WEBVTT 00:00:00.840 --> 00:00:04.990 It's time for us to get into a discussion about the management plane. 00:00:05.000 --> 00:00:08.640 The management plane is used by the most privileged users, 00:00:08.650 --> 00:00:12.420 those who install and remove hardware, software, and firmware. 00:00:12.430 --> 00:00:16.260 This plane is also the pathway for individual tenants who have 00:00:16.260 --> 00:00:19.250 limited and controlled access to the cloud's resources. 00:00:19.280 --> 00:00:26.110 The plane's primary interface is APIs, both toward the resources managed, as 00:00:26.110 --> 00:00:29.690 well as towards the users. A graphical user interface, 00:00:29.690 --> 00:00:34.430 a web page, is typically built on top of these APIs, and then these APIs 00:00:34.430 --> 00:00:38.940 allow the automation of control tasks like scripting and orchestration 00:00:38.950 --> 00:00:43.370 of setup of complex application architectures, and populating the 00:00:43.370 --> 00:00:47.660 configuration management of those architectures. The provisioning and 00:00:47.670 --> 00:00:52.100 role‑based access control, where a number of these roles actually 00:00:52.100 --> 00:00:55.370 represent the granting of temporary access to platform and 00:00:55.370 --> 00:00:56.860 infrastructure services, 00:00:56.870 --> 00:01:00.610 assuming APIs is also another element of what is 00:01:00.620 --> 00:01:04.050 on‑boarded inside of the management plane. 00:01:04.140 --> 00:01:08.290 The cloud service provider will also provide KMS services that allow 00:01:08.290 --> 00:01:12.650 the consumer to use client‑side keys from the provider, or remote keys 00:01:12.650 --> 00:01:15.170 from the consumer's premises to the cloud. 00:01:15.180 --> 00:01:19.210 All services provided have some level of shared responsibility 00:01:19.210 --> 00:01:22.710 regarding the security and configuration capabilities, depending 00:01:22.710 --> 00:01:23.960 on what the client is consuming. 00:01:23.960 --> 00:01:28.790 For instance, IaaS, the client, is going to be more responsible in 00:01:28.790 --> 00:01:32.220 that shared responsibility model for updating and patching things, 00:01:32.220 --> 00:01:36.520 but up at SaaS, there will be less configuration capabilities and 00:01:36.530 --> 00:01:37.950 updating capabilities. 00:01:38.340 --> 00:01:41.850 The management console is, in fact, also a service catalog, 00:01:41.850 --> 00:01:46.520 that is the fulfillment of the on‑demand element of the five 00:01:46.520 --> 00:01:49.020 characteristics of cloud computing. 00:01:49.120 --> 00:01:49.740 Finally, 00:01:49.740 --> 00:01:54.470 the management plane also facilitates the conversion of resource‑pooled 00:01:54.480 --> 00:02:00.100 assets into consumable workloads in a multi‑tenant environment. A 00:02:00.100 --> 00:02:03.960 pictoral representation of the orchestration of these services from the 00:02:03.970 --> 00:02:07.540 infrastructure would start with the pooling together of physical 00:02:07.540 --> 00:02:11.200 resources that would include storage represented by physical 00:02:11.210 --> 00:02:15.550 network‑attached storage and storage area network arrays, network 00:02:15.550 --> 00:02:17.990 systems represented by routers, switches, 00:02:17.990 --> 00:02:21.560 firewalls, and other network devices, and finally, 00:02:21.570 --> 00:02:25.390 the physical compute systems that represent the consumption of 00:02:25.390 --> 00:02:31.510 bytes and Hertz. Each of these major pools of resources would have 00:02:31.510 --> 00:02:34.650 some management by controller technology. 00:02:34.740 --> 00:02:39.400 This interfacing of these controllers with APIs in the 00:02:39.400 --> 00:02:43.860 cloud‑management plane is how we connect the centrally 00:02:43.860 --> 00:02:48.290 controlled spaces of resource pools in the cloud. 00:02:50.330 --> 00:02:53.660 These controllers are combined into a single switching fabric 00:02:53.670 --> 00:02:55.940 known as hyper‑converged infrastructure. 00:02:55.980 --> 00:02:59.130 This promises to deliver simplicity and flexibility 00:02:59.130 --> 00:03:01.720 when compared to legacy systems. 00:03:01.730 --> 00:03:05.020 The integrated storage servers and network switches are 00:03:05.020 --> 00:03:08.740 designed to be managed as a single system across all instances 00:03:08.750 --> 00:03:10.900 of a hyper‑converged infrastructure. 00:03:11.240 --> 00:03:15.950 Join me next as we consider some cloud computing risk.