Hybrid cloud connects plant to cloud
OT organizations use hybrid cloud: on-premises control with cloud analytics. VPN or Direct Connect bridges the 2 environments.
8.1 Cloud Models
The previous chapter covered wireless networking, the last piece of on-premises infrastructure. Many organizations extend their networks into the cloud. Cloud networking applies the same concepts (subnets, routing, firewalls) in a virtualized environment.
Why Cloud Networking Exists
Section titled “Why Cloud Networking Exists”Building and maintaining physical data centers requires capital investment, long lead times, and dedicated staff. Cloud providers offer compute, storage, and networking as a service. Organizations provision infrastructure in minutes and pay for the resources they consume. The networking layer in the cloud mirrors on-premises networking. Software-defined equivalents replace physical devices.
Deployment Models
Section titled “Deployment Models”| Model | Description |
|---|---|
| Public cloud | Infrastructure owned by a provider (AWS, Azure, GCP), shared with other customers, accessed over the internet. |
| Private cloud | Infrastructure dedicated to 1 organization, hosted on-premises or by a provider. |
| Hybrid cloud | A combination of public and private cloud, connected by VPN or dedicated circuit. |
| Community cloud | Shared infrastructure for organizations with common requirements (government agencies, healthcare). |
Service Models
Section titled “Service Models”| Model | Customer Manages | Provider Manages | Example |
|---|---|---|---|
| IaaS | OS, middleware, application, data | Compute, storage, networking | AWS EC2, Azure VMs |
| PaaS | Application and data | Runtime, OS, infrastructure | AWS Elastic Beanstalk |
| SaaS | Nothing (uses the service) | Everything | Microsoft 365, Salesforce |
The service model determines the boundary of responsibility. In IaaS, the customer configures the virtual network. In SaaS, the provider handles everything.
Key Takeaways
Section titled “Key Takeaways”IaaS gives the most control
In IaaS, configure the virtual network, subnets, and security groups. In SaaS, the provider handles everything.
What Comes Next
Section titled “What Comes Next”Cloud deployment and service models define the management boundary. The next page covers VPC architecture: the virtual network for subnets, route tables, and security controls.
References
Section titled “References”- CompTIA Network+ N10-009 Exam Objectives, Domain 1: Networking Concepts (Cloud)