Network+ Guide to Networks, 8th Edition 7-1
Chapter 7
Virtualization and Cloud Computing
At a Glance
Instructor’s Manual Table of Contents
• Overview
• Objectives
• Teaching Tips
• Quick Quizzes
• Class Discussion Topics
• Additional Projects
• Additional Resources
• Key Terms
Network+ Guide to Networks, 8th Edition 7-2
Lecture Notes
Overview
In this chapter, students explore various ways of making local and remote resources available
on a network in ways that are both secure and reliable. They will learn about the flexibility of
virtualization, which is a cost-effective way of expanding network resources, as well as the
growing fields of cloud computing and remote access, which make network resources available
across long distances. These IT innovations touch nearly every industry.
Chapter Objectives
After reading this chapter and completing the exercises, the student will be able to:
• Describe and explain virtualization technologies, including how virtual machines
connect with a network and how networking infrastructure devices can be virtualized
• Describe cloud computing categories and models, and discuss concerns regarding cloud
Teaching Tips
Virtualization
1. Explain that virtualization is a virtual (logical) version of something rather than the
actual (physical) version. Discuss how this relates to the use of virtual machines and
virtual LANs.
2. Discuss the following terminology related to virtualization:
3. Use Figure 7-1 to describe some of the components of virtualization.
4. Use Figure 7-2 to discuss the two types of hypervisors:
5. Explain that a VM’s software and hardware characteristics are assigned when it is
created in the virtualization program.
6. Use Figure 7-3 as an example of specifying the memory resources of a virtual machine..
Ensure that students understand that the use of virtualization is a convenience,
Network Connection Types
1. Explain the purpose of the vNIC.
2. Use Figure 7-4 as an example of customizing a virtual network adapter’s settings.
4. Explain the function of virtual switches (may be called virtual bridges). Point out that
one host can support multiple virtual switches, which are controlled by the hypervisor.
6. Use Figure 7-6 to show an example of virtual switches passing traffic through a router.
8. Define the three modes of connection common to virtual connections: bridged, NAT,
and host-only.
10. Point out that when using bridged mode, a VM appears to other nodes as just another
client or server and other nodes do not realize it is virtual.
12. Be sure to mention that VMs that must be available at a specific IP address, such as
mail or web servers, should be assigned bridged network connections.
13. Explain that in NAT mode, a vNIC relies on the host machine to act as a NAT device.
14. Use Figures 7-9 and 7-10 in your discussion of a NAT connection.
16. Explain the circumstances where you might want to use a host-only connection for a
guest versus the other types.
18. Explain the limitations of a host-only connection.
Pros and Cons of Virtualization
1. Discuss the following advantages of virtualization:
a. efficient use of resources
2. Discuss the following disadvantages of creating multiple guests on a single host
machine:
a. compromised performance
NFV (Network Functions Virtualization)
2. Discuss the following advantages of virtualizing network functions:
a. Virtual devices can be quickly and sometime automatically migrated from one
3. Discuss the following disadvantages of NFV:
a. Licensing issues
b. Latency issues
c. Security issues
Teaching
Students can read more about Network Functions Virtualization (NFV) at
SDN (Software-Defined Networking)
1. Explain that software-defined networking (SDN) is the virtualization of network
2. Discuss the difference between the control plane and the data plane.
3. Use Figure 7-13 to explain that physical and virtual network devices operate only on
Cloud Computing
1. Define cloud computing, which has the following characteristics no matter what kind of
service is offered.
2. Use Figure 7-14 to discuss some of the benefits of cloud computing.
Teaching
Students may find more information various cloud services from Amazon at
Network+ Guide to Networks, 8th Edition 7-6
Cloud Computing Categories
2. Use Figure 7-2 to discuss the four service models:
a. Traditional
3. Point out that there is another model known as XaaS (Anything as a Service), which is a
4. Use Figure 7-16 to discuss why IaaS customers must understand more about a cloud
provider’s hardware infrastructure than SaaS customers.
5. Use Figure 7-17 to demonstrate that end users can easily access and use SaaS products
Deployment Models
1. Discuss the following deployment models:
a. public cloud
b. private cloud
Cloud Connectivity and Security
1. Discuss the following potential risks and limitations with cloud computing:
a. ISP’s uptime
b. ISP-imposed bandwidth limitations
c. Cloud provider’s uptime
d. Cloud provider’s backup and security systems
e. Misconfiguration that exposes one client’s data to another client
BYOC
2. Point out that one way to reduce risks of cloud computing is to:
3. Discuss the 4-tiered array of options organizations have when connecting to a cloud:
a. Internet
Quick Quiz 1
1. A _____ is a logically defined device that operates at the Data Link layer to pass frames
between the nodes.
2. True or False: VMs that must be available at a specific address, such as mail servers or
Web servers, should be assigned host-only network connections.
3. In which networking mode, can VMs on one host exchange data with each other and
with their host, but they cannot communicate with any nodes beyond the host?
a. host-only
b. bridged
c. NAT
d. network-only
4. In which cloud computing service model are hardware services provided virtually,
including network infrastructure devices such as virtual servers?
5. Which of the following cloud deployment models would the Internet be considered as
an example?
a. Community
b. Private
c. Public
Network+ Guide to Networks, 8th Edition 7-8
Encryption Protocols
1. Explain that data exists generally in three states:
a. at rest
2. Define and explain the term encryption. Mention that encryption protocols use a
mathematical code to scramble data into a format (called a cipher) that can be read only
by reversing the cipher.
3. Discuss the three benchmarks that encryption methods are evaluated by:
6. Point out that these three principles form the standard security model called the CIA
triad.
Key Encryption
2. Define and explain the term ciphertext.
4. Define and describe public key encryption. Mention that public key encryption is also
known as asymmetric encryption.
6. Point out that a key pair is the combination of a public key and a private key.
7. Explain that a digital certificate is a small file containing a user’s verified identification
8. Introduce students to the term PKI (Public-key Infrastructure), which is the use of
Network+ Guide to Networks, 8th Edition 7-9
IPSec (Internet Protocol Security)
2. Point out that IPsec works at the Network layer of the OSI model.
3. Discuss the five steps in which IPsec creates a secure connection:
a. IPsec initiation
4. Point out that IPSec can be used with any type of TCP/IP transmission and operates in
two modes:
a. transport mode
b. tunnel mode
Teaching
Students can learn more about IPSec by visiting:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
2. Point out to students that SSL operates in the Application layer and that TLS operates in
the Transport Layer.
3. Discuss HTTPS and its use of SSL/TLS to establish a secure HTTP connection.
2. Explain a handshake protocol and discuss the steps in an SSL/TLS handshake.
3. Introduce DTLS (Datagram Transport Layer Security) as a variant of TLS. Explain that
Network+ Guide to Networks, 8th Edition 7-10
Remote Access
1. Explain why a user might need to connect to a remote network for services.
2. Point out that in order to communicate via remote access, the client and host need a
transmission path plus the appropriate software to complete the connection.
3. Explain the purpose of a RAS (remote access server). Point out that there are two types
of remote access servers:
4. Use Figure 7-19 to explain how remote clients connect via a remote access server.
5. Discuss the three most common types of remote access methods:
a. Point-to-point remote access over a dedicated line
Point-to-Point Remote Access Protocols
1. Explain that clients and remote servers require an agreed-to protocol to establish a
session and exchange data.
Terminal Emulation
1. Explain that terminal emulation allows a user on one computer (client) to control
3. Define and explain SSH. Point out that with SSH you can securely log on to a host,
execute commands, and copy files to or from the host.
4. Explain to students that SSH can guard against a number of security threats, such as:
6. Explain that SSH is highly configurable and that you can choose from a number of
encryption methods. Point out that it can also be configured to perform port forwarding.
7. Introduce students to RDP (Remote Desktop Protocol) and VNC (Virtual Network
8. Explain that most networking devices are configured through a connected computer’s
10. Point out that these dedicated connections allow network administrators to remotely:
a. Power up a device
b. Change firmware settings
11. Explain that while FTP may not technically be a form a terminal emulation, it does
provide remote access.
12. Discuss the following FTP-related technologies:
a. FTPS
VPNs (Virtual Private Networks)
2. Explain how VPNs can be used to reduce costs for remote workers.
Network+ Guide to Networks, 8th Edition 7-12
3. Discuss the three VPN models:
4. Use Figure 7-24 to visualize a site-to-site VPN.
5. Explain that the software or hardware required to establish VPNs is typically
inexpensive and is often included in the OS of a networking device’s hardware.
6. Discuss the following possible implementation of VPNs:
7. Explain that for large organizations a specialized device known as a VPN concentrator
can be used as the VPN server. A VPN server performs the following tasks:
8. Use Figure 7-26 to demonstrate the placement of a VPN concentrator on a LAN.
9. Explain that a DMVPN (Dynamic Multipoint VPN) dynamically creates VPN tunnels
VPN Tunneling Protocols
1. To ensure a VPN can carry all types of data in a private manner over any kind of
2. Discuss how a VPN tunnel works. Use the truck analogy in the book in your discussion.
3. Point out that most tunneling protocols rely on an additional encryption protocol to
4. Discuss the following VPN tunneling protocols:
a. PPTP
Network+ Guide to Networks, 8th Edition 7-13
Remote Access Policies
1. Discuss the list of common requirements in a good remote access policy, found on page
Quick Quiz 2
1. Because public key encryption requires the use of two different keys, it is also known as
which type of encryption?
a. symmetric
b. key
c. asymmetric
d. dual key
2. Which of the following terms best describe a small file containing verified identification
information about the user and the user’s public key?
a. certificate authority
b. private key
c. digital certificate
d. cipher
3. Which type of protocol allows the client and server to introduce themselves to each
other and establish terms for how they will exchange data?
a. tunneling
b. handshake
c. VPN
d. file transfer
4. True or False: SSH provides little security for establishing a connection and no security
for transmitting data.
5. Which of the following is an older, Layer 2 protocol developed by Microsoft that
encapsulates VPN data frames?
a. PPTP
b. L2TP
c. GRE
d. OpenVPN
Network+ Guide to Networks, 8th Edition 7-14
Class Discussion Topics
1. Discuss the benefits of cloud computing.
2. Discuss why an organization would want to develop an enterprise-wide approach to
Additional Projects
1. Have the student research the available cloud computing services offering infrastructure
2. Have students research policies and procedures at several organizations surrounding
either cloud computing or remote access, including remote desktops. Students may also
Additional Resources
1. Cloud Computing Tutorial
2. Remote Access Server
3. OpenVPN
4. What is IPsec?
5. How Virtual Private Networks Work
Network+ Guide to Networks, 8th Edition 7-15
Key Terms
For definitions of key terms, see the Glossary near the end of the book.
➢ console router
➢ console server
➢ control plane
➢ data plane
➢ digital certificate
➢ HVD (hosted virtual desktop)
➢ hybrid cloud
➢ hypervisor
➢ IaaS (Infrastructure as a Service)
➢ IKE (Internet Key Exchange)
Network+ Guide to Networks, 8th Edition 7-16
➢ OpenVPN
➢ out-of-band management
➢ PaaS (Platform as a Service)
➢ PKI (Public-key Infrastructure)
➢ RAS (remote access server)
➢ remote access
➢ SaaS (Software as a Service)
➢ SDN (software-defined networking)
➢ SDN controller