Overview of cloud computing services and platforms.

Isolation Concepts

Because cloud computing resources are shared between multiple users, isolation is essential to prevent one user from affecting another. The following concepts are used to isolate resources:

  • Type 1: Isolate workload from workload
  • Type 2: Isolate host from workloads
  • Type 3: Isolate workload from host

Workload from Workload

Isolating workloads from each other is essential to prevent one workload from affecting another. The customer/user ensures that the workloads are isolated from each other. This is done by configuring the operating system.

Host from Workload

Prevent workloads from affecting the host system. The provider ensures that the host system is not affected by the workloads running on it. This is done by configuring the hypervisor.

Workload from Host

Since the host cannot be trusted, the workload must be isolated from the host. The customer/user ensures that the workload is isolated from the host. This is done by configuring the container.

Possible solutions for isolation:

  • Hardware Security Module (HSM): A physical device that provides secure key storage and cryptographic operations.
  • Field Programmable Gate Array (FPGA): A programmable chip that can be configured to perform specific tasks.
  • Trusted Execution Environment (TEE): A secure area of the main processor that ensures code integrity and confidentiality.

Products:

Instance Types

Instance types are predefined configurations of CPU, memory, storage, and networking capacity. They are optimized for different use cases:

  • General Purpose: Balanced CPU and memory
  • Compute Optimized: High CPU performance
  • Memory Optimized: High memory capacity
  • Storage Optimized: High storage capacity
  • Accelerated Computing: GPU or FPGA for specialized workloads

The provider offers different instance types in different generations. Newer generations usually provide better performance and cost efficiency. This is how customers are encouraged to upgrade.

Compute Services

Compute services provide the ability to run applications and workloads on cloud infrastructure.

AWS EC2

Amazon Elastic Compute Cloud (EC2) provides resizable compute capacity in the cloud. The virtual machines are based on a machine image (Amazone Machine Image; AMI) that contains the operating system and application software.

  • CPU/Memory: Fixed types and sizes (fixed ratio between vCPU and RAM), with fixed costs, depending on instance type and size
  • Disk: Flexible EBS volumes for persistent storage, can also persist data when instances are terminated/deleted
  • Network: Elastic Network Interfaces for network connectivity

Instances can be scaled using auto-scaling groups. Metadata can be added and accessed using tags. Access to the machine usually occurse via SSH with public/private key pairs.

AWS Lambda

AWS Lambda is a serverless compute service that runs code in response to events. The code is executed in response to triggers, such as HTTP requests, changes to data in S3, or messages from SNS.

Serverless means that the provider manages the infrastructure, scaling, and availability. The customer only pays for the compute time used.