Chapter 16. Cloud Computing and Client-side Virtualization
This chapter covers the following A+ 220-1001 exam objectives:
• 4.1 – Compare and contrast cloud computing concepts.
• 4.2 – Given a scenario, set up and configure client-side virtualization.
Cloud computing and virtualization in general have grown by leaps and bounds for many years. These technologies have become so popular for businesses, organizations, and home users, that they are now commonplace. You can’t spend one day without connecting to some kind of cloud-based service or virtualized system.
The cloud can be defined as the suite of hardware and software—managed by a service provider or an organization—that provides data, applications, and other resources to users, often via the Internet. Virtualization is when a simulation of something is created that behaves in the same manner as the real thing. For example, a virtual machine, which looks and behaves like a real computer and operating system. The difference?—it exists virtually, meaning within another operating system. Virtualization is used extensively in today’s networks and in the cloud. It is used to create virtual instances of servers and clients. In this chapter we’ll focus on client-side virtualization.
One chapter is not nearly enough to even scratch the surface when it comes to the cloud and virtualization. However, for the A+ exams, you need only know the basics. Let’s begin with cloud computing.
4.1 – Compare and contrast cloud computing concepts.
ExamAlert
Objective 4.1 concentrates on the following concepts: Common cloud models; shared resources; rapid elasticity; on-demand; resource pooling; measured service; metered; off-site e-mail applications; cloud file storage services; virtual application streaming/cloud-based applications; and virtual desktop.
Cloud computing can be defined as a way of offering on-demand services that extend the capabilities of a person’s computer or an organization’s network. These might be free services, such as browser-based e-mail from providers such as Yahoo! and Gmail, and personal storage from providers such as Microsoft (OneDrive); they might also be offered on a pay-per-use basis, such as services that offer data access, data storage, infrastructure, and online gaming. A network connection of some sort is required to make the connection to the “cloud” and gain access to these services in real time.
Some of the benefits cloud-based services provide for organizations include lowered costs, less administration and maintenance, more reliability, increased scalability, and possible increased performance. A basic example of a cloud-based service would be browser-based e-mail. A small business with few employees definitely needs e-mail, but it can’t afford the costs of an e-mail server and perhaps does not want to have its own hosted domain and the costs and work that go along with that. By connecting to a free browser-based service, the small business can benefit from nearly unlimited e-mail, contacts, and calendar solutions. However, with cloud computing, you lose administrative control, and there are some security concerns as well.
Common Cloud Models
Cloud computing services are generally broken down into a few categories of services, for instance:
• Software as a service (SaaS): The most commonly used and recognized of the three categories, SaaS is when users access applications over the Internet that are provided by a third party. The applications need not be installed on the local computer. In many cases, these applications are run within a web browser; in other cases, the user connects with screen-sharing programs or remote desktop programs. A common example of this is webmail such as Gmail. Other examples include Dropbox and Microsoft Office 365. SaaS can potentially offer lower hardware, software, and maintenance costs because the provider houses the hardware and software.
• Infrastructure as a service (IaaS): IaaS is a service that offers computer networking, storage, load balancing, routing, and VM hosting. The cloud provider hosts the network infrastructure hardware components that are normally present in a traditional on-premises data center. Through a subscription service, you access hardware only when you need it. The potential benefits include scalability, minimized hardware maintenance and support, and reduced downtime. Common examples of IaaS include Amazon Web Services (AWS) and Microsoft Azure. More and more organizations are seeing the benefits of offloading some of their networking infrastructure to the cloud.
• Platform as a service (PaaS): PaaS is a service that provides various software solutions to organizations, especially the ability to develop and test applications in a virtual environment without the cost or administration of a physical platform. It is also used on a subscription basis in an attempt to reduce costs and increase collaboration. PaaS is used for easy-to-configure operating systems and on-demand computing. Often, this utilizes IaaS as well for an underlying infrastructure to the platform. Cloud-based virtual desktop environments are often considered to be part of this type of service, but they can be part of IaaS as well. The virtual desktop can act as part of a user’s computing system, or it can be the only place where the user performs his or her work. It can be as simple as a browser window with a single application inside of it, or it could include everything from a virtual OS to virtual hardware such as a virtual network interface card (virtual NIC), and on down to all the required individual virtual applications.
ExamAlert
Know what SaaS, IaaS, and PaaS are.
Note
Other types of cloud services in the CompTIA A+ acronym list include: data as a service (DaaS), database as a service (DBaaS), and network as a service (NaaS). Be aware of them,
There are different types of clouds used by organizations: public, private, hybrid, and community. Let’s discuss each briefly.
• Public cloud: When a service provider offers applications and storage space to the general public over the Internet. A couple of examples of this include free, web-based e-mail services and pay-as-you-go business class services. The main benefits of this include low (or zero) cost and scalability. Providers of public cloud space include Google, Microsoft, Rackspace, and Amazon.
• Private cloud: As opposed to the public cloud, the private cloud is designed with the needs of the individual organization in mind. The security administrator has more control over the data and infrastructure. There are a limited number of people who have access to the cloud, and they are usually located behind a firewall of some sort in order to gain access to the private cloud. Resources might be provided by a third-party or could come from the security administrator’s server room or data center. Some companies incorporate broad network access—meaning that resources are available to a wide range of devices including PCs, Macs, laptops, tablets, smartphones, and so on. While this creates increased availability for clients, it also intensifies the level of security concerns.
• Hybrid cloud: A mixture of public and private clouds. Dedicated servers located within the organization and cloud servers from a third party are used together to form the collective network. In these hybrid scenarios, confidential data is usually kept in-house.
• Community cloud: Another mix of public and private, but one where multiple organizations can share the public portion. Community clouds appeal to organizations that usually share a common form of computing and way of storing data.
ExamAlert
Know what public, private, hybrid, and community clouds are.
Cloud Computing Concerns
It’s all about shared resources—data, devices, and network resources that can be accessed from a remote location. Generally, if the resources are stored internally within the organization, users will get faster and more efficient access to them; but not always. Sometimes, externally stored resources can be just as effective, especially if they have a small footprint, and don’t use much in the way of networking and processing power. One example of this is off-site e-mail and e-mail applications. E-mail in of itself has been so streamlined over the years that it can be accessed from almost any device from just about anywhere. Even the e-mail application itself can be run in a way so as to tax the client less and the server more; such as web-based e-mail clients, or e-mail clients that run virtually—a form of virtual application streaming. Or, perhaps the entire desktop, including the e-mail application, is virtual; either running within a browser, or from a thin client. So, in this case, externally shared resources is a viable option though it might not integrate well with an organization’s security policy. Also, for the enterprise environment, e-mail technologies are often simply to immense and complex to be stored anywhere but privately.
Another consideration is the type of applications that will be run from the cloud, what type of devices will use them, and how they will synchronize. Basic e-mail applications from major providers have one version for desktops/laptops, and another for mobile devices such as smartphones and tablets. Complex applications will be more difficult to port to more than one type of device, but we don’t want to have a PC version of an application running on a mobile device such as a smartphone; that would put additional strain on the end-user. However, the more versions of software we offer, and the more types of endpoint devices that connect to them, results in the need for more resources within the cloud.
So, ultimately, the type of cloud an organization uses will be dictated by the organization’s budget, the amount and type of resources to be supplied to users, the level of security it requires, and the amount of manpower (or lack thereof) it has to administer its resources. While a private cloud can be very appealing, it is often beyond the ability of an organization, forcing that organization to seek the public or community-based cloud. Whatever an organization chooses, the provider will measure the services supplied. Measured services is when the provider monitors the services rendered so that the provider can properly bill the customer and make sure that the customer’s use of services is being handled in the most efficient way. This can work in conjunction with a pay service called metered services—where an organization has access to virtually unlimited resources, but only the resources that are used are paid for. This should be measured carefully, and the details of the resources should be stated clearly every month.
ExamAlert
Know the difference between measured and metered services.
There are some other cloud-based terms you should be familiar with for the A+ exams. For example, rapid elasticity, which is the ability to build or extend your cloud-based network, quickly and efficiently. Choosing a provider that can provide you with a scalable model is important for an organization’s growth. You also want to have on-demand service. The cloud should be available in real time and whenever you need it (24/7). In a community cloud scenario, the provider usually implements resource pooling, which is the grouping of servers and infrastructure for use by multiple customers but in a way that is on-demand and scalable.
ExamAlert
Be familiar with rapid elasticity, on-demand service, and resource pooling.
All of this cloud technology might seem a bit beyond what an A+ technician will be routinely called upon to do. However, you should have a basic knowledge of cloud types, cloud technologies, and cloud terminology, so that you can better facilitate users in your role as a help desk specialist or other tech support position. Later, if you decide to specialize in one of the big cloud/virtualization providers you will find that it really is a technology specialty all its own, with a lot of competition in the market, and certifications to prove your worth.
Cram Quiz
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. Which of the following types of cloud services offers e-mail through a web browser?
A. SaaS
B. IaaS
C. PaaS
D. Community cloud
2. Your organization requires more control over its data and infrastructure. Money is apparently not an issue. There are only two admins and about 30 users that will have access to the data on the cloud. Which of the following types of clouds is the best option?
A. Public
B. Private
C. Hybrid
D. Community
3. You require the ability to add on to your cloud-based network whenever necessary, rapidly and efficiently. What is this referring to?
A. Measured services
B. Metered services
C. Rapid elasticity
D. On-demand service
Cram Quiz Answers
1. A. Software as a service (SaaS) is the most commonly recognized cloud service; it allows users to use applications to access data that is stored on the Internet by a third party. Infrastructure as a service (IaaS) is a service that offers computer networking, storage, load balancing, routing, and VM hosting. Platform as a service (PaaS) is used for easy-to-configure operating systems and on-demand computing. A community cloud is mix of public and private clouds, but one where multiple organizations can share the public portion.
2. B. The best option listed is a private cloud. This gives the most control over data and resources in an environment where there are limited users (and a healthy budget). These resources could be entirely internal, or a portion of them could also be provided by a third-party. Public cloud technology is used for the general public to access applications over the Internet. Hybrid is a mixture of the two, but not necessary in this situation because of the budget and the limited number of users. Community cloud is similar to hybrid but is meant for multiple organizations that share data, which is not necessary in this scenario.
3. C. Rapid elasticity is the ability to build your cloud-based network, or extend upon an existing one, quickly and efficiently. Measured services is when a provider monitors a customer’s services used so that the customer can be properly billed. Metered services is when the customer can access as many resources as needed but only be billed for what was accessed. On-demand service means that the cloud service is available at all times. The leaders of a successful organization don’t care what it takes; they simply want high speed, secure access to services 24/7.
4.2 – Given a scenario, set up and configure client-side virtualization.
ExamAlert
Objective 4.2 focuses on the following: purpose of virtual machines; VM requirements (resources, emulator, security, network); and hypervisor.
Virtualization is the creation of a virtual entity, as opposed to a true or actual entity. The most common type of entity created through virtualization is the virtual machine—usually housing an operating system. We talked about virtualization a little bit in Chapter 14, “Custom PCs and Common Devices,” but let’s take it a bit further and discuss types of virtualization, identify their purposes, and define their requirements. We’ll also review the types of hypervisors you should know for the exam. However, we will focus on client-side virtualization in this book.
Purpose of Virtual Machines
Many types of virtualization exist, from network and storage to hardware and software. The CompTIA A+ exam focuses mostly on virtual machine software. The virtual machines (VMs) created by this software run operating systems or individual applications. The virtual operating system—also known as a guest—is designed to run inside a real OS. So, the beauty behind this is that you can run multiple various operating systems simultaneously from just one computer. This has great advantages for programmers, developers, and systems administrators, and can facilitate a great testing environment. Nowadays, many VMs are also used in live production environments as servers and as clients, or as individual applications.
Know this: anything can be run virtually—from individual apps and browser windows to operating systems—and in some cases it can be hard to tell what’s virtual and what’s not. Nowadays, anything that runs an OS virtually is generally referred to as a virtual machine, and that’s what we will be discussing in the rest of this chapter.
Hypervisors
In Chapter 14, we mentioned that there are two main types of hypervisors. Table 16.1 reviews these. Remember that Type 1 will be faster, but it requires a proper server, requires more knowledgeable administration, and is costlier. The A+ exams focus mainly on Type 2 hypervisors and the virtualization software which utilizes that technology. These can be run on typical client operating systems such as Windows 10, Windows 7, and so on.
Table 16.1 Review of Hypervisors
ExamAlert
Know the difference between type 1 and type 2 hypervisors!
Examples of Virtual Machine Software
Let’s show a couple of examples of virtualization software that make use of the Type 2 hypervisor on a typical Windows 10 computer. First on the list is Microsoft Hyper-V. For this to work, virtualization must be enabled in the UEFI/BIOS. Then, Hyper-V needs to be turned on in Windows Features as shown in Figure 16.1. You can get to Windows Features by navigating to: Control Panel > All Control Panel Items > Programs and Features, and clicking the Turn Windows features on or off link. Enabling Hyper-V requires a restart. If you are not sure whether Hyper-V will be compatible with your system, you can open the Command Prompt or the PowerShell and type systeminfo. At the bottom of the results you will see the Hyper-V Requirements section and details.
Figure 16.1 Hyper-V enabled in Windows Features on a Windows 10 system.
Note
Hyper-V works only on certain editions of Windows. For example, it works on Windows 10 Pro, Enterprise, and Education, but not Home, Mobile, or Mobile Enterprise. Similar restrictions apply for other versions of Windows.
Once you have performed those actions, you can then create virtual machines (VMs) in Hyper-V Manager. During the creation process you will be prompted to create a virtual hard drive and install an operating system—which you will need to obtain in .iso format, or in a virtual format. The virtual hardware for the VM can be configured in the Settings section. The networking connections can be configured in the Virtual Switch Manager. Figure 16.2 shows an example of a VM that was installed to Hyper-V Manager.
Figure 16.2 An Ubuntu Linux virtual machine that was created in Hyper-V Manager.
Another popular example of a type 2 hypervisor is VMware Workstation. For an example of that, see Chapter 14, Figure 14.1. The concept is the essentially the same, but of course navigation and names will be slightly different. One difference is the type of file extensions used. For example, VMware uses the .vmdk file extension for the virtual hard disk of a virtual machine, whereas Hyper-V uses the .vhdx extension. The two types of VMs are not compatible by default; meaning you can’t take a VM from VMware and run it in Hyper-V, and vice-versa.
A third well-liked offering is Oracle VirtualBox. This is a free an easy way to test operating systems. Admins have been using it for years and years. Figure 16.3 shows an example of a VM that was created in VirtualBox. The default virtual storage file extension for VirtualBox VMs is .vdi; however, you can also use .vmdk, for compatibility with VMware. That is the extension that was chosen for the VM shown in Figure 16.3.
Figure 16.3 A Kali Linux virtual machine created in VirtualBox.
If at all possible, try out the different types of virtualization software so that you can learn more about them.
One more thing: I can’t stress this enough—Be sure to update your virtualization software! Vulnerabilities are always being found in all the major vendor’s software, so updates are frequently available. Get in the habit for checking for updates!
Virtual Machine Requirements
There are a couple of requirements that we have to consider: virtualization hosting software requirements, and virtual machine requirements. Generally, most computers built over the previous 5 years can run the latest version of virtualization software—as long as the UEFI/BIOS can support virtualization—but the virtual machines themselves can be very power hungry; especially newer operating systems. For example, to install Windows 10 Pro as a virtual machine, you will need to assign virtual resources—CPU, RAM, network connection, hard drive, and so on.
The Windows 10 VM might run okay with one virtual processor and a single core (the default), but multiple cores are often recommended. Commonly, it will require 2 GB of RAM, but again more is suggested. The setting you select will depend on the physical hardware of the host. If you have a computer that is 5 years old with limited cores and RAM, then assigning more virtual CPU and RAM power to the VM will simply bog the main host system down even more. The beauty of the VM is that you can change the virtual resources at any time, as long as you shut down the VM first. This way, you can test, and tweak, and find the right balance.
Then there is the network connection. Generally, you have three to four options. The following example is based on VMware:
1. Bridged networking: This gives the VM (also known as the guest) direct access to the hosting computer’s network connection. It allows external access, but in this case, the VM must have its own IP address on the external IP network. Because of the direct connectivity to the external network, this can be a security concern. In most cases, some type of NAT is preferred.
2. Network address translation (NAT): Often the default, this gives the guest access to the external network, but by using NAT the guest gets a separate IP address on a private network.
3. Host-only networking: This creates a private virtual network for the guest, and they can communicate with each other but not with the external network.
4. No networking: This option disables networking for the VM altogether, which might be required for users that are working on confidential systems, testbeds, applications, and so on.
ExamAlert
Know the virtualization network connection options.
Networking is usually required for VMs. Just remember that any network connection (mapped network drive, browsing connection, and so on…) can be a security concern. If there is a connection from the VM to the hosting OS—and the VM has a vulnerability that is exploited—then the exploit could carry over to the host. Be ready to monitor for, and disable any unused or unnecessary network connections between VMs and between the VMs and the host. Conversely, the host should be updated and secured vigilantly. If the hosting OS fails, then all guest VMs will go offline immediately.
ExamAlert
Because VM network connections can be security vulnerabilities, you will need to monitor and disable them as necessary, and in some cases you will have to disable networking altogether.
Different providers use different names for the types of networking connections, but they will be similar; for example, Hyper-V uses external, internal, and private. You have the ability to create and configure virtual switches for the various VMs, and allow or disallow connectivity between them (and between the VMs and the host) as you see fit. It can get pretty complex, so it is wise to create network documentation that diagrams the various virtual machines and switches using software such as Microsoft Visio.
You can select different virtual hard drive connections such as SCSI, SATA, IDE that emulate those technologies. Then you choose the size of virtual drive, for instance 60 GB. Know that a VM will not use all of this space on the physical drive. Instead, it uses only what it needs; and it is dynamic—the size of the virtual drive can grow as needed, up to the maximum that was selected.
Note
To find out the minimum requirements of virtualization software, go to the manufacturer’s website:
• VMware Workstation: https://docs.vmware.com
• Windows 10 Hyper-V: https://docs.microsoft.com
Note
I built a Xeon-based virtualization server to house my VMs. It runs VMware ESXi server. Check out the build here: https://dprocomputer.com/blog/?p=2938
Cram Quiz
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. Of the following listed technologies, which one should you select if wanted to run an instance of Ubuntu Linux within your Windows 10 Pro workstation?
A. Type 1
B. Type 2
C. Bare metal
D. Emulator
2. Which of the following is the greatest risk of a virtual computer?
A. If a virtual computer fails, all other virtual computers immediately go offline.
B. If a virtual computer fails, the physical server goes offline.
C. If the physical server fails, all other physical servers immediately go offline.
D. If the physical server fails, all the virtual computers immediately go offline.
3. Which of the following file extensions is used by VMware?
A. .vmdk
B. .vdi
C. .vhdx
D. VT-x
4. Which of the following network connection types should be used to allow for connectivity to the external network, but keep the VMs on a separate IP network?
A. Bridged
B. NAT
C. Private
D. No networking
5. A customer running Windows 10 Pro wishes to install a Linux VM in Hyper-V Manager. Which of the following requirements must be met in order for this to happen? (Select all that apply.)
A. Update and secure the host system
B. Virtualization must be enabled in the UEFI/BIOS
C. Hyper-V needs to be turned on in Windows Features
D. Restart the system
Cram Quiz Answers
1. B. You would need to run virtualization software that includes a Type 2 hypervisor such as Windows 10 Hyper-V, VMware Workstation, or VirtualBox. Type 1 hypervisors are used on servers; they are also known as bare metal because they allow virtual machines to access the computer hardware directly. Examples include VMware vSphere and Windows Server-based Hyper-V. An emulator is something that imitates hardware and firmware, such as an emulated BIOS. They do not use hypervisors.
2. D. The biggest risk of running a virtual computer is that it will go offline immediately if the server that it is housed on fails. All other virtual computers on that particular server will also go offline immediately.
3. A. VMware uses the .vmdk file extension for the virtual hard drive file. VirtualBox uses .vdi by default (though it can use others). Hyper-V uses .vhdx. VT-x is the Intel virtualization extension that is incorporated into Intel-based systems and must be enabled in the UEFI/BIOS for virtualization software to work.
4. B. Network address translation (NAT)-based network connections are the most common default. This allows the VMs to have their own IP network, but still connect out to the external network and make use of the Internet. This is the same principle behind NAT used in a SOHO network. Bridged means that the VMs have access to the external network, but they must use IP addresses from that external network. Private means that multiple VMs within a host can communicate with each other, but not beyond the host. The no networking option disables any type of networking connectivity for the VM in question.
5. B, C and D. Virtualization must be enabled in the UEFI/BIOS. Then, Hyper-V needs to be turned on in Windows Features. Finally, the system needs to be restarted. Updating and securing the host system is recommended, but is not a requirement.