Hybrid cloud connects plant to cloud
Most OT organizations use hybrid cloud: on-premises control with cloud analytics. VPN or Direct Connect bridges the two.
8.1 Cloud Models
The previous chapter covered wireless networking, the last piece of on-premises infrastructure. Many organizations now extend their networks into the cloud, running workloads on shared, on-demand infrastructure. Cloud networking applies the same concepts (subnets, routing, firewalls) in a virtualized environment.
Why Cloud Networking Exists
Section titled “Why Cloud Networking Exists”Building and maintaining physical data centers requires capital investment, long lead times, and dedicated staff. Cloud providers offer compute, storage, and networking as a service, allowing organizations to provision infrastructure in minutes and pay only for what they use. The networking layer in the cloud mirrors on-premises networking but replaces physical devices with software-defined equivalents.
Deployment Models
Section titled “Deployment Models”| Model | Description |
|---|---|
| Public cloud | Infrastructure owned by a provider (AWS, Azure, GCP), shared with other customers, accessed over the internet. |
| Private cloud | Infrastructure dedicated to one organization, hosted on-premises or by a provider. |
| Hybrid cloud | A combination of public and private cloud, connected by VPN or dedicated circuit. |
| Community cloud | Shared infrastructure for organizations with common requirements (government agencies, healthcare). |
Service Models
Section titled “Service Models”| Model | Customer Manages | Provider Manages | Example |
|---|---|---|---|
| IaaS | OS, middleware, application, data | Compute, storage, networking | AWS EC2, Azure VMs |
| PaaS | Application and data | Runtime, OS, infrastructure | AWS Elastic Beanstalk |
| SaaS | Nothing (just uses it) | Everything | Microsoft 365, Salesforce |
The service model determines the boundary of responsibility. In IaaS, the customer configures the virtual network. In SaaS, the provider handles everything.
Key Takeaways
Section titled “Key Takeaways”IaaS gives you the most control
In IaaS, you configure the virtual network, subnets, and security groups. In SaaS, the provider handles everything.
What Comes Next
Section titled “What Comes Next”Cloud deployment and service models define what you manage. The next page covers VPC architecture, the virtual network where you build subnets, route tables, and security controls.
References
Section titled “References”- CompTIA Network+ N10-009 Exam Objectives, Domain 1: Networking Concepts (Cloud)