460-4124/02 – Data Center Networks and Cloud Computing Security (BPSDC)

Gurantor departmentDepartment of Computer ScienceCredits4
Subject guarantorIng. Pavel Moravec, Ph.D.Subject version guarantorIng. Pavel Moravec, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year2Semestersummer
Study languageEnglish
Year of introduction2016/2017Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
MOR03 Ing. Pavel Moravec, Ph.D.
STR554 Ing. Daniel Stříbný
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2

Subject aims expressed by acquired skills and competences

After the course completion the student should be able to: - Describe key technologies which improve data center security. - Define the physical and logical levels of data and service security. - Configure basic network elements in a more secure manner. - Explain and apply techniques, improving the cloud solutions security. - Describe the most common attacks on data center and cloud service infrastructure. - Explain basic principles of defense against network attacks on data centers.

Teaching methods

Lectures
Tutorials
Experimental work in labs
Project work

Summary

The aim of the course is to introduce students to the basic aspects of building secure data centers and cloud solutions and securing of their operation. In the introduction the current network technologies used in large data centers are presented. Emphasis is placed on a comprehensive approach, starting at the physical security level, a secure network infrastructure, to the security of the software services running on the servers themselves. Remote access methods, data center interconnection, and securing of transmission routes are discussed. Further, the issues of cloud services security, especially in terms of availability, confidentiality and data security issues related to the operation, and security mechanisms are described. As part of the laboratory work, students will learn about advanced network infrastructure, virtual servers and their security.

Compulsory literature:

1. Lee, G. : Cloud Networking: Understanding Cloud-based Data Center Networks, Morgan Kaufmann, 2014, ISBN 978-0128007280. 2. Yeluri R., Castro-Leon E.: Building the Infrastructure for Cloud Security: A Solutions View. Apress, 2013, ISBN 978-1-4302-6145-2.4 3. Uptime Institute: Tier Standard: Operational Sustainability, 2013. 4. Uptime Institute: Tier Standard: Topology, 2012.

Recommended literature:

1. Krutz, R. L., Russell D. V.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing, Wiley, 2010, ISBN: 978-0-470-58987-8. 2. Santana G. A. A. : Data Center Virtualization Fundamentals: Understanding Techniques and Designs for Highly Efficient Data Centers with Cisco Nexus, UCS, MDS, and Beyond, Cisco Press, 2013, ISBN 978-1587143243. 3. Buecker A., et al: Managing Security and Compliance in Cloud or Virtualized Data Centers Using IBM PowerSC. IBM Redbooks, 2013, ISBN 978-0738437675.

Way of continuous check of knowledge in the course of semester

Verification of study: Assignments solved during exercises that verify students' ability to apply methods of computer network configuration, monitoring and troubleshooting for data center networks in particular scenarios dealing with data center security. Credit requirements: Handing-in solutions of the individual lab assignments during the semester. Exam is done in written form.

E-learning

Other requirements

Basic knowledge of computer networking topics (layered model, addressing, routing and switching, remote access) and computer security (attacks on infrastructure, CIA, AAA, encryption, identity management).

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lecure schedule: 1. Design and implementation of data centers (hardware and software redundancy), overview of the most common networking (TIA-942, ISO/IEC 11801-5) and software technologies. 2. Data center operation and its efficiency (facilities, PUE) 3. Security and safety of data center standards (TIER certification, EN 50600). 4. Securing the communication interfaces (Fibre Channel - port security, fabric binding, FCIP - traffic engineering, cost profile). 5. Logging and monitoring of data center infrastructure and services, audit trail. 6. Identity and permission management (SAML, OAuth, OpenID). Technologies for data center management and remote access. 7. Data center network infrastructure, services and application security. Integrated solutions for data center security and their common features. 8. Service models of cloud services and their deployment models (SaaS, PaaS, IaaS). Data and application accessibility in cloud environment, data recovery, privacy of stored data. 9. Public and Private Cloud (Amazon, Microsoft Azure, Google Cloud). 10. Cloud security controls. DDoS attacks on cloud services and their prevention. Computer laboratories focus on practical implementation of topics covered on the lectures. Laboratory schedule: 1. Introduction to the laboratory and assignments during the semester. 2. Implementation of L2 security. 3. Implementation of L3 security. 4. Deployment of IDS and IPS solutions. 5. Zone-based firewalling. 6. Remote management and remote access configuration. 7. Cloud platforms - OpenStack. 8. Cloud platforms - Amazon AWS. 9. Cloud platforms - Microsoft Azure. 10. Physical safety and security of data centers.

Conditions for subject completion

Full-time form (validity from: 2016/2017 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of pointsMax. počet pokusů
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45  22
        Examination Examination 55  29 3
Mandatory attendence participation: Participation in labs is mandatory and is checked (70%+). The course guarantor will inform students of the scope of compulsory participation at the beginning of the semester.

Show history

Conditions for subject completion and attendance at the exercises within ISP: Completion of all mandatory tasks within individually agreed deadlines. At the beginning of the semester, the student and the subject guarantor will make an agreement on the scope of participation in the exercises.

Show history

Occurrence in study plans

Academic yearProgrammeBranch/spec.Spec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2024/2025 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2024/2025 (N0613A140035) Computer Science P English Ostrava 2 Optional study plan
2023/2024 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2023/2024 (N0613A140035) Computer Science P English Ostrava 2 Optional study plan
2023/2024 (N0714A060021) Communication and Information Technology P English Ostrava 2 Optional study plan
2022/2023 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2022/2023 (N0613A140035) Computer Science P English Ostrava 2 Optional study plan
2022/2023 (N0714A060021) Communication and Information Technology P English Ostrava 2 Optional study plan
2021/2022 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2020/2021 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2020/2021 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2019/2020 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2019/2020 (N0612A140005) Information and Communication Security IKT P English Ostrava 2 Compulsory study plan
2018/2019 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2017/2018 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2016/2017 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner

Assessment of instruction

Předmět neobsahuje žádné hodnocení.