☁️

Cloud Infrastructure Fundamentals

Jun 11, 2025

Overview

This lecture covers the fundamentals of cloud computing infrastructure, focusing on virtualization, networking, and security practices used to efficiently deploy, manage, and secure applications in the cloud.

Cloud Computing Concepts

  • Cloud computing enables instant deployment and scaling of applications with flexible resources.
  • Elasticity allows scaling applications up or down based on demand.
  • Applications and resources in the cloud are accessible from anywhere globally.
  • Multi-tenancy means multiple customers share the same cloud infrastructure, improving efficiency and cost.

Virtualization & Migration

  • Physical servers can be migrated into virtual servers running on large cloud-based physical machines.
  • Network Function Virtualization (NFV) replaces physical networking devices with virtual equivalents like routers and switches.
  • Virtual appliances (firewall, switches, routers) maintain their original functions but run virtually.

Cloud Networking

  • Applications consist of components like web servers, databases, load balancers, all within a Virtual Private Cloud (VPC).
  • Organizations may use separate VPCs for different applications or company sections.
  • Transit Gateways function as cloud routers to enable communication between VPCs.
  • VPN connections allow secure remote access to VPCs via the Transit Gateway.
  • Internet Gateways expose cloud resources to the public internet.
  • NAT (Network Address Translation) Gateways allow VPCs to communicate outbound without allowing inbound connections.

Inter-Cloud Connectivity

  • VPC Endpoints connect VPCs across different cloud providers.
  • Public subnets allow internet access, while private subnets are isolated and require endpoints for external connectivity.

Cloud Security Controls

  • Security groups and lists act as cloud firewalls, controlling inbound and outbound network traffic.
  • Rules can be defined for specific TCP/UDP port numbers and IP address ranges (CIDR notation, IPv4/IPv6).
  • Network Security Lists apply broad rules to all virtual cloud networks and subnets.
  • Network Security Groups provide more granular security by assigning rules to individual virtual network interfaces.
  • Advanced security needs can be met with virtual firewalls or specialized platforms.

Key Terms & Definitions

  • Elasticity — The ability to dynamically scale cloud resources up or down as needed.
  • Multi-tenancy — Sharing of cloud infrastructure among multiple customers.
  • Network Function Virtualization (NFV) — Virtualization of physical networking devices.
  • Virtual Private Cloud (VPC) — Isolated, configurable virtual network for cloud resources.
  • Transit Gateway — Virtual router connecting multiple VPCs.
  • Internet Gateway — Allows public internet access to cloud resources.
  • NAT Gateway — Enables outbound internet access from private resources while blocking inbound connections.
  • VPC Endpoint — Direct connection between VPCs, often across clouds.
  • Security Group — Firewall rules at the instance or interface level.
  • Network Security List — Firewall rules applied broadly to network subnets.

Action Items / Next Steps

  • Review the differences between security groups and network security lists.
  • Practice configuring security group rules for different cloud scenarios.
  • Read up on network function virtualization (NFV) for deeper understanding.

Full transcript