WEBVTT 1 00:00:00.000 --> 00:00:01.320 In this lesson, 2 00:00:01.320 --> 00:00:04.440 we will learn about hybrid infrastructures. 3 00:00:04.440 --> 00:00:06.990 Hybrid infrastructures are environments 4 00:00:06.990 --> 00:00:11.460 that combine on-premises systems with cloud-based resources. 5 00:00:11.460 --> 00:00:13.260 This type of infrastructure 6 00:00:13.260 --> 00:00:15.900 requires integrated security measures 7 00:00:15.900 --> 00:00:18.570 across both on-premises systems 8 00:00:18.570 --> 00:00:20.550 and cloud-based resources. 9 00:00:20.550 --> 00:00:23.370 This extends traditional security controls, 10 00:00:23.370 --> 00:00:25.500 like firewalls, encryption, 11 00:00:25.500 --> 00:00:28.530 and access management from the local data center 12 00:00:28.530 --> 00:00:29.820 to the cloud. 13 00:00:29.820 --> 00:00:31.620 In hybrid infrastructures, 14 00:00:31.620 --> 00:00:34.680 security challenges may arise from differences 15 00:00:34.680 --> 00:00:37.710 in infrastructure management and control. 16 00:00:37.710 --> 00:00:40.740 Hybrid infrastructures may require policies 17 00:00:40.740 --> 00:00:44.280 and tools that can enforce security consistently 18 00:00:44.280 --> 00:00:46.860 across multiple environments. 19 00:00:46.860 --> 00:00:50.220 So let's learn more about hybrid infrastructures 20 00:00:50.220 --> 00:00:54.600 that bridge on-premises systems and cloud-based resources. 21 00:00:54.600 --> 00:00:57.750 First, we have on-premises infrastructure. 22 00:00:57.750 --> 00:01:01.620 On-premises infrastructure refers to the physical hardware, 23 00:01:01.620 --> 00:01:04.800 software, and network resources that are hosted 24 00:01:04.800 --> 00:01:06.570 and managed directly 25 00:01:06.570 --> 00:01:09.420 within an organization's own facilities. 26 00:01:09.420 --> 00:01:13.560 This means that all servers, storage, networking equipment, 27 00:01:13.560 --> 00:01:16.980 and associated software are owned, operated, 28 00:01:16.980 --> 00:01:20.520 and maintained by the organization itself. 29 00:01:20.520 --> 00:01:23.340 On-premises resources are typically housed 30 00:01:23.340 --> 00:01:26.250 in an organization's very own data center. 31 00:01:26.250 --> 00:01:28.350 With on-premises infrastructure, 32 00:01:28.350 --> 00:01:32.100 the organization has full control over its environment, 33 00:01:32.100 --> 00:01:35.460 including physical security, power, cooling, 34 00:01:35.460 --> 00:01:37.680 and network configurations. 35 00:01:37.680 --> 00:01:41.220 This model provides a high level of customization 36 00:01:41.220 --> 00:01:42.300 and security, 37 00:01:42.300 --> 00:01:45.510 as the organization can tailor its infrastructure 38 00:01:45.510 --> 00:01:49.410 to meet specific needs and regulatory requirements. 39 00:01:49.410 --> 00:01:52.140 However, on-premises infrastructure comes 40 00:01:52.140 --> 00:01:53.850 with significant costs. 41 00:01:53.850 --> 00:01:57.060 The organization must invest heavily in procuring 42 00:01:57.060 --> 00:02:01.170 and maintaining the necessary hardware, software licenses, 43 00:02:01.170 --> 00:02:04.320 and skilled personnel to manage the systems. 44 00:02:04.320 --> 00:02:08.400 Additionally, the infrastructure must be regularly updated, 45 00:02:08.400 --> 00:02:10.590 scaled, and maintained 46 00:02:10.590 --> 00:02:13.860 to ensure ongoing reliability and security, 47 00:02:13.860 --> 00:02:17.670 which can add to operational overhead costs. 48 00:02:17.670 --> 00:02:19.170 Despite these costs, 49 00:02:19.170 --> 00:02:22.890 some organizations prefer on-premises solutions 50 00:02:22.890 --> 00:02:26.940 because they offer complete control over data and systems, 51 00:02:26.940 --> 00:02:29.250 which can be critical for industries 52 00:02:29.250 --> 00:02:31.680 with aggressive regulatory requirements 53 00:02:31.680 --> 00:02:35.070 or those handling highly sensitive information. 54 00:02:35.070 --> 00:02:39.210 Second, we have cloud-based resources and infrastructure. 55 00:02:39.210 --> 00:02:43.200 Cloud-based infrastructure refers to computing resources 56 00:02:43.200 --> 00:02:45.150 that are delivered over the internet 57 00:02:45.150 --> 00:02:46.890 by third-party providers, 58 00:02:46.890 --> 00:02:50.400 such as Amazon Web Services, or AWS, 59 00:02:50.400 --> 00:02:54.240 Microsoft Azure, or the Google Cloud Platform. 60 00:02:54.240 --> 00:02:55.650 Instead of owning 61 00:02:55.650 --> 00:02:58.680 and maintaining physical hardware on site, 62 00:02:58.680 --> 00:03:00.240 organizations rent 63 00:03:00.240 --> 00:03:04.080 or lease these cloud-based resources on demand. 64 00:03:04.080 --> 00:03:07.140 This model includes services such as storage, 65 00:03:07.140 --> 00:03:10.620 virtual machines, databases, and networking. 66 00:03:10.620 --> 00:03:14.520 All hosted resources reside in data centers owned 67 00:03:14.520 --> 00:03:16.980 and managed by the cloud provider. 68 00:03:16.980 --> 00:03:18.540 One of the key advantages 69 00:03:18.540 --> 00:03:21.480 of cloud infrastructure is scalability. 70 00:03:21.480 --> 00:03:24.510 Cloud-based infrastructures allow organizations 71 00:03:24.510 --> 00:03:27.750 to quickly scale their resources up or down, 72 00:03:27.750 --> 00:03:29.640 depending upon their needs. 73 00:03:29.640 --> 00:03:33.330 They pay only for the resources that they use. 74 00:03:33.330 --> 00:03:36.510 Additionally, cloud providers offer redundancy 75 00:03:36.510 --> 00:03:38.340 and failover mechanisms, 76 00:03:38.340 --> 00:03:40.350 ensuring high availability 77 00:03:40.350 --> 00:03:43.860 and minimizing downtime in case of failure. 78 00:03:43.860 --> 00:03:47.220 Cloud-based infrastructure allows organizations 79 00:03:47.220 --> 00:03:48.930 to leverage flexible 80 00:03:48.930 --> 00:03:52.380 and cost-effective solutions without the need 81 00:03:52.380 --> 00:03:56.190 for heavy upfront investments in hardware and maintenance. 82 00:03:56.190 --> 00:03:58.710 There are three primary service models 83 00:03:58.710 --> 00:04:01.200 that cloud infrastructure supports: 84 00:04:01.200 --> 00:04:04.770 Infrastructure as a Service, or IaaS, 85 00:04:04.770 --> 00:04:08.070 Platform as a Service, or PaaS, 86 00:04:08.070 --> 00:04:12.240 and Software as a Service, or SaaS. 87 00:04:12.240 --> 00:04:14.670 In Infrastructure as a Service, 88 00:04:14.670 --> 00:04:18.450 organizations rent virtualized computing resources, 89 00:04:18.450 --> 00:04:20.700 such as servers and storage, 90 00:04:20.700 --> 00:04:22.230 allowing them to install 91 00:04:22.230 --> 00:04:25.170 and configure their own operating systems 92 00:04:25.170 --> 00:04:28.260 and build custom applications and solutions. 93 00:04:28.260 --> 00:04:29.550 Platform as a Service 94 00:04:29.550 --> 00:04:32.280 provides a complete development platform 95 00:04:32.280 --> 00:04:33.750 with both infrastructure 96 00:04:33.750 --> 00:04:37.530 and operating system development tools already in place. 97 00:04:37.530 --> 00:04:40.170 Platform as a Service enables teams to build 98 00:04:40.170 --> 00:04:42.570 and deploy applications without having 99 00:04:42.570 --> 00:04:45.180 to manage the underlying hardware. 100 00:04:45.180 --> 00:04:47.550 Software as a Service, on the other hand, 101 00:04:47.550 --> 00:04:50.820 offers ready-to-use software applications hosted 102 00:04:50.820 --> 00:04:53.460 in the cloud, such as email services, 103 00:04:53.460 --> 00:04:56.610 or customer relationship management platforms. 104 00:04:56.610 --> 00:04:59.880 With software as a service, the customer has no control 105 00:04:59.880 --> 00:05:02.130 or configuration responsibilities 106 00:05:02.130 --> 00:05:04.170 with the supporting infrastructure. 107 00:05:04.170 --> 00:05:07.290 Now, let's discuss hybrid infrastructure. 108 00:05:07.290 --> 00:05:08.700 A hybrid infrastructure, 109 00:05:08.700 --> 00:05:12.720 which combines both on-premises and cloud-based resources, 110 00:05:12.720 --> 00:05:14.850 offers the best of both worlds 111 00:05:14.850 --> 00:05:18.120 by allowing organizations to balance the control 112 00:05:18.120 --> 00:05:20.850 and security of on-premises systems 113 00:05:20.850 --> 00:05:25.200 with the flexibility and scalability of cloud resources. 114 00:05:25.200 --> 00:05:29.280 For example, an organization might keep sensitive workloads 115 00:05:29.280 --> 00:05:31.200 and data on premises 116 00:05:31.200 --> 00:05:33.720 while using cloud-based infrastructure 117 00:05:33.720 --> 00:05:35.250 to handle less critical 118 00:05:35.250 --> 00:05:37.110 or more dynamic needs, 119 00:05:37.110 --> 00:05:40.440 such as data analytics or web hosting. 120 00:05:40.440 --> 00:05:42.540 However, the hybrid approach comes 121 00:05:42.540 --> 00:05:44.520 with its own set of challenges, 122 00:05:44.520 --> 00:05:48.030 particularly in extending traditional security controls 123 00:05:48.030 --> 00:05:52.260 across both the on-premises and cloud-based environments. 124 00:05:52.260 --> 00:05:56.280 So hybrid infrastructures offer several advantages, 125 00:05:56.280 --> 00:05:59.610 but also come with some specific challenges. 126 00:05:59.610 --> 00:06:00.930 On the positive side, 127 00:06:00.930 --> 00:06:04.170 a hybrid configuration allows organizations 128 00:06:04.170 --> 00:06:07.020 to retain control over sensitive data 129 00:06:07.020 --> 00:06:09.420 and critical workloads on premises, 130 00:06:09.420 --> 00:06:13.410 while leveraging the cloud for scalability, flexibility, 131 00:06:13.410 --> 00:06:15.090 and cost efficiency. 132 00:06:15.090 --> 00:06:19.650 This means that businesses can quickly scale cloud resources 133 00:06:19.650 --> 00:06:21.840 to meet demand without the need 134 00:06:21.840 --> 00:06:24.930 for large upfront investments in hardware. 135 00:06:24.930 --> 00:06:26.850 Additionally, cloud services 136 00:06:26.850 --> 00:06:30.360 often provide high availability, redundancy, 137 00:06:30.360 --> 00:06:32.550 and disaster recovery options, 138 00:06:32.550 --> 00:06:35.790 which can enhance operational resilience. 139 00:06:35.790 --> 00:06:39.060 However, the complexity of managing security 140 00:06:39.060 --> 00:06:42.660 across both environments presents challenges too. 141 00:06:42.660 --> 00:06:45.300 One of the main difficulties is ensuring 142 00:06:45.300 --> 00:06:46.800 that security controls, 143 00:06:46.800 --> 00:06:50.340 such as firewalls, encryption, and access management, 144 00:06:50.340 --> 00:06:53.730 are consistently applied across both the on-premises 145 00:06:53.730 --> 00:06:55.470 and cloud resources. 146 00:06:55.470 --> 00:06:56.970 This can be complicated 147 00:06:56.970 --> 00:06:58.410 because each environment 148 00:06:58.410 --> 00:07:02.640 may have different security requirements and configurations. 149 00:07:02.640 --> 00:07:06.030 Identity and Access Management, or IAM, solutions 150 00:07:06.030 --> 00:07:08.370 must provide consistent authentication 151 00:07:08.370 --> 00:07:11.790 and authorization policies across both environments. 152 00:07:11.790 --> 00:07:14.310 Without unified access controls, 153 00:07:14.310 --> 00:07:16.740 there's a risk of unauthorized access 154 00:07:16.740 --> 00:07:19.230 to sensitive systems or data. 155 00:07:19.230 --> 00:07:22.080 Policy enforcement tools are also used 156 00:07:22.080 --> 00:07:25.050 in maintaining security consistency. 157 00:07:25.050 --> 00:07:29.010 Encryption and Data Loss Prevention, or DLP, policies 158 00:07:29.010 --> 00:07:32.640 must be applied uniformly to protect data at rest 159 00:07:32.640 --> 00:07:36.270 and data in transit across the entire infrastructure, 160 00:07:36.270 --> 00:07:39.030 both on-premises and in the cloud. 161 00:07:39.030 --> 00:07:42.450 For instance, DLP solutions can help detect 162 00:07:42.450 --> 00:07:45.330 and block unauthorized data transfers, 163 00:07:45.330 --> 00:07:47.130 ensuring that both cloud-based 164 00:07:47.130 --> 00:07:51.060 and on-premises systems follow the same rules. 165 00:07:51.060 --> 00:07:54.300 However, managing and integrating these tools 166 00:07:54.300 --> 00:07:57.960 across hybrid infrastructures requires careful planning 167 00:07:57.960 --> 00:07:59.790 to avoid security gaps, 168 00:07:59.790 --> 00:08:00.990 and ensure that data 169 00:08:00.990 --> 00:08:04.080 is protected throughout the entire environment. 170 00:08:04.080 --> 00:08:07.710 Now, while hybrid infrastructures offer flexibility 171 00:08:07.710 --> 00:08:08.850 and cost savings, 172 00:08:08.850 --> 00:08:11.910 they do require robust security strategies 173 00:08:11.910 --> 00:08:13.410 to manage the complexity 174 00:08:13.410 --> 00:08:16.860 of protecting data across multiple environments. 175 00:08:16.860 --> 00:08:18.600 So remember, 176 00:08:18.600 --> 00:08:22.440 hybrid infrastructures combine on-premises systems 177 00:08:22.440 --> 00:08:24.360 with cloud-based resources, 178 00:08:24.360 --> 00:08:25.830 creating an environment 179 00:08:25.830 --> 00:08:29.910 that requires integrated security across both environments. 180 00:08:29.910 --> 00:08:31.140 To protect data, 181 00:08:31.140 --> 00:08:35.010 organizations must extend traditional security controls, 182 00:08:35.010 --> 00:08:38.730 such as firewalls, encryption, and access management, 183 00:08:38.730 --> 00:08:41.580 from their local data centers to the cloud. 184 00:08:41.580 --> 00:08:43.710 This setup presents challenges, 185 00:08:43.710 --> 00:08:46.440 including managing security consistently 186 00:08:46.440 --> 00:08:48.690 across these different environments. 187 00:08:48.690 --> 00:08:50.820 Finally, tools like Identity 188 00:08:50.820 --> 00:08:53.580 and Access Management systems, encryption, 189 00:08:53.580 --> 00:08:56.580 and policy enforcement are very important 190 00:08:56.580 --> 00:08:59.433 for securing hybrid infrastructures.