WEBVTT 1 00:00:00.330 --> 00:00:01.710 For cloud computing to gain its 2 00:00:01.710 --> 00:00:03.900 intended cost savings and efficiencies, 3 00:00:03.900 --> 00:00:06.540 it relies heavily on virtualization. 4 00:00:06.540 --> 00:00:08.280 Now by using virtualization 5 00:00:08.280 --> 00:00:10.380 numerous logical servers can be placed 6 00:00:10.380 --> 00:00:12.210 on a single physical server. 7 00:00:12.210 --> 00:00:15.150 This in turn reduces the physical amount of space, power 8 00:00:15.150 --> 00:00:18.060 and cooling that's required inside of our data centers. 9 00:00:18.060 --> 00:00:20.220 Additionally, by using virtualization 10 00:00:20.220 --> 00:00:22.950 we can achieve higher levels of availability by spinning up 11 00:00:22.950 --> 00:00:25.770 additional virtual servers whenever we need them. 12 00:00:25.770 --> 00:00:27.870 This ability to dynamically provision memory 13 00:00:27.870 --> 00:00:29.580 and CPU resources is one of the 14 00:00:29.580 --> 00:00:31.920 key benefits to cloud computing. 15 00:00:31.920 --> 00:00:33.690 Now, while there are many different benefits 16 00:00:33.690 --> 00:00:35.670 to cloud computing, there are still numerous 17 00:00:35.670 --> 00:00:37.680 security issues that we need to consider. 18 00:00:37.680 --> 00:00:39.090 Most of the same security issues 19 00:00:39.090 --> 00:00:40.620 that we have with physical servers 20 00:00:40.620 --> 00:00:43.140 also get carried over into the cloud environment. 21 00:00:43.140 --> 00:00:45.780 Oftentimes executives think that moving to the cloud 22 00:00:45.780 --> 00:00:47.130 will solve all their problems, 23 00:00:47.130 --> 00:00:49.260 but this is never really the case. 24 00:00:49.260 --> 00:00:52.050 When using virtualization, one or more logical servers 25 00:00:52.050 --> 00:00:54.270 resides on a single physical server. 26 00:00:54.270 --> 00:00:57.240 To accomplish this, we use specialized pieces of software 27 00:00:57.240 --> 00:00:58.890 known as a hypervisor. 28 00:00:58.890 --> 00:01:00.870 The hypervisor controls the distribution 29 00:01:00.870 --> 00:01:03.390 of all the resources, such as the processor, 30 00:01:03.390 --> 00:01:05.700 the memory and the hard disc availability. 31 00:01:05.700 --> 00:01:08.880 Essentially, the hypervisor emulates a physical machine 32 00:01:08.880 --> 00:01:10.320 so that the operating system and all 33 00:01:10.320 --> 00:01:12.360 of its applications don't even realize 34 00:01:12.360 --> 00:01:15.060 that they're operating inside of a virtual environment. 35 00:01:15.060 --> 00:01:17.700 Now, hypervisors are divided into two categories, 36 00:01:17.700 --> 00:01:19.890 Type one or bare metal hypervisors, 37 00:01:19.890 --> 00:01:22.230 and type two or hosted hypervisor. 38 00:01:22.230 --> 00:01:23.730 Now when comparing bare metal 39 00:01:23.730 --> 00:01:25.710 versus hosted hypervisor types, 40 00:01:25.710 --> 00:01:28.290 the only main difference from a security perspective 41 00:01:28.290 --> 00:01:30.330 is that with hosted types we have to ensure 42 00:01:30.330 --> 00:01:31.770 the underlying operating system 43 00:01:31.770 --> 00:01:34.080 is also properly secured and patched. 44 00:01:34.080 --> 00:01:35.730 From a performance consideration, 45 00:01:35.730 --> 00:01:38.100 bare metal is going to be faster and more efficient 46 00:01:38.100 --> 00:01:39.990 than it's hosted counterpart. 47 00:01:39.990 --> 00:01:42.270 Another virtualization option we have is known as 48 00:01:42.270 --> 00:01:45.780 container based virtualization, or containerization. 49 00:01:45.780 --> 00:01:48.780 With this type, a hypervisor isn't utilized at all, 50 00:01:48.780 --> 00:01:51.930 instead, each container relies on a common operating system 51 00:01:51.930 --> 00:01:54.270 as the base for each of those containers, 52 00:01:54.270 --> 00:01:55.620 while each container shares the same 53 00:01:55.620 --> 00:01:57.180 underlying operating system, 54 00:01:57.180 --> 00:01:59.160 each container can have its own binaries, 55 00:01:59.160 --> 00:02:00.660 libraries and applications 56 00:02:00.660 --> 00:02:02.820 that can be customized for their needs. 57 00:02:02.820 --> 00:02:04.860 Currently, container based virtualization 58 00:02:04.860 --> 00:02:06.930 is almost exclusively used with Linux 59 00:02:06.930 --> 00:02:09.120 as the underlying operating system. 60 00:02:09.120 --> 00:02:12.210 Container based virtualization also uses less resources 61 00:02:12.210 --> 00:02:14.460 than a type one or type two virtualization, 62 00:02:14.460 --> 00:02:16.110 because it doesn't require its own copy 63 00:02:16.110 --> 00:02:19.290 of the operating system for each individual container. 64 00:02:19.290 --> 00:02:21.960 Many cloud service providers have taken virtualization 65 00:02:21.960 --> 00:02:25.110 a step further with hyperconverged infrastructure. 66 00:02:25.110 --> 00:02:27.000 This allows the provider to fully integrate 67 00:02:27.000 --> 00:02:29.160 the storage, networks and servers, 68 00:02:29.160 --> 00:02:31.410 without having to perform hardware changes. 69 00:02:31.410 --> 00:02:33.300 Instead, they rely on software 70 00:02:33.300 --> 00:02:34.860 and virtualization technology 71 00:02:34.860 --> 00:02:36.750 to perform all the integrations. 72 00:02:36.750 --> 00:02:38.940 We can manage all of this from a single interface 73 00:02:38.940 --> 00:02:40.710 or a device without having to worry about 74 00:02:40.710 --> 00:02:43.110 all the underlying vendor solutions. 75 00:02:43.110 --> 00:02:45.330 Application virtualization is another type 76 00:02:45.330 --> 00:02:47.040 of virtualization that's commonly used 77 00:02:47.040 --> 00:02:50.040 to create additional security for our underlying host. 78 00:02:50.040 --> 00:02:52.920 Application virtualization is a software technology 79 00:02:52.920 --> 00:02:54.660 that encapsulates computer programs 80 00:02:54.660 --> 00:02:56.130 from the underlying operating system 81 00:02:56.130 --> 00:02:58.050 on which they're being executed. 82 00:02:58.050 --> 00:02:59.790 A fully virtualized application 83 00:02:59.790 --> 00:03:02.130 is not even installed in a traditional sense, 84 00:03:02.130 --> 00:03:04.890 although it's still executed as if it was. 85 00:03:04.890 --> 00:03:06.690 With application virtualization, 86 00:03:06.690 --> 00:03:08.940 you can run legacy applications that were designed 87 00:03:08.940 --> 00:03:11.490 for an end of life operating system like Windows XP, 88 00:03:11.490 --> 00:03:14.670 or Windows 7 on top of a more modern operating system, 89 00:03:14.670 --> 00:03:17.430 or you can even run cross platform software, 90 00:03:17.430 --> 00:03:20.280 such as Android applications on a Windows machine. 91 00:03:20.280 --> 00:03:22.680 Many cloud providers also offer VDI, 92 00:03:22.680 --> 00:03:24.840 or virtual Desktop Infrastructure. 93 00:03:24.840 --> 00:03:27.480 Now VDI allows a cloud provider to offer a full 94 00:03:27.480 --> 00:03:29.880 desktop operating system to your end users 95 00:03:29.880 --> 00:03:31.530 from a centralized server. 96 00:03:31.530 --> 00:03:34.200 There's a lot of security benefits to using this approach. 97 00:03:34.200 --> 00:03:36.390 For one example, I had an organization 98 00:03:36.390 --> 00:03:39.240 that I worked with that created a new virtual desktop image 99 00:03:39.240 --> 00:03:41.610 for each user when they logged on in the morning. 100 00:03:41.610 --> 00:03:43.590 This desktop was non persistent, 101 00:03:43.590 --> 00:03:46.170 so even if it was exploited by an attacker, 102 00:03:46.170 --> 00:03:48.300 it was destroyed as soon as the user logged off, 103 00:03:48.300 --> 00:03:50.160 or at midnight each day, 104 00:03:50.160 --> 00:03:52.470 this effectively destroyed the attacker's ability 105 00:03:52.470 --> 00:03:55.020 to remain persistent on that end user's desktop, 106 00:03:55.020 --> 00:03:56.880 even if malware was installed. 107 00:03:56.880 --> 00:04:00.240 Another great use of virtualization is to create a sandbox. 108 00:04:00.240 --> 00:04:01.680 Now, a sandbox allows you to create 109 00:04:01.680 --> 00:04:04.410 an isolated environment where you can analyze viruses, 110 00:04:04.410 --> 00:04:07.170 worms, Trojans and other pieces of malware 111 00:04:07.170 --> 00:04:09.630 within a guest operating system. 112 00:04:09.630 --> 00:04:11.580 Now, because it's in this virtual sandbox 113 00:04:11.580 --> 00:04:14.400 which is located inside an isolated virtual machine, 114 00:04:14.400 --> 00:04:16.830 you can ensure that you can't infect your own computer 115 00:04:16.830 --> 00:04:20.130 that's hosting it as the underlying host operating system, 116 00:04:20.130 --> 00:04:22.260 or the underlying hypervisor. 117 00:04:22.260 --> 00:04:24.120 When you work as a cybersecurity analyst 118 00:04:24.120 --> 00:04:27.240 you will use sandboxes a lot to do malware analysis, 119 00:04:27.240 --> 00:04:29.670 especially when you're doing dynamic malware analysis 120 00:04:29.670 --> 00:04:31.680 where you'll take a piece of malware, you'll run it 121 00:04:31.680 --> 00:04:34.980 and then identify what is happening when that malware runs 122 00:04:34.980 --> 00:04:37.710 on that particular guest operating system. 123 00:04:37.710 --> 00:04:39.540 Another good use of virtual machines 124 00:04:39.540 --> 00:04:42.030 is for cross-platform virtualization. 125 00:04:42.030 --> 00:04:45.870 For example, I use a MacBook Pro as my primary machine. 126 00:04:45.870 --> 00:04:48.450 So if I wanted to test some software applications 127 00:04:48.450 --> 00:04:50.040 for different operating systems, 128 00:04:50.040 --> 00:04:52.080 I could either go and grab new machines 129 00:04:52.080 --> 00:04:53.730 for each of those operating systems, 130 00:04:53.730 --> 00:04:55.590 such as having one laptop for Windows, 131 00:04:55.590 --> 00:04:58.560 one laptop for Linux, one laptop for Mac. 132 00:04:58.560 --> 00:05:00.450 But if I use virtualization, 133 00:05:00.450 --> 00:05:03.090 I can instead do cross platform virtualization 134 00:05:03.090 --> 00:05:06.120 by using a hosted system on my MacBook Pro 135 00:05:06.120 --> 00:05:08.100 with a piece of software like VMware, 136 00:05:08.100 --> 00:05:10.680 Parallels or VirtualBox to be able to install 137 00:05:10.680 --> 00:05:12.300 those guest operating systems 138 00:05:12.300 --> 00:05:15.510 on top of my existing Mac OS environment. 139 00:05:15.510 --> 00:05:17.040 This will allow me to then test 140 00:05:17.040 --> 00:05:18.990 all the pieces of software regardless 141 00:05:18.990 --> 00:05:20.520 of what operating system they need, 142 00:05:20.520 --> 00:05:22.320 and see how they're going to interact. 143 00:05:22.320 --> 00:05:24.360 This is great especially for web developers, 144 00:05:24.360 --> 00:05:26.220 because I want to make sure as a web developer 145 00:05:26.220 --> 00:05:28.980 when I create my website, that it works on Windows 10, 146 00:05:28.980 --> 00:05:32.940 Windows 11, Mac, a Chromebook, an iPhone, 147 00:05:32.940 --> 00:05:34.980 an Android device, or anything else, 148 00:05:34.980 --> 00:05:36.420 and being able to test all of that 149 00:05:36.420 --> 00:05:38.790 within a single machine by using virtualization 150 00:05:38.790 --> 00:05:41.670 is a great resource for us as developers. 151 00:05:41.670 --> 00:05:44.430 Another great use for virtualization is training. 152 00:05:44.430 --> 00:05:46.440 You can create lab environments that are set up 153 00:05:46.440 --> 00:05:47.940 so that people can go and practice 154 00:05:47.940 --> 00:05:51.600 on a live operating system using these virtual machines. 155 00:05:51.600 --> 00:05:53.220 For example, when you're studying 156 00:05:53.220 --> 00:05:55.470 for your various CompTIA certifications, 157 00:05:55.470 --> 00:05:57.900 if you buy your course diontraining.com, 158 00:05:57.900 --> 00:06:00.480 they come with built-in hands-on labs. 159 00:06:00.480 --> 00:06:03.390 These labs allow you to log into our cloud-based environment 160 00:06:03.390 --> 00:06:06.060 and then be able to perform actions on Linux systems, 161 00:06:06.060 --> 00:06:08.700 Windows 10 systems, Windows Server systems, 162 00:06:08.700 --> 00:06:11.520 and other things in a safe and secure manner, 163 00:06:11.520 --> 00:06:13.620 and this won't impact our production environment 164 00:06:13.620 --> 00:06:16.440 because it's all isolated into this training area, 165 00:06:16.440 --> 00:06:18.900 or this training sandbox. 166 00:06:18.900 --> 00:06:20.850 Another great thing about using virtual machines 167 00:06:20.850 --> 00:06:22.590 for a training or lab environment, 168 00:06:22.590 --> 00:06:24.930 is that you can take snapshots at various points 169 00:06:24.930 --> 00:06:28.110 and then pick up again right where you had that snapshot. 170 00:06:28.110 --> 00:06:31.200 So for example, when I used to teach my courses in person, 171 00:06:31.200 --> 00:06:34.320 I would actually create broken machines of Windows 7 172 00:06:34.320 --> 00:06:35.640 and I would have different problems 173 00:06:35.640 --> 00:06:38.040 for my A+ students to then troubleshoot. 174 00:06:38.040 --> 00:06:40.260 I would give them the virtual machine, I would turn it on, 175 00:06:40.260 --> 00:06:42.210 I would restore from the last safe point, 176 00:06:42.210 --> 00:06:43.470 which was where I broke it, 177 00:06:43.470 --> 00:06:44.880 and then I'd have them try to figure out 178 00:06:44.880 --> 00:06:47.220 what was wrong with it and how they could fix it. 179 00:06:47.220 --> 00:06:49.290 This is a great use of using virtual machines 180 00:06:49.290 --> 00:06:50.430 inside your training. 181 00:06:50.430 --> 00:06:52.770 And as you continue in your studies and you start learning 182 00:06:52.770 --> 00:06:55.290 about Linux, and Windows, and server environments, 183 00:06:55.290 --> 00:06:57.720 and Mac OS and other things like that, 184 00:06:57.720 --> 00:06:59.370 you can spin up different virtual machines 185 00:06:59.370 --> 00:07:01.350 that contain those guest operating systems 186 00:07:01.350 --> 00:07:04.680 and practice your skills in a safe and secure environment. 187 00:07:04.680 --> 00:07:05.970 The last thing we need to discuss 188 00:07:05.970 --> 00:07:07.710 is the concept of emulation 189 00:07:07.710 --> 00:07:11.220 because many people confuse emulation with virtualization. 190 00:07:11.220 --> 00:07:13.350 Now emulation involves using a system 191 00:07:13.350 --> 00:07:15.330 that imitates another system. 192 00:07:15.330 --> 00:07:17.580 With virtualization, a virtual instance 193 00:07:17.580 --> 00:07:20.580 of a particular piece of hardware is being created and used. 194 00:07:20.580 --> 00:07:23.460 So in reality, you're using a new physical machine 195 00:07:23.460 --> 00:07:25.440 that's represented by software. 196 00:07:25.440 --> 00:07:27.570 With an emulator though, a piece of software 197 00:07:27.570 --> 00:07:29.910 is translating the environment in real time 198 00:07:29.910 --> 00:07:31.920 to pretend that it is something else. 199 00:07:31.920 --> 00:07:33.780 For example, if I wanted to play an old 200 00:07:33.780 --> 00:07:36.000 Super Nintendo game on my MacBook Pro, 201 00:07:36.000 --> 00:07:39.510 I could download a Super Nintendo emulator like OpenEmu, 202 00:07:39.510 --> 00:07:41.580 and then it's going to translate the games code 203 00:07:41.580 --> 00:07:44.970 in real time to instructions that my Mac can understand. 204 00:07:44.970 --> 00:07:47.070 With virtualization, the software being run 205 00:07:47.070 --> 00:07:49.560 can physically access the hardware of your machine, 206 00:07:49.560 --> 00:07:52.860 making it much, much faster than using an emulator. 207 00:07:52.860 --> 00:07:55.230 So when might you want to use an emulator 208 00:07:55.230 --> 00:07:56.970 instead of virtualization? 209 00:07:56.970 --> 00:07:58.830 Well, if you need to run an operating system 210 00:07:58.830 --> 00:08:00.750 that's meant for some other type of hardware, 211 00:08:00.750 --> 00:08:03.570 such as a Super Nintendo on a Mac or Windows machine, 212 00:08:03.570 --> 00:08:05.400 then you're going to have to use an emulator. 213 00:08:05.400 --> 00:08:06.780 If you want to run software that's meant 214 00:08:06.780 --> 00:08:09.090 for a different operating system, like an Android 215 00:08:09.090 --> 00:08:11.130 that's designed to run on an ARM processor, 216 00:08:11.130 --> 00:08:13.020 but you have an Intel processor 217 00:08:13.020 --> 00:08:14.550 and a Windows operating system, 218 00:08:14.550 --> 00:08:17.550 then again, emulators are going to be the right choice for you 219 00:08:17.550 --> 00:08:20.190 because you're dealing with different underlying hardware. 220 00:08:20.190 --> 00:08:22.080 On the other hand, if you need high speed 221 00:08:22.080 --> 00:08:23.250 and better performance, 222 00:08:23.250 --> 00:08:25.590 you want to use a virtualization solution. 223 00:08:25.590 --> 00:08:27.660 Remember though, with virtualization, 224 00:08:27.660 --> 00:08:29.850 you are limited to running software that is coded 225 00:08:29.850 --> 00:08:33.060 for the particular underlying hardware of your processor. 226 00:08:33.060 --> 00:08:37.920 Normally, most of us are using x86 or x64 based processors, 227 00:08:37.920 --> 00:08:40.650 so you're running Windows, Linux, or Mac, 228 00:08:40.650 --> 00:08:42.870 or any of those three operating systems on these type 229 00:08:42.870 --> 00:08:45.660 of systems with virtualization will work just fine. 230 00:08:45.660 --> 00:08:47.490 But if you're trying to run an operating system 231 00:08:47.490 --> 00:08:49.050 designed for an ARM processor, 232 00:08:49.050 --> 00:08:51.000 it's not going to work with virtualization, 233 00:08:51.000 --> 00:08:52.620 you'd have to use an emulator. 234 00:08:52.620 --> 00:08:55.110 Now in general, you're going to use virtualization 235 00:08:55.110 --> 00:08:57.120 most of the time instead of an emulator, 236 00:08:57.120 --> 00:08:58.800 because it's faster and more efficient 237 00:08:58.800 --> 00:09:00.450 and most things are written to work 238 00:09:00.450 --> 00:09:03.240 on an x86 or x64 processor. 239 00:09:03.240 --> 00:09:05.070 But again, if you need to run something 240 00:09:05.070 --> 00:09:06.540 for a different processor, 241 00:09:06.540 --> 00:09:08.990 that's when you're going to have to use an emulator.