The ownership of the rental server belongs to the provider even though it is leased to be located inside the user's property. The clouds are distinguished between the private cloud and the public cloud depending on their ownership: The former belongs to the user whereas the latter belongs to the provider meanwhile both are located on the place distant from where the user is physically at.
The private cloud is established by an individual firm under its own responsibility of its maintenance and security update as well as its own exclusive right of using and modifying it. It also secures its privacy unless it is infiltrated by some wrongdoers with their hacking and virus attack. The disadvantage of owning the private cloud is its cost inefficiency of their maintenance and various updates including the cyber security.
For a relatively small-scale private ownership, the operation inside the on-premises can be achieved with the smaller budget than establishing its own private cloud. The cloud facility requires a bigger scale maintenance and update so that the private cloud may be more suitable for a huge organisation to handle. Nevertheless, even for a huge organisation, it will be more cost efficient to outsource the cloud service to the cloud provide specialising in the cloud computing provision.
On the other hand, even for a small-scale usage, the public cloud is useful because the user does not need to be responsible for the whole physical machinery maintenance unlike the private cloud. The user can simply subscribe the service instead of purchasing the entire package of software and device. Furthermore, instead of incurring the capital investment expenditure, the user can include the usage cost as the variable operation cost so that it is efficient by means of their administration accounting and tax payment.
To take an advantage of the cloud computing, the public cloud is more likely to be cost efficient than the others due to its scale merit and its capacity. The major public cloud providers in the world are Amazon Web Service (AWS) (33% market share in 1Q2022), Microsoft (MS) Azure (22%), and Google Cloud Platform (GCP) (10%). These providers specialise in the cloud computing provision including specialised customer-support, maintenance, security update, product improvement, and the new product instalment.
To use the public cloud service, the user selects which region to use. Then, this user is offered to use one or the multiple Availability Zone (AZ). Inside one AZ, the user determines the number of subnets to use where each subnet size is determined by a block of the IP address size determined by the CIDR (Classless Inter-Domain Routing) notation.
While using the public cloud, there is a service securing the privacy and the security of the server instances and the other services as though the user were using them inside her/his own private cloud network in an AZ. This is called the Virtual Private Cloud (VPC). Each subnet can be allocated inside the VPC while these subnets are usually categorised into the two types: the private subnet and the public subnet.
Instead of risking all the subnets facing both the infiltration risk and the overflowing access, it should allocate some subnets specialising in filtering these accesses as well as analysing their characteristics and traffic volume. Therefore, there needs a buffer demilitarised zone (DMZ) between the inbound accesses from outside the VPC and the private subnets inside the VPC so that the public subnet is allocated there between the gateway of the VPC and the private subnets. The public subnet and the Firewalls such as the Network Access Control List of AWS stand there to form the DMZ as the front-line defending the architecture behind.
Placing only one network Firewall eases the infiltration of the intruders as well as the sudden access traffic overflow undermining the entire architecture configured inside the public cloud. The first line Firewall is set in front of the public subnet. The second line Firewall is set between this public subnet and each private subnet. The DMZ is the zone between two Firewalls where the public subnet bisecting these two Firewalls.
In AWS for example, there are the Load Balancers (LBs) with different task for each different duty. These LBs are in chage of equalising the divided traffic volume to each of the server instance to prevent them from receiving the excess volume undermining their performance. The Application Load Balancer (ALB) is often placed in the public subset distributing the access traffics to lead them to each destination connected to the private subnet areas. The Network Load Balancer (NLB) is often placed in the private subnet distributing the access traffics to lead them to each server instance depending on the traffic volume of these accesses to each instance.
Because these LBs do their multitasking of not only balancing the traffic volume to each instance but also the health check of each instance to detect whether or not is capable to receive the access. Therefore, the division of labour among these LBs becomes necessary to protect the entire architecture inside this network from the asymmetric or malfunctioning access traffic to this network.
In conclusion, it seems to be the trend of shifting the ownership of the computing system. Big organisations such as not only major private corporations but also government institutes have also started being more reliant on the public cloud. Small enterprises also take an advantage of this trend: By switching their main computing environment to the public cloud, they no longer need to deal with preparing for the spare, the physical devices, the cost payment for them, and the uncertainty of the future cost and benefit estimates. This is because the outsourcing of the autoscaling capacity as well as the physical and security maintenance to the specialist provider solve these issue. Hence, it is predicted that the public cloud provision will be popular more and more as the time passes.
No comments:
Post a Comment