lOMoAR cPSD| 60399657
CCSP Chapter Notes: Architectural
Concepts & Design Requirements
Chapter 1 – Architectural Concepts
Existing State – evaluate and understand the business processes, assets, and requirements; after
collecting sufficient data, a detailed analysis is necessary; a BIA (business impact analysis) takes place
- BIA (Business Impact Analysis): an assessment of the priorities given to each asset and process
within the organization; analysis considers the effect (impact) any hard or loss might mean to the
organization overall; identify critical paths and single points of failure; determine costs of
compliance (legislative and contractual requirements mandated)
- Metered service: the organization only pays for what it uses
- Rapid Elasticity: excess capacity available to be apportioned to cloud customers
- Cloud bursting: organizations to use hosted cloud service to augment internal, private data
center capabilities with managed services during times of increase demand; an org can rent the
additional capacity as needed from an external cloud provider (crisis situation, heavy holiday
shopping periods); rapid scalability allows customer to dictate the volume of resource
Cloud service benefits – reduction in personnel cost (data management); reduction in capital
expenditure (metered service, rapid elasticity, cloud bursting); reduction in operational costs;
transferring some regulatory costs; reduction in costs for data archival/backup services
- ROI (Return on Investment): term related to cost-benefit measures; used to describe a
profitability ratio; calculated by dividing net profits by net assets
- Elasticity: customers can contract cloud providers to use virtualization to flexibly allocate only
the needed usage of each resource to the organization, while holding costs while maintaining
profitability; allow users to access their data from diverse platforms and locations, increasing
portability, accessibility, and availability
- Simplicity: allow a user to seamlessly use the service without frequently interacting with the
cloud service provider
- Scalability: increasing/reducing services can be easily, quickly, and cost-effectively accomplished
Cloud Computing Service Models
- IaaS (Infrastructure as a Service): most basic service; allows customer to install all software and
OSs on hardware housed and connected by the cloud vendor; can be considered a warm site for
BC/DR purposes; optimal for orgs wanting control over the security of their data and limited
cloud vendor assistance (BC/DR or archiving); least expensive option; customer retain IT staffing
o When to use: website or application hosting; virtual data centers; data analysis
, lOMoAR cPSD| 60399657
-
- PaaS (Platform as a Service): includes services from IaaS and OSs (offers a selection for
customers to use, Windows, Linux, Mac, etc.); vendor is responsible for patching, administering,
and updating the OS; customer can install any software; useful for customers involved in
software development (they can test on multiple OS platforms); includes cloud-based database
engines and services “big data” style services (data warehousing and datamining); provider
offers access to back-end engine/functionality, while customer can create/install apps/APIs to
access the backend
o When to use: reduce development time; support for different programming languages;
easy collaboration for remote/distributed teams; high development capabilities w/o
additional staff
o Data Storage Types used: structured/unstructured o Unstructured Data Types:
qualitative data; natural-language text; incorporate media (audio, video, images);
contains JSON, XML, binary objects (images encoded as text strings); important for data
analytic strategies; noSQL
o Structured Data Types: quantitative data; organized and decipherable by machine
learning algorithms; SQL (relational) can be used to quickly input, search, and
manipulate data; used by machine learning algorithms
- SaaS (Software as a Service): includes everything from IaaS and PaaS with the addition of
software programs; vendor is responsible for administering, patching, and updating everything,
also takes care of all infrastructure, compute, and storage needs as well as providing OSs and
application; customer is only involved in uploading and processing data on a full production
environment; application is a shared responsibility of all parties o When to use: (Personal)
email services (gmail), cloud storage services (Dropbox), cloudbased file management (Google
Docs); (Business) gmail, collaboration tools (Trello), CRM (Salfesforce), ERP
Cloud Deployment Models
- Public Cloud: resources are owned and operated by a vendor and sold, leased, or rented to
anyone; multitenant environments; multiple customers will share resources; EX: customer might
be using a AM that resides on the same hardware that hosts another VM as their competitor,
but they do not know the entities using the same resources; Rackspace, Microsoft’s Azure, and
AWS (Amazon Web Services)
- Private Cloud: resources dedicated to a single customer; might be owned and maintained by the
entity that is the sole customer (org might own and operate a data center that serves as the
cloud environment for the org’s users); might be a set of resources (racks, blades, software
packages) owned by the single customer but located and maintained at provider’s data center;
provider might offer physical security, admin services, and utilities (power, Internet) for
customers (referred to as co-lo (co-located) environment)
- Community Cloud: features infrastructure and processing owned and operated by/for an affinity
group; orgs come together to perform joint tasks and functions; gaming communities, ownership
, lOMoAR cPSD| 60399657
is spread throughout the various members of the community; can be provisioned by a third
party (FedRAMP service – only used by US federal gov)
- Hybrid Cloud: contains elements of other models; org might want to retain some private cloud
resources (remote user access) but lease some public cloud space (PaaS function for software
development/testing)
Roles/Responsibilities
- Cloud Broker: company that purchases hosting services from a provider and resells them to its
own customers
CASB (Cloud Access Security Broker): third-party entity offering independent IAM (identity and
access management) services to CSPs and cloud customers; can be SSO, certificate management,
and cryptographic key escrow
- Regulators: ensure orgs are incompliance with regulatory framework for which they are
responsible for; HIPAA, GLBA, PCI DSS, ISO, SOX, etc.; regulators include FTC, SEC, and auditors
Definitions
- Cost-Benefit Analysis: comparing potential positive impact (profit, efficiency, market share) of a
business decision to potential negative impact (expense, detriment to production, risk) and
weighing the two as equivalent or not (potential positive/negative)
- FIPS 140-2: NIST document that describes the process for accrediting and cryptosystems for use
by the federal government; lists only approved cryptographic tools
- NIST 800-53: guidance document with primary goal of ensuring appropriate security
requirements and controls are applied to all US federal government information in management
systems
- TCI (Trusted Cloud Initiative) Reference Model: guide for cloud providers, allowing them to
create a holistic architecture that customers can purchase (including physical/logical layout of
network and processes necessary to utilize both)
- Vendor Lock-In: situation where a customer is unable to leave, migrate, retrieve, or transfer data
to an alternate provider due to technical/nontechnical constraints; use portability for a level of
ease when transporting data, ensure contract states so, avoid proprietary formats (requires
specific software to read data), check for regulatory constraints; detrimental contract terms or
technical limitations
- Vendor Lock-Out: when a customer is unable to recover/access their own data due to provider
going into bankruptcy or leaving the market
- Blockchain: open means of conveying value using encryption technologies/algorithms
(cryptocurrency); transactional ledger where all participants can view every transaction, making
it extremely difficult to negatively affect the integrity of past transactions; each record (block) is
distributed among all participants in a distributed or cloud-based manner
- Containers: logical segmentation of memory space in a device, creating two or more abstract
areas that cannot interface directly; commonly used in BYOD environment; distinguish two
distinct partitions (one for work functions/data and other for personal functions/data)
CCSP Chapter Notes: Architectural
Concepts & Design Requirements
Chapter 1 – Architectural Concepts
Existing State – evaluate and understand the business processes, assets, and requirements; after
collecting sufficient data, a detailed analysis is necessary; a BIA (business impact analysis) takes place
- BIA (Business Impact Analysis): an assessment of the priorities given to each asset and process
within the organization; analysis considers the effect (impact) any hard or loss might mean to the
organization overall; identify critical paths and single points of failure; determine costs of
compliance (legislative and contractual requirements mandated)
- Metered service: the organization only pays for what it uses
- Rapid Elasticity: excess capacity available to be apportioned to cloud customers
- Cloud bursting: organizations to use hosted cloud service to augment internal, private data
center capabilities with managed services during times of increase demand; an org can rent the
additional capacity as needed from an external cloud provider (crisis situation, heavy holiday
shopping periods); rapid scalability allows customer to dictate the volume of resource
Cloud service benefits – reduction in personnel cost (data management); reduction in capital
expenditure (metered service, rapid elasticity, cloud bursting); reduction in operational costs;
transferring some regulatory costs; reduction in costs for data archival/backup services
- ROI (Return on Investment): term related to cost-benefit measures; used to describe a
profitability ratio; calculated by dividing net profits by net assets
- Elasticity: customers can contract cloud providers to use virtualization to flexibly allocate only
the needed usage of each resource to the organization, while holding costs while maintaining
profitability; allow users to access their data from diverse platforms and locations, increasing
portability, accessibility, and availability
- Simplicity: allow a user to seamlessly use the service without frequently interacting with the
cloud service provider
- Scalability: increasing/reducing services can be easily, quickly, and cost-effectively accomplished
Cloud Computing Service Models
- IaaS (Infrastructure as a Service): most basic service; allows customer to install all software and
OSs on hardware housed and connected by the cloud vendor; can be considered a warm site for
BC/DR purposes; optimal for orgs wanting control over the security of their data and limited
cloud vendor assistance (BC/DR or archiving); least expensive option; customer retain IT staffing
o When to use: website or application hosting; virtual data centers; data analysis
, lOMoAR cPSD| 60399657
-
- PaaS (Platform as a Service): includes services from IaaS and OSs (offers a selection for
customers to use, Windows, Linux, Mac, etc.); vendor is responsible for patching, administering,
and updating the OS; customer can install any software; useful for customers involved in
software development (they can test on multiple OS platforms); includes cloud-based database
engines and services “big data” style services (data warehousing and datamining); provider
offers access to back-end engine/functionality, while customer can create/install apps/APIs to
access the backend
o When to use: reduce development time; support for different programming languages;
easy collaboration for remote/distributed teams; high development capabilities w/o
additional staff
o Data Storage Types used: structured/unstructured o Unstructured Data Types:
qualitative data; natural-language text; incorporate media (audio, video, images);
contains JSON, XML, binary objects (images encoded as text strings); important for data
analytic strategies; noSQL
o Structured Data Types: quantitative data; organized and decipherable by machine
learning algorithms; SQL (relational) can be used to quickly input, search, and
manipulate data; used by machine learning algorithms
- SaaS (Software as a Service): includes everything from IaaS and PaaS with the addition of
software programs; vendor is responsible for administering, patching, and updating everything,
also takes care of all infrastructure, compute, and storage needs as well as providing OSs and
application; customer is only involved in uploading and processing data on a full production
environment; application is a shared responsibility of all parties o When to use: (Personal)
email services (gmail), cloud storage services (Dropbox), cloudbased file management (Google
Docs); (Business) gmail, collaboration tools (Trello), CRM (Salfesforce), ERP
Cloud Deployment Models
- Public Cloud: resources are owned and operated by a vendor and sold, leased, or rented to
anyone; multitenant environments; multiple customers will share resources; EX: customer might
be using a AM that resides on the same hardware that hosts another VM as their competitor,
but they do not know the entities using the same resources; Rackspace, Microsoft’s Azure, and
AWS (Amazon Web Services)
- Private Cloud: resources dedicated to a single customer; might be owned and maintained by the
entity that is the sole customer (org might own and operate a data center that serves as the
cloud environment for the org’s users); might be a set of resources (racks, blades, software
packages) owned by the single customer but located and maintained at provider’s data center;
provider might offer physical security, admin services, and utilities (power, Internet) for
customers (referred to as co-lo (co-located) environment)
- Community Cloud: features infrastructure and processing owned and operated by/for an affinity
group; orgs come together to perform joint tasks and functions; gaming communities, ownership
, lOMoAR cPSD| 60399657
is spread throughout the various members of the community; can be provisioned by a third
party (FedRAMP service – only used by US federal gov)
- Hybrid Cloud: contains elements of other models; org might want to retain some private cloud
resources (remote user access) but lease some public cloud space (PaaS function for software
development/testing)
Roles/Responsibilities
- Cloud Broker: company that purchases hosting services from a provider and resells them to its
own customers
CASB (Cloud Access Security Broker): third-party entity offering independent IAM (identity and
access management) services to CSPs and cloud customers; can be SSO, certificate management,
and cryptographic key escrow
- Regulators: ensure orgs are incompliance with regulatory framework for which they are
responsible for; HIPAA, GLBA, PCI DSS, ISO, SOX, etc.; regulators include FTC, SEC, and auditors
Definitions
- Cost-Benefit Analysis: comparing potential positive impact (profit, efficiency, market share) of a
business decision to potential negative impact (expense, detriment to production, risk) and
weighing the two as equivalent or not (potential positive/negative)
- FIPS 140-2: NIST document that describes the process for accrediting and cryptosystems for use
by the federal government; lists only approved cryptographic tools
- NIST 800-53: guidance document with primary goal of ensuring appropriate security
requirements and controls are applied to all US federal government information in management
systems
- TCI (Trusted Cloud Initiative) Reference Model: guide for cloud providers, allowing them to
create a holistic architecture that customers can purchase (including physical/logical layout of
network and processes necessary to utilize both)
- Vendor Lock-In: situation where a customer is unable to leave, migrate, retrieve, or transfer data
to an alternate provider due to technical/nontechnical constraints; use portability for a level of
ease when transporting data, ensure contract states so, avoid proprietary formats (requires
specific software to read data), check for regulatory constraints; detrimental contract terms or
technical limitations
- Vendor Lock-Out: when a customer is unable to recover/access their own data due to provider
going into bankruptcy or leaving the market
- Blockchain: open means of conveying value using encryption technologies/algorithms
(cryptocurrency); transactional ledger where all participants can view every transaction, making
it extremely difficult to negatively affect the integrity of past transactions; each record (block) is
distributed among all participants in a distributed or cloud-based manner
- Containers: logical segmentation of memory space in a device, creating two or more abstract
areas that cannot interface directly; commonly used in BYOD environment; distinguish two
distinct partitions (one for work functions/data and other for personal functions/data)
