruled the earth, users had to remain in close proximity to the computing
resources. With the stated intention of breaking this restriction, the Advanced Research
Projects Agency (ARPA) of the U.S. Department of Defense proposed and delivered the
capability to access remote mainframe computers via its network, ARPANET, thereby
introducing the concept of networking as we know it today.
Standing on the shoulders of the ARPANET giants, cloud computing is fundamentally

based on services provisioned through broad network access. Figure 1-12 further explores
this characteristic.
Cloud
Internet Intranet Extranet
Figure 1-12 Cloud Computing Network Access
As shown in Figure 1-12, a cloud computing deployment can employ multiple types of
networks, including an intranet (which belongs to a single organization), an extranet (which
serves a group of associated organizations), and, of course, ARPANET’s most famous
offspring, the Internet.
Cloud services must be available over at least one of these networks and should be
accessible through standard mechanisms compatible with the largest majority of client
platforms, including smartphones, tablets, laptops, and workstations. With such ubiquitous
presence, end users can easily extend their local computing resources through remote cloud
services.
Multi-tenancy
Although NIST does not explicitly cite it as an essential characteristic of cloud computing,
multi-tenancy is an important property of such environments. Generally, a tenant is
defined as any application environment that requires some form of isolation from the
“outside world,” which includes all other tenants. Although this flexible notion of tenant
can represent a whole organization, it may also mean a single department or any other
subdivision that requires special segregation within an IT system or application.
Multi-tenancy consequently refers to the capacity of an IT resource to support multiple

tenants according to an accepted isolation technique. The concept of multi-tenancy is quite
distinct from multi-user and multi-instance.
The vast majority of applications are multi-user because they serve numerous users.
Similarly, a cloud computing deployment is a multi-user system.
Technet24.ir
However, imagine that such deployment does not have any multi-tenant system or
application within its structure. In such a scenario, the cloud architect may decide to design
services that require new resource instances for each new user. Building such a cloud as a
multi-instance system eventually will add complexity to its operations because upgrades and
fixes will have to be applied to every resource instance. Moreover, each resource will have
to be dedicated to a single application, decreasing efficiency of the cloud implementation.
On the other hand, cloud deployments greatly benefit from using multi-tenancy
components because they can deploy a single instance of software or hardware to several
different tenants. In this fashion, any change, upgrade, or tweak is immediately available
to every tenant. As a drawback, all tenants may share the same fate in the case of a major
system failure (which would not happen in a multi-instance system).
Undoubtedly, the reasonable balance between multi-instance and multi-tenant resources

within a cloud project will dictate the efficiency and availability required by future
consumers.
Classifying Clouds
The previous sections have discussed characteristics that all cloud computing deployments
share, but these environments can differ wildly from each other. Such variation really
blossomed during the cloud hype, where innovative services and security concerns opened
up new opportunities.
Much like actual clouds, these models required a classification system to simplify their
individual analysis. For tropospheric clouds, which reside in the lowest and thickest part of
Earth’s atmosphere, nephologists have been using the classification system created by Luke
Howard in 1802. In his book Modifications of Clouds, the British chemist and amateur
meteorologist created an interesting taxonomy based on cloud shapes and heights, which
the World Meteorological Organization (WMO) later extended. Figure 1-13 illustrates this
system.
Cirrostratus
1
Cirrocumulus Cirrus
7000m Cumulonimbus
Altocumulus
Altostratus
2000m
Cumulus
Nimbostratus
Stratocumulus
Figure 1-13 Cloud Classification
The system separates clouds into three altitude levels: low clouds (below 6,500 feet or
2,000 meters), mid clouds (between 6,500 and 20,000 feet, or 2,000 and 7,000 meters),
and high clouds (above 20,000 feet or 7,000 meters). In each of these layers, clouds are
classified according to their shapes.
Similarly, NIST also has established a simple classification system for cloud computing
environments. Table 1-5 describes the two basic criteria that define this system.
Table 1-5 NIST Cloud Criteria

Criterion Description
Service models Classify clouds according to the nature of the service they provide to
consumers (Infrastructure as a Service, Platform as a Service, or Software as a
Service).
Deployment Classify cloud computing deployments according to who the cloud
models infrastructure is provisioned for (public, private, community, or hybrid).
Technet24.ir
Complete analysis of all three service models will be provided in Chapter 2.

Subsequently, Chapter 3, “Cloud Heights: Deployment Models,” will explore the four
deployment models defined by NIST.
Around the Corner: Agile, Cloud-Scale Applications,

and DevOps
Based on the fact that you’re reading this book, I’m guessing that you probably have
an infrastructure background (networking, server, or storage) and want to expand your
knowledge about cloud computing. Assuming that I am right, you likely will be surprised
to discover that the benefits of cloud computing go way beyond providing a “smart data
center” for traditional applications.
A data center exists to support critical applications, so it is only natural that the way
software is developed affects this IT structure. Since the 1950s, software development has
followed the principles of the waterfall model, which is a sequential design process with
origins in project management procedures from other industries. Figure 1-14 captures the
idea behind this approach.
Analyze Plan Design Build Test Operation
Project Timeline
Figure 1-14 Waterfall Model
In a waterfall, water never goes upstream. Similarly, this software development model
establishes phases for the whole project, where each phase only begins after the complete
result from the previous phase is delivered. Table 1-6 provides an overview of the phases
shown in Figure 1-14.
Table 1-6 Common Waterfall Phases

Phase Description
Analyze The user requirements are gathered and captured in a product requirement
document, resulting in models, schema, and business rules.
Plan A project management strategy is developed to enumerate all resources
required in the project.
Design The architecture of the software is detailed and the project is broken down
into smaller pieces.
Build The software is developed, proved, and integrated. One important
observation: software is usable only after this phase is complete.
Test The developed system is tested to demonstrate that it conforms to the
requirements established in the first phase.
Operation Consists of the installation, migration, support, and maintenance of the
complete system.
During a waterfall project timeline, user requirements of the software and design must
remain constant because a simple scope change can force the project to return to the
1
first phase (analysis).
Business applications such as ERP, CRM, and e-mail still use slight variations of the
waterfall model in their development. All of these systems share some noticeable
characteristics: they are designed to serve a well-known number of users, are based on
a few software components, and will run over a considerably reliable infrastructure.
In the wake of the 2007-2008 global financial crisis, business organizations have
gradually changed their perception of IT as a cost center to an enabler of new
opportunities. With potential customers armed with always-online smartphones,
tablets, and portable computers, an “app” released today may become the source of
millions of dollars in the near future. In this landscape of smaller budgets and intense
competition, application development cannot afford to spend the months (or even
years) common in waterfall-based projects. A short time to market is crucial to gain
the attention of this customer base, so software development must respond to a
prototype request in a few days or weeks.
To fulfill such an aggressive schedule, a new software development model was

required. With origins in the late 1990s, a new model dubbed Agile embodies the
consolidation of many ideas focused on simplicity, close collaboration between
development and business, continuous delivery of valuable software, constant change
of requirements, and self-organizing teams. Figure 1-15 summarizes how these
principles change software development.
Design Build Design Build Design Build
Analyze Plan Operation Analyze Plan Operation Analyze Plan Operation

Test Test Test
Project Timeline
Requirements Change Customer Turnover Technology Innovation
Figure 1-15 Agile Model
As you can see in Figure 1-15, the Agile model essentially shrinks the waterfall development
cycle into faster rounds, which produce useful software code in fractions of the final
product timeline. And if a company desires to develop an application prototype between
Monday and Thursday, Agile can be the software development approach that can deliver
this kind of result.
Architecturally speaking, these modern apps are very different from traditional applications.
The main reason for this change is quite simple: if an app proves to be popular, its number of
users may grow exponentially in a very short period. Consequently, these apps usually possess
multiple small components that perform very specific functions and that can be rapidly scaled,
in the case of sudden interest. And because cloud computing environments provide perfect
conditions for scaling such apps, online gaming, video on demand, content delivery, instant
messaging, and mobility applications are also referred to as cloud-scale apps.
Technet24.ir
But the modernization of software development does not stop at the point code is ready
for production. Another movement called DevOps has enhanced application deployment
through the expanded collaboration between the development staff and operations staff
throughout all stages of the development lifecycle. With DevOps, rather than creating
software and delivering it to the operations team, the development team works closely with
operations to produce a much more efficient and reliable final product.
Further Reading
■ Agile Alliance: https://www.agilealliance.org/agile101/what-is-agile/
■ Kim, Gene, Spafford, George, and Kevin Behr. The Phoenix Project: A Novel About IT,
DevOps, and Helping Your Business Win. IT Revolution Press, 2013.
Exam Preparation Tasks

1
Review All the Key Topics
Review the most important topics in this chapter, denoted with a Key Topic icon in the
outer margin of the page. Table 1-7 lists a reference of these key topics and the page
number on which each is found.
Table 1-7 Key Topics for Chapter 1

Key Topic Element Description Page Number
Table 1-2 Traditional IT challenges 8
Table 1-3 Data center physical components 13
Table 1-5 NIST cloud criteria 23
Complete the Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the CD), or at least the section
for this chapter, and complete the tables and lists from memory. Appendix C, “Answers to
Memory Tables,” also on the CD, includes completed tables and lists so that you can check
your work.
Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:
time-sharing, computation as a public utility, personal computer (PC), virtual private

network (VPN), National Institute of Standards and Technologies (NIST), on-demand self-
service, rapid elasticity, resource pooling, measured service, broad network access, multi-
tenant
Technet24.ir
■ Service Providers and Information Technology
■ Infrastructure as a Service
■ Platform as a Service
■ Software as a Service
■ 1.2 Describe Cloud Service Models

■ 1.2.a Infrastructure as a Service (IaaS)
■ 1.2.b Software as a Service (SaaS)
■ 1.2.c Platform as a Service (PaaS)
CHAPTER 2
Cloud Shapes: Service Models

After the mild sense of disappointment that followed its initial hype in the late 2000s, cloud
computing began to morph into different shapes in a similar way as its atmospheric counter-
parts. Currently, cloud services seem to be bound only by the creative limitations of provid-
ers and their execution capacity, providing IT resources that range from simple processing
capacity to fully provisioned applications at the click of a browser button.
To identify important aspects of cloud computing and to serve as a means for broad com-
parisons of cloud services and deployment strategies, the National Institute of Standards
and Technology (NIST) Special Publication 800-145, “The NIST Definition of Cloud Com-
puting,” describes three service models that classify cloud services according to their flex-
ibility and readiness to support consumer needs: Infrastructure as a Service (IaaS), Platform
as a Service (PaaS), and Software as a Service (SaaS).
TIP Due to its initials, these service models are also known as IPS Stack.
The CLDFND exam requires that you understand these service models, so this chapter
focuses on providing a detailed explanation of them, including basic concepts, applicability,
benefits, and challenges. To illustrate specific aspects of each of these service models, the
chapter also introduces some examples from well-known cloud providers. The chapter con-
cludes with an overview of new hybrid models that are on the horizon.


Service Providers and Information Technology 1
Infrastructure as a Service 2–4
Platform as a Service 5–7
Software as a Service 8–9
Technet24.ir
1. Which of the following represent key aspects of a service-level agreement between a

data center service provider and a consumer? (Choose all that apply.)
a. Performance
b. Mean time to recover
c. Contract changes
d. Data handling
e. Uptime
2. Which of the following represents the service models described by NIST?

a. XaaS, PaaS, SaaS
b. SaaS, IaaS, PaaS
c. Private, public, hybrid
d. On-premise, off-premise, managed
e. EaaS, XaaS, IaaS
3. Which of the following are true about Infrastructure as a Service? (Choose all that
apply.)
a. Most typical consumers are IT administrators.
b. Virtualization technologies are mandatory for the implementation of IaaS.
c. IaaS basically offers computing hardware for its consumers.
d. Among all service models, IaaS is the least flexible option.
4. Which of the following are correct about cloud regions and availability zones?
a. Regions represent data center installations from a cloud provider that can be used
as options for the consumer resource deployment.
b. Availability zones represent data center installations from a cloud provider that
can be used as options for the consumer resource deployment.
c. Regions are independent locations within a single data center facility.
d. Availability zones are independent locations within a single data center facility.
5. Which of the following are offered by the cloud provider in PaaS? (Choose all that
apply.)
a. Application
b. Operating system
c. Computing hardware
d. Virtualization layer
e. Development tools
Chapter 2: Cloud Shapes: Service Models 31
6. Which of the following represents the typical PaaS consumers?

a. IT administrators
b. Application end users
c. Application developers
d. Cloud brokers 2
7. Which of the following represents the typical SaaS consumers?
a. IT administrators
b. Application end users
c. Application developers
d. Cloud brokers
8. Which of the following must be provided by the consumer in SaaS?

a. Application
b. Operating system
c. Computing hardware
d. Virtualization layer
e. None of the above
9. Which of the following is correct about SaaS? (Choose all that apply.)
a. Among all cloud service models, SaaS requires less customization from a con-
sumer standpoint.
b. SaaS provides full control over hardware for a cloud consumer.
c. SaaS has had the slowest adoption among all cloud service models.
d. SaaS providers may use PaaS resources for development and IaaS resources for
production.
Technet24.ir
Foundation Topics
Service Providers and Information Technology

A service provider (SP) is a company that offers specialized services to organizations. These
services may include pretty much anything these corporations need to properly function
(from toilet paper supply to business consulting). In the context of information technology,
the term service provider applies to outsourced suppliers that can provide a set of tech-
nologies to an organization during an agreed (and compensated) period of time.
Since the dawn of computing, corporations have been hiring service providers for several
different reasons, such as to reduce CAPEX, to sharpen business focus, or simply because
they lacked the capacity to internally support an IT system. And although there are service
providers that can provide services covering the entirety of IT systems, most organizations
typically work with a mix of in-house environments and outsourced systems hired from
highly specialized SPs.
Figure 2-1 portrays a scenario with some specialized service providers.

Storage Service
Provider
Telecommunications
Computer Service Service Provider
Provider
Primary
Internet Service Data Center
Network Service Provider
Provider
Application Service
Provider
Secondary
Data Center
Data Center Service
Provider
Managed Service
Provider
Figure 2-1 Specialized Service Providers Supporting a Single Corporation
The service providers supporting the company represented in Figure 2-1 are described in
Table 2-2.
Table 2-2 Specialized Service Providers

Type Description
Application Offers software services (applications) to customers through a computer net-
service pro- work such as the Internet. An ASP normally hosts, owns, operates, and main-
vider (ASP) tains the same software that would be installed locally in the customer and
customizes the service according to the customer needs.
Type Description
Computer ser- Provides and supports a complete computer system, which includes hardware,
vice provider software, communication systems, and power backup. This service provider is
(CSP) more common in mainframe-based environments.
Data center Offers all technologies, facility components, and activities related to the oper- 2
service pro- ation of a data center. A data center service may include computing, storage,
vider (DCSP) and networking, among other offers. Common options are hosting (customer
leases hardware that the ISP has acquired) and colocation (customer acquires
hardware and leases a server cabinet in the ISP data center).
Internet ser- Provides services for accessing the Internet, offering options such as Internet
vice provider transit and domain name registration.
(ISP)
Managed ser- Remotely controls components of the IT infrastructure of a customer, which
vice provider may include desktops, critical applications, networks, or even every IT sys-
(MSP) tem. The latter situation is commonly called full IT outsourcing.
Network ser- Offers data communication services to its customers through a shared “back-
vice provider bone” network. These services generally include a committed bandwidth for
(NSP) each site and, optionally, Internet access.
Storage ser- Provides computer storage capacity and data management services (such as
vice provider backup) at a customer site or remotely, using its data center facilities. Figure
(SSP) 2-1 depicts a local SSP service.
Telecommuni- Offers long distance communication resources for traditional telephony and
cations service data leased lines between customer premises or between a customer premises
provider (TSP) and an NSP (which is known as last mile link).
Throughout the many decades of relationships between service providers and their custom-
ers, many SPs have bundled services to both simplify service contracts and leverage the
synergy between technologies (such as a network and Internet access, for example). And
unsurprisingly, the world has witnessed a consolidation trend among IT service providers
since the early 2000s.
As academic and consulting studies have discussed extensively, there is not a unique and
definitive answer to the question “should my company outsource IT system X?” In fact, the
number of factors that must be considered essentially dictates the complexity of such deci-
sion. Notwithstanding, one important aspect that must be taken into account is how critical
to the business the IT system in consideration is. Because noncritical systems do not have
any impact on the competitiveness of a company, they are usually the ideal candidates for
outsourcing, as long as the pricing makes sense for the customer’s budget.
To summarize why this discussion has endured for a very long time, I will simply paraphrase
a teacher of mine who joked that, each year, one-third of companies outsource their IT,
33.3% bring their systems back to the company premises (in a process called insourcing),
and the remaining organizations decide not to change their outsourcing policy (for at least a
year).
Technet24.ir
Service-Level Agreement
A service is formally defined in a service contract signed by both the service provider and its
customer. Additionally, as a way to regulate the expectation about the scope and quality of
the service, both parties typically define another contract called a service-level agreement
(SLA).
Obviously, the parameters defined in an SLA highly differ depending on the type of service
that is being offered and the parties involved in the agreement. But generally speaking, SLAs
usually address the following aspects:
■ Performance: Defines a number of operations that the service provider must guarantee
in a time interval, offered capacity, or time that will be spent in the service deployment.
■ Uptime: Measure of the amount of time an IT system must work correctly. It is generally
represented as a percentage of availability over the total interval.
■ Mean time to recover (MTTR): Average time the service provider will take to recover a
failed system.
■ Customer data handling: Defines data management strategies to avoid data loss (e.g.,
backup policies), how long the customer data is available to the customer after the ser-
vice agreement is terminated, data confidentiality, and deletion policies.
Service providers may also use the SLA to control unrealistic customer expectations by
including terms regarding maintenance windows, unavoidable accidents (force majeure),
payment policies, and noncompliance fines and penalties.
Cloud Providers
Cloud computing services share many similarities with traditional service provider offerings.
As an illustration, Figure 2-2 exhibits some of the most popular cloud services available at
the time of this writing.
Collaboration
Tools Publishing
Servers Middleware
Storage Databases
Networking
Applications
Desktops Web
Streaming Services
Figure 2-2 Cloud Services Examples
As indicated in Figure 2-2, a cloud provider can possibly offer the following services to its
consumers (end users):
■ Servers: Specialized computers running software that processes client requests and pro-
vides appropriate responses to them
■ Storage: Capability to store consumer data for a certain period of time

■ Networking: Connectivity between cloud elements and external resources, domain name
registration, and IP addressing, among others
■ Desktops: Computers to be used for traditional end-user applications
■ Middleware: Supplementary software, including libraries, programming language inter- 2
preters, database services, user authentication services, account management, and so
forth
■ Applications: Software created to achieve objectives of an end user
■ Collaboration tools: Applications that are especially designed to optimize the joint work
among different people
■ Publishing: Applications that facilitate the publication of texts such as blogs on the
Internet
■ Databases: Organized collection of data that can be queried by other applications
■ Streaming: Media, such as audio and video, that is delivered to end users as a constant
flow of data and is generally rendered by a desktop application
■ Web services: Standardized methods of communication between two systems over an IP
network
Potentially, this list may encompass all IT services available from service providers. Nev-
ertheless, as you have learned in Chapter 1, “What Is Cloud Computing?”, some common
parameters defined in traditional SLAs may collide with the essential characteristics of
cloud computing. In that chapter, I have juxtaposed opposite characteristics from traditional
SP practices such as catered services, rigidity, silos, and overprovisioning to further highlight
the NIST definitions for cloud services.
Over time, cloud providers started to attract interest from corporations that desired more
dynamic services and less complex hiring procedures. However, all cloud computing
companies still constitute SPs, sharing many concerns and responsibilities with these long-
established providers. And for such reason, a certain service provider mentality is very
welcome in cloud deployments, regardless of whether they are strictly internal or not.
Because Internet access is sometimes all you need to deploy external cloud resources, many
companies started to deal with a menace called shadow IT. In these relatively new scenari-
os, cloud services are hired by employees without approval from the organization, exposing
the whole company to uncontrolled risks. As a reaction, an IT department may either act as
a cloud broker, intermediating cloud service hiring on behalf of the employees and accord-
ing to predefined compliance policies, or become a cloud provider itself for its internal
customers. In the latter case, a private cloud can offer the same level of service of external
cloud providers without their associated risks for the business.
NOTE Cloud deployment models such as private cloud will be fully discussed in
Chapter 3, “Cloud Heights: Deployment Models.”
To categorize the benefits and issues related to cloud services and help IT decision makers
that are dealing with such projects, NIST has released Special Publication 800-146, “Cloud
Technet24.ir
Computing Synopsis and Recommendations.” Besides providing valuable information about

service-level agreements, the publication also details the IPS stack, which will be further
explored in the next sections.
Infrastructure as a Service
As the first service model that was widely advertised as a cloud computing platform in the
late 2000s, Infrastructure as a Service (IaaS) consists of cloud services developed for con-
sumers looking for pure processing, storage, networking, or other fundamental computing
resources.
When compared to traditional service providers, IaaS-based cloud providers correlate to

CSPs, SSPs, and NSPs. To reinforce the comparison, Figure 2-3 represents the distribution
of responsibilities between an IaaS provider and its consumers through the use of a simpli-
fied computing component stack.
Application
Infrastructure Software Consumer Responsibility

Operating System
Provider Responsibility
Virtualization
Server Storage Network
Figure 2-3 Infrastructure as a Service Component Stack
As shown in Figure 2-3, the cloud provider controls the most basic layers of the stack (serv-
er, storage, network, and virtualization), empowering IaaS consumers to run any compatible
software over them, including operating system, infrastructure software (such as middle-
ware, databases, and authentication services), and custom server applications.
To exhibit the essential characteristics of a cloud computing environment, especially elas-

ticity and resource pooling, cloud providers typically deploy virtualization technologies
on top of the cloud infrastructure hardware (server, storage, and network). However, what
exactly does “virtualization” mean in such context? Unfortunately, virtualization is perhaps
the only term that is more overloaded than “cloud” in IT. Epitomizing another technology
gold rush that happened during the mid-2000s, virtualization can be generically defined
as a set of techniques that enables the creation of logical servers, logical storage, and logi-
cal networks from their physical counterparts. And specifically in the context of data cen-
ters, these logical devices can be simply defined as transparent emulations of computing
resources, producing benefits that were unavailable in their original physical form.
Of course, within such a broad umbrella, there are multiple types of virtualization tech-
niques, which are listed and described in Table 2-3.
Table 2-3 Virtualization Types

Type Description
Pooling Multiple physical elements are consolidated into a single logical entity that
technologies shares characteristics with the original computing resources. In summary, such
techniques optimize computing resource management and availability.
2
Abstraction Techniques where the logical resources do not maintain the characteristics
technologies of their physical counterparts. Instead, via the emulation of other resources,
these technologies generally simplify operations through the preservation of
existing procedures for the simulated devices.
Partitioning Characterized through the creation of independent logical partitions that
technologies emulate the characteristics of a physical resource. In essence, such techniques
enable resource usage efficiency.
NOTE Throughout this certification guide, you will learn in detail about examples of each
type of virtualization technology such as hypervisors (partitioning), explained in Chapter 5,
“Server Virtualization;” virtual switches (abstraction), explored in Chapter 6, “Infrastructure
Virtualization;” and RAID groups (pooling), addressed in Chapter 8, “Block Storage
Technologies.”
Regardless of their type, all virtualization technologies share a very important “collateral
effect:” virtual servers, virtual storage, and virtual networks can be provisioned without
physical operations. As a consequence, it is much easier for an IaaS cloud to offer a virtual
resource to its consumers than a physical one. Still, there are multiple IaaS cloud providers
whose service is based on provisioning physical computing resources to support consumers
with specific requirements for their applications (such as high performance or control).
Although their customers could potentially deploy any choice of software over the offered
computing resources (virtual or physical), most IaaS cloud providers deliver prepackaged
software, such as an operating system, to simplify software installation procedures.
The target consumers for IaaS-based cloud providers are systems admins that prefer to rent
computing hardware rather than acquire and manage hardware in their IT projects. For this
reason, IaaS cloud providers offer a wide range of plans that include variable charges based
on amount of processing used during a period, data stored for a period, consumed band-
width, number of assigned public IP addresses, and many other creative choices.
The fact that an IaaS provider offers plain hardware to its consumers facilitates the migra-
tion of stored data and legacy applications from a standard data center to the cloud. Fur-
thermore, the simplicity of IaaS potentially allows an easier portability among cloud provid-
ers when compared to the other service models (which will be explained in later sections).
Such flexibility may also pose some risks and challenges that must be addressed before any
IaaS resource is put into production:
■ Application security: IaaS consumers must be aware that legacy applications migrated to the
cloud will take with them all inherent vulnerabilities. Moreover, these applications likely will
Technet24.ir
be exposed to a less secure environment when compared to the native protection of a com-
pany-owned data center. For this reason, many cloud providers offer add-on security services
that can be combined (with an associated fee) to the consumer-provisioned resources.
■ Noisy and suspect neighbors: Due to its native multitenant infrastructure, SPs of IaaS
clouds deploying partitioning virtualization technologies may contractually disavow
any liability for harm that a tenant suffers as a result of the operations of other tenants
sharing hardware components … or worse, harm that a tenant suffers from data theft or
denial-of-service attacks because of intentional tampering from other tenants. To miti-
gate such risks, many IaaS cloud providers offer dedicated hardware for a single tenant,
though at a premium charge.
Directly competing with hardware manufacturers, IaaS cloud providers initially gained the
most traction among small businesses and midsized companies. Through the gradual addi-
tion of security features, these providers have slowly attracted the attention of enterprise
corporations and public sector organizations.
Regions and Availability Zones

Although it is not considered one of the essential characteristics of cloud computing, non-
localization of resources is very commonly associated with these environments. Hence, it
is common to assume that a cloud consumer “does not care” from where its service is being
provisioned: what matters is the service itself.
Notwithstanding, with more responsibilities on their shoulders when compared to consum-
ers of other service models, IaaS cloud tenants may not want to risk loss of application
availability if all of its resources are provisioned in the same failure domain, which can be
understood as the area of a data center facility that can be impacted during a major system
malfunction. Consequently, knowing where a resource is located is an advantage for most
consumers with critical applications.
IaaS cloud providers have supported such a requirement through localization services
known as regions and availability zones. Originally created by Amazon Web Services
(AWS, discussed in the next section), and afterward adopted by other cloud providers
under different names, both concepts are represented in Figure 2-4.
Figure 2-4 depicts a global cloud provider with four regions (US, Latin America, Europe,
and Asia), which correspond to the choices of data center facilities from which a cloud con-
sumer resource can be provisioned. Characteristics such as Internet latency and application
user locations may help the cloud consumer choose a region.
NOTE A cloud provider can also create exclusive regions for specific customers to fulfill
specific security or compliance requirements.
Each region may contain multiple availability zones, which are basically independent failure
domains (or subfacilities) within a single region. Consequently, any disruption in an avail-
ability zone should not impact the availability zone or zones. Through this arrangement,
a consumer can access IaaS resources from two availability zones within a region of the
consumer’s preference and use cheaper connectivity with lower latency when compared to
cloud resources installed in two different regions.
Availability Availability 2
Zone 1 Zone 2 Availability
Zone 1
Europe
Region
US Region
Availability Availability
Availability Availability Zone 2 Zone 3 Asia
Zone 3 Zone 4 Region
Zone 1 Zone 2
Latin American
Region
Zone 1 Zone 2
Figure 2-4 Regions and Availability Zones
IaaS Example: Amazon Web Services

As the early pioneer of cloud computing, AWS offers an impressive number of cloud ser-
vices, as indicated in the AWS Management Console shown in Figure 2-5. Table 2-4 outlines
several of the main AWS IaaS offerings, most of which are pointed out in Figure 2-5.
Figure 2-5 AWS Management Console

Technet24.ir
Table 2-4 AWS IaaS Offerings

Service Description
Elastic Com- Cloud service that provides virtual servers that are fully controlled by AWS
pute Cloud users and resized according to the required compute demand. Providing many
(EC2) versions of operating systems, such as Linux and Microsoft Windows Server,
EC2 enables robustness through regions and availability zones, as well as
security groups (rules of traffic containing IP addresses, protocols, and ports),
IPsec virtual private network (VPN) connections, and dedicated hardware for
instances from a single tenant.
Simple Stor- Cloud storage service that provides storage capacity based on objects for
age Service development and system administration teams.
(S3)
Elastic Block Offers block-based storage volumes that can be remotely accessed by EC2
Store (EBS) virtual servers, with a selection of latency and performance. This service is not
shown in Figure 2-5.
Elastic File Storage service that allows files to be stored for easy access by EC2 instances.
System (EFS) It also enables the control of throughput, input/output operations per second
(IOPS), and latency, according to the consumer requirements.
Virtual Pri- Cloud service that creates a logically isolated network within the AWS cloud
vate Cloud for a tenant. Through an AWS VPC, a user can control virtual networking for
(VPC) resources from other services, including the management of IP addresses, sub-
nets, route tables, network gateways, and VPNs.
Direct Con- Enables a dedicated network connection between the premises of a corpora-
nect tion and AWS to achieve a more reliable network experience when compared
to the Internet. This cloud network service is compatible with all other AWS
services and is enabled through dedicated connections provided by Amazon-
authorized TSPs.
Elastic Load Cloud network service that can distribute incoming application traffic among
Balancing EC2 virtual servers, optimizing reliability for applications that may already be
hosted in different regions or availability zones. This service is not shown in
Figure 2-5.
Route 53 Deploys a scalable Domain Name System (DNS) service within AWS, which
can be instantiated in different regions or availability zones for reliability rea-
sons. In summary, DNS translates domain names such as www.company.com to
IP addresses such as 200.201.202.203.
TIP Block storage, file storage, and object storage are distinct storage technologies
that will be properly defined and discussed in Chapter 8 and Chapter 9, “File Storage
Technologies.”
Now, let’s put ourselves into the shoes of an IaaS consumer. Figure 2-6 exhibits 5 of the 22
operating system choices that are available for immediate instantiation on AWS after select-
ing the EC2 link in the AWS Management Console.
Figure 2-6 Image Selection for EC2 Instance

As you can see in Figure 2-6, AWS offers a good variety of Amazon Machine Image (AMI)
files that can be used to boot EC2 instances. For demonstration purposes, I selected a Red
Hat Linux image and configured several other settings to reach the page shown in Figure
2-7, which reviews all of my options for the instance before its proper launch.
Shared Hardware
VPC Availability Zone Region
Internal Storage Tag
Figure 2-7 EC2 Instance Details

Technet24.ir
Observe that this particular virtual server is installed in the North California region, in a
VPC called vpc-49aa4b22 and an availability zone defined by the subnet-4faa4b24 IP sub-
net. This EC2 instance precludes dedicated hardware (tenancy default means shared hard-
ware) and has 10-GiB EBS storage (/dev/sda) attached to it.
Additionally, I have inserted a tag called “CCNA Cloud” to help resource selection during
massive operations with EC2 instances. After clicking the Launch button, my instance was
provisioned and accessible in less than a minute.
Figure 2-8 displays my EC2 dashboard and the recently created instance.
InstanceDashboard External Access Information
Instance Image
Figure 2-8 EC2 Dashboard
By selecting the instance in the dashboard, it is also possible to verify all the details about
the virtual server, including the image used and external access information (the public
IP address is 54.193.67.163 and the name is ec2-54-193.67.163.us-west-1.compute.
amazonaws.com).
Besides Amazon Web Services, many other cloud providers offer IaaS, such as Microsoft
Azure, Google, Rackspace, CenturyLink, Virtustream, IBM SoftLayer, and Dimension Data.
TIP One of the advantages of studying cloud computing is the fact that lab resources are
just a click or tap away (and may include a credit card charge). Therefore, I encourage you
to replicate the operations I execute in this chapter. If you were not previously familiar
with these cloud services, I assure you that these simple tasks will greatly contribute to your
learning experience.
Platform as a Service
Paraphrasing NIST SP 800-146, Platform as a Service (PaaS) is a cloud service that offers to
its consumers the capability to deploy their customized applications through cloud-provided
programming languages and tools.
Unlike IaaS, whose cloud providers are focused on the offer of (virtual or physical) hard- 2
ware, a PaaS cloud service supplies a much more sophisticated environment for its consum-
ers. To draw a fair comparison with IaaS, Figure 2-9 represents the division of responsibili-
ties between provider and consumer in a PaaS component stack.
Application
Infrastructure Software Consumer Responsibility

Operating System
Virtualization
Figure 2-9 Platform as a Service Component Stack
In Figure 2-9, you can observe that in PaaS, the cloud provider fully renders all hardware,
the virtualization layer, the operating system, and the software infrastructure. PaaS consum-
ers can build applications that interact with this infrastructure, which may contain program-
ming languages, libraries, databases, authentication services, middleware, and other elements
that are required for software development.
The quintessential PaaS consumers are application developers, who traditionally do not
want to manage the underlying infrastructure (network, servers, operating systems, and stor-
age) that is required for their jobs, but still desire control over the deployed applications
and their configuration settings. Other PaaS consumers include
■ Application testers
■ Application publishers
■ Application administrators
■ Application end users
At heart, a PaaS cloud is similar to a traditional computing system, composed of hardware

and software, which constitutes a platform that can be used for application development
and execution. Because PaaS represents an additional layer of software over IaaS, it is not
unusual to see IaaS cloud providers extending their portfolio to support PaaS. Through a
template composed of hardware resources and customized software, an IaaS cloud provider
can, for example, build a Java development platform consisting of two server instances with
loaded Java infrastructure software, one shared storage device, and a single network seg-
ment with access to the Internet.
In yet another situation, a PaaS cloud provider can support its consumers through the use of
a third-party IaaS-based cloud for their hardware fulfillment in the background.
Technet24.ir
Service charging in PaaS can use a wide range of metrics, such as total number of end users
(concurrent or over a period), successful requests serviced, dynamically allocated hardware
(processing, storage, or network), or simply the time the platform is in use.
Application developers traditionally employed integrated development environments

(IDE) to carry out their daily tasks. An IDE usually contains a source code editor, automa-
tion tools, debuggers, programming language compilers or interpreters, and version control
systems, among other development tools. However, PaaS offerings leverage cloud character-
istics to compete against IDEs for the interest of application developers. Some advantages
of PaaS over IDEs are
■ Minimal software tool footprint: All a consumer needs is a web browser, rather than an
application installation in a workstation.
■ Resource allocation: A consumer can reserve an amount of computing resources to per-
form tests during the development.
■ Data management: Where different tenants, which may be collaborating in the same
software development project, may share data and use backup services from the cloud
provider.
In addition to enabling developers to create and test applications in a relatively easy and
inexpensive way, the PaaS service model can also help during the deployment phase of an
application. With such intention, PaaS cloud providers typically offer automatic scaling of
hardware resources to enable these customized applications to function without issues dur-
ing peaks of user interest.
Also, according to the Cisco Global Cloud Index: Forecast and Methodology, 2014-2019,
PaaS had a relatively slower adoption when compared to other service models such as IaaS
in 2014. One of the justifications for this trend is the lack of portability between PaaS
clouds, mostly caused by proprietary tools, languages, runtimes, and interfaces. To alleviate
the fear of lock-in among developers, many PaaS cloud providers have adopted open stan-
dards as one of their strategic flagships.
NOTE You can find this report at http://www.cisco.com/go/gci.
NIST SP 800-146 calls attention to the delicate balance between isolation of consumers
and the efficiency a PaaS environment can achieve. To illustrate how this tradeoff can be
addressed within a cloud provider, Figure 2-10 depicts three PaaS isolation designs.
From left to right in Figure 2-10, the first design (shared process) represents the most
efficient approach because multiple consumers access the same platform process and data-
base. In this scenario, the process must control scheduling issues to prevent actions by one
consumer degrading the performance of another. However, a failure in any of the shared
resources can disrupt services for all consumers that are accessing the structure.
In the middle design (dedicated process), the cloud provider runs a separate process and
database for each consumer, which reinforces the separation between PaaS consumers with
the concession of more resources being spent per client.
Shared Process Dedicated Process Virtualization

Consumer 1 Consumer 2 Consumer 1 Consumer 2 Consumer 1 Consumer 2
Shared Platform Platform Platform Platform

Process
Platform
Process
2
Process DB DB Process Process DB DB DB
Operating Operating
Operating System Shared Operating System System System
Database
Physical Hardware Physical Hardware Virtualization
Physical Hardware
Isolation
Efficiency
Figure 2-10 PaaS Isolation Designs
Finally, the third approach (virtualized) depicts separate virtual servers as the isolation
point between consumers. Although, in this design, the cloud provider is certainly diminish-
ing efficiency of its infrastructure, it is certainly enforcing more isolation than the other
designs, because a major failure on any software component (operating system, process, or
database) cannot influence the environments of other consumers.
Regardless of the provider isolation design (or designs), consumers should always try to
discover if more hardened approaches are available in case the development environment is
submitted to stress tests or put into production.
TIP Linux containers are yet another isolation feature that can be applied to PaaS (you
will find more details about this partitioning technique in Chapter 5). Additionally, cloud
providers can also leverage the concept of application containers to deploy the virtualized
isolation approach depicted in Figure 2-10 (refer to Chapter 7, “Virtual Networking Services
and Application Containers,” for further information about this concept).
Another point of attention for PaaS consumers is the security protection offered with the
cloud service. Because applications may access external resources, the PaaS cloud provider
must deliver tools to mitigate attacks and exploits in typical languages and protocols such as
HTTP, HTML, Java, XML, and Microsoft .NET.
Many PaaS cloud providers have taken steps to address these issues, and a result adoption
of the PaaS model has increased among web application developers, with enterprise-class
application development close behind.
PaaS Example: Microsoft Azure

Microsoft Azure currently is one of the main providers of PaaS cloud services in the world.
Figure 2-11 illustrates the variety of cloud services that are available in its main portal.
Technet24.ir
Cloud Services
Figure 2-11 Microsoft Azure Portal
Besides PaaS, Microsoft Azure also supplies IaaS cloud services, including virtual machines
(with Windows and other operating systems), data services (including SQL databases and
other options of data storage), and virtual networks that allow cloud services to connect to
each other and to a customer premises.
Aligning the expertise from the large community of Microsoft developers with its own
innovation drive, Microsoft Azure offers a wide range of application development environ-
ments.
After selecting Web Apps in the portal shown in Figure 2-11, an extensive list of develop-
ment platforms becomes available, as Figure 2-12 displays.
For purposes of demonstration, at the wizard step shown in Figure 2-12, I chose to deploy
an ASP.NET environment, which is essentially a Microsoft-developed open source web
application framework for dynamic web sites, which may include web applications and web
services. Figure 2-13 depicts my site settings for this new service.
Having chosen the suggestive name of ccnacloud for my application environment and the
region where I want this service to be deployed (West US), I have concluded the settings for
the service. Please observe that I could also have created a new App Service plan to enable
automatic scaling in this ASP.NET environment.
Some seconds after I clicked the check symbol, the new provisioned service was available in
my Azure console, as shown in Figure 2-14.
PaaS Offers
Figure 2-12 Web Apps for Microsoft Azure
Figure 2-13 Settings for My ASP.NET Starter Page

Technet24.ir
Figure 2-14 ASP.NET Site Created
Figure 2-15 shows that the ASP.NET starter page is already online and ready for develop-
ment tasks.
Figure 2-15 Provisioned ASP.NET Starter Page
Back to the portal, after selecting the recently created service, Microsoft Azure enables
many customization options such as the addition of a new deployment slot, which is a copy
of the development environment that can be used for quality assurance or production, as
Figure 2-16 demonstrates.
Figure 2-16 ccnacloud ASP.NET Option
Besides ASP.NET, Microsoft Azure offers ready-to-go platforms such as Apache Tomcat,
BlogEngine.NET, HTML5, PHP, WordPress, and many others.
Competing with Microsoft Azure in the PaaS market, there are other eminent cloud provid-
ers such as Salesforce.com, Red Hat OpenShift, SAP, and Google.
Software as a Service
Software as a Service (SaaS) embodies cloud services whose consumers want access to
fully functional applications but do not want to manage or control the underlying hardware
or software infrastructure. According to the Cisco White Paper The Cloud Value Chain
Exposed: Key Takeaways for Network Service Providers, as of 2012, SaaS was already
widely adopted and had already disrupted approximately 25 percent of the enterprise appli-
cation market.
NOTE You can find the white paper at https://www.cisco.com/web/about/ac79/docs/sp/

Cloud-Value-Chain-ExposedL.pdf.
SaaS cloud providers are similar in some respects to application service providers (ASPs),
which became popular in the 1990s, in that they offer applications to corporate and individual
users. However, unlike the large majority of ASPs, SaaS providers leverage essential cloud
characteristics to provide robust support, automated scalability, and native multitenancy.
Undoubtedly, SaaS is by far the most varied service model as it reflects the wide spectrum
of applications in IT. Appropriately, there are many ways for providers to charge for the
usage of SaaS cloud services, including by number of users (which is the most typical), total
period of use, successful requests serviced, bandwidth (for video-related applications), and
storage size.
Technet24.ir
Following the tradition established in the previous two sections, Figure 2-17 represents the dele-
gation of responsibilities between a SaaS cloud provider and a consumer in the component stack.
Application
Infrastructure Software
Consumer Responsibility
Operating System
Virtualization
Figure 2-17 Software as a Service Component Stack
As Figure 2-17 reinforces, a SaaS cloud provider is completely responsible for the applica-
tion fulfillment (as well as its SLA), which must be robust and free of errors in order to offer
customers a level of performance similar to that of locally deployed software.
Similarly to PaaS, the main benefit of SaaS is that it has minimal requirements from users
(essentially web browsers). Additionally, SaaS offerings allow efficient use of software
licenses within the cloud provider because the number of server machines and desktops is
irrelevant in this service model.
Besides hardware and software infrastructure, a SaaS provider also hides from its users sup-
port preoccupations such as version management and data protection (backup). According
to the aforementioned Cisco white paper, SaaS vastly simplifies the customization of enter-
prise applications for the multitude of mobile platforms and form factors. Using modern
presentation technologies such as HTML5, SaaS services have achieved great success with
collaboration applications as they can quickly include such devices.
SaaS also shares some of the drawbacks and concerns that affect PaaS, such as the lack of
portability between SaaS clouds and the compromise between isolation and resource effi-
ciency in SaaS deployments.
Although some best practices (such as the ones described in NIST SP 800-146) do not rec-
ommend deploying real-time and critical applications on SaaS clouds, some SaaS providers
are developing methods to overcome the effects of Internet latency, such as wide-area net-
work (WAN) accelerators and direct connections to the customer premises.
NOTE WAN accelerators, as well as other networking services, will be discussed in more
detail in Chapter 7.
SaaS Examples
SaaS cloud services abound. In fact, some of them existed before the term “cloud comput-
ing” was even coined, such as many of the web mail providers that were established in the
late 1990s.
Figures 2-18 and 2-19 show the interfaces of two prominent SaaS clouds, Google Docs and
Cisco WebEx.
Figure 2-18 Google Docs
Figure 2-18 displays the main web page from Google Docs, which provides free office pro-
ductivity tools such as text editors, spreadsheets, and presentation software.
As a cloud service, Google Docs can be accessed from any device or location, which brings
great advantages over traditional desktop applications. Its simplicity has motivated many
small and midsized companies to completely forego any internal infrastructure in favor of
the services offered by Google Docs and similar providers.
Figure 2-19 Cisco WebEx

Technet24.ir
Cisco WebEx is a very popular web conferencing SaaS application, offering on-demand
collaboration, video conferencing, and many other options. This service has been used to
schedule and conduct millions of meetings (without unnecessary commuting) and remote
training sessions with a great intercommunication experience among participants.
Other SaaS services include applications such as enterprise resource planning (ERP) solu-
tions, customer relationship management (CRM) software, blog tools, and many other
offers.
Curiously, many SaaS clouds use IaaS and PaaS services from other providers in the back-
ground for production and development purposes, respectively.
Around the Corner: Anything as a Service

The unprecedented popularity of cloud computing explains the “as a Service” fever that
has been spreading since the cloud hype began in the late 2000s. New cloud services are
launched each day, a few of which immediately attract the attention of millions of users,
while most others quickly fade into obscurity. The sheer number of offerings has created a
new role called cloud broker, which was briefly discussed in the section “Cloud Providers”
earlier in this chapter. In summary, a cloud broker is a third-party company or professional
that hires cloud computing services on behalf of a corporation. Commonly, this role offers
comparison information about different cloud providers as well as recommendations that
will better support the contractor’s business goals.
Interestingly, cloud brokerage can also be offered as a service, where a consolidated inter-
face offered to the consumer hides background requests to a multitude of cloud providers
and may even include additional services such as resource management and security.
As other services that are built with the combination of multiple cloud services continue to
gain traction in the cloud market, they directly challenge the IPS stack classification. There-
fore, informally, these mixed offerings have created another service model called Anything
as a Service (XaaS).
TIP You may also encounter some publications that refer to these offerings as Everything
as a Service.
Figure 2-20 exemplifies two XaaS cloud services.
Desktop as a Service Disaster Recovery as a Service
Office Management
Productivity Software
IaaS SaaS IaaS SaaS
Figure 2-20 XaaS Examples

The first example is called Desktop as a Service (DaaS), where the cloud consumer requests
a remotely accessible personal computer to carry out standard PC functions (such as web
browsing, document editing, and application execution). A DaaS provider can offer the
service through the combination of a computing instance provisioned via an IaaS cloud and
desktop software provisioned by one or more SaaS providers.
2
Figure 2-20 depicts another XaaS offering called Disaster Recovery as a Service (DRaaS),
which enables companies to hire a backup data center (to store data, run applications, and
receive end-user requests) in case they do not want, or simply cannot afford, the investment
necessary to build their own data center. In these scenarios, a SaaS provider can manage
resources in the customer data center as well as servers and storage deployed in an IaaS
cloud (owned by the same provider or another provider).
Other XaaS offerings include
■ Backup as a Service (BaaS): SaaS-provided backup software that can transparently use
storage from an IaaS cloud.
■ IP Telephony as a Service (IPTaaS): IP telephony control software is coordinated
through a SaaS cloud, while signaling servers are scaled in an IaaS cloud. Additionally,
the provider may offer a SaaS service to support IP telephony application development.
■ VPN as a Service (VPNaaS): Allows users to control bandwidth scaling and the deploy-
ment of features on their VPNs, including monitoring and security services. These modi-
fications can be simultaneously supported by SaaS-based management software and IaaS-
provided virtual servers deployed inside the customer premises.
Further Reading
■ “Want to hear Cisco’s POV on the top 5 questions about the Future of Cloud?” (Cisco
Blog): http://blogs.cisco.com/tag/xaas
Technet24.ir
Exam Preparation Tasks
Review All the Key Topics

Review the most important topics in this chapter, denoted with a Key Topic icon in the
outer margin of the page. Table 2-5 lists a reference of these key topics and the page num-
ber on which each is found.
Table 2-5 Key Topics for Chapter 2

Key Topic Element Description Page Number
Table 2-2 Specialized service providers 32
List SLA common aspects 34
Figure 2-3 Infrastructure as a Service component stack 36
Table 2-3 Virtualization types 37
Table 2-4 AWS IaaS offerings 40
Figure 2-9 Platform as a Service component stack 43
Figure 2-17 Software as a Service component stack 50
Complete the Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the CD), or at least the section
for this chapter, and complete the tables and lists from memory. Appendix C, “Answers to
Memory Tables,” also on the CD, includes completed tables and lists so that you can check
your work.
Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:
service provider, service-level agreement (SLA), Infrastructure as a Service (IaaS), virtualiza-

tion, region, availability zone, Platform as a Service (PaaS), integrated development environ-
ment (IDE), Software as a Service (SaaS), cloud broker, Anything as a Service (XaaS)
Technet24.ir
■ Public Clouds
■ Risks and Challenges
■ Private Clouds
■ Community Clouds
■ Hybrid Clouds
■ Cisco Intercloud
■ Cisco Intercloud Fabric
■ 2.1 Describe Cloud Deployment Models

■ 2.1.a Public
■ 2.1.b Private
■ 2.1.c Community
■ 2.1.d Hybrid
■ 2.2 Describe the Components of the Cisco Intercloud Solution

■ 2.2.a Describe the beneﬁts of Cisco Intercloud
■ 2.2.b Describe Cisco Intercloud Fabric Services
CHAPTER 3
Cloud Heights: Deployment Models

As an information technology access model, cloud computing is certainly more malleable
than most computer technologies. In addition to having the flexibility to support diverse
service models (IaaS, PaaS, SaaS, XaaS), cloud computing enables designers of IT system
environments to respond to the skepticism and insecurity of prospective consumers by tai-
loring their environments to meet the consumers’ needs.
Like their atmospheric analogs, clouds can be “closer” or “farther” from their users through
different deployment models. In summary, this classification (which is independent to
service model categorization) imposes usage restrictions in a cloud computing scenario to
address vulnerabilities caused by resource sharing and infrastructure implementations that
do not satisfy compliance standards.
There are four cloud deployment models: public, private, community, and hybrid. An orga-
nization needs to consider the benefits and drawbacks of each deployment model before
choosing to implement any of them. After all, the diversity of current service offerings
poses additional challenges for customers that desire to avoid provider or technology lock-
in. Addressing such challenges, Cisco and an entire ecosystem of partners have brought to
reality the concept of the Intercloud, through an open and simple foundation technology
called Cisco Intercloud Fabric.
The CLDFND exam requires candidates to have basic knowledge about these four deploy-
ment models, Cisco Intercloud, and Cisco Intercloud Fabric. To familiarize you with each,
this chapter portrays a journey multiple organizations have taken in their cloud adoption
process. Duly, it demonstrates how the hindrances of each deployment model have led to
the development of new models, in a progression that outlines the rich landscape of cloud
service offerings that we contemplate today.

Technet24.ir

Public Clouds 1
Risks and Challenges 2–3
Private Clouds 4
Community Clouds 5
Hybrid Clouds 6–7
Cisco Intercloud 8
Cisco Intercloud Fabric 9–10
1. Which of the following represents the deployment models described by NIST?

a. Public, private, hybrid
b. SaaS, IaaS, PaaS
c. Private, public, community
d. On-premise, off-premise, managed
e. Public, private, community, hybrid
2. Which option best describes “shadow IT”?

a. Hackers accessing public cloud resources using the identifications of employees
of an organization
b. Employees attacking resources from competitors that are sharing resources from
the same public cloud
c. Employees from an organization deploying resources in a cloud without the
knowledge of the IT department
d. Employees of a cloud provider accessing customer data
e. Denial-of-service attacks to slow performance of applications deployed on public
clouds
3. Which of the following cost risks can be associated with public cloud usage? (Choose
all that apply.)
a. Lack of forecasting modeling
b. Workload sprawl
c. Application performance issues
d. CAPEX model
Chapter 3: Cloud Heights: Deployment Models 59
4. According to NIST, what is the definition of private cloud?

a. A cloud deployment provisioned for exclusive use by a single organization
b. A cloud deployment managed by a single organization
c. A computing deployment located inside a single organization’s data center
d. A cloud computing deployment managed and used by a single organization
e. A cloud computing deployment managed, used by a single organization and also
located at the same organization’s data center
3
5. Which of the following options contains only regulatory compliance standards?
a. PCI DSS, FISMA, NIST
b. HIPAA, PCI DSS, SOX
c. IEEE, IETF, ANSI
d. ANSI, FedRAMP, Basel
e. SOX, Intercloud, HIPAA
6. What is “cloud bursting”?

a. A cloud deployment exhausts its infrastructure resources.
b. An organization can provision public cloud services to use during periods of
stress of its internal IT resources.
c. Two public cloud providers work in conjunction to load balance requests from a
consumer.
d. A private cloud can transform physical workloads into virtual workloads.
7. Which of the following represent challenges of hybrid cloud implementations?

a. Inconsistent cloud architectures
b. Incompatible networking and security policies
c. Lack of encryption standards
d. Requirement for application reconfiguration when an application is migrated
from one cloud to another
e. Few service offerings
8. Which of the following are considered components of the Cisco Intercloud? (Choose
all that apply.)
a. Private clouds
b. Public clouds
c. Cisco Powered Partner Clouds
d. Cisco Intercloud Services
Technet24.ir
9. Which of the following is correct about Cisco Intercloud Fabric? (Choose all that
apply.)
a. It is agnostic to server virtualization technology.
b. It provides encryption only for traffic that is traversing the Internet.
c. It does not allow migration of workloads toward a private cloud.
d. It has business and provider complementary solutions.
10. Which of the following is not considered a service of Cisco Intercloud Fabric?
a. VM portability
b. Hybrid cloud management and visibility
c. Cloud networking
d. Community cloud
e. Cloud security
Foundation Topics
Public Clouds
In Chapter 2, “Cloud Shapes: Service Models,” you learned about the cloud service models
(Infrastructure as a Service, Platform as a Service, and Software as a Service), which basically
classify cloud providers according to the type of service they offer. Chapter 2 explained
cloud deployments that are intended to offer services to any user connected to the Inter-
net, citing examples such as Amazon Web Services, Microsoft Azure, Google, and Cisco 3
WebEx.
According to NIST Special Publication 800-145, a public cloud is the “cloud infrastructure
provisioned for open use by the general public. It may be owned, managed, and operated
by a business, academic, or government organization, or some combination of them. It
exists on the premises of the cloud provider”.
Figure 3-1 represents a public cloud.
Public
Cloud
Internet
Figure 3-1 Public Cloud
Invoking our atmospheric metaphor, public clouds would correspond to the highest cloud
types (which are cirrocumulus, cirrus, and cirrostratus). Fittingly, they can cast a bigger area
of shadow (and, therefore, cover a higher number of users) when compared to other cloud
types (or deployment models).
A public cloud typically is deployed by a service provider with global reach and an extreme-
ly easy service engagement. This deployment model is so pervasive that some people are
even unaware that other deployment models exist. Of course, there are other possible cloud
computing implementation scenarios (private cloud, community cloud, and hybrid cloud).
For several reasons, as explained in the following sections, a large number of organizations
consider the public cloud deployment model inadequate (or even impossible) for their busi-
ness objectives and thus have adopted one of the other cloud deployment models.
Technet24.ir
Risks and Challenges

Public clouds perfectly embodied the advantages of cloud computing during its late-2000s
hype. But paradoxically, the broad exposure of public clouds has discouraged some compa-
nies from seizing these benefits due to many risks that are intrinsic to the deployment model.
To better explain such risks (and operational challenges), allow me to propose a role-playing
game for you: in the next three sections, you will be the Chief Information Officer (CIO) of
a fast-growing company that is on the verge of adopting cloud services to increase IT agility.
To safely promote the cloud revolution in the organization, you decided to hire a consult-
ing firm to accurately assess the risks involved with embracing a public cloud. An experi-
enced consultant from the firm is ready to present his assessment to your team through
three distinct categories: security, control, and cost risks.
Security
Probably the most visceral reaction toward public clouds comes from potential consumers
who are worried about the inherent vulnerabilities of such environments. As CIO, you are
all too aware of this preoccupation because many company systems have suffered attacks
during the last year, making security the highest priority in IT in the current fiscal period.
The company CEO has put it in blunt terms: “I do not want to lose more money due to lack
of preparation against these hacker punks!”
Aware of this situation, the consultant presents the slide depicted in Figure 3-2 to your
team to outline the security risks and challenges that your company may encounter if it
decides to use public cloud services.
Public
Cloud
Your Company Account or Traffic Data Breaches
Hijacking
Shadow
IT Malicious
Insiders
End User
Cloud Portal
Insecure Interfaces Data Loss
Figure 3-2 Public Cloud Security Challenges
Table 3-2 summarizes the risks explained by the consultant.
Table 3-2 Public Cloud Security Risks

Risk Description
Data loss In the case of an outage or major hardware failure in the cloud deployment, cor-
porate data may be completely lost.
Data Sensitive company data may be accessed within the cloud provider or via Inter-
breaches net attacks.
Malicious Although they deploy highly automated environments, cloud providers still have
insiders to rely on employees, who are subject to human motivations and malfeasances.
Risk Description
Insecure Because a public cloud portal must be exposed via the Internet, common
interfaces attacks to standard protocols and languages may disrupt cloud services and dis-
close confidential data, including cloud user accounts and passwords.
Account A cloud user account and password can be obtained through traffic analysis or
or traffic social engineering. Unfortunately, many companies lack security policies and
hijacking enforcement regarding the sharing of critical information among employees.
Shadow IT If employees from your company deploy resources in a cloud without knowl- 3
edge of the IT department, confidential data may be wrongly stored in a public
space and business applications may not receive the appropriate service level.
After describing each risk, the consultant mentions that many public cloud providers have
already addressed some or all of these issues (using localization services, automated data
backup, and encryption for data in rest and in motion). Nevertheless, he points out that it is
your responsibility to question these providers and analyze their security tools before mak-
ing any decision.
Control
Through the increasingly thicker fog of discomfort in the room, the consultant continues
his presentation by explaining that the adoption of public cloud services may also incur
resource control risks when compared to traditional IT management. These risks are dis-
played in Figure 3-3, another slide from the consultant’s presentation.
Public
End-to-End Cloud
Management
Your Company
Performance
Monitoring
Service
End User Admission
Cloud Portal
Elasticity Control Data Location
Figure 3-3 Public Cloud Control Challenges
According to the consultant, you should be aware of the control challenges listed and
described in Table 3-3.
Table 3-3 Public Cloud Control Challenges

Data location Due to compliance issues or national security, some kinds of data must not
be stored in data center facilities located within allowed countries.
Elasticity The ease of provisioning in a cloud may encourage indiscriminate use of pub-
control lic cloud services, where resources can be inefficiently scaled up and, conse-
quently, generate exaggerated costs.
Technet24.ir
Service An administrative account may issue requests for specific public cloud ser-
admission vices that are not authorized by the company IT department.
Performance It does not matter if cloud resources are correctly provisioned if business-
monitoring related applications are not working according to a predefined service-level
agreement with a cloud provider.
End-to-End With many different lines of business (LoBs) and departments from your
management company generating requests for public cloud resources, it may be very easy
for your IT department to lose track of the overall use of the public clouds of
choice.
Again, the consultant mentions that many public cloud providers have developed tools, and
even other services, to address these challenges, including choice of region, elasticity limits,
role-based access control policies, application performance dashboards, as well as integra-
tion with traditional management systems.
Cost
The consultant next explains that the lack of control invariably leads to excessive expenses,
as he summarizes in the slide shown in Figure 3-4. Table 3-4 further describes the risks
depicted in Figure 3-4.
Business focus Public Cloud

Service
Proliferation
Your Company Cost modeling
and forecasting
End User Cloud Portal
Hidden Costs
Loss of Revenue
Figure 3-4 Public Cloud Cost Risks
Table 3-4 Public Cloud Cost Risks

Risk Description
Hidden costs Although most cloud providers are fairly explicit about their charges, many
users do not pay attention to clauses that are not directly linked to the desired
service, such as amount of bandwidth used and decommission costs.
Service Without proper control of deployed resources, a company may inadvertently
proliferation allow sprawl of cloud services that are barely used (but properly charged).
Risk Description
Loss of Poor application performance or outages can cause loss of revenue for orga-
revenue nizations deploying critical business applications in public clouds. And worse,
such problems may irreparably damage the company image to its customers.
Cost model- Many organizations keep track of their IT resource requirements and, con-
ing and fore- sequently, can produce accurate forecasts of their needs for the near future.
casting However, some public cloud providers do not have tools that allow the correct
calculation of future costs according to this data.
3
Business CIOs obviously want public cloud services that align well with their company
focus business objectives. Notwithstanding, some CIOs are so eager to adopt these ser-
vices that they dismiss simple cost-benefit analyses in favor of “fashion IT.” Conse-
quently, although the original motivation to use public cloud resources may be to
reduce acquisition costs, they may result in excessive costs for the organization.
Sensing the overwhelming anxiety filling the room after his presentation, the consultant
adds that many cloud providers are fully aware of these risks and have deployed counter-
measures for each one of them, such as credit-based charging, stricter SLAs, cost forecast
tools, and customized services.
Finally, he proposes a serious study about other deployment services that may be consid-
ered more adequate for your company’s strategic objectives.
NOTE You can find more details about risks and threats associated with cloud computing
in https://cloudsecurityalliance.org/group/top-threats/.
Private Clouds
Most of the public cloud risks and challenges discussed in the previous section are fully
addressed via private clouds. According to NIST SP 800-145, this cloud deployment model
is defined as one in which “the cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units).” Consequently,
using the atmospheric cloud comparison, private clouds would correspond to low clouds
such as cumulus, stratus, cumulonimbus, and stratocumulus (which cast a smaller shadow
over the earth’s surface).
The primary purpose behind a private cloud is to completely isolate the cloud components
from other organizations, empowering a company to consume cloud services with superior
security, tighter control, and more manageable costs.
Figure 3-5 represents a private cloud providing services to its lone consumer organization.
Private Cloud Organization
Network
Figure 3-5 Private Cloud

Technet24.ir
As Figure 3-5 depicts, private cloud resources simply are not available for public use. In
general, the employees of the served organization receive (or reuse) credentials to request
cloud resources. And, of course, these services are provided according to the essential cloud
characteristics (on-demand self-service, elasticity, resource pooling, broad network access,
and metering) that were extensively discussed in Chapter 1, “What Is Cloud Computing?”
The large majority of organizations that deploy a private cloud designate internal employees
to design, build, and support the company’s private cloud. Therefore, the private cloud is
usually (but not always) implemented on premises, meaning in a location that belongs to
the corporation. Unfortunately, as I have witnessed many times, such projects may eventual-
ly become overwhelming to an already overloaded IT department. And, as you have learned
in Chapter 2, a cloud computing implementation demands a certain level of service provider
competence that many organizations may simply lack.
Hence, alternatively, a private cloud consumer may hire a third-party company to fully
manage the cloud deployment. Moreover, a private cloud does not have to be provisioned
within a facility owned by the organization. In fact, as the NIST definition of private cloud
states, it “may be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.” What really differentiates a pri-
vate cloud from other deployment models in NIST’s definition is that the private cloud is
restricted to use by a single corporation.
Interestingly, Amazon Web Services and other public cloud providers can deploy a service
called Virtual Private Cloud (VPC), which emulates a private cloud within a public cloud
environment. Commonly used in IaaS, a VPC isolates resources for a cloud tenant from
other users through a private IP subnet and a network segment.
VPCs may potentially entail the security, control, and cost risks that a private cloud project
is primarily trying to avoid. In summation, the decision to use a VPC (rather than a proper
private cloud) depends on the hardware and software isolation services the public provider
can offer, which will dictate how secure, manageable, and cost-effective this virtual con-
struct actually is.
But as Thomas Aquinas has presumably said, every choice is a renunciation. Likewise, an
organization must accept a compromise when it opts for the safeness of a private cloud
instead of the flexibility of the public cloud.
In a nutshell, the following public cloud benefits may be lessened (or even eliminated) in
private cloud deployments:
■ Broad network access: To achieve the highest level of network isolation, an organization
usually deploys private connections between internal users and private cloud resources.
Depending on how much such resources scale, this private connection may quickly
become a bottleneck.
■ OPEX model: In most private cloud projects, all resources must be acquired before the
cloud can be used, reinstating the CAPEX model in this deployment model.
■ Elasticity: The CAPEX model inherently defines an upper limit for scalability of private
cloud resources. Consequently, whoever is managing the private cloud must maintain
systematic monitoring of the resource usage in the infrastructure.
Currently, there are many private cloud offerings available in the market, some of the most
popular of which are as follows:
■ Cisco ONE Enterprise Cloud Suite

■ Microsoft Windows Azure Pack
■ VMware vCloud Suite
■ OpenStack (open source)
3
NOTE Both the Cisco ONE Enterprise Cloud Suite and OpenStack architectures will be
discussed in more detail in Chapter 4, “Behind the Curtain.”
Community Clouds
For organizations that depend on a high degree of collaboration with other organizations, a
private cloud may simply be too restrictive; after all, only one organization can access it. On
the other end of the spectrum, public clouds may not provide an acceptable level of isola-
tion from entities outside of the collaborators’ circle of trust.
To establish a middle ground between private and public clouds, another cloud deployment
model was created. Thus, as defined in NIST SP 800-145, a community cloud corresponds
to one in which “the cloud infrastructure is provisioned for exclusive use by a specific com-
munity of consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations).”
Because they are “lower” than public clouds and “higher” than private clouds, commu-
nity clouds can be related to mid-level clouds (altostratus, altocumulus, and nimbostratus)
according to the weather classification system. Figure 3-6 graphically represents the com-
munity cloud deployment model.
Organization 1
Community
Cloud
Organization 4 Organization 2
Organization 3
Figure 3-6 Community Cloud

Technet24.ir
Working as a more inclusive private cloud, a community cloud may be owned, managed,
and operated by one or more of the member organizations or by an external party. Further-
more, a community cloud may be hosted within one organization from the community or
on an off-premises site. As with NIST’s definition of a private cloud, the important point
that differentiates a community cloud is who can access the cloud deployment, not how or
where it is deployed.
Regulatory compliance standards are considered one of the most powerful motivations for
building community clouds. Such standards ultimately require the adherence of an organiza-
tion to laws, regulations, guidelines, and specifications that are important for its industry
and whose violations may result in legal consequences or dismissal from a community.
To further illustrate this concept, Table 3-5 lists and describes some common examples of
regulatory compliance standards.
Table 3-5 Examples of Regulatory Compliance Standards

Standard Description
Payment Card Indus- Compliance rules that apply specifically to organizations that handle
try Data Security Stan- credit cards. In essence, PCI DSS was conceived to protect customer
dard (PCI DSS) data in an attempt to reduce credit card fraud.
Health Insurance Por- Among other topics, HIPAA orders the establishment of national
tability and Account- standards for electronic transactions and national identifiers for health
ability Act (HIPAA) care providers, health insurance plans, and employer organizations.
Federal Information United States federal law that acknowledges the importance of infor-
Security Management mation security to the economic and national security interests of the
Act (FISMA) country.
Sarbanes-Oxley Act Named after sponsor senators Paul Sarbanes and Michael G. Oxley,
(SOX) this United States federal law establishes a set of additional require-
ments for public company boards, management, and public account-
ing firms. In effect, it covers responsibilities of board of directors
from a public organization and defines criminal penalties for out-of-
compliance operations.
Basel Accords Banking supervision recommendations on regulations that were
issued by the Basel Committee on Banking Supervision (BCBS).
Federal Risk and U.S. government-wide program that provides a standardized approach
Authorization Man- to security assessment, authorization, and continuous monitoring for
agement Program cloud products and services. Starting in 2012, FedRAMP began to
(FedRAMP) provide guidance to government and corporate organizations with
the objective to reduce duplicate efforts, increase efficiencies, and
remove security inconsistencies between government agencies.
Most of these standards require periodic auditing reviews from independent parties to
verify the organization’s compliance. Several of them have repercussions pertaining to IT
systems and how data is managed, so cloud environments and their risks are also taken into
account in such reviews.
Because some of these standards simply rule out the use of public cloud services for their
business applications and data, some cloud providers have developed community clouds
that fully comply with specific regulations. Examples include community cloud implemen-
tations such as AWS GovCloud, Capital Markets Community Platform (NYSE), and Health-
care Community Cloud (Carpathia).
Hybrid Clouds
As described in the prior section, community clouds are suitable to a relatively small num-
ber of companies from industries represented by common interests and compliance stan- 3
dards. For a while, that left all other organizations interested in cloud computing to contem-
plate the choice between a private cloud and a public cloud, as outlined in Table 3-6.
Table 3-6 Private and Public Clouds Compared

Service Model Advantages Disadvantages
Public cloud ■ OPEX model ■ Shared resources
■ Scale ■ Less secure
■ Highly accessible ■ Weaker control
Private cloud ■ Dedicated hardware ■ CAPEX model
■ More secure ■ Less scalable
■ Customizable ■ Standardized
But what if an organization did not have to choose? Such inquiry inspired the creation of
yet another cloud deployment model, a more flexible and all-embracing archetype called
hybrid cloud.
Figure 3-7 depicts an example of such a model. In this hybrid cloud implementation, a pri-
vate cloud is securely connected to a public cloud, with both of them simultaneously pro-
viding services to the same organization.
Public
Private Cloud
Organization
Cloud
ection
Secure Conn
Figure 3-7 Hybrid Cloud Example
Using NIST’s more formal definition, a hybrid cloud infrastructure represents “a composi-
tion of two or more distinct cloud infrastructures (private, community, or public) that
remain unique entities, but are bound together by standardized or proprietary technology
that enables data and application portability (e.g., cloud bursting for load balancing between
clouds).” As a direct consequence, hybrid cloud deployments are not restricted to private-
public bindings, allowing all other possible combinations (private-private, private-community,
community-public, and so forth).

CCNA Cloud

Uploaded by

Copyright:

Available Formats

CCNA Cloud

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Cloud

Uploaded by

Copyright:

Available Formats

CCNA

GUSTAVO A. A. SANTANA, CCIE No. 8806

CCNA Cloud CLDFND 210-451

Copyright© 2016 Pearson Education, Inc.

Printed in the United States of America

First Printing April 2016

Library of Congress Control Number: 2015957536

Warning and Disclaimer

Publisher: Paul Boger Associate Publisher: Dave Dusthimer

Managing Editor: Sandra Schroeder Development Editor: Ellie Bru

Project Editor: Mandie Frank Copy Editor: Bill McManus

Designer: Mark Shirar Composition: Trina Wurst

Senior Indexer: Cheryl Lenser Proofreader: The Wordsmithery LLC

For government sales inquiries, please contact [email protected].

We greatly appreciate your assistance.

About the Author

About the Technical Reviewers

Part I Cloud Concepts

Chapter 2 Cloud Shapes: Service Models 29

Part II Cloud Deployments

Part III Server Virtualization for Cloud

Chapter 6 Infrastructure Virtualization 149

Chapter 7 Virtual Networking Services and Application Containers 187

Part IV Cloud Storage

Chapter 9 File Storage Technologies 265

Part V Architectures for Cloud

Chapter 12 Unified Computing 407

Chapter 13 Cisco Cloud Infrastructure Portfolio 457

Chapter 14 Integrated Infrastructures 493

Chapter 15 Final Preparation 517

Appendix A Answers to Pre-Assessments and Quizzes 539

Appendix B Memory Tables 543

Appendix C Answers to Memory Tables 561

Appendix D Study Planner CD

Chapter 2 Cloud Shapes: Service Models 29

Exam Preparation Tasks 54

Part II Cloud Deployments

Chapter 4 Behind the Curtain 87

Part III Server Virtualization for Cloud

Cloud Computing and Server Virtualization 142

Chapter 6 Infrastructure Virtualization 149

Chapter 7 Virtual Networking Services and Application Containers 187

Virtual Services Data Path 192

Part IV Cloud Storage

Zoning and VSANs 254

Chapter 9 File Storage Technologies 265

File Hosting 294

Deploying I/O Consolidation 343

Around the Corner: OpenStack Neutron 399

Chapter 12 Unified Computing 407

Chapter 13 Cisco Cloud Infrastructure Portfolio 457

Chapter 14 Integrated Infrastructures 493

Around the Corner: Hyperconvergence 510

Chapter 15 Final Preparation 517

Appendix A Answers to Pre-Assessments and Quizzes 539

Appendix B Memory Tables 543

Appendix C Answers to Memory Tables 561

Appendix D Study Planner CD

Icons Used in This Book

Branch Office Employee/ End User Running Network Clouds