FIT5225 · Cloud Computing And Security
Cloud Foundations
Cloud Foundations pins down what “the cloud” actually is — a precise, published definition rather than a marketing word — and then drops one level to the technology that makes it possible: virtualisation. FIT5225 starts here because every distinction above it (containers, orchestration, serverless) is defined against these foundations. You learn the NIST five essential characteristics that separate a cloud from plain hosting, the three service models (IaaS / PaaS / SaaS) read by who manages what, the four deployment models and the CapEx→OpEx economics, the shared-responsibility line (security of vs in the cloud), and the hypervisor layer underneath — Type-1 vs Type-2, full vs para-virtualisation, and live vs cold migration. This is the chapter the quizzes open from, so the most-confused pairs here are the most-tested.
What this chapter covers
- 01The NIST definition & the five essential characteristics
- 02Service models: IaaS / PaaS / SaaS — who manages what
- 03The shared-responsibility model: security OF vs IN the cloud
- 04Deployment models (public / private / community / hybrid) & cloud economics
- 05Virtualisation & the hypervisor: Type-1 vs Type-2, full vs para
- 06Resource virtualisation & live vs cold migration
Worked example: place the service model and the responsibility line
- +1(a) Identify by who manages what: the provider runs the OS, runtime and autoscale and the customer ships only code — that is PaaS (Platform-as-a-Service).
- +2(b) Customer side — security IN the cloud: the start-up still secures its application code and its data (plus its identity & access / IAM configuration). The provider secures the OS, runtime and infrastructure below.
- +1(c) Switching to bare EC2: a raw VM is IaaS, so the managed boundary drops — the customer now also owns the OS, patching, runtime, middleware, network and firewall config.
- +1Conclude on the line: moving PaaS → IaaS pushes the responsibility line down — the customer secures more of the stack. The line rises again toward SaaS, but the customer always owns their data and access.
Key terms
- NIST five essential characteristics
- On-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. If a system has all five it is a cloud; miss one and it is just hosting. The most-confused pair is resource pooling (sharing one multi-tenant pool) versus rapid elasticity (scaling your own slice).
- IaaS / PaaS / SaaS
- The three service models, read by how far up the stack the provider takes over. IaaS hands you a bare VM; PaaS also runs the OS and runtime so you ship only code; SaaS runs the whole app and you just configure it. The managed boundary rises left to right.
- Shared-responsibility model
- The provider is responsible for security OF the cloud (hardware, virtualisation, global infrastructure); the customer is responsible for security IN the cloud (data, IAM, OS/network config, app). The dividing line rises IaaS → PaaS → SaaS but never disappears — you always own your data and access.
- Hypervisor (Type-1 vs Type-2)
- The software that creates and runs virtual machines. A Type-1 (bare-metal) hypervisor runs directly on the hardware (ESXi, Xen, Hyper-V) and is what clouds use; a Type-2 (hosted) hypervisor runs as an app on a host OS (VirtualBox, VMware Workstation) and is for desktops. Type-1 is faster and more secure because there is no host OS in between.
- Live vs cold migration
- Moving a running VM between physical hosts. Live migration transfers a VM with little or no downtime by copying memory while it keeps running; cold migration powers the VM off first. Live migration underpins maintenance, load-balancing and elasticity without interrupting the workload.
Cloud Foundations FAQ
What is the single most common quiz trap in this chapter?
Confusing two of the five NIST characteristics: resource pooling and rapid elasticity. Resource pooling is about the provider sharing one pool of resources across many tenants (multi-tenancy, location independence). Rapid elasticity is about your allocation growing and shrinking on demand. A question that says 'appears unlimited / scale out' is elasticity; 'serves multiple consumers from a shared pool' is pooling.
How do I tell IaaS, PaaS and SaaS apart quickly?
Read the model by its two fixed anchors: you always own your data, and the provider always owns the physical layer. Then ask how far up the provider takes over. Bare VM = IaaS; provider also runs the OS and runtime so you ship code = PaaS; provider runs the whole finished app and you just configure it = SaaS.
Why does FIT5225 spend so long on virtualisation if the unit is about the cloud?
Because virtualisation is the engine under IaaS: a hypervisor slices one physical machine into many isolated VMs, which is how a provider achieves resource pooling and elasticity. The Type-1 vs Type-2 distinction and live migration explain why clouds can be cheap, elastic and maintainable, so the quizzes test it directly.
Does 'the cloud is secure' mean my app is secure?
No, and it is a guaranteed quiz target. The provider securing the infrastructure says nothing about your data, IAM and configuration. Secure technology is not the same as a secure system: most real cloud breaches are customer-side misconfiguration, which sits squarely on your half of the shared-responsibility line.
Exam move
Learn the five NIST characteristics as a checklist you can recite, and over-learn the two most-confused pairs — resource pooling vs rapid elasticity, and Type-1 vs Type-2 hypervisors. For service models, anchor on the two endpoints (you own your data; the provider owns the hardware) and slide the managed boundary in between. Draw the shared-responsibility line for all three models from a blank diagram and label which side owns OS, runtime, app and data — that single diagram answers a large share of the foundation questions. Finally, be able to state in one line why a cloud is cheaper (CapEx → OpEx, pay-per-use) and how virtualisation makes pooling and elasticity possible.