<a href="https://colab.research.google.com/github/brendanpshea/intro_to_networks/blob/main/Networks_02b_CloudComputing.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Welcome to the Cloud: Understanding the Basics of Cloud Computing
**Brendan Shea, PhD**

Imagine wanting to watch your favorite TV show. In the past, you needed to buy a DVD player and physically store all your DVDs. Today, you can simply stream shows through services like Netflix without owning any physical media or special equipment. This is similar to how cloud computing works for businesses and organizations!

## What is Cloud Computing?

**Cloud computing** is the delivery of computing services over the internet ("the cloud"), including servers, storage, databases, networking, software, and more. Instead of organizations buying and maintaining their own computing infrastructure or data centers, they can rent access to these resources from a cloud service provider.

Think of cloud computing like electricity service for your home. You don't need to own a power plant – you just plug in your devices and pay for the electricity you use. Similarly, with cloud computing, organizations can access computing resources on-demand and pay only for what they use.

## Benefits and Features

Cloud computing transforms how organizations use technology through three main benefits:

1. **Cost Efficiency**
   * No upfront hardware or software purchases
   * Pay-as-you-go pricing model
   * Reduced IT maintenance costs

2. **Flexibility**
   * Access resources from anywhere with internet
   * Scale usage up or down instantly
   * Automatic software updates

3. **Reliability**
   * Continuous data backup
   * Professional security teams
   * Multiple data center locations

## Core Components

The basic building blocks of cloud services include several types of **computing resources**:

| Resource Type | Description | Common Uses |
|--------------|-------------|-------------|
| Virtual Machines | Computer systems running in the cloud | Running applications, processing data |
| Storage | Space for files and data | Document storage, backups, media files |
| Networking | Systems connecting cloud components | Communication between services |
| Databases | Systems for organizing data | Customer records, inventory tracking |

**Cloud service providers** are companies that own and operate cloud computing infrastructure. Major providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). These providers maintain vast networks of data centers where the actual computing happens, connected to users through the internet.

## Real-World Applications

Let's say you're starting a small online business selling handmade jewelry. Instead of buying expensive servers, you could use cloud storage to keep your product images, run your website on cloud servers, use cloud databases to track inventory and orders, and scale your resources up during busy holiday seasons and down during slower periods.

Cloud computing has revolutionized how organizations use technology by:
* Making advanced computing accessible to smaller organizations
* Enabling rapid innovation and deployment
* Reducing environmental impact through shared resources
* Creating new possibilities for collaboration and remote work

## Looking Ahead

As you continue through this chapter, you'll learn about specific cloud computing technologies and concepts in detail. You'll discover how organizations secure their cloud resources, connect to them, and choose the right types of cloud services for their needs.

Remember: While cloud computing might seem complex at first, it's built on simple principles of sharing and accessing resources over the internet. As you learn each concept, try to connect it back to real-world examples from your own experience using cloud services like email, file storage, or streaming platforms.

# Cloud Services Explained: Understanding SaaS, IaaS, and PaaS

Now that you understand the basics of cloud computing, let's explore the three main types of cloud services. Think of these as different levels of control over your cloud resources - like renting different types of vacation properties.

## The Three Service Models

Cloud providers offer three main service models, each providing a different level of control and responsibility:

| Service Model | What It Means | You Manage | Provider Manages | Real-World Example |
|--------------|---------------|------------|------------------|-------------------|
| Software as a Service (SaaS) | Ready-to-use applications | Just your data and access | Everything else | Gmail |
| Platform as a Service (PaaS) | Development platform | Your code and data | Infrastructure and platform | Heroku |
| Infrastructure as a Service (IaaS) | Raw computing resources | OS up through applications | Physical hardware | Amazon EC2 |

## Software as a Service (SaaS)

**Software as a Service** is like renting a fully furnished house - everything is set up and ready to use. You just bring your belongings (data) and move in.

Common characteristics of SaaS:
* Accessible through a web browser
* No installation required
* Automatic updates
* Pay-per-user or subscription pricing

Examples you might already use:
1. Google Workspace (Gmail, Docs, Drive)
2. Microsoft 365 (Outlook, Word, Excel online)
3. Salesforce
4. Zoom
5. Dropbox

## Platform as a Service (PaaS)

**Platform as a Service** is like renting a house with a workshop. The basic structure is there, but you can build your own custom furniture (applications) using the provided tools.

What PaaS provides:
* Development frameworks
* Database management
* Operating system
* Development tools
* Deployment capabilities

This is ideal for developers who want to focus on writing code without managing the underlying infrastructure.

## Infrastructure as a Service (IaaS)

**Infrastructure as a Service** is like renting an empty house with just the basic utilities connected. You have the most control but also the most responsibility.

With IaaS, you get:
* Virtual machines
* Storage
* Networks
* IP addresses

You're responsible for:
* Operating systems
* Applications
* Security
* Backups
* Scaling

## Choosing the Right Service Model

Consider these factors when choosing a service model:

1. **Technical Expertise Required**
   * SaaS: Minimal
   * PaaS: Development skills
   * IaaS: System administration skills

2. **Control and Flexibility**
   * SaaS: Least control, but easiest to use
   * PaaS: Balance of control and convenience
   * IaaS: Most control, but most complex

3. **Cost Considerations**
   * SaaS: Predictable subscription costs
   * PaaS: Pay for resources used by your applications
   * IaaS: Pay for raw computing resources

## Real-World Scenario

Imagine you're starting an e-commerce business. You might use:
* SaaS: Shopify for your storefront
* PaaS: Heroku to host your custom inventory management system
* IaaS: Amazon EC2 for specialized processing tasks

## Looking Ahead

Understanding these service models is crucial because they form the foundation for how you'll interact with cloud resources. In the next section, we'll explore how to create your own private space in the cloud using Virtual Private Clouds (VPCs).

Remember: There's no "best" service model - each has its place depending on your needs, technical expertise, and business requirements. Many organizations use a combination of all three types.

# Building Your Cloud Home: Virtual Private Clouds and Network Foundations

Remember how we learned that cloud computing lets you use computing resources over the internet? And how different service models (SaaS, PaaS, and IaaS) give you different levels of control? Now let's see how these services actually live in the cloud, and how we keep them organized and secure.

## Why Do You Need a Private Space?

In Section 1, we learned that cloud computing is like electricity - you just plug in and use what you need. But just as a large office building needs to separate and organize its electrical systems by floor and department, your cloud resources need organization too.

Think about the cloud services we discussed in Section 2:
* **SaaS**: When you use Gmail or Salesforce
* **PaaS**: When you build applications on platforms like Heroku
* **IaaS**: When you create your own servers on Amazon EC2

All of these services need to run somewhere secure and organized. This is where **Virtual Private Clouds (VPCs)** come in. A VPC is your own private section of the cloud where you can set up and organize your services.

## Understanding Cloud Networks: The Basics

Remember how we said cloud computing delivers resources over the internet? Let's understand how these resources are connected:

### What is a Network?
A network is simply a group of connected computers that can communicate with each other. In cloud computing:
* Instead of physical computers, we often use virtual machines
* Instead of physical cables, we use virtual connections
* Instead of a physical network, we use a virtual network

### What is a Subnet?
When you're using IaaS and need several virtual machines, or when you're running PaaS services that need different levels of security, you'll want to organize them into **subnets**. A subnet is like creating different departments in your cloud space:
* Public subnets for services that need to connect to the internet (like your web applications)
* Private subnets for services that should stay internal (like your databases)

## How VPCs Work with Different Cloud Services

Let's see how VPCs relate to the cloud services you learned about:

1. **With SaaS**
   * The provider manages the VPC
   * You don't need to worry about the network setup
   * Example: When using Gmail, Google handles all the networking

2. **With PaaS**
   * The provider handles most network settings
   * You might configure some basic network rules
   * Example: When using Heroku, you mostly just deploy your code

3. **With IaaS**
   * You have full control over your VPC
   * You create and manage the network layout
   * Example: On AWS EC2, you decide how to structure everything

## Creating Your First VPC: A Simple Example

Let's say you're building a small business application using different cloud services:

```
Your Virtual Private Cloud
├── Public Area (Subnet)
│   ├── Web Application (PaaS)
│   └── Public API Server (IaaS)
└── Private Area (Subnet)
    └── Database (IaaS or PaaS)
```

This setup:
* Uses multiple cloud service types together
* Keeps public-facing services separate from private data
* Maintains security while allowing necessary connections

## Best Practices for Beginners

When starting with VPCs:

1. Match Your Service Model
   * SaaS users rarely need to manage VPCs
   * PaaS users need basic VPC understanding
   * IaaS users need deeper VPC knowledge

2. Start Simple
   * Begin with provider defaults
   * Add complexity only when needed
   * Document your setup

3. Think About Security
   * Keep sensitive data in private subnets
   * Use security features appropriate to your service model
   * Remember: security is important for all cloud services

## Looking Ahead

In the next section, we'll learn about keeping your VPC secure through network security groups and access controls. This is crucial whether you're using basic PaaS services or managing complex IaaS resources.

Remember: The type of cloud services you use (SaaS, PaaS, or IaaS) will determine how much you need to work with VPCs. Start with understanding the basics, and add more knowledge as your needs grow.

# Keeping Your Cloud Safe: Network Security Groups and Access Controls

Now that you have your own space in the cloud, you need to keep it secure. Just like protecting your home, cloud security uses multiple layers of protection to keep your resources safe.

## Why Cloud Security Matters

Remember the different types of cloud services we discussed?
* Your SaaS email needs to stay private
* Your PaaS applications need to be protected from attacks
* Your IaaS servers need to be guarded from unauthorized access

Think of cloud security like protecting a house:
* Neighborhood gates (Network ACLs)
* House doors (Security Groups)
* Window locks (Application Security)
* Security system (Monitoring)

## Network Security Groups: Your First Line of Defense

A **Network Security Group** is like a smart door lock for your cloud resources. It lets you decide:
* Who can visit (which IP addresses are allowed)
* What they can do (which types of traffic are permitted)
* When they can do it (which ports are open)

Example of a simple security group:
```
Web Server Security Group Rules:
├── Allow: Web browsing (Port 80) from anyone
├── Allow: Secure browsing (Port 443) from anyone
└── Allow: Remote access (Port 22) only from your office
```

## Network Access Control Lists (ACLs)

While security groups protect individual resources, **Network ACLs** protect entire subnets. Think of them as neighborhood-wide rules:

| Type of Traffic | Public Subnet | Private Subnet |
|-----------------|---------------|----------------|
| Web (HTTP) | Allowed | Blocked |
| Database | Blocked | Allowed only from Public Subnet |
| Remote Access | Allowed only from Office | Blocked |

The key differences:
1. Security Groups are for individual resources
2. Network ACLs are for entire subnets
3. Both work together for better protection

## Common Security Rules

Here are some typical security setups:

1. **For Web Servers** (in public subnet)
   * Allow incoming web traffic (HTTP/HTTPS)
   * Allow responses back to users
   * Block everything else

2. **For Databases** (in private subnet)
   * Allow connections only from your application
   * Block all internet access
   * Allow maintenance access only from trusted sources

## Security Best Practices

When setting up your cloud security:

1. **Start Strict**
   * Block everything by default
   * Open only what you need
   * Document why each rule exists

2. **Use Multiple Layers**
   * Network ACLs for broad rules
   * Security Groups for specific rules
   * Application security for detailed control

3. **Regular Maintenance**
   * Review rules monthly
   * Remove unused permissions
   * Update security settings

## Real-World Example: Securing a Simple Web Application

Let's secure a basic web application with a database:

```
Your Secure VPC
├── Public Subnet
│   └── Web Server
│       Security Group:
│       ├── Allow HTTP/HTTPS from internet
│       └── Allow database access to Private Subnet
└── Private Subnet
    └── Database
        Security Group:
        └── Allow access only from Web Server
```

## Common Security Mistakes to Avoid

1. **Too Much Access**
   * Don't open more ports than needed
   * Don't use "Allow All" rules
   * Don't share security credentials

2. **Poor Documentation**
   * Write down why each rule exists
   * Keep track of temporary rules
   * Document who requested changes

3. **Inconsistent Updates**
   * Regularly review all rules
   * Remove old rules when no longer needed
   * Keep security settings up to date

## Looking Ahead

In the next section, we'll learn about cloud gateways - the doors that connect your VPC to the internet and other networks. Understanding security is crucial for working with these gateways safely.

Remember: Security should be simple but thorough. Start with basic protections and add more as you understand your needs better. When in doubt, restrict access and only open what you need.

### Graphic: Virtual Private Cloud

In [None]:
# @title

import base64
from IPython.display import Image, display
import matplotlib.pyplot as plt

def mm(graph, width=800, height=600):  # Add default dimensions
    graphbytes = graph.encode("utf8")
    base64_bytes = base64.urlsafe_b64encode(graphbytes)
    base64_string = base64_bytes.decode("ascii")
    # Add width and height parameters to the URL
    url = f"https://mermaid.ink/img/{base64_string}?width={width}&height={height}"
    display(Image(url=url))

mm("""
graph TB
    I((Internet)) --> IG[Internet Gateway]

    IG --> PS[Public Subnet<br>10.0.1.0/24]
    PS --> WS[Web Server<br>10.0.1.10]
    PS --> NAT[NAT Gateway]

    NAT --> PRS[Private Subnet<br>10.0.2.0/24]
    PRS --> DB[(Database Server<br>10.0.2.20)]

    NSG1[Network Security Group<br>Controls traffic to<br>individual resources] --- WS
    NSG2[Network Security Group<br>Controls traffic to<br>individual resources] --- DB

    note1[Public subnet resources<br>have routes to internet<br>through Internet Gateway]
    note2[Private subnet resources<br>can only access internet<br>through NAT Gateway]

    PS --- note1
    PRS --- note2

    classDef default fill:#fff,stroke:#333,stroke-width:2px;
    classDef gateway fill:#f9f,stroke:#333,stroke-width:2px;
    classDef subnet fill:#e6f3ff,stroke:#333,stroke-width:2px;
    classDef note fill:#ffffcc,stroke:#333,stroke-width:1px;

    class IG,NAT gateway
    class PS,PRS subnet
    class note1,note2 note""")

# Connecting Your Cloud: Gateways, VPNs, and Direct Connect

Remember how we created our private space in the cloud (VPC) and secured it? Now we need to understand how to connect this private space with the outside world. Like any private space, your cloud environment needs carefully controlled ways to communicate with external networks and systems.

## Why Do We Need Special Connections?

In traditional networking, connecting to the internet is relatively straightforward - you connect a device to a router, and it can communicate with the internet. However, cloud computing introduces new challenges that require more sophisticated connection methods.

Think about your home internet setup as a comparison. At home, you have:
* Multiple devices (phones, laptops, smart TV) that all need internet access
* One main internet connection shared among all devices
* A router that manages these connections
* Security features to protect your devices

Your cloud resources have similar but more complex needs:
* Multiple servers and services requiring different types of internet access
* Various security requirements for different resources
* The need to connect securely with your office or other networks
* Requirements to maintain compliance and data privacy

## Understanding Network Address Translation (NAT)

**Network Address Translation (NAT)** is a fundamental networking concept that's crucial for cloud computing. Before we look at cloud gateways, we need to understand what NAT is and why it exists.

NAT serves several essential purposes in networking:
1. It allows multiple private devices to share a single public address
2. It helps conserve limited public IP addresses
3. It provides an additional layer of security by hiding private addresses

Here's a detailed apartment building analogy to understand NAT:

Imagine you live in a large apartment building. In this analogy:
* The building's street address represents your public IP address
* Each apartment number represents a private IP address
* The front desk represents the NAT system
* Deliveries represent internet traffic

When a resident orders food delivery:
1. They provide the building's address and their apartment number
2. The delivery arrives at the building (public address)
3. The front desk (NAT) checks their registry
4. They forward the delivery to the correct apartment (private address)

### Port Address Translation (PAT)
**Port Address Translation (PAT)**, also known as Network Address Port Translation (NAPT), is an extension of NAT that allows multiple devices on a private network to share a single public IP address by using unique port numbers. This helps to conserve public IP addresses even further than NAT.

Think of it like this: In our apartment building analogy, NAT is like having one street address for the whole building. PAT is like adding apartment numbers to that address to make sure deliveries get to the right place.

Here's how it works:

1. A device on the private network sends a request to the internet.
2. The PAT device (usually a router or firewall) translates the private IP address and port number to a public IP address and a unique port number.
4. The request is sent to the internet using the translated address and port.
When the response comes back, the PAT device uses the port number to identify the original device and forwards the response to it.

Benefits of PAT:
- Conserves public IP addresses even further than NAT
- Allows multiple devices on a private network to share a single public IP address
- Provides an additional layer of security by hiding private IP addresses and port numbers



## What is a Virtual Private Network (VPN)?

A **Virtual Private Network (VPN)** is a technology that creates a secure, encrypted connection over a less-secure network (like the public internet). Before diving into cloud VPNs, it's important to understand the basic concept.

Think of a VPN like a secure tunnel through a public space. Here's how the secure tunnel concept works:

1. **Encryption**: When data enters the tunnel, it gets encrypted (scrambled using complex mathematics)
2. **Transmission**: The encrypted data travels through the public internet
3. **Decryption**: Only the authorized recipient can unscramble the data
4. **Protection**: Anyone intercepting the data only sees encrypted information

This process ensures:
* Data privacy while in transit
* Secure access to private resources
* Protection from unauthorized interception


## Graphic: NAT and PAT in Action

In [None]:
# @title
mm("""
sequenceDiagram
    participant Internet as Internet
    participant NAT as NAT Gateway<br>Public IP: 203.0.113.1
    participant PC1 as Private Device 1<br>192.168.1.10
    participant PC2 as Private Device 2<br>192.168.1.11

    Note over Internet,PC2: How NAT Works

    PC1->>NAT: Request to website<br>From: 192.168.1.10:4567
    NAT->>Internet: Translated request<br>From: 203.0.113.1:12345
    Internet->>NAT: Response to request<br>To: 203.0.113.1:12345
    NAT->>PC1: Translated response<br>To: 192.168.1.10:4567

    Note over Internet,PC2: Different Device, Same Time

    PC2->>NAT: Request to website<br>From: 192.168.1.11:4567
    NAT->>Internet: Translated request<br>From: 203.0.113.1:12346
    Internet->>NAT: Response to request<br>To: 203.0.113.1:12346
    NAT->>PC2: Translated response<br>To: 192.168.1.11:4567
""")


## Cloud Gateways: Understanding Different Types of Connections

Now that we understand the fundamental concepts of NAT and VPNs, we can explore how these technologies are implemented in cloud computing through different types of gateways. A gateway in cloud computing is a network component that serves as an entry and exit point for traffic between different networks.

Let's examine each type of gateway and its specific purpose:

### Internet Gateway

An **Internet Gateway** is the primary component that allows communication between your VPC and the internet. Think of it as your cloud environment's main router:

Key characteristics of an Internet Gateway include:
* Provides a target in your VPC route tables for internet-routable traffic
* Performs network address translation for instances with public IP addresses
* Supports IPv4 and IPv6 traffic
* Enables two-way internet communication

### NAT Gateway

A **NAT Gateway** is a managed service that allows resources in private subnets to access the internet while remaining private themselves. Unlike an Internet Gateway, a NAT Gateway only allows outbound connections and their related responses.

The NAT Gateway process works as follows:
1. A private resource initiates an internet request
2. The request goes to the NAT Gateway
3. The NAT Gateway changes the source address to its own address
4. The response returns to the NAT Gateway
5. The NAT Gateway forwards it back to the private resource

### VPN Gateway

A **VPN Gateway** in the cloud is a managed service that enables secure connections between your cloud resources and other networks. It's different from personal VPNs you might use at home, as it's designed for connecting entire networks rather than individual devices.

VPN Gateways support two main types of connections:
1. **Site-to-Site VPN**
   * Connects your cloud to your office network
   * Requires a VPN gateway on both ends
   * Operates continuously
   * Best for permanent connections

2. **Client VPN**
   * Connects individual users to cloud resources
   * Requires VPN software on user devices
   * Used as needed
   * Best for remote worker access

### Direct Connect

**Direct Connect** provides a dedicated physical network connection between your network and your cloud resources. Unlike other connection types that use the public internet, Direct Connect uses private network infrastructure.

Direct Connect offers several unique benefits:
* Consistent network performance
* Reduced data transfer costs for high volumes
* Increased security through private connections
* Better reliability than internet-based connections

## How These Components Work Together

Understanding how these different connection types interact is crucial for cloud network design. Here's a detailed example of a typical cloud network setup:

```
Internet
   ↓
Internet Gateway
   ↓
Public Subnet
   ├── Web Servers (Public-facing applications)
   ├── NAT Gateway
   │     ↓
   │  Private Subnet
   │     ├── Application Servers
   │     └── Databases
   │
   ├── VPN Gateway -------- Office Network
   │     └── Remote Workers
   │
   └── Direct Connect ----- Corporate Data Center
```

In this architecture, each component serves a specific purpose:
* Internet Gateway handles public web traffic
* NAT Gateway enables private resources to update themselves
* VPN Gateway provides secure remote access
* Direct Connect supports high-volume data transfer

## Best Practices for Cloud Connectivity

When designing your cloud network connectivity, several important principles should guide your decisions:

### Security First
Your connection strategy should prioritize security through:
* Minimal public internet exposure
* Encryption for all sensitive traffic
* Regular security audit reviews
* Clear documentation of all connection points

### Cost Optimization
Different connection types have different cost implications:
* Internet Gateway - Usually free but pay for data transfer
* NAT Gateway - Hourly charges plus data processing fees
* VPN - Connection hours and data transfer fees
* Direct Connect - High fixed costs plus port hours

### Performance Planning
Consider these factors when planning for performance:
* Expected traffic volumes
* Latency requirements
* Bandwidth needs
* Geographic distribution of users

## Common Connectivity Challenges

When working with cloud connections, several common issues may arise. Here's how to understand and address them:

### Connectivity Problems
If resources can't connect to the internet:
1. Verify gateway attachments
2. Check route table configurations
3. Review security group rules
4. Confirm subnet associations

### Performance Issues
When experiencing slow connections:
1. Monitor bandwidth usage
2. Check for network bottlenecks
3. Review gateway capacity
4. Consider connection upgrades

## Looking Ahead

The connection methods we've discussed form the foundation for more complex cloud architectures. In the next section, we'll explore different cloud deployment models - public, private, and hybrid - which use these connection types in various combinations to meet different organizational needs.

Remember: While cloud connectivity offers many options, start with the simplest configuration that meets your needs. You can always add more sophisticated connections as your requirements evolve.

### Graphic: VPN

In [None]:
# @title
mm("""
graph LR
    PC[Office PC<br>172.16.1.10] --> VPN1[VPN Gateway]
    VPN1 ==>|Encrypted IPsec Tunnel| VPN2[Cloud VPN Gateway]
    VPN2 --> SRV[Private Server<br>10.0.1.10]

    note1[IPsec tunnel encrypts all traffic<br>between networks]
    note2[Allows secure access to<br>private cloud resources]

    VPN1 --- note1
    SRV --- note2

    classDef default fill:#fff,stroke:#333,stroke-width:2px;
    classDef gateway fill:#f9f,stroke:#333,stroke-width:2px;
    classDef note fill:#ffffcc,stroke:#333,stroke-width:1px;

    class VPN1,VPN2 gateway
    class note1,note2 note""")

# Choosing Your Cloud Type: Public, Private, and Hybrid Deployment Models

Now that we understand how to connect and secure cloud resources, let's explore the different ways organizations can deploy their cloud infrastructure. Just as businesses can choose between renting office space, owning their own building, or combining both approaches, they have similar choices with cloud computing.

## Understanding Cloud Deployment Models

A cloud deployment model describes where your cloud resources live and who manages them. This decision affects:
* Who controls the infrastructure
* Where data is stored
* How you access services
* What security measures are available
* How much it costs

Let's examine each major deployment model in detail.

## Public Cloud

**Public cloud** is what most people think of when they hear "cloud computing." In this model, you use infrastructure owned and operated by cloud providers like AWS, Microsoft Azure, or Google Cloud.

Think of public cloud like renting space in a modern office building:
* The building owner handles maintenance
* You share the building with other tenants
* You only pay for the space you use
* Building security is provided
* You can easily get more space when needed

Key characteristics of public cloud include:

1. **Shared Infrastructure**
   * Resources are shared among multiple customers
   * Provider manages hardware and basic security
   * Each customer's data remains separate and secure

2. **Pay-as-you-go Pricing**
   * No upfront infrastructure costs
   * Pay only for what you use
   * Can scale up or down quickly

3. **Provider Management**
   * Provider handles hardware maintenance
   * Automatic updates and patches
   * 24/7 infrastructure monitoring

### Advantages of Public Cloud:
* Lower initial costs
* No hardware maintenance
* Easy scaling
* Global accessibility
* Built-in disaster recovery

### Potential Concerns:
* Less control over infrastructure
* Data location may be restricted
* May have compliance limitations
* Shared resources with others

## Private Cloud

A **private cloud** is infrastructure used exclusively by one organization. It can be located in your own data center or hosted by a third party, but the key is that the resources are dedicated to your organization.

Think of private cloud like owning your own office building:
* Complete control over the facility
* No shared spaces with other companies
* Responsible for all maintenance
* Can customize everything
* Higher upfront costs

Key characteristics of private cloud include:

1. **Dedicated Infrastructure**
   * All resources are for your organization only
   * Complete control over hardware and software
   * Can customize security measures

2. **Internal Management**
   * Organization manages everything
   * Control over maintenance schedules
   * Direct access to all systems

3. **Customization Options**
   * Can optimize for specific workloads
   * Full control over data location
   * Custom security measures

### Advantages of Private Cloud:
* Maximum control
* Better security options
* Compliance friendly
* Performance optimization
* Resource dedication

### Potential Concerns:
* Higher upfront costs
* Requires internal expertise
* Harder to scale quickly
* More maintenance responsibility

## Hybrid Cloud

A **hybrid cloud** combines public and private clouds, allowing data and applications to be shared between them. This model offers the best of both worlds when implemented correctly.

Think of hybrid cloud like having both owned and rented office spaces:
* Own your main office building
* Rent additional space as needed
* Connect both locations securely
* Use each space for its best purpose
* Flexibility to expand or contract

Key characteristics of hybrid cloud include:

1. **Mixed Infrastructure**
   * Some resources in public cloud
   * Some resources in private cloud
   * Secure connections between both
   * Data can move between clouds

2. **Workload Distribution**
   * Critical systems in private cloud
   * Scalable services in public cloud
   * Balanced resource utilization
   * Optimized costs

3. **Flexible Management**
   * Choose best location for each service
   * Scale in either environment
   * Maintain security standards across both

### Advantages of Hybrid Cloud:
* Flexibility in resource placement
* Cost optimization
* Risk mitigation
* Scalability options
* Compliance friendly

### Potential Concerns:
* More complex management
* Requires connectivity expertise
* Security across multiple environments
* Consistent monitoring needed

## Choosing the Right Model

Several factors influence which deployment model is best for your needs:

### Business Requirements
Consider these organizational factors:
* Budget constraints
* Security requirements
* Compliance needs
* Performance requirements
* Geographic distribution

### Technical Considerations
Evaluate these technical aspects:
* Existing infrastructure
* Internal expertise
* Integration requirements
* Scaling needs
* Disaster recovery requirements

## Common Deployment Scenarios

Here are typical ways organizations use different deployment models:

1. **Public Cloud Primary**
   * Most services in public cloud
   * Minimal on-premises infrastructure
   * Good for new companies or simple needs

2. **Private Cloud Primary**
   * Critical systems in private cloud
   * Limited public cloud usage
   * Common in regulated industries

3. **Hybrid Balance**
   * Core systems in private cloud
   * Scalable services in public cloud
   * Best for complex organizations

## Looking Ahead

In the next section, we'll explore scalability and elasticity - key features that help your cloud infrastructure grow and adapt to changing needs. The deployment model you choose will influence how you implement these features.

Remember: Your choice of deployment model isn't permanent. Many organizations start with public cloud and evolve to hybrid as their needs change. Choose what works best for your current situation while keeping future flexibility in mind.

# Growing with the Cloud: Scalability, Elasticity, and Multitenancy

One of the most powerful features of cloud computing is its ability to grow or shrink based on your needs. In this section, we'll explore how cloud services can adapt to changing demands and how multiple customers can safely share resources.

## Understanding Resource Demands

Before we dive into scalability and elasticity, let's understand why they're important. Consider these common scenarios:

1. **Daily Patterns**
   * A business website is busiest during work hours
   * Social media usage peaks in the evening
   * Banking systems are most active at lunch time

2. **Seasonal Changes**
   * Retail sites surge during holidays
   * Tax software peaks in April
   * Academic services spike during enrollment periods

3. **Unexpected Events**
   * Breaking news drives traffic to media sites
   * Product launches create sudden demand
   * Viral content causes traffic spikes

## What is Scalability?

**Scalability** is your cloud system's ability to handle growing amounts of work by adding resources. Think of it like a restaurant that can add more tables and staff to serve more customers.

There are two main types of scalability:

### Vertical Scalability (Scaling Up)
This means adding more power to existing resources:
* Like upgrading from a small server to a larger one
* Similar to replacing a desktop computer with a more powerful one
* Examples:
  * Adding more memory
  * Using a faster processor
  * Increasing storage capacity

### Horizontal Scalability (Scaling Out)
This means adding more resources of the same size:
* Like adding more identical servers
* Similar to adding more cash registers at a store
* Examples:
  * Adding more web servers
  * Creating additional database replicas
  * Distributing work across machines

## What is Elasticity?

**Elasticity** is the ability to automatically scale resources both up AND down based on demand. While scalability is about handling growth, elasticity is about efficiently matching resources to current needs.

Think of elasticity like a rubber band:
* Stretches when you need more capacity
* Returns to normal when demand decreases
* Automatically adjusts to pressure
* Maintains consistent performance

### How Elasticity Works

The process involves several components:

1. **Monitoring**
   * Track resource usage
   * Measure performance metrics
   * Watch for threshold violations

2. **Analysis**
   * Evaluate current demands
   * Predict needed resources
   * Consider cost implications

3. **Action**
   * Add resources when needed
   * Remove unused resources
   * Balance across available systems

## Understanding Multitenancy

**Multitenancy** means multiple customers (tenants) share the same computing resources while keeping their data separate and secure. This is a fundamental concept that makes cloud computing cost-effective.

Think of multitenancy like an apartment building:
* Many tenants share the building
* Each has their private space
* Common areas are shared
* Building services benefit everyone

### How Multitenancy Works

Several technologies enable safe resource sharing:

1. **Resource Isolation**
   * Separate virtual machines
   * Isolated network spaces
   * Protected data storage

2. **Security Measures**
   * Access controls
   * Data encryption
   * Network separation

3. **Resource Management**
   * Fair usage policies
   * Performance guarantees
   * Balanced distribution

## Implementing These Features

Let's look at how these concepts work together in practice:

### Auto-Scaling Setup
A typical auto-scaling configuration includes:

1. **Scaling Policies**
   * When to add resources
   * When to remove resources
   * How many resources to change

2. **Monitoring Rules**
   * CPU usage thresholds
   * Memory utilization
   * Network traffic levels
   * Request queue length

3. **Action Plans**
   * Minimum resource levels
   * Maximum resource limits
   * Scaling increments

### Example Auto-Scaling Scenario

```
Web Application Setup:
├── Load Balancer
├── Monitoring System
│   ├── CPU Usage > 70% → Add Server
│   └── CPU Usage < 30% → Remove Server
└── Server Group
    ├── Minimum: 2 Servers
    ├── Maximum: 10 Servers
    └── Current: Based on Demand
```

## Best Practices

When implementing scalability and elasticity:

### Planning
Consider these factors when designing your system:
* Expected growth patterns
* Resource costs
* Performance requirements
* Geographic distribution
* Data consistency needs

### Implementation
Follow these guidelines during setup:
* Start with conservative limits
* Test scaling behavior
* Monitor costs carefully
* Document all thresholds
* Plan for failures

### Monitoring
Keep track of these metrics:
* Resource utilization
* Response times
* Cost per user
* Scaling frequency
* System performance

## Common Challenges

Organizations often face these challenges:

1. **Cost Management**
   * Balancing resources and budget
   * Preventing over-provisioning
   * Controlling automatic scaling

2. **Performance**
   * Maintaining consistency
   * Managing data synchronization
   * Handling state information

3. **Technical Complexity**
   * Setting appropriate thresholds
   * Managing dependencies
   * Ensuring security

## Looking Ahead

In our final section, we'll see these concepts in action through a case study where Lisa Simpson helps her school implement cloud computing solutions. We'll see how she applies these principles to solve real-world problems.

Remember: While automatic scaling can seem complex, start with basic configurations and adjust based on actual usage patterns. Cloud providers offer tools and templates to help you implement these features effectively.

# Case Study: Lisa Simpson and the Mystery of the Sluggish Science Fair Server

## The Situation

Springfield Elementary's new cloud-based science fair registration system is experiencing mysterious slowdowns. Principal Skinner has asked Lisa Simpson, the school's impromptu junior network administrator, to investigate why students can't upload their project proposals. The system worked fine during testing last week.

"The deadlines are tomorrow, Lisa," Principal Skinner explains nervously. "If students can't submit their projects, we'll have to go back to the old system of hand-written submissions on recycled paper." He shudders, remembering last year's incident when Ralph's crayon drawings got mixed up with the cafeteria menu.

## Initial Assessment

Lisa begins her investigation methodically:

1. **Gathering Information**
   * System: Science fair registration running on a small cloud instance
   * Symptoms: Extremely slow page loads, occasional timeouts
   * Timing: Started this morning
   * Users affected: All students trying to submit projects
   * Recent changes: None reported

2. **Quick Checks**
   * Web server is running
   * Database is online
   * Internet connection is working
   * Basic security rules are in place

## Forming Hypotheses

Lisa writes in her troubleshooting notebook:

"Possible causes of slowdown:
1. Insufficient resources (CPU/memory)
2. Network connectivity issues
3. Database problems
4. Security group misconfiguration
5. DDoS attack (unlikely, but Bart has been suspiciously quiet today)"

## Investigation Process

### Hypothesis 1: Resource Constraints

Lisa checks the monitoring dashboard:
* CPU usage: 98%
* Memory usage: 92%
* Disk space: 45% (normal)

"Hmm," Lisa notes, "These numbers are much higher than during testing."

### Hypothesis 2: Unexpected Load

Lisa investigates the access logs:
```
09:15 - Normal traffic
09:30 - Traffic spike begins
09:31 - Resource usage jumps
09:32 - Performance degradation starts
```

"Computer, show me what changed at 9:30," Lisa commands. The logs reveal multiple large file uploads starting simultaneously.

## The Discovery

Reviewing the uploads, Lisa finds:
* Martin Prince's 500MB quantum physics visualization
* Database's 400MB robot demonstration video
* Nelson's surprisingly thorough 300MB fluid dynamics simulation

"Aha!" Lisa exclaims. "During testing, we only uploaded text descriptions. No one mentioned there would be large multimedia presentations!"

## The Technical Problem

Lisa identifies multiple issues:
1. Instance size too small for large file handling
2. No upload size limits configured
3. No auto-scaling rules in place
4. Single availability zone deployment

## Implementing Solutions

Lisa takes a systematic approach:

1. **Immediate Fix**
   * Increases instance size (vertical scaling)
   * Adds memory for file handling
   * Implements basic upload caching

2. **Short-term Solutions**
   * Configures maximum upload size
   * Adds upload progress indicators
   * Implements file compression

3. **Long-term Improvements**
   * Sets up auto-scaling rules
   * Adds content delivery network for large files
   * Creates backup deployment zone

## Testing the Fix

Lisa organizes a test group:
* Martin (large technical files)
* Milhouse (average user)
* Bart (chaos testing)

Results show:
* Upload times improved by 80%
* No more timeouts
* System handles multiple simultaneous uploads
* Even Bart couldn't crash it (though not for lack of trying)

## Follow-up Actions

Lisa documents her recommendations:

1. **Monitoring Improvements**
   * Set up alerts for resource usage
   * Monitor upload patterns
   * Track system performance

2. **Process Changes**
   * Create system usage guidelines
   * Document expected file sizes
   * Plan for future science fair needs

3. **User Education**
   * Brief teachers on system capabilities
   * Create student upload guidelines
   * Post FAQs about file sizes and formats

## Lessons Learned

Key takeaways from the incident:
* Always gather requirements from actual users
* Test with realistic data volumes
* Plan for growth and unusual usage patterns
* Document system limitations and guidelines

## Epilogue

The science fair registration system now runs smoothly. Principal Skinner is relieved, though slightly concerned about Lisa's new "Junior Cloud Architect" business cards. Bart is disappointed that the system no longer crashes when he uploads his "My Dog Ate My Science Project" video in an infinite loop.

Martin's quantum physics project eventually wins first prize, though the judges admit they mainly voted for it because the visualization made pretty patterns.

Remember: When troubleshooting cloud systems, always:
1. Gather information systematically
2. Form clear hypotheses
3. Test methodically
4. Document everything
5. Plan for future improvements

And perhaps most importantly, as Lisa notes, "Always expect users to do unexpected things with your system."

## Loop of the Recursive Dragon: Network Architecture and Cloud Concepts
Click here to launch a review game:
https://brendanpshea.github.io/LotRD/?set=nw_02_architecture.json

## Review With Quizlet

In [1]:
%%html
<iframe src="https://quizlet.com/1014582675/learn/embed?i=psvlh&x=1jj1" height="500" width="100%" style="border:0"></iframe>

## Glossary

| Term | Definition |
|------|------------|
| Cloud Computing | A model for enabling ubiquitous, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort. |
| Software as a Service (SaaS) | A delivery model where applications are hosted by a provider and made available to customers over the internet, eliminating the need for installation and maintenance on local devices. |
| Platform as a Service (PaaS) | A computing model where developers can build and deploy applications without managing the underlying infrastructure, focusing solely on development while the provider handles servers, storage, and networking. |
| Infrastructure as a Service (IaaS) | A computing model providing virtualized computing resources over the internet, where users can rent virtual machines, storage, networks, and operating systems on a pay-as-you-go basis. |
| Virtual Private Cloud (VPC) | An isolated section of a public cloud infrastructure where users can launch resources in a defined virtual network and control IP addressing, subnets, route tables, and network gateways. |
| Network Security Group | A virtual firewall that controls inbound and outbound traffic to network interfaces, subnets, or virtual machines in a cloud environment based on security rules. |
| Network Access Control List (ACL) | A stateless, numbered list of allow or deny rules that controls traffic at the subnet level, evaluating traffic against sequentially ordered rules. |
| Network Address Translation (NAT) | A process that modifies network address information in packet headers while in transit to remap one IP address space into another, typically used to conserve IPv4 addresses. |
| Port Address Translation (PAT) | A form of dynamic NAT that maps multiple private IP addresses to a single public IP address by using different ports, allowing multiple devices to share one public address. |
| Internet Gateway | A horizontally scaled, redundant, and highly available component that allows communication between instances in a VPC and the internet. |
| NAT Gateway | A managed service that enables instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating connections with those instances. |
| VPN Gateway | A managed service that enables secure communication between an organization's network and a VPC through an encrypted connection over the internet. |
| Site-to-site VPN | A connection between two or more networks, such as a corporate network and a VPC network, established through an encrypted tunnel over the internet. |
| Client VPN | A secure connection from an individual device to a remote network, allowing users to access resources as if they were directly connected to that network. |
| Direct Connect | A dedicated network connection from an on-premises network to a cloud service provider, bypassing the public internet to provide more reliable, faster, and potentially more secure connectivity. |
| Public Cloud | Computing services offered by third-party providers over the internet, making them available to anyone who wants to use or purchase them. |
| Private Cloud | Computing services used exclusively by a single organization, either hosted internally or by a third party, providing greater control and privacy. |
| Hybrid Cloud | A computing environment that combines public and private clouds, allowing data and applications to be shared between them for greater flexibility and deployment options. |
| Scalability | The ability of a system to handle increased workloads by adding resources, either by scaling up (vertical scaling) with more powerful hardware or scaling out (horizontal scaling) with more machines. |
| Elasticity | The ability to automatically increase or decrease resources based on current demand, optimizing resource usage and costs by matching capacity to workload in real-time. |
| Multitenancy | An architecture where a single instance of software serves multiple customers (tenants), with each tenant's data isolated and invisible to other tenants, despite sharing computing resources. |