Basics of Cloud Computing
📄 Table of Contents
● What is Cloud Computing
● Characteristics of Cloud
● 3 types of Cloud services
— Iaas, Pass, Sass
● 3 types of Cloud
— Private, Public, Hybrid
● Terminologies used across 3 Clouds
● Microsoft Azure
— Virtual Network, Address Range, Subnet, IP Address
— establish a connection between 2 VMs in a single Vnet
— connection bet 2 Vnets in the same region | Peering
— connection bet 2 Vnets across regions | Virtual Network Gateway.
— Auto-Scaling (horizontal & vertical)
● Google Cloud Platform (GCP)
— region, multi-region, and zones in GCP
— VPC network
—Organization, folder and project in GCP
— How is GCP different from other Clouds
▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ✦ ✦ ✦ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬
◉ What is Cloud Computing?
It is the on-demand delivery of compute power, database, storage, application and other IT resources through a Cloud Service Provider via the Internet with the pay-as-you-go pricing mode.
◉ Characteristics of Cloud
- On demand self service
- Broad Network Access
- Resource Pooling
- Measured Services
◉ 3 Popular Clouds in vogue (in order of popularity) are:
- AWS (Amazon Web Services)
2. Microsoft Azure (AZ-103, AZ-104)
3. Google Cloud Platform (GCP)
◉ 3 Types of Cloud Services
- IaaS, PaaS, SaaS — (Infrastructure, Platform, Software) as a service
- VM is nothing but IaaS.
SaaS: Google Drive, Gmail
◉ 3 Types of Cloud
- Public cloud → AWS, M/S Azure , GCP are all public clouds as anyone can use it via internet across the globe. It is like public transport.
- Private cloud → more secure but at higher cost like a personal car but costly.
- Hybrid cloud → combination of Public and private cloud.
◉ Terminologies used across 3 Clouds
- Billing happens on “Accounts” in AWS and “Subscription” in Microsoft Azure and “projects” in GCP.
- Its EC2 in AWS, virtual Machine in Microsoft Azure and Compute Engine in GCP.
- AWS uses the Nitro Hypervisor at backend, Microsoft Azure uses indigenous Hyper-V whereas GCP uses open source KVM Hypervisor at backend.
◉ Microsoft Azure
Does an Azure VM need a public IP?
If you want to create a new VM with a public IP address, you can do so using the Azure portal, the Azure CLI, or Azure PowerShell.
Public IP and Private IP in Azure
Public IP addresses: Used for communication with the Internet, including Azure public-facing services. Public IP addresses have a nominal fee.
Private IP addresses: Used for communication within an Azure virtual network (VNet), and your on-premises network when you use a VPN gateway or ExpressRoute circuit to extend your network to Azure.
◉ Establish a connection between 2 VMs in a single Vnet (virtual Network)
- via RDP or HTTP
— RDP is a must when we are creating a Windows server, and
— HTTP is required for access to the Internet over browsers.
- Generally, we can connect to any VM using public IP but when we have 2 or more VMs within a single Vnet, they can communicate with each other using Private IPs only, no need to go to the internet or Public IPs irrespective of zone/region. How?
Using the Microsoft Infrastructure Backbone mechanism implemented by Microsoft. The data being communicated across though is NOT encrypted but very much secure.
- “ping” feature works on the ICMP protocol. Windows firewall in Windows server by default blocks the ICMP protocal so we need no manually turn if OFF to ping to other VMs.
◉ VNet Peering
- Peering are not Transitive in nature.
- The traffic between VMs is peered virtual Network is routed directly through the Microsoft Backbone Infrastructure and not through a gateway or over the internet, so chance of Spoofing/hacking etc.
Connecting 2 Vnets within the same region using Private IP:-
We can create as many VMs as possible with a particular Virtual Network, let’s say “vnet-1”. So, all the VMs can communicate with each other with the help of private IPs. They don’t need any Public IPs to communicate till they are within the same Virtual Network.
Let’s say we create another virtual Network, “vnet-2” with multiple VMs inside it.
Also, both the virtual Networks are within the same cloud.
Now, VMs of vnet-1 can communicate with VMs of vnet-2 through peering. They need not use any Public Ip to communicate but Peering between two Virtual Networks is mandatory.
◉ Global VNet Peering | Virtual Network Gateway
Connecting 2 Vnets across the same region using Private IP:-
Yes, we can make Vnet-1’s VMs communicate to Vnet-2’s VMs across different regions using Private IP. Here, Peering will not solve our purpose. So, we need to create a Virtual Network Gateway for each Vnet-1/Vnet-2 and establish a secure (which is not encrypted, by default) connection between them making use of leased Private IPs only based on Microsoft BACKBONE Infrastructure.
So, no need for Public IPs or connections over the Internet for the above connection.
By default, autoScaling feature is DISABLED in cloud services.
While enabling AutoScaling, you must provide minimum and maximum no. of VMs and both cannot be same.
Scale-out means an increasing number of VMs, and while scaling out it will add the same type of existing VM.
Scale-in means reducing the number of VMs.
Horizontal means increase or decrease in the number of VMs according to the situation.
Vertical Scaling keeps the same number of VMs but makes the VM more or less powerful in terms of memory, CPU speed, and disk space requirement, etc.
◉ Google Cloud Platform (GCP)
Google Cloud Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, Kubernetes Engine containers, and App Engine flexible environment. In other words, without a VPC network you cannot create VM instances, containers, or App Engine applications. Therefore, each Google Cloud project has a default network to get you started.
You can think of a VPC network as similar to a physical network, except that it is virtualized within Google Cloud. A VPC network is a global resource that consists of a list of regional virtual subnetworks (subnets) in data centers, all connected by a global wide area network (WAN). VPC networks are logically isolated from each other in Google Cloud.
Each Google Cloud project has a default network with subnets, routes, and firewall rules.
View the subnets
The default network has a subnet in each Google Cloud region.
- In the Cloud Console, on the Navigation menu (), click VPC network > VPC networks.
Notice the default network with its subnets. Each subnet is associated with a Google Cloud region and a private RFC 1918 CIDR block for its internal IP addresses range and a gateway.
View the Firewall rules
Each VPC network implements a distributed virtual firewall that you can configure. Firewall rules allow you to control which packets are allowed to travel to which destinations. Every VPC network has two implied firewall rules that block all incoming connections and allow all outgoing connections.
- In the left pane, click Firewall. Notice that there are 4 Ingress firewall rules for the default network:
Note: These firewall rules allow ICMP, RDP, and SSH ingress traffic from anywhere (0.0.0.0/0) and all TCP, UDP, and ICMP traffic within the network (10.128.0.0/9). The Targets, Filters, Protocols/ports, and Action columns explain these rules.
- You delete the default network and then you cannot create any VM instances without a VPC network.
- You can SSH to VM because of the allow-ssh firewall rule, which allows incoming traffic from anywhere (0.0.0.0/0) for tcp:22. Once deleted you cannot even SSH.
- You can ping test-vm’s internal IP because of the allow-custom firewall rule.
- You can ping test-vm’s external IP because of the allow-icmp firewall rule.
◉ Region, Multi-region, zones in GCP
GCP has 3 mutli-regions in namely US, Europe and Asia-pacific.
29 Regions in total as of today, and each region has 3 zones expect the first one IOWA(in US, which has 4 regions).
So, total zones is 29*3+1 = 88 zones across the globe.
◉ What is Organization, folder and project in Google cloud
While creating a Project, 3 things are mandatory namely project Id, project Name, projectNumber (12 digit). Lets say if you have created a projectName worked on it and then deleted, next time you can create a project with the same projectName but you will not be assigned the same projectId never in future.
Also, GCP assigns a projectNumber by itself. If you don’t like the projectNumber, you can edit it only once but only at the time of creation, Immutable (not modifiable) after that.
◉ How is GCP different from other Clouds:
- Everytime you create a project in google cloud, you have to enable its API. this doesn’t happen in AWS and Microsoft Azure.
- All the services that GCP provides is encrypted by default, this is NOT the case in others two. There you need to manually enable the encryption.