By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Objective: Given a scenario, analyze the solution design in support of the business requirements. In this guide you will learn about designing cloud-based solutions. This will include a discussion on requirement analysis to determine what resources are required to build a solution that will fit the needs of the organization. You will also learn about different types of deployment environments as well as different forms of testing to determine the suitability of the solution. Topics: - Requirement Analysis - Environments - Testing Techniques 1. What is the first activity that is performed during requirement analysis? 2. In _____ as a Service, the entire application is hosted and maintained by the cloud vendor. 3. In a _____ environment testing is performed before changes are migrated to a production environment. 4. _____ testing is the process of probing a system or network to determine if there are any security vulnerabilities. 1. Requirements gathering 2. Software 3. Quality Assurance (or QA) 4. Penetration Requirement Analysis Any organization that is planning on deploying a new system, software, or tool is likely going to first perform some sort of requirement analysis. This key process is designed to ensure that the deployment meets all of the needs of the user base and the organization. Different processes can be used for requirements analysis, but typically they break down into four different types of activities: - Requirements gathering: During this activity, internal users are queried to determine the requirements for the organization. - Requirements analyzing: Responses from the requirements gathering activity may not always be clear or concise. During the requirement analysis phase, the data collected during the requirements gathering activity is reviewed and any inconsistencies are resolved. - Requirements modeling: In this activity the information gathered from the previous two activities are converted into solutions that can be deployed. - Review and retrospective: After the systems have been deployed, many teams will review the processes and issues and then share any findings. These findings may be used to adjust the process in the future. These are also known as learnings. In relation to the Cloud+ certification exam, you will be expected to be able to answer questions related to how specific topics will affect the requirement analysis process. The rest of this section will focus on these topics. Software One of the components that you will need to take into consideration when performing a requirement analysis is which software you will utilize in the cloud. This determination will be based on, in part, which type of cloud environment you will end up using. Several that you should consider include the following: - Software as a Service (SaaS): In an SaaS software solution, the entire application is hosted and maintained by the cloud vendor. Examples of SaaS include Salesforce, Dropbox, Gmail, Webex, and DocuSign. One advantage of SaaS solutions is that the vendor handles all upgrades and maintenance of the software. Disadvantages include less control over your data (although the security of the data is primarily the customer’s responsibility), the inability to customize the software to your organizational needs, and potential vendor lock-in (when your organization is so entrenched in a solution that switching to another solution is almost impossible). - Platform as a Service (PaaS): In a PaaS solution, the cloud vendor provides a platform that you can use to install or develop a software solution. Examples of PaaS include OpenShift, AWS Elastic Beanstalk, and the Google App Engine. With a PaaS solution, the primary advantage is that you can deploy a customized software solution without having to be concerned about maintaining the underlying platform that the software runs on. With the PaaS solution, like the SaaS solution, there still may be concerns regarding control over your data and potential vendor lock-in. However, PaaS does offer more control over these issues, so the concern isn’t as strong as with the SaaS solution. - Infrastructure as a Service (IaaS): In an IaaS solution, the cloud vendor provides the infrastructure for you to install your operating system or software solution. With this solution the cloud vendor essentially provides the hardware structure (compute, networking, and storage) and you manage the rest, including the operating system and the software. Examples of IaaS include using Azure virtual machines and AWS EC2 instances. A major advantage of an IaaS software solution is control. You choose the platform (operating system), the amount of hardware resources used, and how the system is configured. This control may also be considered a disadvantage because you are also tasked with maintaining the operating system and the software. Hardware If you are using an SaaS or a PaaS solution, you likely don’t have any choice regarding the hardware. However, if you are using an IaaS solution, hardware becomes an important component of requirement analysis. Most cloud vendors provide different tiers or levels of hardware when you choose an IaaS solution. The more hardware resources, the higher the cost of the solution. The available options may be overwhelming because cloud vendors attempt to provide as many options as possible to their customers. AWS EC2 Instance Types
Note that AWS has several categories (General Purpose, Compute Optimized, Memory Optimized, and so on), each of which has several different types of instances. For example, General Purpose has 11 instance types, including Mac, T4g, T3, and T2. If there is documentation for the software solution that you are installing, you can use it to develop a general idea of what hardware requirements will fit the needs of the software. However, the ideal method to determine which instance type is right for you is to perform benchmarking tests. This would include testing the software on different instance types using a variety of usage loads to determine the best instance type. Note that there are several factors to consider when choosing a hardware instance type, including the following: - Type of physical CPU - Number of vCPUs - Amount of RAM - Type, speed, location, and size of the storage - Network bandwidth Integration When you are performing a requirement analysis for implementing a cloud-based solution, there is a good chance you want this solution to work with other components that you already have in place in your IT infrastructure. The concept of integration is how to best ensure that different solutions work well together. Budgetary Perhaps one day you will work for an organization that takes the approach of “price is not a consideration,” but this day is likely to never come for most of us. When you’re performing requirement analysis, it is important to explore multiple solutions and to find a solution that meets the budget that has been provided for the solution. Obviously, exploring many solutions is not always possible, and you should be prepared to justify higher costs or offer alternative solutions that might not meet all of the requirements of the situation. Even if you do propose a solution that meets the needs of the situation and the budget, you may be asked to justify the costs and offer suggestions for a more cost-effective solution or, in other words, discuss the total cost of operations (TCO) and return on investment (ROI). Compliance If your organization must follow regulations of third-party organizations, such as the government or other regulatory organizations, compliance must also factor into the solution. When performing requirement analysis, be certain that you are aware of all compliance rules and ensure they are addressed properly when developing the solution. You will likely need to generate a report that verifies that the regulations are met by the solution, either by your organization’s compliance officer or by the regulatory organization. Service-Level Agreement (SLA) An SLA is designed to protect both the cloud vendor and the customer by clearly defining the levels of service that the cloud vendor will provide within the outlined constraints. The SLA typically describes the minimum levels that the customer should expect for topics like the following: - Availability - Speed - Responsiveness The SLA also normally makes it clear what the cloud vendor is responsible for and what the customer is responsible for. Other topics that you might find in an SLA include data ownership, disaster recovery, and details on the hardware that the cloud vendor uses. User and Business Needs Recall that during requirements gathering, users are queried to determine the requirements for the organization. These needs are the driving force behind requirement analysis. Security If you have been paying attention to news coverage regarding security breaches in major organizations over the past decade or so, you probably realize any cloud solution must include a strong security environment. Before implementing a solution (and even after implementing one), you need to perform some testing to ensure the solution is not vulnerable to security breaches. See the “Vulnerability Testing” and “Penetration Testing” sections later in this guide for further details. Network Requirements Network requirements can turn into a big topic when it comes to requirement analysis. For example, you may need to consider where your users reside geographically to determine where and how to configure the network environment for your solution.
For the Cloud+ exam, you should focus on three network elements when performing a requirement analysis: sizing, subnetting, and routing. Sizing The sizing of the network is related to the bandwidth available in the network, but bandwidth alone is not the only consideration. If you have multiple instances within a network, they will compete for that bandwidth, so you need to consider collectively how much bandwidth is required for your network. Subnetting At times you will want to ensure that several related instances are able to communicate without having to leave the network where the instances are placed. This comes down to subnetting, which is the process of defining the number of possible hosts on the network. For example, if you have a web server that uses a database server, it might be best to ensure they are both on the same subnet. This results in faster access for the web server to the database server. This also allows for a more secure connection because the traffic doesn’t need to leave the local network. However, there is also a security advantage of having the web server and database server on different subnets. If an attacker were to compromise a system in one subnet, that could make it easier to compromise other systems in the same subnet. So, having the web server and database server in different subnets can mitigate the chance that they are both compromised. Routing Routing is the process of transferring network packets from one network to another. This is a security consideration when performing requirement analysis because firewalls can be configured via the routing points to either allow or block the transferring of these network packets. Environments Another major consideration when performing a requirement analysis is to determine which environments you want to create. Each environment will play a specific role in your solution. Not all environments will be deployed in every situation, and each environment provides a benefit that must be weighed against the cost (typically budgetary cost, but there are other costs, such as manpower and maintenance costs). For the Cloud+ certification exam, you should be aware of specific environments when asked questions regarding requirement analysis. Those environments are covered in the rest of this section. Development In a development environment you develop new software or modify existing software that your organization has been developing. While the development environment may be used to prepare for changes to a production environment, its primary purpose is to allow software developers to work in an environment that won’t affect any live work. Quality Assurance (QA) Testing is performed in a QA environment before migrating changes to a production environment. Initially, the QA environment should mirror the current production environment. In the QA environment new features and configurations are tested to ensure they meet the needs of the users and organization. Testing may include having regular users work in the environment to ensure that the environment works as it should. Eventually, after testing is complete, the changes made to the development environment are implemented in the production environment. Staging Some organizations utilize a staging environment to replicate the production environment. This staging environment can be used for several different purposes, including determining potential problems ahead of time in the production environment and as a replacement if the production environment fails or is compromised. It is also used when implementing a blue-green deployment (see the next section for more details). Blue-Green When using a blue-green deployment, you have two identical environments (production and staging). The production environment is live and used actively within your organization. The staging area is used in the final phase of deploying a new version of the solution. This means that changes made within your QA environment are applied to the staging environment, and some final tests are performed. Once tests have passed successfully, the staging environment is converted into the production environment, and the production environment is now treated as the staging environment. If the solution still runs smoothly, changes are made to the original staging environment and then applied to the new staging environment. The result is that the two are identical again. This is called a blue-green deployment because one environment is traditionally labeled blue, and the other is traditionally labeled green. Note that either blue or green can be the production or staging environment at any given time. The advantages of using this method are smoother upgrades, less downtime, and the ability to quickly roll back a deployment to a previously working environment. The disadvantages of this system are the additional costs and time to maintain both environments. Production The production environment is the live environment that your organization uses. Disaster Recovery (DR) A DR environment is used specifically if the production environment is compromised. While a staging area can sometimes be used for DR, it is not an ideal DR solution because at times during a new deployment it will not be identical to a production environment. A DR is an identical copy to the production environment that has one specific purpose: a quick way to restore a compromised environment. Typically, the DR environment should be located in a different geographic location from the production environment so a physical disaster cannot disable both environments. Testing Techniques Another major component of requirement analysis is ensuring that the solution that has been developed will meet the needs of the organization. This requires several different types of tests to be performed. For the Cloud+ exam, you should be aware of specific types of tests when performing requirement analysis. The rest of this section will cover these types of tests. Note that the actual tests that you will perform depend on the actual solution that you have developed. This book will cover these tests in general because the Cloud+ exam should not include specific tests for specific solutions. Vulnerability Testing Any solution has the potential to have security holes. With vulnerability testing the goal is to discover these security issues/holes and address them well before the software/solution goes live. This test can be performed manually or by using industry standard tools such as those provided by the Open Web Application Security Project (OWASP) and the Web Application Security Consortium (WASC). Penetration Testing Also called pen testing or ethical hacking, penetration testing is the process of probing a system or network to determine if there are any security vulnerabilities. The concept is to find the holes that an attacker would exploit before the environment is in production. Pen testing tools can aid in this process, including the following: - nmap: A port scanning tool - Wireshark: A network sniffer that can capture and display network traffic - Metasploit: A security testing automation framework
Important Note Most cloud vendors have limits on the pen testing that you can perform on systems within their cloud. Before performing any pen testing on any cloud resource, verify that this is allowed by the cloud vendor. Performance Testing Performance testing is a way to evaluate how responsive a solution is when a certain amount of work (called a workload) is placed on the solution. This testing should be able to determine weak points or bottlenecks in a solution and should test all major components (hardware, software, network, and so on) of the solution. Regression Testing When changes are made to software, it is important to ensure that the software works by performing regression testing. These tests are most often performed on development environments and QA environments. Functional Testing Consider a software program that allows you to edit documents. This software should have many different functions, including loading a document, saving a document, formatting a document, and others. Before deploying this software (or a new version of it), you can perform functional testing to ensure all of its functions work correctly. Functional testing is performed on a QA environment. During a single function test, only one feature of the software, independent of any other feature, is tested. This is also considered a form of black-box testing because the tester isn’t aware of how the program works, just how to perform the test and determine whether it is successful. Usability Testing Many software programs are operated directly by users. This means that a software vendor must ensure that users are able to use the software as it is intended. One way of verifying this is through usability testing in which users are asked to perform tasks using the software. The users then provide feedback about their experiences. This feedback is used to determine if the software needs adjustments or if it works as intended. The usability testing method is not intended to find errors in code. That would be the purpose of functional testing. Consider usability testing to answer the question, “Will average users be able to use this software when provided the proper directions, or will they run into problems?
Quiz:
1. What is the final activity in requirement analysis? A.Requirements gathering B.Requirements analyzing C.Requirements modeling D.Review and retrospective 2. A cloud provider provides you with a server in its environment so you can install a virtual machine. This is an example of what? A.SaaS C.IaaS D.DaaS 3. Which of the following would you not need to consider when reviewing the hardware for an IaaS solution? A.Amount of RAM D.Type of motherboard 4. On what type of environment would your software programmers work on code that they create for the organization? A.Development B.Quality assurance C.Staging D.Disaster recovery 5. What type of testing would a tool like nmap be used for? A.Penetration testing B.Performance testing C.Regression testing D.Functional testing Answers: 1. Review and retrospective 2. IaaS 3. Type of motherboard 4. Development 5. Penetration testing
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.