What Cloud Computing infrastructure looks like.

Cloud computing is the presentation of various computing resources being contained in the cloud or the other word for the cloud is technically the internet. The reason it's represented by a "cloud" is because that creates a holistic overview of it. Where the abstraction of software and hardware becomes a ubiquitous entity accessible from the internet. Cloud computing typically comes in several forms, which may include access to something as simple as hardware such as computing resources, software such as databases, access controls, monitoring, webservers, containerization systems and more, or it could be providing physical computing resources such as renting a physical virtualization server from a provider and hosting your applications, software and other infrastructure from, cloud systems have both benefits and deficiencies as with any piece of technology.

Cloud Computing drill down and how it works from the bottom up.

The concept of cloud computing is not hard to understand but the intermingled complex components which make up it composition most definitely is much more complicated, here I'll try to explain the core component in cloud computing and the various elements of it. At it's core cloud computing is a form of distributing computing architecture a structure of system design used to allow the sharing, distribution, and computation of resources across many computers predominantly this is achieved using many different technologies virtualization being the largest center of the cloud computing revolution. '

Physical Server Hardware

A key component under consideration when looking at the technology the underpins all of cloud computing is the physical hardware, this is commonly servers, network equipment, storage area networks, and other hardware. At the top servers typically is hardware designed for intense workloads and mass collocation of the equipment in the form of blade servers and others. Servers just like normal computer systems have all the features of a normal computer however redundancy, throughput, and raw performance are often more important than any other factor combined.

• Server motherboard - Often come with various important features one of those is builtin power delivery systems which are designed with redundancy including dual power supplies which can be configured into various modes. This kind of motherboard often also has with it something called "Out of Band Management interface" on Dell they call it iDRAC and on HP they call it iLO.

  
  

• Server memory - Is different to normal home user or even some workstation based RAM but it is usually ECC ram or error-correcting-code RAM, this is designed to reduce the impact of memory errors where as normal RAM might just crash an application ECC might be able to successfully recover from a bit-flip which is commonly what ECC RAM corrects, this RAM can also be registered or unregistered signified by UDIMM or RDIMM, RDIMM contains a special register which stores the result of the RAM request in a short term buffer that then after reaching the buffer writes out to the address the memory write was requested to.

• Storage - Depending on your workload hardrives and ssds will typically be apart of your cloud infrastructure component choice at the hardware level SSDS can commonly be arranged into arrays just like RAID disks found on normal hard disk arrays the methods is much the same. Only difference typically because HDD and SSDs for consumer systems is these drives are intended to be put on a lot of load, and for long periods of time. SSDs can be used to create caching disks to improve the throughtput of network transfers as HDDs are much slower than SSDs.

• Disk controllers - Are actually very important in all cases the reason being RAID controllers and drive controllers on servers are typically much better as they often are hardware backed instead of software, generally hardware based controllers are able to cope with a lot more advanced configurations than can normal disk controllers found on consumer motherboards. Advanced RAID configurations are those present in nested RAID. These can also come with other advanced features such as disk multiplexing, this is rather complicated but it basically implies more than one redundant controller attached to the array of disks.

  
  

• Processors - Datacenter servers are actually quite unique in their capabilities because they are sometimes X86 and sometimes ARM. Such a case can be found on Amazon AWS cloud Apple Metal and their Graviton processors which are both ARM based big reason for using ARM is it often consumes far less power than conventional X86 architecture because it is based on a RISC (Reduced Instruction set Architect) rather than an CISC (Complex Instruction Set Architecture) the reason being is where many x86 architecture typically has thousands of instruction codes including the usual ones such as RBX, RCX and RDX and RDI and RSI, a ARM chip will have much less but this means complex tasks are carried out by more instructions instead of a single instruction.

• Network interfaces - Depending on the application this could be as simple as a conventional ethernet interface with multiple ports starting often with the interface on the back of the server which are built into the motherboard and sometimes have independent interface ports intended to be used with specialised aggregation hardware such as Infiniband, FoCE - Fibre channel over ethernet, this can then be merged together to support extremely high bandwidth situations, the NICs used can also sometimes use SFP modules, which are a simple way to create a method to connect various interface forms such as fibre, ethernet and others.

• Specialized Processors and Graphics cards - Some cloud workloads not all will be using sometimes specialised processing chips such as Google TPUs or Nvidia graphics cards such processors are both suited to artificial intelligence based workloads and Google TPUs depending on their workload can perform much better than an Nvidia GPU may and so is suitable for that kind of application. Amazon AWS compute performance IaaS capable systems and Google Compute also has IaaS capable systems in this category Google is the only one who has TPUs (Tensor Processing units ASICS designed to deal with AI workloads)

Virtualisation Foundations

Cloud computing paradigms are focused on at their core 2 core virtualisation technologies which allow the infrastructure necessary to run a cloud service provider however in some cases a bare metal system may be appropriate Mac designation on Amazon AWS using Mac M1, M2, M2 Pro or M1 Ultras, this is because Macs cannot have an explicit "hypervisor" installed but are "manged" by the deployment system of EC2

Hypervisors and Bare Metal

Virtualization is built on two types of core technologies, those are hypervisors and containerisation hypervisors used are conventionally type 1 hypervisors this are close to the bare metal of a system allowing the provisioning of virtual machines ontop of the hardware present, the hypervisor is the communication layer between the guest operating system which is what we call the operating system installed above ontop of the hypervisor, it translates the operating system driver communication and other common hardware interpretation layer information to the actual hardware as hypervisors themselves are not excessively expensive to run especially with the known virtual machine extensions provided by many common CPU architectures, such as VT-d, AMD-V and Intel Vt-x these extensions are used to further improve the performance of virutal machines. In some particular cases you may need to have a bare metal system this is when you want absolute control of your underlaying virtual machine commonly IaaS can give you access to the "bare metal" of a piece of infrastructure.

Virtual Machine Managers (VMM) and Virtual Machine Infrastructure managers - This are the management platforms which commonly drive the virtual machines where the hypervisors themselves operate on individual systems and they house guest operating system instances, a VMM manager which can coalesce multiple hypervisors and their management into a single unified API for their management and interface, this can provided beyond basic machine management and integrate many useful features. Azure commonly provides a main control panel for Azure system management with IaaS, PaaS, CaaS all into a single interface, it also provides advanced features such as grouping instances together and their respective supporting systems infrastructure such as firewalls, virtual networks. Virtual machine managers are more closely related to the management of virtual machines on a single hypervisor instance which allows the configuration of the operating systems, memory mapping configurations, and instruction sets, disk type and many other features.

• Monitoring VMMs provide a common interface to monitor the underlying performance of virutal machines. Monitoring include updating the hypervisors code via package updates in the case of KVM or through the common update channels for your chosen virtual machine platform.

  
  

• Virtual Disk and Disk management handle disk allocation, type of volumes used such as provisioning types, disk layout and in some cases if using for example Proxmox. This also allows for the assignment of the type of disk volume whether not it is MBR or GPT, you will likely want GPT for newest disks purely because of the huge improvements over the standard MBR partition type.

• Virtual networking - Virtual switching, firewall management, hypervisor patch management, network mac addresss, bandwidth quotas and much more, virtual link aggregation and a lot more. Firewalls can be deployed on a "datacenter level" or on a individual server level or both.

• System configuration options such as assignment of CPU architecture type, boot disk type UEFI or BIOS. NUMA - Non-uniform memory architect and so on.

Virtual Machine Infrastructure manager - Is a lot more complicated which it becomes a common place for the configuration of virtual machines, access to virtual images as well as scalability, redundancy, resiliency and protection measures. Many cloud providers use VIMs allowing to ease of integration with the many other services and systems provided by any of of the big cloud providers. Amazon, Microsoft, Google and even Oracle.

Containerisation and Container Orchestration

Form another foundational element of cloud infrastructure both the containerisation platform and the orchestrator are important to the deployment of containers. Allowing for quick deployment and rapid scalability as well as automated deployment, self-healing and management capabilities often part of the unified interface of a cloud hosting providers.

Containers Intially began as a technology long ago in the form of LXC which was the Linux Container engine, over time it evolved to include Docker, Podman, and many others, containers themselves form a core element of a cloud provider, they are often used to rapidly scale up a application or service when it is placed under high demand, or there is a necessary need to increase the available capacity via horizontal scaling, containers are also a smart way to deploy an application by creating a "box" with everything needed for that application or service to run, the box typically wraps up common libraries which may be used by an application and other characteristics, the difference between containers and virtual machines is the kernel space of a container is shared with the underlying operating system, containers often provide a number of underlying capabilities to make it easier to manage them overall you can go as complicated as a full K8s management system or as simple as in my case a podman instance which is communicated to via CLI and command line operations I personally love the simplicity of the podmans container CLI.

• Monitoring container health, resource consumption and other reporting features such as dumping logs, and other issues.

  
  

• Control and management of containers - Update, Delete, Provide storage interface such as passing a path to the container host sometimes you may wish to do this.

  
  

• Networking with virtual network tagging, network address translation and restriction of traffic to specific groups of containers we call pods, pods can be further managed by applying network container network interface where new container networks can be defined and allow only specific containers to communicate with that container.

  
  

• Deployment schematics - A type of technique used by docker such as the docker-compose YAML or the similar podman-compose YAML, podman and docker are pretty much command compatible command for command.

Supporting infrastructure

Networking backbone

Core to any kind of virtual infrastructure including that of which is found in cloud infrastructure systems the deployment of a network backbone at the hardware level is highly important in datacenters large volumes of network traffic moves around the network and it must be extremely reliable which means the use of hardware and software based solutions to ensure that continued reliability. Central to this is typically the network hierachy of design typically breaking down the network into 3 primary layers.

• Core - In network engineering terms the core of the network forms the backbone which all other components can communicate with, its typically not firewalled or have policy controls in place to reduce the overhead associated with the function of the network.

  
  

• Distribution - Is the mesh bashed network often consisting of high performance multi bonded connections using link aggregation techniques and other functionality including redundant routers and redundant paths, depending on the vendor that might include LCAP or PaGP which allows the bonding of multiple interfaces into a single high bandwidth interface and depending on the policy applied the traffic passed over each aggregation group.

  
  

• Access - Provides access to the actual network supporting the endpoint connections which forming the access points where all devices are interfaced with the network. It will also employ some security measures for layer 2 protection such as mac address binding of specific addresses to specific interfaces preventing rouge devices from being connected to access ports on the access layer.

Hardware itself would be layer 3 switches typically as they are often built with specialised ASIC processing units for handling large volumes of traffic and data, in the context of CISCO they call the assignment of ports via virtual port assignment, this allows both the vlan'ing of traffic and the routing of the traffic at the same time.

Firewalls, IPS / IDS infrastructure

Forming a critical element in many cloud providers networks firewalls can be software based or hardware based, they are the boundary of various network subsections form the segmentation of networks to restricted traffic from certain sections of the network, firewalls of this nature are often stateful and stateless, stateful referring to tracking the activity of connections in their various stages and monitoring those connections. IPS / IDS systems monitor the network traffic for patterns of behaviour in traffic passing over the network including various ports, and applications, the rules used in evaluating IPS / IDS traffic are quite complicated and often need to be fine tuned especially if it's a very bare kind of setup such as Suricata or SNORT. Suricata is preferred over snort, as it has support for high performance by offering multithreaded IPS functionality. Firewalls form the first line of defense in the protection of cloud providers network controlling the traffic going to various systems in the datacenter, such as the type of traffic, port assignment, state and other factors, while the IPS system forms the other layer of protection. Both of these systems can be sometimes formed into a unified feature such as SaaS not software as a service but security as a service, allowing you to combine both the monitoring capabilities of an IPS system with the next generation features found on some firewalls such as anomaly detection, IOCs Indicators of compromise and builtin triage and remediation, that might include isolating the system compromised from your other systems to prevent the infection from spreading proactively.

Backup power and generators

In every datacenter or it should be in every datacenter there is backup power equipment designed to prevent a reduction in SLA or service level agreement, that usually includes a backup battery redundancy system which is contained within the rack cabinets, this in the form of UPS units or Uninterruptible power supply units as datacenters must have absolute reliability the power from the grid is provided to a key type of UPS system called an "always online" type they are made to pull power from the mains supply while providing power to the server racks at all times after it is conditioned from the mains always online UPS units are always connected to the battery of the UPS in contrast to line-interactive UPS units which react when the power coming into the UPS falls outside of expected parameters, another feature of datacenter UPS units is they have "extendable redundancy" with interconnection cables to allow multiple UPSs or modules to extend the capacity and runtime of these backup power supplies.

Generators are also are core part of datacenters, UPS units can only provide power for so long, so once the power is lost the backup generators will attempt to kick in running often off petrol of diesel, and builtin automatic transfer switches, where on mains power lost there is a specialised relay which senses the loss of power from the grid transferring it to the batteries, which then leads to the attempted starting of the generator.

Cooling infrastructure

Security, Auditing and Monitoring

Physical security is the first part of the protection of cloud systems, protected often by smart-card for door access, facial recognition, finger print, passwords, and access logging for the servers contained within the datacenter, this can also include the kinds of devices which were plugged into a system at any point.

Depending on compliance requirements cloud provides can give the option to a business to use virtual machine encryption to ensure data protection of the underlaying instance. This "encryption of an instance" prevents the cloud provider from being able to access the data contained within an cloud instance and as the sole business have absolute authority over that data in the cloud.

At the top level most cloud provides have robust security, allowing for the easy updating of applications, software and services. Such as automated patch management deploying critifcal updates when they are needed as fast and reliably as possible.

Recovery

Most cloud providers give you a large amount of access to data recovery options, to allow your buisness to continue to operate and the kinds of guarentees on cloud providers are that your data will always be available and it's integrity preserved. To that end cloud providers often employ the use of robotic based archival stoage systems via tape drives, and other various backup infrastructure. Recovery is usually very quick.