Domain 1: Cloud Concepts, Architecture & Design Module 3 of 70

Module 3: Building Block Technologies

CCSP Domain 1 — Cloud Concepts, Architecture & Design Section A 6 min read
The exam tests building block technologies not as standalone concepts but as enablers of cloud characteristics. When you see virtualization, networking, or storage in a question, ask yourself: which cloud capability does this technology make possible?

Virtualization: The Foundation of Cloud

Virtualization is the single most important building block technology for cloud computing. It enables resource pooling, rapid elasticity, and multi-tenancy. The exam expects you to understand both Type 1 (bare-metal) and Type 2 (hosted) hypervisors, but more importantly, to recognize the security implications of each.

A Type 1 hypervisor runs directly on hardware with no underlying OS. Examples include VMware ESXi and Microsoft Hyper-V (when installed on bare metal). A Type 2 hypervisor runs on top of a host operating system, like VMware Workstation or VirtualBox. For cloud computing, Type 1 hypervisors are standard because they reduce the attack surface — there is no host OS to compromise.

Exam trap: The question may describe a scenario where a vulnerability in the "host operating system" allows an attacker to access all virtual machines. If the environment uses a Type 1 hypervisor, there is no host OS. This is a distractor designed to confuse candidates who do not understand hypervisor types.

VM Escape and Isolation

VM escape occurs when an attacker breaks out of a virtual machine and interacts with the hypervisor or other VMs. The exam treats this as one of the most critical cloud threats. Your defense knowledge should include hypervisor patching, minimizing the hypervisor attack surface, and monitoring for unusual inter-VM communication.

Networking Technologies

Cloud networking relies on software-defined networking (SDN), virtual LANs (VLANs), and network function virtualization (NFV). The exam focuses on how these technologies enable multi-tenancy and isolation.

SDN separates the control plane (decisions about where traffic goes) from the data plane (actual forwarding of traffic). This separation allows cloud providers to programmatically manage network configurations for thousands of tenants simultaneously. When the exam asks about network agility in cloud environments, SDN is usually the answer.

VLANs provide logical network segmentation within shared physical infrastructure. However, the exam may test the limitation that VLANs have a maximum of 4,094 IDs, which is insufficient for large cloud environments. This is why cloud providers use VXLAN (Virtual Extensible LAN), which supports over 16 million network segments.

Storage Technologies

Cloud storage builds on several underlying technologies that the exam expects you to differentiate:

  • Object storage: Data stored as objects with metadata and unique identifiers. No hierarchy. Think Amazon S3. Best for unstructured data at scale.
  • Block storage: Data stored in fixed-size blocks, like traditional hard drives. Provides raw storage volumes that VMs use as disks. Think Amazon EBS.
  • File storage: Traditional hierarchical file systems accessible over network protocols (NFS, SMB). Think Amazon EFS.

The exam tests your ability to match the right storage type to the right use case. Database workloads need block storage for performance. Media files and backups suit object storage. Shared file access across instances needs file storage.

Compute Abstraction Technologies

Beyond traditional VMs, the exam recognizes containers and serverless computing as building block technologies. Containers (Docker, Kubernetes) provide OS-level virtualization — multiple containers share the same kernel but have isolated user spaces. This is lighter than VMs but introduces a different security model: a kernel vulnerability affects all containers on that host.

Serverless computing (Functions as a Service) abstracts even the container layer. The customer provides code; the provider manages everything else. The exam tests the shared responsibility implications: in serverless, the customer's responsibility shrinks to code security and access management.

APIs: The Glue

Application Programming Interfaces enable on-demand self-service and broad network access. Every cloud action — provisioning a VM, creating a storage bucket, configuring a network — happens through an API. The exam tests API security: authentication, authorization, rate limiting, and input validation. A compromised API is a compromised cloud environment.

Key Takeaways

Building block technologies are the "how" behind cloud characteristics. Virtualization enables pooling and multi-tenancy. SDN enables network agility. Storage technologies enable scalable data management. APIs enable self-service and automation. The exam connects these technologies to their security implications, so always think: what could go wrong with this technology in a multi-tenant environment?

Next Module Module 4: Cloud Service Categories (SaaS, IaaS, PaaS)