Architecture, grid, cloud, virtualisation

See also deployment solutions.

Contents

Enterprise Architecture

Basics

Enterprise Architecture examples

Architecture of Open Source

Technologies (queues, brokers)

Message queues

Enterprise Service Bus ESB

Context brokers

Modelling tools

Grid

Service Oriented Architecture (SOA), Microservices Architecture (MSA) and Service Mesh patterns

SOA and MSA

On the surface, Microservices and SOA are similar. The architecture consists of a set of services. However ...

Service Mesh

Virtualisation

A hypervisor (or virtual machine monitor, VMM, virtualizer) is a kind of emulator; it is computer software, firmware or hardware that creates and runs multiple virtual machines (VM). A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine.

Virtual Machines

VM solutions

Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers. Each VM includes a full copy of an operating system, the application, necessary binaries and libraries.

VM security

In 2016, AMD introduced Secure Encrypted Virtualization (SEV), the first x86 technology designed to isolate virtual machines (VMs) from the hypervisor. In 2017, AMD introduced the SEV-ES (Encrypted State) feature which added additionalprotection for CPU register state. In SEV-ES, the VM register state is encrypted on each hypervisor transitionso thatthe hypervisor cannotsee the data actively being used by the VM. SEV-Secure Nested Paging (SNP) adds strong memory integrity protection tohelp prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more in order to create an isolated execution environment.

Platforms

Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.

Docker

Kubernetes

RBAC approach.

Cloud

Open source

NextCloud

OpenStack/OpenDev

Gluster

Commercial

AWS

AWS basics
AWS security
AWS terminology (infrastructure): At application level, for IAM AWS uses OAuth 2.0. Application level is ABAC.

For analysis: use Steampipe or Turbot.

MSFT

Google

Less commercial

Cloud security