Seeing How You Can Service Your Cloud Network

     

 Services and apps that float among the cloud are similar in many ways to the services and apps that remain grounded in your on-premises infrastructure. Take cloud-based web apps and directory services, for example. Many will use the same ports and protocols that are used by their on-premise counterparts. Management tools, whether CSP-based, third-party or those built by your IT team, will also utilize port and protocol requirements.

If you decide to make the jump from the ground to the cloud, you will need to review your ports to determine what needs to be based in the cloud and what needs to remain housed on your own infrastructure. Take a close look at what needs internet access, in order to communicate with outside services or apps, and what type of access is required from inside the cloud.

Once you narrow it down, you can configure firewalls and set the necessary filters to ensure your cloud network will remain secure. As you work to deploy your cloud network, make sure you consult the following resources:

  • App and service configuration guides to identify the necessary ports and protocols each one uses.
  • CSP security and deployment guides or white papers to locate the ports and protocols you need to access cloud services such as websites, databases, directory services and so on.
  • Third-party deployment guides that are similar to the cloud network you are implementing.
  • Your own (yes, your own) documentation to reference your firewall, routing, and other related information that could help you understand your own port and protocol usage. It will be tough to implement a successful cloud deployment if you have no idea from where you are jumping.
  • If the fates forbid you from uncovering what ports and protocols are used by a legacy application that you want moved to the cloud, you might want to gather some helpful tools such as a port scanner or protocol analyzer to unlock the guarded secrets of your predecessors.

Before launching any cloud network, take a look through all your apps and services to ensure all ports and protocols are toeing the line.

Share This:    Facebook Twitter Google+ Stumble Digg

Peek in to Prep Your Cloud Network’s Ports and Protocol

     

 One of the key steps you need to take to secure your cloud network is drilling down into the nitty gritty to uncover what people, services and technologies need access to the network. Ports are an essential part of your cloud network. The port is the endpoint of your connection.

Users connect to the cloud network through a designation port. All ports are assigned a number ranging from 0 to 65,535. The Internet Assigned Numbers Authority (IANA) separates port numbers into three ports, based on their numbers. TCP and UDP ports are assigned based on these ranges. Hackers commonly go after well-known ports but have been known to target open registered or dynamic ports, as well.

The three ports are:

  • Well-known Ports
    Pre-assigned to system processes by IANA, these include 0 to 1,023 and are most prone to attacks.
  • Registered Ports
    Available to user processes and listed by IANA, these registered ports go from 1,024 to 49,15 and are known to be too system-specific for direct target by hackers. However, hackers sometimes scan for open ports in this range. Don’t turn your back, but you can avert your gaze occasionally.
  • Dynamic or Private Ports
    Assigned by a client operating system as needed, these are the ports numbered from 49,152 to 65,535. Dynamic ports are constantly changing (hence, the name dynamic), so it is difficult to directly target numbers. But again, hackers have been known to scan for open ports. As far as watching for hackers is concerned, maybe you can turn your back on dynamic or private ports, but not for too long!
Alt: A summary of the three types of cloud network ports: 1) Well-known ports: preassigned to system processes by IANA 2) Registered ports: available to user processes and listed by IANA 3) Dynamic ports: assigned by a client operating system as needed

So, what are these ports used for? Here is a list of some of the most common default network ports used in the tech world:

  • 21 FTP (File Transfer Protocol)
  • 22 SSH (Secure Shell)
  • 25 SMTP (Simple Mail Transfer Protocol)
  • 53 DNS (Domain Name System)
  • 80 HTTP (Hypertext Transfer Protocol)
  • 110 POP3 (Post Office Protocol)
  • 139 NetBIOS Session Service
  • 143 IMAP (Internet Message Access Protocol)
  • 443 HTTPS (Hypertext Transfer Protocol Secure)
  • 3389 RDP (Remote Desktop Protocol)
Share This:    Facebook Twitter Google+ Stumble Digg

Surveying Network Configuration Options

     

 If you want to make use of a virtual network, you must also configure the following components:

  • Subnets
    Subnets are a required part of a virtual network. You need TCP/IP subnets, which will designate addresses that are used on that network. Public and private address ranges are often used. When that’s not possible, addresses are often assigned by CSPs. Virtual networks can be segmented into one or more subnets.
  • Routers or Routing Tables
    For any network, you must configure routers or routing tables on any virtual machine connected to the network so that packets can be routed appropriately.
  • DNS
    DNS server addresses must be provided, either assigned by you or your CSP.
  • CSP Region or Zones
    Virtual networks operating in different CSP regions must be specified. Doing so will also allow you to connect virtual networks in different regions. If needed, you can configure isolation between regions as well.
  • Traffic Filters
    Configuring your traffic filters to the specifications of your security protocols will only allow approved traffic to pass through your network. Filters can be applied at NIC in virtual machines, to a subnet or to a cloud service. When necessary, you will do this with a network virtual appliance.
Share This:    Facebook Twitter Google+ Stumble Digg

Glancing at the Building Blocks of Your Cloud Network

     

 As a cloud administrator or cloud computing engineer, your ability to create a virtual network will typically be reliant on virtual machine software or a cloud network provided by a CSP. Virtual machine software allows cloud administrators to designate and configure virtual network parameters associated with a host’s physical Network Interface Card (NIC). When you configure multiple hosts to operate using the same parameters, you are adding those hosts to the virtual network. Virtual networks must have the following components:

  • Virtual Switch
    Virtual switches give you the capability to create segments on your network and connect those components together. You can connect one or more virtual machines to a virtual switch.
  • Virtual Bridge
    This component allows you to connect virtual machines to the LAN used by the host computer. The virtual bridge connects the network adapter on the virtual machine to the physical NIC on the host computer. Multiple virtual bridges can be configured to connect to multiple physical NICs.
  • Virtual Host Adapter
    The adapter makes it possible for your virtual machines to communicate with the host. Virtual host adapters are common in host-only and Network Address Translation (NAT) configurations. These cannot connect to an external network without a proxy server.
  • NAT Service
    NAT services allow multiple devices within your cloud network to connect to the internet.
  • DHCP Server
    The DHCP server allocates IP addresses to virtual machines and hosts. This applies to host-only and NAT configurations.
  • Ethernet Adapter
    This is a physical network adapter installed on hosts that connect to the network.

Many CSPs provide cloud services that make it easier to configure virtual networks and cloud networks. With cloud networks, you configure your virtual network and add your resources to them, rather than configuring them at the virtual machine level. Cloud networks also typically offer capabilities to simplify monitoring, management, connections and security.


Share This:    Facebook Twitter Google+ Stumble Digg

What Is a Virtual Network?

     

 Virtual networks can be thought of as separate networks within a larger network. Administrators can create a separate network segment consisting of a range of subnets (or a single subnet) and control traffic that flows through the cloud network. Depending on your business needs, you can implement your network using cloud technology from a cloud service provider (CSP).

The key difference for cloud administrators and architects when it comes to designing cloud networking solutions is the amount of control needed to have over the hardware. When you implement cloud networking with a CSP, you have little control over — and likely little knowledge about — the design of the CSP’s network. Because of this limitation, virtual networks are often the go-to choice when you want to provide secure network isolation.

With a cloud solution, these virtual networks are known as VNets or Virtual Private Clouds (VPC). These act as a representation of a network in the cloud, giving you a cloud network.

Virtual networks provide the following benefits:

A table showing the six benefits of virtual networks: isolation, internet connectivity, connection to other cloud services, connection to other virtual networks, connection to on-premises infrastructure and traffic filtering.
  • Isolation
    You can keep networks isolated from one another to ensure security and for purposes of development, quality assurance and deployment of cloud networks.
  • Internet Connectivity
    Each virtual network can be configured to access or deny access to the internet, or to limit access to specific destinations on the internet if needed.
  • Connection to Other Cloud Services
    Virtual networks often need a connection to CSP services. This allows the network to utilize services offered by the CSP. Providers typically allow for configuration of routing tables, domain name resolution, firewall and related items to manage the connections to your virtual networks.
  • Connection to Other Virtual Networks
    This allows you to interconnect your virtual networks when necessary while maintaining control over connections.
  • Connection to On-Premises Infrastructure
    Part of the flexibility of a virtual network is the ability to control connections. You can connect your virtual network to on-premises systems. Often this type of configuration is for end users to access a secure private cloud network or done as part of a hybrid cloud implementation.
  • Traffic Filtering
    Most secure connections involve filtering. Normally, this involves filtering items by source IP address and port, destination IP address and port, and particular protocol. This gives cloud computing engineers increased control over the communications occurring on your network.
Share This:    Facebook Twitter Google+ Stumble Digg

Cloud Computing Jobs and Careers

     

 With a technology as far-reaching as cloud computing comes a wide range of jobs that require up-to-date cloud skills. While some of the roles are new positions that focus primarily on cloud usage, most are existing roles that need to add cloud expertise to ongoing responsibilities.

These roles include:

  • Server Administrator: One of the most common IT roles, the responsibilities of a server administrator include overall management of physical servers, virtual servers and business systems. This role might also be labeled systems administrator in some companies, and while the exact scope may differ between roles, the general concept is similar. Obviously in today’s environment, individuals in this role need a solid working knowledge of cloud computing systems as they determine which platform is best for each application and manage the entire architecture.
  • Cloud Architect: Mostly seen in large companies with extensive needs, cloud architect is a newer role that focuses specifically on cloud resources and less on a traditional server room. Typical tasks might include cloud vendor analysis, private cloud construction and cloud orchestration. As more IT architectures become combinations of cloud resources and on-premises resources, this role may fade in favor of the more general systems administrator or systems architect.
  • Software Developer: Some of the greatest disruption caused by cloud computing has been in the software development space, with barriers to entry being removed and workflow changing drastically thanks to new capabilities. The increased demand for software is driving granularity in software positions. Some of the more popular job titles are front-end developer, full stack developer and DevOps engineer.
  • Data Scientist: Along with an understanding of new data tools and corporate data structures, data scientists must have expertise with cloud systems since cloud resources are practically a requirement for modern data processing and analysis. The first step is leveraging various storage options to create a comprehensive data repository. From there, data scientists typically employ cloud software, especially tools from the catalog of major public cloud providers.
Share This:    Facebook Twitter Google+ Stumble Digg

Types of Cloud Computing Applications (Part-2)

     

The three primary cloud deployment models as said in my previous post are mentioned below.

Public Cloud

Although many people apply the label cloud computing to any third-party resource, a true instance of public cloud will use a software layer to ensure elasticity and measured self-service, rather than simply taking over the manual work involved in standing up IT systems.

Private Cloud

Companies can build private clouds using their own IT infrastructure. Once again, the differences between a standard server room and a true private cloud are the unique cloud computing characteristics, and these can be added with a layer of software that a company might build themselves or purchase from a vendor.

Hybrid Cloud

Hybrid cloud typically refers to a single application, which may be configured across both public cloud resources and a private cloud, using external resources if the workload becomes too great to be handled internally. Multi-cloud is a similar term that typically refers to an overall architectural approach, where different applications reside on a public cloud model or a private cloud model depending on the requirements, and the entire architecture must be optimized and managed.

For a technology as transformative as cloud computing, companies will go through stages of adoption:

  • The experiment phase is primarily about exploration and education.
  • When an organization is ready to take the first step, the non-critical use stage is where they will migrate one of their peripheral systems to the cloud to learn about cloud operations and integration.
  • Once they are comfortable understanding the pros and cons, they will move to the full production stage, where they will evaluate each one of their systems to determine where it should be placed in a multi-cloud architecture.
  • Finally, they reach the transformed IT stage, where they have not simply migrated legacy applications but have rebuilt pieces as needed to take full advantage of cloud computing capabilities.
Share This:    Facebook Twitter Google+ Stumble Digg
Subscribe to: Posts (Atom)