📒2. Cloud Management Concepts
Last updated
Last updated
📕 Learning Objectives
Basics aspects of managing cloud resources and related tasks
Cloud access control fundamentals
Cloud shared responsibility refers to the distribution of security and management responsibilities between cloud service providers and cloud customers. Both the CSP and the customer have distinct roles and responsibilities to ensure the security, availability and proper management of the cloud environment and its resources.
The CSP will always be responsible for the physical facility and infrastructure, virtualization and cloud management plane.
The customer is always responsible for identities and subscription access.
Customer Responsibility e.g.
IaaS: Virtual machine (O.S.), Services, Workload (Application, Data, Service configuration)
PaaS: Workload (Application, Data, Service configuration)
SaaS: Customizations (Data, Service configuration, Usage, Identity, Access, Good practices & Compliance)
CSP is responsible for
Physical, Infrastructure, Platform security
Identity system security
Standards compliance
The customer is responsible for
Identity, Data, Application security (good practices)
Standards compliance
CSP responsibility
Infrastructure Resiliency, Uptime service level agreement (SLAs)
Service Availability, Disaster Recovery
Customer responsibility
Build resilient applications and integrate CSP built-in availability and resiliency
Implement data backup, replication, business continuity planning
Workload responsibility includes the tasks and considerations involved in deploying, configuring, monitoring and securing the specific applications, services and data that make up the workload.
CSP is responsible for
SaaS out-of-the-box workload failures (with no customization)
📌 Effective software lifecycle management techniques are essential.
The customer is responsible for
Workload configuration
App and Data security
Monitoring and Performance
🔗 Resource Management Models in Cloud Computing - geeksforgeeks.org
Control Plane
The cloud is controlled by the management plane, which relates to the management and control of cloud infrastructure and services.
Web-based console
REST APIs
Command line tool
Data Plane
The Data plane is the cloud workload
VMs, Data, Applications, Services
A workload, a custom application, needs maintaining of its resources like code base, data and security.
Monitoring
Provided built-in cloud tools to monitor spending, performance, automated alerting & actions
Applications need monitoring
Change Management in the cloud refers to the process of effectively managing and controlling changes to cloud-based systems, services and infrastructure, by implementing procedures and policies to ensure change planning, testing, deployment and so on.
Governance is critical- relevant compliance requirements, industry regulations, and organizational policies
Documentation and tracking
RDS - Create a database (Platform service) - Templates & Settings
Connectivity & Security, Monitoring, Logs, Configuration, Maintenance
Azure PowerShell script as a template (template JSON files)
Cloud monitoring is the process of observing, gathering and analyzing data from cloud-based applications, services and resources to guarantee their overall performance, availability, security and health.
It involves the use of monitoring tools, metrics and alerts to track and assess the behavior and state of various components within the cloud environment.
Resource Monitoring
System Monitoring frameworks
Proactive Resource Management
Cloud Automation & Alerting
Cloud Identity and Access Management (IAM) refers to the set of practices, policies and tools used to manage user identities, control access to cloud resources and enforce security measures within a cloud computing environment.
management of user authentication, authorization, permissions
❗ Root user - absolute full rights on everything
Federated user - authenticated and authorized to access resources in a system or application through a trusted external identity provider.
Users, Groups, Roles, Policies
Federated Users
Policies (User, Role, Resource, Condition)
🔗 Azure AD
Users, Groups, Roles
Federated Users
🔗 AWS IAM
Users, Groups, Permissions
Federated Users
Policies grant permissions (Effect, Action, Resources, Conditions)
