3 1 5 Secure networking in Cloud

Cognitive Class
26 Mar 202004:17

Summary

TLDRThe script discusses the importance of secure cloud networking as digital data grows. It explains that building a cloud network is similar to on-premises deployment but uses virtual networking elements. It highlights defining network size, deploying in logically separated VPCs and subnets, and implementing security through ACLs and Security Groups. The script also mentions the use of public gateways for internet access, VPNs for secure connections, and load balancers for application responsiveness. It concludes by mentioning the role of cloud networks in securing environments and ensuring high-performing applications.

Takeaways

  • ๐ŸŒ **Cloud Adoption & Cybersecurity**: As cloud environments become more prevalent, ensuring cybersecurity is critical.
  • ๐Ÿ”Œ **Cloud Networking Similarities**: Building a cloud network is akin to deploying an on-premises network, but with logical rather than physical devices.
  • ๐Ÿ“ˆ **Virtual Networking Elements**: Elements like Network Interface Controllers (NICs) are virtualized in the cloud (vNICs).
  • ๐Ÿญ **Networking as a Service**: Cloud networking functions are delivered as services rather than physical devices.
  • ๐Ÿ“ **Defining Cloud Network Size**: Start by defining the IP address range to establish the network boundaries.
  • ๐Ÿ˜๏ธ **Cloud Networks & VPCs**: Cloud networks are deployed in Virtual Private Clouds (VPCs), which can be segmented into subnets.
  • ๐Ÿ”’ **Private & Scalable Networks**: Logically segmented networks offer private cloud security with public cloud scalability.
  • ๐Ÿ›ก๏ธ **Security Implementation**: Security in the cloud is implemented at the subnet level, primarily through Access Control Lists (ACLS).
  • ๐Ÿ‘ฅ **Security Groups**: Security Groups provide instance-level security, such as for Virtual Server Instances (VSIs).
  • ๐ŸŒ **Internet Access for VSIs**: Web-facing VSIs require Internet access, facilitated by a public Gateway instance.
  • ๐Ÿ”— **VPNs for Secure Connectivity**: Enterprises use VPNs to securely connect on-premises resources to the cloud.
  • ๐Ÿ”„ **Load Balancers for Responsiveness**: Load Balancers ensure applications remain responsive by managing bandwidth availability.
  • ๐Ÿš€ **Dedicated Connections**: High-speed, dedicated connections are preferred for secure and efficient hybrid cloud environments.
  • ๐Ÿ› ๏ธ **Logical Constructs for Networking**: Building a cloud network involves creating logical constructs that mimic data center networks for security and performance.

Q & A

  • What is the primary difference between building a cloud network and deploying a network in an on-premises data center?

    -The primary difference is that in the cloud, logical instances of networking elements such as vNICs are used instead of physical devices, and networking functions are delivered as a service rather than in the form of rack-mounted devices.

  • What is the role of Virtual Private Cloud (VPC) in cloud networking?

    -VPC is used to create logically separated segments of the network, providing customers with the security of private clouds and the scalability of public clouds.

  • How do subnets function within a cloud network?

    -Subnets are smaller segments within a VPC where cloud resources such as VMs, storage, and load balancers are deployed. They allow the use of multi-tier concepts similar to on-premises environments and are the main area where security is implemented.

  • What is the purpose of Access Control Lists (ACLs) in cloud subnets?

    -ACLs serve as a subnet-level firewall, protecting each subnet by controlling access to and from the network.

  • What is a Security Group in the context of cloud networking?

    -Security Groups provide security at the instance level, such as Virtual Server Instances (VSIs), allowing for fine-grained access control to specific resources within a subnet.

  • How are VSIs organized in a three-tier application architecture within cloud subnets?

    -In a three-tier application, web access VSIs are placed in one Security Group, application tier VSIs in a second, and backend database VSIs in a third, ensuring logical separation and security for each layer.

  • Why is a public Gateway instance added to the network?

    -A public Gateway instance is added to enable users' access to the application over the internet, specifically for the internet-facing tier of a cloud-based application.

  • How do enterprises extend their on-premises resources to the cloud securely?

    -Enterprises use Virtual Private Networks (VPNs) to securely connect their on-premises resources to the cloud, ensuring private and controlled access.

  • What is the advantage of using Load Balancers in a cloud network?

    -Load Balancers ensure the availability of bandwidth for different applications, helping to maintain application responsiveness and performance.

  • Why might enterprises prefer dedicated high-speed connections over public connectivity solutions?

    -Dedicated high-speed connections, such as those offered by IBM Cloud's Direct Link, provide a more secure and efficient way to connect on-premises resources to the cloud compared to public connectivity solutions.

  • What does building a cloud network entail?

    -Building a cloud network entails creating a set of logical constructs that deliver networking functionality akin to data center networks, ensuring secure and high-performing business applications.

Outlines

00:00

๐ŸŒ Building Secure Cloud Networks

The paragraph discusses the importance of secure cloud networking as digital data and cybersecurity threats increase. It compares cloud networks to traditional on-premises networks, highlighting the use of logical instances like vNICs instead of physical devices. The process of creating a cloud network involves defining the IP address range and deploying it within a Virtual Private Cloud (VPC), which can be segmented into subnets. These subnets are private, scalable, and secure, allowing for the deployment of resources like VMs, storage, and load balancers. Security is implemented at the subnet level with Access Control Lists (ACLS) and instance level with Security Groups. The paragraph also touches on the use of public gateways for internet access and VPNs for secure connections to on-premises resources. It concludes by mentioning the necessity of load balancers for application responsiveness and the benefits of dedicated high-speed connections for hybrid cloud environments.

Mindmap

Keywords

๐Ÿ’กCloud Environments

Cloud environments refer to the infrastructure and platforms that provide computing resources over the internet. They are crucial for the video's theme as they are the foundation for building secure networks. The script mentions the adoption of cloud environments is increasing, which necessitates the focus on cybersecurity and secure network building.

๐Ÿ’กCybersecurity Threats

Cybersecurity threats are potential vulnerabilities or malicious activities that can compromise the security of digital systems. In the context of the video, these threats are a driving factor for building secure cloud networks, as the rapid increase in digital data makes it imperative to protect against unauthorized access and data breaches.

๐Ÿ’กLogical Instances

Logical instances in cloud computing represent virtual components that perform the same functions as their physical counterparts. The video script highlights the shift from physical devices to logical instances like vNICs (virtual Network Interface Controllers) as a key aspect of cloud networking.

๐Ÿ’กNetworking as a Service

Networking as a Service (NaaS) is a cloud computing model where networking functions are provided over the internet. The video emphasizes that in the cloud, services like NaaS replace traditional physical networking devices, making it easier to scale and manage networks dynamically.

๐Ÿ’กVirtual Private Cloud (VPC)

A Virtual Private Cloud is a private, isolated section of a public cloud infrastructure. The script explains that VPCs are used to create logically separated segments within cloud networks, offering a secure environment for deploying applications and resources.

๐Ÿ’กSubnets

Subnets are smaller divisions within a VPC, used to organize and isolate network traffic. They are essential for implementing security and organizing resources in cloud environments. The video script describes how subnets allow deploying enterprise applications using multi-tier concepts similar to on-premises setups.

๐Ÿ’กAccess Control Lists (ACLs)

Access Control Lists are sets of rules that allow or deny network traffic based on source/destination IP addresses. In the video, ACLs are mentioned as firewalls at the subnet level, protecting each subnet by controlling the traffic that can enter or leave it.

๐Ÿ’กSecurity Groups

Security Groups in cloud computing are a set of instances that define what traffic is allowed to communicate with them. The script uses Security Groups as an example of how to provide instance-level security, segregating different types of VSIs into different groups for more granular control.

๐Ÿ’กVirtual Server Instances (VSIs)

Virtual Server Instances are virtual machines that provide server functionality in a cloud environment. The video script discusses deploying VSIs into subnets as part of building a secure cloud network, emphasizing the need to organize them into Security Groups for enhanced security.

๐Ÿ’กPublic Gateway

A Public Gateway is a component that allows internet access to resources within a cloud network. The video script mentions adding a public Gateway instance to enable users' access to web-facing applications, highlighting its role in connecting cloud resources to the internet.

๐Ÿ’กVirtual Private Networks (VPNs)

Virtual Private Networks are used to create secure, encrypted connections over the internet. The script discusses the use of VPNs for securely connecting on-premises resources to cloud environments, which is essential for enterprises looking to extend their networks into the cloud.

๐Ÿ’กLoad Balancers

Load Balancers distribute network traffic across multiple servers to ensure no single server bears too much traffic, which can lead to decreased performance. The video script explains that load balancers are crucial for maintaining application responsiveness and ensuring availability of bandwidth in cloud environments.

๐Ÿ’กHybrid Cloud Environment

A Hybrid Cloud Environment combines public and private cloud resources, allowing organizations to use the best of both. The video script mentions the use of dedicated high-speed connections in hybrid cloud setups for more secure and efficient resource management compared to public connectivity solutions.

Highlights

Cloud environments and digital data are growing, making cybersecurity threats more significant.

Building secure cloud networks is crucial for protecting against cybersecurity threats.

Cloud network building is similar to deploying a network in an on-premises data center.

In the cloud, logical instances of networking elements replace physical devices.

Network Interface Controllers (NICs) become virtual NICs (vNICs) in cloud environments.

Cloud networking functions are delivered as a service rather than as physical devices.

Defining the size of the network or IP address range is the first step in creating a cloud network.

Cloud networks are deployed in Virtual Private Clouds (VPCs) for logical separation.

VPCs can be divided into smaller segments called subnets for network organization.

Logically segmented cloud networks offer the security of private clouds and the scalability of public clouds.

Cloud resources like VMs, storage, and load balancers are deployed into subnets.

Subnets allow for multi-tier enterprise application deployment similar to on-premises environments.

Security in the cloud is primarily implemented at the subnet level.

Access Control Lists (ACLS) act as firewalls at the subnet level.

Security Groups provide instance-level security, such as for Virtual Server Instances (VSIs).

For a 3-tier application, different Security Groups are used for web access, applications, and databases.

Public Gateway instances enable Internet access for web-facing VSIs.

Enterprises use Virtual Private Networks (VPNs) to securely connect on-premises resources to the cloud.

Load Balancers ensure application responsiveness by managing bandwidth availability.

Hybrid cloud environments benefit from dedicated high-speed connections for secure and efficient resource extension.

Cloud service providers like IBM Cloud offer solutions like Direct Link for extending on-premises resources to the cloud.

Building a cloud network involves creating logical constructs that deliver familiar networking functionality.

The next video will discuss Containerization technology and its importance in Cloud Native computing.

Transcripts

play00:07

As cloud environments gain greater adoption, and digital data invites rapidly increasing

play00:12

cybersecurity threats, building secure networks on the cloud is crucial.

play00:17

Letโ€™s look at how we can build a secure cloud networking presence.

play00:21

As one might expect, the notion of building a cloud network is not much different from

play00:26

deploying a network in an on-premises data center.

play00:29

The main difference stems from the fact, that in the cloud, we use logical instances of

play00:34

networking elements as opposed to physical devices.

play00:38

For example, Network Interface Controllers (NICs) would be represented by vNICs in cloud

play00:45

environments.

play00:46

In the cloud, networking functions are delivered as a service rather than in the form of rack-mounted

play00:51

devices.

play00:52

To create a network in the cloud, one starts by defining the size of the network, or the

play00:57

IP address range that establishes the boundaries or the cloud network.

play01:03

Cloud networks are deployed in networking spaces that are logically separated segments

play01:07

of the networks using options, including Virtual private Cloud (VPC) that in turn can be divided

play01:15

into smaller segments called subnets.

play01:19

Logically segmented cloud networks are private carveout of the cloud that offer customers

play01:24

the security of private clouds and the scalability of public clouds.

play01:29

Cloud resources, such as VMs or Virtual Server Instances (VSIs), Storage, network connectivity

play01:36

and load balancers are deployed into subnets.

play01:40

Using subnets allows users to deploy enterprise applications using the same multi-tier concepts

play01:46

used in on-premises environments.

play01:50

Subnets are also the main area where security is implemented in the cloud.

play01:54

Every subnet is protected by Access Control Lists (ACLS) that serve as a subnet-level

play02:00

fire wall.

play02:01

Within the subnet, one could create Security Groups that provide security at the instance

play02:06

level such as VSIs.

play02:09

Once you build a subnet, then it is time to add some VSIs and storage to it so that you

play02:15

could run your applications.

play02:17

Letโ€™s say you have a 3-tier application that require web access VSIs, applications

play02:23

tier VSIs and backend database VSIs.

play02:27

In this case, we would place the web facing VSIs into one Security Group, the Application

play02:33

VSIs in a second Security Group, while the database VSIs in a third SG.

play02:40

It goes without saying that the web-facing VISs need Internet access.

play02:45

A public Gateway instance is added to the network to enable usersโ€™ access to the application

play02:50

in the internet tier.

play02:53

While public gateways are great for Internet access to the cloud, enterprises are interested

play02:58

in extending their on-premises resources to the cloud by securely connecting them using

play03:03

Virtual Private Networks, or VPNs.

play03:06

When building many subnets and deploying several workloads, it becomes necessary to ensure

play03:12

that applications continue to be responsive.

play03:15

That is achieved with Load Balancers that ensure availability of bandwidth for the different

play03:20

applications.

play03:22

Enterprises with hybrid cloud environment find using dedicated high-speed connections

play03:26

between clouds and on-premises resources is a more secured and more efficient way than

play03:32

public connectivity solutions.

play03:34

Some cloud service providers offer such connectivity, such as IBM Cloud and its Direct Link solution

play03:41

that enables extending on-premises resources to the cloud as needed.

play03:46

Building a cloud network entails creating a set of logical constructs that deliver networking

play03:51

functionality that is akin to the data center networks that all IT professionals have come

play03:56

to rely on for securing their environments and ensuring high performing business applications.

play04:02

In the Next video weโ€™ll look at Containerization technology and why Containers have become

play04:07

a de-facto element of Cloud Native computing.

Browse More Related Video

Cloud Networking Overview (Using AWS as reference)

3 1 1 Overview of Cloud infrastructure

Day-6 | Azure Networking Basic to Advanced | Best Azure Networking explanation โœ”๏ธ

EP03- Arista software Overview

Advanced Networking - #6 ICMP [EN]

What is a Virtual Private Cloud?

Rate This
โ˜…
โ˜…
โ˜…
โ˜…
โ˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Cloud SecurityNetwork ArchitectureCyber ThreatsVirtual NetworkingPrivate CloudPublic CloudSubnetsSecurity GroupsLoad BalancersVPN ConnectionsCloud Native