Cloudcomputingbasics Aselfteachingintroduction PDF
Cloudcomputingbasics Aselfteachingintroduction PDF
COMPUTING
BASICS
LICENSE, DISCLAIMER OF LIABILITY, AND LIMITED WARRANTY
By purchasing or using this book (the “Work”), you agree that this license grants
permission to use the contents contained herein, but does not give you the right
of ownership to any of the textual content in the book or ownership to any of the
information or products contained in it. This license does not permit uploading of the
Work onto the Internet or on a network (of any kind) without the written consent of
the Publisher. Duplication or dissemination of any text, code, simulations, images,
etc. contained herein is limited to and subject to licensing terms for the respective
products, and permission must be obtained from the Publisher or the owner of the
content, etc., in order to reproduce or network any portion of the textual material (in
any media) that is contained in the Work.
MERCURY LEARNING AND INFORMATION (“MLI” or “the Publisher”) and anyone in-
volved in the creation, writing, production, accompanying algorithms, code, or com-
puter programs (“the software”), and any accompanying Web site or software of the
Work, cannot and do not warrant the performance or results that might be obtained
by using the contents of the Work. The author, developers, and the Publisher have
used their best efforts to insure the accuracy and functionality of the textual material
and/or programs contained in this package; we, however, make no warranty of any
kind, express or implied, regarding the performance of these contents or programs.
The Work is sold “as is” without warranty (except for defective materials used in
manufacturing the book or due to faulty workmanship).
The author, developers, and the publisher of any accompanying content, and anyone
involved in the composition, production, and manufacturing of this work will not be
liable for damages of any kind arising out of the use of (or the inability to use) the
algorithms, source code, computer programs, or textual material contained in this
publication. This includes, but is not limited to, loss of revenue or profit, or other
incidental, physical, or consequential damages arising out of the use of this Work.
The sole remedy in the event of a claim of any kind is expressly limited to replace-
ment of the book and only at the discretion of the Publisher. The use of “implied
warranty” and certain “exclusions” vary from state to state, and might not apply to
the purchaser of this product.
CLOUD
COMPUTING
BASICS
This publication, portions of it, or any accompanying software may not be reproduced in any way,
stored in a retrieval system of any type, or transmitted by any means, media, electronic display or
mechanical display, including, but not limited to, photocopy, recording, Internet postings, or scanning,
without prior permission in writing from the publisher.
The publisher recognizes and respects all marks used by companies, manufacturers, and developers
as a means to distinguish their products. All brand names and product names mentioned in this book
are trademarks or service marks of their respective companies. Any omission or misuse (of any kind) of
service marks or trademarks, etc. is not an attempt to infringe on the property of others.
Our titles are available for adoption, license, or bulk purchase by institutions, corporations, etc. For
additional information, please contact the Customer Service Dept. at 800-232-0223(toll free).
All of our titles are available in digital format at authorcloudware.com and other digital vendors. The
sole obligation of MERCURY LEARNING AND INFORMATION to the purchaser is to replace the book, based on
defective materials or faulty workmanship, but not based on the operation or functionality of the product.
CONTENTS
Preface xi
Chapter 5: Deals with cloud management concepts like scalable, fault tol-
erance, resiliency, provisioning, asset management, cloud governance, high
availability, disaster recovery, and multi-tenancy.
Chapter 6: Details cloud information security fundamentals, architecture,
and challenges.
Chapter 7: Provides case studies on various cloud providers and cloud
services.
CHAPTER
1
OVERVIEW OF THE
COMPUTING PARADIGM
Automatic computing has changed the way humans can solve problems
and the different ways in which problems can be solved. Computing has
changed the perception and even the world more than any other innovation
in the recent past. Still, a lot of revolution is going to happen in computing.
Understanding computing provides deep insights and generates reasoning
in our minds about our universe.
Over the last couple of years, there has been an increased interest in
reducing computing processors’ powers. This chapter aims to understand
different distributed computing technologies like peer to peer, cluster, utility,
grid, cloud, fog and jungle computing, and make comparisons between them.
standalone computers. Computer clusters have each node set to carry out
the same tasks, controlled and scheduled by software. The components of
a cluster are connected to each other through fast local area networks as
shown in Figure 1.4. Clustered computer systems have proven to be effec-
tive in handling a heavy workload with large datasets. Deploying a cluster
increases performance and fault tolerance.
customer as per the need, and charges them for specific usage rather than
a fixed rate. It has an advantage of being low cost with no initial setup cost
to afford the computer resources. This repackaging of computing services is
the foundation of the shift to on-demand computing, software as a service,
and cloud computing models.
The customers need not to buy all the hardware, software, and licenses
to do business. Instead, the customer relies on another party to provide these
services. Utility computing is one of the most popular IT service models pri-
marily because of the flexibility and economy it provides. This model is based
on that used by conventional utilities such as telephone services, electricity,
and gas. Customers have access to
a virtually unlimited supply of com-
puting solutions over the Internet
or a virtual private network (VPN),
which can be used whenever, wher-
ever required. The back-end infra-
structure and computing resources
management and delivery are gov-
erned by the provider. Utility com-
puting solutions can include virtual
software, virtual servers, virtual
storage, backup, and many more IT
solutions. Multiplexing, multitask-
ing, and virtual multitenancy have
brought us to the utility computing
business as shown in Figure 1.5. FIGURE 1.5 Utility computing
All the patient data is collected by the wireless ECG sensor which then
forwards it to the mobile device via Bluetooth without user intervention.
Client software on the mobile device transmits the data to the ECG anal-
ysis web service, which is hosted by a cloud computing-based software
stack. This communication can happen with a home wireless gateway or
directly via the mobile’s data connectivity (e.g. mobile 3G network).
The analysis software carries out numerous computations on the received
data taking the reference from the existing demographic data and the
patient’s historic data. Computations concern comparison, classification
and systematic diagnosis of heartbeats, which can be time-consuming
when done for long time periods for a large number of consumers.
The software then appends the latest results to the patient’s historic
record maintained in private and secure cloud-based storage so that
authenticated users can access it anytime from anywhere. Physicians
will later interpret the features extracted from the ECG waveform and
decide whether the heartbeat belongs to the normal (healthy) sinus
rhythm or to an appropriate class of arrhythmia.
The diagnosis results are sent to the patient’s mobile device and/or moni-
tor, the doctor and/or emergency services at predefined intervals.
The monitoring and computing processes are repeated according to
user’s preferences, which may be hourly or daily over a long period of
time.
Once the task is completed, the middleware makes the results available
for visualization through the portal. The advantage of using cloud technol-
ogies (i.e., Aneka as scalable cloud middleware) versus conventional grid
infrastructures is the capability to leverage a scalable computing infrastruc-
ture that can be grown and shrunk on demand.
14 • CLOUD COMPUTING BASICS
1.3.3 CRM
The distinctive traits of cloud computing are its efforts at providing
value-added trustee services, maximizing flexible integration of computing
resources, and advancing cost-saving IT services. To provide value-added
trustee services, the cloud should be capable of identifying the customer
relationship communities and answering for users’ innovation strategies. To
maximize flexible integration of computing resources, the clouds should be
in both human computing resources and electronic computing resources.
Many computing tasks are usually more suitable for humans to process than
for electronic computing machines. Integrating the human computing abil-
ity or crowd computing ability into the cloud can enhance its processing
capabilities with the help of vast human brains dispersed on the Internet.
This means that the cloud should be competent enough to track cus-
tomer information and understand the ways its users interact. Social CRM
plays an important role in supporting a value-added trustee service and
exploiting human computing resources in cloud computing. CRM involves
attracting new profitable customers and forming tighter bonds with existing
ones. Since online social communities and conversations carry heavy con-
sequences for companies, social CRM integrates social networks into the
traditional CRM capabilities. Information gained through social CRM ini-
tiatives can support the development of marketing strategies by developing
the organization’s knowledge in areas such as identifying a customer rela-
tionship community, improving customer retention, and improving product
offerings by better understanding customer needs. Customer relationship
(CR) network as a kind of social network uses a vertex for a customer and
a link for the relationship between two vertexes. Many online cloud com-
puting services rely on virtual communities that spontaneously emerge and
continuously evolve. So, clarifying the explicit boundaries of these commu-
nities is quite essential to ensure service qualification. Communities with
overlapping features or prominent vertexes are typically irregular commu-
nities. The traditional community identification algorithms cannot identify
these irregular topologies. Customer Relationship plays a very important
role network in CRM. With an uneven shape, these communities usually
play a prominent role in finding prominent customers who are usually
ignored in social CRM.
1.3.4 ERP
Cloud computing is a service that offers reliable IT infrastructure and soft-
ware services off the user premises, thereby saving the cost of hardware,
OVERVIEW OF THE COMPUTING PARADIGM • 15
2
ROADMAP FOR CLOUD
COMPUTING
On-demand Self-service
A consumer can get access to computing capabilities such as storage and
server time as required, without any human interaction with a cloud service
provider. Cloud service providers providing on-demand self-services include
Google, Microsoft, Amazon Web Services (AWS), IBM, and Salesforce.com.
Resource Pooling
The cloud enables users to enter and use data within business management
software hosted on the cloud at the same time, from any location and at
any time. The computing resources are pooled to serve multiple consum-
ers using a multitenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand. The
user is usually unaware of the exact location of cloud provider resources.
Measured Service
This is the straightforward idea that the consumers only pay for the
resources they consume. The cloud provider can measure the storage levels,
ROADMAP FOR CLOUD COMPUTING • 19
processing, and bandwidth used and the consumers are billed appropriately.
The resources that are being used can be monitored and controlled from
both the consumer’s side and cloud provider’s side, resulting in transparency.
Cloud computing services use a metering capability which helps to control
and optimize resource use. This implies that just like an electricity bill, the
IT services are also charged according to use—pay per use. The bill amount
varies with the usage of IT services by the consumers; the more they utilize,
the higher the bill amount.
Rapid Elasticity
The cloud is flexible and scalable. Consumers can quickly and easily add
or remove software features and other resources to suit their immediate
business needs. Cloud services can be rapidly and elastically provisioned
automatically.
Security
Security issues hinder the acceptance of cloud computing. The security
issues such as botnet, data loss and phishing are a serious threat to an orga-
nization’s data and applications.
Interoperability
This is the ability of two or more systems to work together in order to
exchange information and use that exchanged information. Many public
cloud networks are not designed to interact with each other and are con-
figured as closed systems. This lack of integration between networks makes
it difficult for organizations to combine their IT systems on the cloud and
realize productivity gains and cost savings. To overcome this challenge,
industry standards must be developed to help cloud service providers design
interoperable platforms and enable data portability. Organizations need to
ROADMAP FOR CLOUD COMPUTING • 21
Multitenancy
When multiple customers access the same hardware, application servers, and
databases, the response time and performance for other customers may be
affected. For application-layer multitenancy specifically, resources are shared
at each infrastructure layer and have valid security and performance concerns.
Server Consolidation
Server consolidation is an effective approach to maximizing resource uti-
lization while minimizing energy consumption in a cloud computing envi-
ronment. Live VM migration technology is often used to consolidate virtual
machines residing on multiple underutilized servers on to a single server so
that the remaining servers can be set to an energy-saving state.
such as during slow network connections. One of the cases identified due to
the unreliability of on-demand software is Apple’s MobileMe cloud service,
which stores and synchronizes data across multiple devices. It begins when
many users are not able to access mail and synchronize data correctly. To avoid
such problems, providers are turning to technologies such as Google Gears,
Adobe AIR, and Curl that allow cloud-based applications to run locally; some
even allow them to run in the absence of a network connection.
There are different reasons for adopting the cloud—a few reasons are
described below:
Dynamic allocation, scaling and movement of applications
Pay per use
No long-term commitments
Operating system and application architecture independent
No hardware or software installation required
The sectors that can benefit from this adoption are IT and technology,
education, manufacturing and business and professional services.
IT and technology: With cloud adoption, IT and technology companies
can provide a greater level of service to support a more complex IT
infrastructure.
Education: Geographical location is no longer a barrier to acquiring
education. Cloud services can not only enhance the knowledge sharing
but also foster team collaborations.
24 • CLOUD COMPUTING BASICS
Application Services
The application instances represent the agreement between service provider
and the consumer to use services on an on-demand basis. It is guaranteed
that at a given point of time the services or the resources will be surely avail-
able for consumers, once the reservation of the resources has been made.
Self-service Portal
Self-service portal is a facility provided by the cloud to consumers. It sup-
ports the account owners signing up and using the purchased capacity. Users
can request a machine or an entire multi-machine environment as well as
monitor and control it using a web-based self-service portal.
Allocation Engine
Dynamic resource management provides automated allocation and realloca-
tion of resources. Dynamic resource management is a key component of any
cloud solution that maximizes efficiency.
ROADMAP FOR CLOUD COMPUTING • 25
Resource Automation
Cloud ensures that the resources are automatically and effectively utilized as
and when they are required by the consumers.
Metering of Resources
With the help of the metering of resources on any cloud, user organizations
can bring transparency to the business and environment for the manage-
ment to view the usage of resources.
Application Development
Applications that use cloud computing benefit from its capability of dynam-
ically scaling on demand. One class of applications that takes the biggest
advantage of these features is a web application. With Web 2.0, the web has
become a platform for developing complex and rich application including
enterprise applications that leverage the Internet as the preferred chan-
nel for service delivery and user interaction. These are the applications
that involve variable workload, dynamic size of infrastructure and service
deployment.
Another class of applications that can potentially gain considerable
advantage by using cloud computing is represented by resource-intensive
applications. These can be either data-intensive or computation-intensive
applications. A considerable amount of resources are required for
complete execution of these applications in a reasonable time frame. It is
26 • CLOUD COMPUTING BASICS
worth noticing that a large number of resources are not needed constantly
or for a long duration.
Service Management
The cloud provides visibility, control, and automation across all the business
and IT assets to deliver higher value services.
Asset Management
The cloud maximizes the value of the critical business and IT assets over
their lifecycle with industry tailored asset management solutions.
Information Infrastructure
The cloud helps businesses achieve information compliance (regulation),
availability, retention, and security objectives.
Security
The cloud provides end-to-end industry-customized governance, risk man-
agement, and compliance for businesses.
Resilience
The cloud ensures the continuity of business and IT operations while rapidly
adapting, and responding to risks and opportunities.
up the licensing fees for multiple users in a company can prove to be very
expensive. The cloud, on the other hand, is available at much cheaper rates
and can significantly lower the company’s IT expenses (pay-as-you-go and
other scalable options).
ii. Unlimited Storage
Storing information on the cloud provides an almost unlimited storage
capacity.
iii. Backup and Recovery
Since all the data is stored on the cloud, backing it up and restoring it is rela-
tively easier than storing the data on a physical device. The entire process of
backup and recovery becomes much simpler than other traditional methods.
iv. Automatic Software Integration
Software integration is usually something that occurs automatically on the
cloud. This means that cloud users don’t have to make additional efforts to
customize and integrate their applications.
v. Easy Access to Information
Once users register on the cloud, they can access their information from
anywhere via an Internet connection. This convenient feature lets users
overcome time zone and geographic location issues.
vi. Quick Deployment
Cloud computing gives the advantage of quick deployment. The entire sys-
tem can be fully functional in a matter of a few minutes. Of course, the
amount of time taken depends on the kind of technology that is needed for
the business.
vii. Scalability
Cloud computing makes it easier for an organization to scale their services
according to the demand of clients. The consumer business can scale up
or scale down the operation and storage needs quickly to suit the situation,
allowing flexibility as the needs change. Rather than purchasing and install-
ing expensive upgrades, the cloud service provider can handle this for the
consumer. Using the cloud, the consumer frees up their time so that they can
get on with running their business.
Cloud computing also has its disadvantages. Businesses, especially
smaller ones, need to be aware of these aspects before using the services
provided on the cloud. The major disadvantages of cloud computing are
detailed below.
ROADMAP FOR CLOUD COMPUTING • 29
i. Technical Issues
Though it is true that information and data on the cloud can be accessed
any time and from anywhere, there might be instances when the system can
have some serious malfunctions. Businesses should be aware of the fact that
this technology is always prone to outages and other technical issues. Even
the best cloud service providers face these issues, in spite of ensuring high
standards of maintenance.
ii. Security on the Cloud
Security of data is the other major issue of cloud computing technology.
Before adopting this technology, users should be aware of the risks of surren-
dering their confidential data to third-party cloud service providers. Users
need to be sure that they choose the most reliable service provider who will
ensure the security of their data. Storing information on the cloud can make
companies vulnerable to external hack attacks and threats. Therefore, there
is always the lurking possibility of theft of sensitive data.
iii. Vendor Lock-In
Organizations may find it difficult to migrate their services from one vendor
to another. Hosting and integrating current cloud applications on another
platform may come up with issues like interoperability and support systems.
Although cloud service providers promise that the cloud will be flexible to
use and integrate, switching cloud services has not yet completely evolved.
iv. Possible Downtime
Cloud computing makes the customer business dependent on the reliability
of their Internet connection. If the Internet connection is offline, the cus-
tomer won’t be able to access any of their applications, servers, or data from
the cloud.
v. Limited Control
The service provider is responsible for managing and monitoring the cloud
infrastructure, so customers have minimal control over it. The customer can
only control and manage the data, applications, and services operated on
top of the cloud. The key administrative tasks such as server shell access,
updating and firmware management may not be passed to the customer or
end user.
CHAPTER
3
CLOUD VIRTUALIZATION
TECHNOLOGY
3.1 VIRTUALIZATION
Virtualization refers to technologies that are designed to provide a layer
of abstraction between layers of hardware and software that decouples
the physical hardware from the operating system. Virtualization helps
with simplified interaction between these two layers, delivering greater IT
resource utilization, and flexibility.
A virtual machine monitor example is shown in Figure 3.2 where the cus-
tomer management environment runs on top of Operating System 1 (OS1)
and the testing environment runs on top of Operating System 2 (OS2). Both
the operating systems run on top of the virtual machine monitor (VMM).
The virtualizations of all the resources (e.g., processors, memory, secondary
storage, and networks) are being carried by VMM and it also allocates them
to the various virtual machines that run on top of the VMM.
CLOUD VIRTUALIZATION TECHNOLOGY • 33
system and the tools that are more apt for each environment. A security
attack on one virtual machine does not compromise the others because
of their isolation.
iii. Cost: It is possible to achieve cost reduction by consolidating smaller
servers into more powerful servers. Cost reductions can be achieve from
hardware costs, operations cost reductions in terms of personnel, floor
space, and software licenses.
iv. Adaptability to workload variations: Changes in workload intensity
levels can be easily taken care of by relocating resources and priority allo-
cations among virtual machines. Autonomic computing-based resource
allocation techniques, such as dynamically moving processors from one
virtual machine to another, help in adapting to workload variations.
v. Load balancing: It is relatively easy to migrate virtual machines to other
platforms as the software state of an entire virtual machine is completely
encapsulated by the VMM. Hence this helps to improve performance
through better load balancing.
operating systems to run at the same time on a single host system. Hypervisors
are directly responsible for hosting and managing virtual machines on the
host or server. The host is another name for the physical server and hyper-
visor. The virtual machines that run on the host are termed as guest VM
or guest operating system. Guest VM is a hypervisor which can operate on
hardware of different vendors. The hardware of the host computer is being
shared by the guest operating system in such a way that each OS appears to
have its own memory, processor, and other hardware resources. With each
hypervisor, there is a companion layer of hypervisor management software
that provides a range of functions like create Virtual Machine, delete Virtual
Machine, move Virtual Machine, etc. There are two types of hypervisors
known as “Type 1” and “Type 2” hypervisors. Type 1 is a hypervisor which is
installed directly on the hardware and is even called as “bare-metal.” Type 2
is a hypervisor which is installed on top of an operating system and is even
called as “hosted” hypervisor. Further details of these two hypervisor are
covered in the Section 3.3.2.
The common features of hypervisor are “High Availability (HA),” “Fault
Tolerance (FT),” and “Live migration (LM).” The prime goal of a High
Availability is to minimize the impact of downtime and continuously monitor
all virtual machines running in the virtual resource pool. The virtual resource
pool is a set of resources or physical servers which run virtual machines (VM).
When a physical server fails the VM is automatically restarted on another
server. This is shown in Figure 3.5.
In Figure 3.5, there are three physical servers. When there is a failure
in server B, the virtual machines B1 and B2 are restarted on server A and
server C. This can be done because images of the virtual machines are stored
in the storage system, which the servers are connected to. However, a hard-
ware failure can lead to data loss. This problem is solved with fault tolerance
(FT). With fault tolerance it is possible to run an identical copy of the VM
on another server. As a result, there will be no data loss or downtime. This is
depicted in Figure 3.6.
In Figure 3.6, fault tolerance is used for virtual machines B1 and B2.
With fault tolerance copies of B1 and B2 will be maintained and run on a
separate host or physical server in real-time. Every instruction of the primary
VM will also be executed on the secondary VM. If server B fails, B1 and B2
will continue on server A and C without any downtime. The technology to
move virtual machines across different hosts or physical servers is called live
migration. An example of a live migration is shown in Figure 3.7.
In Figure 3.7, virtual machines are migrated from one host to another.
The reasons for live migration can be an increase in the server workload and
also for server maintenance purposes. As a virtual machine (VM) is hardware
(configuration) independent, it is not dedicated to a single physical server or
hardware configuration and can be moved from one server to another even
when it is in operation. This makes it possible to balance capacity across serv-
ers ensuring that each virtual machine has access to appropriate resources
on time.
Disk Virtualization
This is one of the oldest forms of storage virtualization, where the physical
properties of the disk are virtualized by the disk firmware. This firmware
transforms the cylinders, head, and sectors addresses into consequently
numbered logical blocks for use by operating systems and host applications.
Disk virtualization also ensures that the magnetic disks always appear defect
free. During the life of a disk some of the blocks may go bad, and in these
scenarios the disk firmware remaps the defective blocks to a pool of spare
defect-free blocks.
of the tape drives. Tape media virtualization uses online disk storage as a
cache to emulate the reading and writing of data to and from physical tape
media. Tape drive virtualization makes tape drive pools with guaranteed data
integrity. A single physical drive may appear as several virtual drives, which
can be assigned to individual servers that treat them as dedicated resources.
When a server attempts to use its virtual tape drive, a request is sent to the
tape drive broker that reserves and maps a physical tape drive to the host’s
virtual drive.
File/Record Virtualization
The most widely deployed example of file virtualization is hierarchi-
cal storage management, which automates the migration of rarely used
data to inexpensive secondary storage media such as optical disks or tape
drives. This migration is transparent to both users and applications, which
continue to access the data as though it was still on the primary storage
medium.
Block Virtualization
In a block-level storage system, the raw volumes of storage are created and
each block can be treated as an individual hard drive. The blocks are con-
trolled by server-based operating systems and with the ability to format itself
in any file system.
Advantages of block-level storage systems include the following:
Offer better performance or speed than file-level storage systems.
Each block or storage volume can be treated as an independent disk
drive and is controlled by an external server operating system.
Block-level storage is popular with the storage area network (SAN).
They are more reliable and their transport systems are very efficient.
Capable of supporting external boot up of the system connected to
them.
a. Direct attached storage (DAS): It has been evolved from the server
industry where the vendors used to sell the storage as an add-on. This is
the traditional method used in data storage in which the hard drives are
attached to a physical server as shown in Figure 3.12. Being a traditional
method it is still not appropriate for the following applications:
Very low-end PC applications
Very high-performance main frame applications
Computation-intensive and high-performance On Line Transaction
Processing data base applications.
The incoming packets are sent to the VIP but are redirected to the actual
network interface of the receiving host or hosts. VIP is used in virtualization
technologies. It supports High-Available and Load-Balancing where mul-
tiple systems have a common application, and they are able to receive the
traffic as redirected by the network device. Virtual IP address eliminates a
host’s dependency upon individual network interfaces and so even if com-
puter or NIC fails the VIP address may still be available, because another
NIC responds to the connection.
A Virtual Private Network (VPN) is a private communication network
that uses a public network, such as the Internet. The purpose of a VPN is to
guarantee confidentiality on an unsecured network channel. It is normally
used as a means to enable a remote employee to connect to an organizations’
network. This is normally done by using special software (example: Cisco
VPN Client). The software helps in initiating a connection, and after the con-
nection is established all the interaction with the resources on the network
are done as if the computer is physically connected to the same network—
but all this depends on the security policies applied on the network.
The network virtualization model includes three different business roles:
a. The infrastructure provider (InP) deploys and runs the network physi-
cal resources and partitions them into isolated virtual slices using some
virtualization technology.
b. The virtual network provider (VNP) is responsible for finding and
composing the adequate set of virtual resources from one or more infra-
structure providers in order to fulfil the request of a virtual network
operator (VNO).
c. The VNO deploys any protocol stack and network architecture over
a virtual network, independently of the underlying physical network
technologies.
A user logs into the network using his username and password and gets
access to his desktop. Desktop virtualization can be subdivided into two
types: “Client side” and “Server side.” In server side desktop virtualization,
the end-user applications are executed remotely on a central server. In client
side desktop virtualization the applications are executed at the endpoint; this
is the user location, and presented locally on the user’s computer.
Client Side
It is through client side desktop virtualization that execution of a desktop is
possible locally at the user location. For client side desktop virtualization,
type 1 or type 2 hypervisors can be used.
Server Side
Shared virtual desktops are a solution for gaining remote access to an appli-
cation and desktops that are executed on a central server located in a data
center. The access to the application or desktop is not restricted to a cer-
tain location or end-user equipment. The execution of the program takes
place on the server centrally. The information appears on the client’s screen
via a Remote Display Protocol (RDP). A personal virtual desktop gains the
remote access to desktops that are executed on a virtual machine in the data-
center. This type of desktop virtualization is also known as Virtual Desktop
CLOUD VIRTUALIZATION TECHNOLOGY • 51
The desktop users get almost all local desktop features as if the applica-
tions were loaded on their local systems, the difference being that the appli-
cations are centrally hosted and managed. The three components of VDI as
shown in Figure 3.19 are stated below:
1. Virtual Desktop Client (VDC): The converged end user device.
2. Virtual Desktop Server (VDS): The control software resides in a vir-
tual machine hosted inside a data center.
52 • CLOUD COMPUTING BASICS
4
CLOUD COMPUTING
ARCHITECTURE
b. Interoperability
The pharma application has to get real-time currency data to perform local
currency conversions as well as interface with a database server to retrieve
information about medicines. As the two systems are different, the devel-
oper has to take care of the interfacing aspects.
c. Redundancies
The required interfacing component may have already been developed
by some other company, probably even in some other country. However,
chances are that it will be unknown to the current developer and the same
work is duplicated. Another obstacle while trying to share components is
that they might not use similar technology to develop their application, thus
resulting in difficulty of reusing the components.
Business Services
The business service can be defined as the logical encapsulation of business
functions. They have to be relevant to the business of the organization.
An easy way to determine whether a service is a business service is to ask
whether the service can be created without the consultation of business
managers. If not, the service isn’t probably a business service. Another
desirable feature of a business service is that it should have as little depen-
dencies as possible so that it can be reused easily throughout the organi-
zation. This reusability means that there is consistency. In addition, any
change in business policy can be propagated throughout the organization
much more easily.
While the concept of reusability might already be familiar in the world
of software engineering, in SOA the level of reuse is different. The concept
of reusability in SOA refers to reusable high-level business services rather
than reusable low-level components. In view of the above discussion, it is
indeed by no means easy to identify appropriate business services in a SOA.
It involves both the IT and business departments to do that. Nevertheless, it
is an important step as defining business services is important to building a
strategic SOA. Business services are not the only services in SOA. A typical
service model might include entity services, tasks or functional services, and
utility or process services.
62 • CLOUD COMPUTING BASICS
Entity Services
An entity service usually represents business entities (an employee, cus-
tomer, product, invoice, etc.). Such entity service usually exposes CRUD
(create, read, update, and delete) operations.
Functional Services
The functional service can be thought of as controller of composition of ser-
vices and hence their reusability is usually lower. In other words, it is usually
a technology-oriented service and not a business-oriented one where busi-
ness related tasks or functions are represented.
Utility Services
Utility services offer common and reusable services that are usually not
business centric. Some of the utility services are event logging, notifications,
exception handling, etc.
i. The top layer is a user interface layer that is implemented using some
Web server (like Microsoft’s IIS or Apache’s HTTP Web server) and
scripting languages or servlet-like technologies that they support.
CLOUD COMPUTING ARCHITECTURE • 63
ii. The second layer, the business logic layer, is where all business logic
programmed in Java, C#, Visual Basic, and PHP or Python or Perl or
TCL is put.
The data layer is where the code that manipulates basic data structures
resides, and this usually is constructed using object and/or relational data-
base technologies. All the layers are deployed on a server configured with an
operating system and network infrastructure enabling an application user to
access application functionality from a browser or rich Internet client appli-
cation. The business and data logic are sometimes incorporated with codes
in other layers of the architecture, making it difficult to modify and manage
the application over time.
In order to transform from one architecture style to another it is necessary
to correct mistakes relating to layering wherever possible. Initially it requires
code to be cleaned, commented, and consolidated so that it is packaged for
reuse and orderly deployment and cross-layer violations (e.g., database spe-
cifics and business logic are removed from the UI layer or business logic is
removed from the data layer) are removed. Service Application Programming
Interface (API) is introduced between the User Interface Layer and the
Business Logic Layer because of layer violation as depicted in Figure 4.6.
Cloud Consumer
The cloud consumer is the principal participant for the cloud computing
service. A cloud consumer maintains a business relationship with cloud
provider, and also uses its service. A cloud consumer browses the service
directory from a cloud provider, requests the appropriate service, sets up
service contracts, and uses the service. A cloud consumer may be billed for
the service provisioned and needs to arrange payments accordingly. Cloud
consumers need Service Level Agreements to specify the technical perfor-
mance requirements satisfied by a cloud provider.
SLAs include the terms regarding the quality of service, security, and
remedies for performance failures. In the SLA a cloud provider may add up
few promises (limitation and compulsion) explicitly not made to consumers
that a cloud consumer must accept. A cloud consumer can freely choose a
cloud provider with better pricing and more favorable terms. Typically a
cloud provider’s pricing policy and SLAs are non-negotiable. The activities
and usage scheme can be different for different cloud consumers depending
on the services requested. Figure 4.13 presents some examples of cloud ser-
vices available to a cloud consumer.
CLOUD COMPUTING ARCHITECTURE • 69
SaaS applications present on the cloud are made accessible via a network
to the SaaS consumers. The consumers of SaaS get access to software appli-
cations, or software application administrators who configure applications
for end-users. SaaS consumers can be billed based on the network band-
width consumed, number of end-users, time of use, amount of data stored
or the duration of stored data.
Cloud consumers of PaaS can utilize the tools and resources provided by
cloud providers to develop, test, deploy and manage the applications hosted
on a cloud environment. A PaaS consumer can be a developer who designs
and implements application software, testers who run and test applications
in cloud-based environments, a deployer who publishes applications in cloud
or application administrators who configure and monitor application perfor-
mance on a platform. PaaS consumers are billed according to database stor-
age, processing, the duration of the platform usage and network resources
consumed by the PaaS application.
Consumers of IaaS can access virtual computers, network infrastructure
components, network-accessible storage and other fundamental computing
resources on which they can deploy and run arbitrary software. IaaS con-
sumer can be system developers, system administrators and IT managers
who are interested in installing, creating, managing and monitoring services
for IT infrastructure operations. The consumers are provisioned with capa-
bilities to access these computing resources and are billed according to the
amount or duration of the resources consumed, such as CPU hours used by
virtual computers and duration of data stored, volume, network bandwidth
consumed, and the number of IP addresses used for certain intervals.
70 • CLOUD COMPUTING BASICS
Cloud Provider
A cloud provider is a person, an organization or an entity responsible for
making a service available to interested parties. A cloud provider achieves
and manages the computing infrastructure required for providing the ser-
vices, runs the software that provides the services and delivers the software
services to the cloud consumers through network access. The cloud pro-
vider of SaaS deploys, configures, maintains, and updates the operation of
the applications on a cloud infrastructure so that the services are provisioned
at the expected service levels to the consumers. The SaaS provider assumes
most of the responsibilities in managing and controlling the applications and
the infrastructure, whereas the cloud consumers have limited administrative
control of the applications.
The cloud provider for PaaS manages the computing infrastructure for
the platform and runs the cloud software that provides the components of
the platform, such as run time software execution stack, databases, and other
middleware components. The PaaS cloud provider also supports the devel-
opment, deployment and management process of the PaaS cloud consumer
CLOUD COMPUTING ARCHITECTURE • 71
Cloud Auditor
A cloud auditor is an entity that can perform an independent examination
of cloud service controls with the intent to express an opinion there on.
Audits are performed to verify compliance to standards through reviews of
objective evidence. A cloud auditor can evaluate the services provided by a
cloud provider in terms of privacy impact, security controls, performance,
etc. For security auditing, a cloud auditor can evaluate the security controls
in the information system to determine the extent to which the controls are
implemented correctly and are operating as intended thus producing the
desired outcome with respect to the security requirements for the system.
Security auditing should also include the verification of the compliance with
regulation and security policy. For example, an auditor ensures that the cor-
rect policies are applied to data retention according to relevant rules for the
jurisdiction. The auditor may ensure that fixed content has not been mod-
ified and that the legal and business data archival requirements have been
satisfied.
A privacy impact audit can help federal agencies comply with the appli-
cable privacy laws and regulations governing an individual’s privacy, and help
them to ensure confidentiality, availability, and integrity of an individual’s
personal information at every stage of development and operation.
Cloud Broker
Expansion of cloud computing leads to the complexity in the integration of
cloud services and results in the difficulties for the cloud consumer to man-
age. Instead of contacting a cloud provider directly a cloud consumer may
request cloud services from a cloud broker. A cloud broker is an entity that
manages the use, performance and delivery of cloud services and negotiates
relationships between cloud providers and cloud consumers. Three catego-
ries of services can be provided by the cloud broker:
i. Service Intermediation: A cloud broker enhances a given service
by improving some specific capability and providing value-added ser-
vices to the consumers. The improvement can be managing access to
cloud services, identity management, performance reporting, enhanced
security, etc.
ii. Service Aggregation: A cloud broker combines and integrates
multiple services into one or more new services. A broker provides data
integration and ensures the data movement between the cloud consumer
and multiple cloud providers securely.
CLOUD COMPUTING ARCHITECTURE • 73
Cloud Carrier
A cloud carrier acts as a mediator that provides connectivity and transport of
cloud services between cloud consumers and cloud providers. Cloud carri-
ers provide access to consumers through network, telecommunication, and
other access devices, for example a cloud consumer can attain cloud services
through network access devices such as computers, laptops, mobile phones,
mobile internet devices (MIDs), etc. The cloud services are normally pro-
vided by network and telecommunication carriers or a transport agent, where
a transport agent refers to a business organization that provides physical trans-
port of storage media such as high-capacity hard drives. A cloud provider will
set up SLAs with a cloud carrier to provide uniform services with the level of
SLAs offered to cloud consumers and may require the cloud carrier to provide
dedicated and secure connections between cloud consumers and providers.
limits in size and scalability but has more standardized processes and
protection. IT departments would also need to acquire the capital
and operational costs for the physical resources. Best suited for appli-
cations which require complete security, control, and configurability
of the infrastructure.
ii. Externally hosted Private Cloud: This type of private cloud is
hosted externally with a cloud provider. It is facilitated with an exclu-
sive cloud environment with a full guarantee of privacy and security.
This is best suited for enterprises that don’t prefer a public cloud due
to the sharing of physical resources. Some of its important features
are listed below:
Within the boundaries (firewall) of the organization.
c. Hybrid Cloud
A hybrid cloud is a combination of private and public clouds. With a hybrid
cloud, service providers can utilize third party cloud providers in a full or partial
manner, thus increasing the flexibility of computing. The hybrid cloud environ-
ment is well suited for providing on-demand, externally provisioned scale. The
ability to amplify a private cloud with the resources of a public cloud can be
used to manage any unexpected growth in the workload, shown in Figure 4.16.
d. Community Cloud
Community cloud is a multi-tenant cloud service model, which is shared
among various organizations and is managed, governed and secured com-
monly by all the participating organizations or by a third party. It is a hybrid
form of private cloud built and operated specifically for a targeted organi-
zation and communities. These communities have similar requirements and
their ultimate goal is to work together to achieve their business objectives.
The objective of community clouds is to have participating organizations
realize the benefits of a public cloud along with the added level of security,
privacy and policy compliance usually associated with a private cloud. The
community clouds can be set either off-premises or on-premises.
Cloud Providers offering different services can support each other since
they are not competitors; an example can be from the cooperation between
the airline and accommodation market segments. Since companies oper-
ating in the two sectors are not competing with each other, they can gain
advantages if they provide customers with a complete solution. IaaS vendors
can complement their offer with advantageous access to some PaaS services
as complementary.
2. Logical and Operational Level
The logical and operational level identifies and addresses the challenges in
devising a framework enabling the aggregation of providers belonging to
different administrative domains. Policies and rules for interoperation are
defined at this layer. This is the layer where decisions on how and when to
lease a service or to leverage a service from another provider are taken. The
logical component defines a context within which agreements among differ-
ent providers are settled and services are negotiated, while the operational
component characterizes and shapes the dynamic behavior of the federation
as a result of the choices of the single providers. The major challenges of this
layer are:
How to represent a federation.
How to represent and model a cloud service, a cloud provider or an
agreement.
How to define the rules and policies that allow providers to join a
federation.
When to take the advantage of the federation.
What are the mechanisms in place for settling agreements among
providers?
What are the responsibilities that providers have with respect to each
other?
Kind of services which are more likely to be bought or leased.
How to price resources that are leased and which fraction of resources
to lease.
Service level agreement is one of the main necessities in this level. The
specific nature of SLA varies from domain to domain, but can be generally
defined as “An explicit statement of expectation and obligation that exists
in a business relationship between two organizations: the service provider
and the service consumer.” SLA’s define the performance delivery ability of
the provider, the consumer’s performance profile and means to monitor and
measures the delivered performance. An implementation of a SLA should
80 • CLOUD COMPUTING BASICS
App Engine, Force.com, etc. are some of the popular PaaS examples.
Some of the PaaS benefits and challenges are shown in Table 4.3.
Figure 4.19 presents the various Microsoft products for SaaS, PaaS, and
IaaS. It also states on premise roles, cloud skills, and roles of three services.
The BPM tools and technologies are available for human/system work-
flow, business rules, document management modelling, and service-oriented
architecture.
required solutions and leverage them for their specific purposes. For
example, a customer can select sentiment analysis as a service, which
helps them to analyze the customer’s sentiments about his/her products
compared to the competitors’ products. Providing AaaS is highly cost-
effective as the data is publicly available on the web as blogs or review
articles.
ii. Models as a Service (MaaS): Models as a service present clients with
building blocks to develop their own analytical solutions by subscrib-
ing to the models available over a cloud. Various models which have
extremely high memory usage and CPU tasks (e.g., clustering models
like Neural Nets, SVM, Bayesian Models) can be ported to a cloud.
Testing under cloud not only helps reduce the financial burden of the
company, but also reduces the cycle time for testing and development envi-
ronments without buying the infrastructure. This environment provides test
tools to synchronize and build the services for the project and helps arrange
the project resources. The test and development environments are rarely
optimized and are usually low hanging. Typically, 30–50% of all servers in
an IT environment are dedicated to testing and development, which is a
significant amount. A number of these servers sit there at very low levels of
utilization and are in fact idle for a significant period during the project life
cycle. So, being able to better utilize these systems can be a huge benefit for
the organization. Testing under cloud helps in cutting the capital and opera-
tional costs and offers new and innovative services to clients.
The testing of cloud services has some familiar aspects. Even though
they will be used in a cloud environment, the basic components that pop-
ulate the data center need to be tested for functionality, performance, and
security. This is complemented with testing of the data center and end-to-
end services. Following are the areas where testing must validate various
hardware and systems.
a. At the network interconnectivity infrastructure level; the testing must
validate router, switches, and VOIP gateway.
b. At server and storage infrastructure; the testing must validate data center
capacity, data center network, and storage systems.
c. At virtualization; the testing must validate virtual host, virtual network
instantiation, and undertaking.
d. At security infrastructure; the testing must validate firewalls, intrusion
prevention systems, and VPN gateways.
Different forms of testing under the cloud are:
i. Testing of a cloud: This validates the quality of a cloud from an
external view based on the cloud specified capabilities and service
features. Cloud vendors carry out this testing.
ii. Testing inside a cloud: This checks the quality of a cloud from
an internal view based on the internal infrastructure of a cloud and
specified cloud capabilities. Cloud vendors carry out this testing.
iii. Testing over cloud: This tests the cloud-based service applications
over clouds, including private, public, and hybrid clouds based on
system level application service requirements and specifications.
Cloud-based application system providers carry out this testing.
90 • CLOUD COMPUTING BASICS
i. MapReduce
MapReduce is a parallel programming model for writing distributed appli-
cations devised at Google for efficient processing of large amounts of data
(multi-terabyte datasets), on large clusters (thousands of nodes) of commod-
ity hardware in a reliable, and fault-tolerant manner. It is discussed in detail
in previous sections. The MapReduce program runs on Hadoop, which is an
Apache open-source framework.
ii. Hadoop Workflow
It is quite expensive to build bigger servers with heavy configurations that
can handle large-scale processing, but as an alternative, you can tie together
many commodity computers with single CPUs, as a single functional distrib-
uted system and, practically, the clustered machines can read the dataset
in parallel and provide a much higher throughput. Moreover, it is cheaper
than one high-end server. So this is the first motivational factor behind using
Hadoop that it runs across clustered and low-cost machines.
Hadoop runs code across a cluster of computers. This process includes
the following core tasks that Hadoop performs:
Data is initially divided into directories and files, files are further sub
divided into uniform sized blocks.
These files are then distributed across various cluster nodes for further
processing.
HDFS, being on top of the local file system, supervises the processing.
Blocks are replicated for handling hardware failure.
Checks that the code was executed successfully.
Sending the sorted data to a certain computer.
Writing the debugging logs for each job.
94 • CLOUD COMPUTING BASICS
tree. The Namenode also knows the Datanodes on which all the block for
a given file are located. Datanodes store and retrieve blocks when they are
told to and they report back to the Namenode periodically with lists of blocks
that they are storing.
Apart from the above mentioned two core components, Hadoop frame-
work also includes the following two modules:
Hadoop Common: These are Java libraries and utilities required by other
Hadoop modules.
Hadoop YARN: This is a framework for job scheduling and cluster resource
management.
Namenode
The Namenode is the commodity hardware that comprises of GNU/Linux
operating system and the Namenode software. It is software that can be
run on commodity hardware. The system having the Namenode acts as the
master server and it does the following tasks:
Manages the file system Namespace
Regulates a client’s access to files
Executes file system operations such as renaming, closing and opening
files, and directories
Datanode
The Datanode is a commodity hardware having the GNU/Linux operat-
ing system and Datanode software. For every node (commodity hardware/
system) in a cluster, there is a Datanode. These nodes manage the data
storage of their systems.
Read-write operations are performed on the file systems as per client
requests.
They also perform operations such as block creation, deletion, and repli-
cation according to the instructions of the Namenode.
Block
Generally, the user data is stored in the files of HDFS. The file in a file sys-
tem is divided into one or more segments and/or stored in individual data
nodes. These file segments are called blocks. The minimum amount of data
that HDFS can read or write is called a Block. A block default size is 64MB,
but it can be increased according to need and make necessary changes in
HDFS configuration.
5
CLOUD MANAGEMENT
“Many data centers are migrating toward the cloud, or at least a cloud-
like model, so that they may take advantage of the pooled resources that
form the fundamental core of cloud computing.”
—Rex Wang, Vice President of Product Marketing Oracle
Consolidating workloads in the cloud delivers dramatic cost savings by min-
imizing the human costs of IT systems management. The cloud manage-
ment provides the key capabilities to manage the resources, control access
and govern the cloud infrastructure. Another interesting aspect of the cloud
management is the possibility of using external cloud services (SaaS) for
common, non-core functionalities. Most customer management functions
can be implemented and used as on demand, Software as a service.
5.2 SCALABILITY
The ability to scale on demand (compute, storage) is one of the most attrac-
tive features of cloud computing. Scalability in cloud computing refers to
the flexibility service providers can offer to their users. Service provid-
ers provide scalability without much interruption in their services. The
key component of cloud scalability is load balancing. Load balancing is
used to scale applications transparently. Any load balancing service ought
to be able to balance capacity, availability, and performance dynamically
to achieve maximum results with minimum resources. The high capac-
ity utilization often results in degradation of performance. Availability
affects both capacity and performance, and poor performance can in turn
degrade capacity.
CLOUD MANAGEMENT • 101
5.4 RESILIENCY
Resiliency is the capability to swiftly react and adapt to risks as well as oppor-
tunities. Resiliency ensures continuous business operations that support
growth and operate in potentially adverse conditions. A resilient comput-
ing is a form of failover that distributes redundant implementation of IT
resources across physical locations. IT resources can be preconfigured so
that if one resource becomes deficient, processing is automatically handed
over to other redundant IT resources. The reliability and availability of cloud
applications can be increased by leveraging the resiliency of cloud-based IT
resources. A resilient system is shown in Figure 5.1, in which cloud Y hosts
a redundant implementation of cloud service X to provide failover in case
cloud services X on cloud X become unavailable.
When a resilient framework is used to look at different parts of a com-
pany, a company is trying to understand whether it has a risk that it can
accept or whether it has a risk it wants to avoid and mitigate. A lot of orga-
nizations feel more comfortable transferring risks associated with business
continuity to cloud vendors rather than handle the risks themselves, as
recovering centers are designed to ensure resilience in the face of a disrup-
tion and be robust.
CLOUD MANAGEMENT • 103
5.5 PROVISIONING
The cloud provisioning is the allocation of a cloud provider’s resources to
a customer. The most common reference to cloud provisioning is when a
company seeks to transition the existing applications to the cloud without a
need to re-architect or re-engineer the applications. Provisioning is a broad-
based service that begins with a request for service (RFS) to build a fully
provisioned environment for the purpose of hosting an application, data-
base, etc. The output from provisioning is an environment configured and
104 • CLOUD COMPUTING BASICS
environment
Improve and provide consistency in the provisioning of environments
5.10 MULTI-TENANCY
The multi-tenancy architectural approach can benefit both application
providers and users. Multi-tenancy is an architecture in which a single instance
of a software application serves multiple customers. The customers using the
application are called tenants. Customers can customize an application such
as the color of the user interface (UI) or business rules as though it is their
private application instance. Tenants cannot customize the application’s
code. They can operate in virtual isolation by implementing virtualization.
CLOUD MANAGEMENT • 109
Due to a shared hardware and software stake, it is easy to manage the user
access to different applications and data, which leads to greater collaboration
and integration with faster time to market. Some other benefits of multi-
tenancy are quality services, user delight and repeat business. With a multi-
tenancy the provider has to make updates only once. It can be contrasted
with single-tenancy, an architecture in which each customer has his own
software instance and may be given access to code. With single-tenancy
architecture, the provider has to touch multiple instances of the software in
order to make updates.
Multi-tenancy can be economical as software development and mainte-
nance costs are shared. Less administrative work and fewer staff are needed
as the hardware and software environment are shared, which leads to further
cost saving. Sharing resources is the fundamental to cloud computing and
this is the idea of multitenancy. Service providers are able to build network
infrastructures and data architectures that are computationally efficient and
highly scalable to serve many customers that share them. In infrastructure
as a service (IaaS), where the customer are capable of provisioning comput-
ing, networking resources and storing and can control but cannot manage
the underlying infrastructure, multitenancy occurs when two or more virtual
machines (VMs) belonging to different customers share the same physical
machine (PM). Similarly, in SaaS provider, one instance of the application
database can be run by multiple customers. But in this case each tenant’s
data is isolated and remains invisible to the other tenants.
CHAPTER
6
CLOUD SECURITY
resources, web applications and services over the Internet, intranet, and
extranet. The hybrid cloud is a combination of public and/or private. The
security challenges related to these deployment models are stated below:
Cloning and resource pooling: Cloning deals with the replicating or
duplicating of data. Cloning leads to data leakage problems, revealing
the machine’s authenticity. Resource pooling as a service is provided to
the users by the provider to use various resources and share the same
according to their application demand.
Mobility of data and data residuals: For the best use of resources,
data is often moved to a cloud infrastructure. As a result, the enterprise
would be devoid of the location where data is put on the cloud; this is
true with the public cloud. Due to this data movement the residuals of
data are left behind, which may be accessed by unauthorized users.
Elastic perimeter: A cloud infrastructure, specifically like a private
cloud, creates an elastic perimeter. The users and departments through-
out the organization allow sharing of different resources to increase
facility of access, but unfortunately it can lead to data breach. In private
clouds, the resources are centralized and distributed as per demand.
CLOUD SECURITY • 113
Malicious users may gain access to certain confidential data, thus leading
to data breaches.
Storage and Backup: It is the responsibility of cloud vendor to ensure
that regular backup of data is carried out. However, this data backup is
generally found in unencrypted forms, leading to misuse of the data by
unauthorized users.
Shared technological issues: IaaS vendors transport their services in
a scalable way by contributing infrastructure. However, this structure
does not offer strong isolation properties for a multitenant architec-
ture. In order to address this gap, a virtualization hypervisor intercedes
the access between guest operating systems and the physical compute
resources.
Service hijacking: Service hijacking is associated with gaining illegal
control on certain authorized services by various unauthorized users. It
accounts for different techniques like phishing, exploitation of software
and fraud. This is considered as one of the topmost threats.
VM hopping: With VM hopping, an attacker on one VM gains the right
to use another VM. An attacker can check the victim VM’s resource,
alter its configurations and can even delete stored data, thus putting
the VM’s confidentiality, integrity and availability in danger. This attack
is only possible if two VM’s are operating on the same host and the
victim VM’s IP address is recognized. In addition, multitenancy makes
the impact of a VM hopping attack larger than in a conventional IT
environment. As quite a few VMs can run at the same time on the
same host, there is a possibility of all of them becoming victim VMs.
Thus VM hopping is a critical vulnerability for both IaaS and PaaS
infrastructures.
VM mobility: Contents of VM virtual disks are saved as files such that
VMs can be copied from one host to another host over the system or
via moveable storage devices with no physical theft of a hard drive. VM
mobility might offer quick use and can show the way to security prob-
lems like the rapid spread of susceptible configurations that an attacker
can make use of to expose the security of a novel host. There are vari-
ous attacks that might take advantage of the weaknesses in VM mobil-
ity, which include man-in-the-middle attacks. The severity of the attacks
ranges from leaking sensitive information to completely compromising
the guest OS. In addition, VM mobility amplifies the complications of
security management because it offers enhanced flexibility.
CLOUD SECURITY • 115
Flooding attack: The invader sends the request for resources on the cloud
rapidly and continuously so that the cloud gets flooded with requests thus
leading to a flooding attack.
Incomplete data deletion: This is a hazardous and most critical attack on
cloud computing. When data is deleted, it is possible that all the replicated
data placed on a dedicated backup server is not removed. The reason being
that the operating system of that server will not delete the data unless it is
specifically commanded by the network service provider. Precise data dele-
tion is impossible because copies of the data are saved in replica but are not
available for use.
Locks in: Locks in is a small tender in the manner of tools, standard data
format or procedures, services edge that could embark on application, data
and service portability, not leading to facilitate the customer in transferring
from one cloud provider to another or transferring the services back to home
IT location.
Platform level: Security model at this level depends more on the provider
to maintain data availability and integrity. It must take care of following secu-
rity aspects:
a. Integrity: It assures that data has not been changed without your knowl-
edge. Integrity can be used in reference to the proper functioning of a
network, system or application. For example, when the term integrity is
used in reference to a system it means that the system behaves accord-
ing to design, specification and expectation even under adverse circum-
stances such as an attack or disaster. There are three goals of integrity:
Preventing unauthorized users from modifying the information.
Preservation of the internal and external consistency.
Preventing unintentional or unauthorized alteration of information
by authorized users.
b. Confidentiality: Confidentiality assures that the data cannot be viewed
by unauthorized people. It is concerned with preventing the unauthor-
ized disclosure of sensitive information. And the disclosure could be
intentional, such as breaking a cipher and reading the information, or it
could be unintentional due to carelessness or incompetence of individu-
als handling the information.
c. Authentication: Authentication is the verification that the user’s claimed
identity is valid, such as through the use of a password. At some funda-
mental level, you want to be sure that the people you deal with are really
who they say are. The process of proving identity is called authentication.
d. Defense against intrusion and denial of Service attack: The main
aim of the attack is to slow down or totally interrupt the service of any
system. This attack may have a specific target; for example, an entity may
suppress all messages directed to a destination. Another form of service
denial is the interruption of an entire network, either by overloading it
with messages or by disabling the network resulting in the degradation
of performance.
e. Service level agreement: A service level agreement (SLA) is a part
of a service contract where a service is formally defined. SLA is often
referred to the service and performance provided by the provider to the
customer.
Application Level: The following key security elements should be delib-
erately considered as an integral part of the application development and
deployment process.
118 • CLOUD COMPUTING BASICS
cloud architecture. In the section, we will learn about the cloud information
(storage) architecture. The different types of storage provided at each layer
are listed below:
Infrastructure as a service: IaaS for the public or private cloud has the
following storage options:
Raw Storage: This includes the physical media where data is stored.
Volume Storage: This includes the volumes attached to IaaS instances,
typically as a virtual hard drive.
Object Storage: This is referred to as file storage.
Content Delivery Network: Content is stored in object storage, which is
then distributed to multiple geographically distributed nodes to improve
Internet consumption speeds.
Platform as a Service: PaaS provides and relies on a very wide range of
storage options:
Database: Information and content may be directly stored in the data-
base or as files referenced by the database.
Object/file Storage: Files or other data are stored in object storage, but
only accessed via the PaaS API.
Volume Storage: Data may be stored in IaaS volumes attached to instance
dedicated to providing the PaaS service.
Application Storage: It includes any storage options built into a PaaS
application platform and consumables via APIs that do not fall into other
storage categories.
Software as a Service: As with PaaS, SaaS uses a very wide range of storage
and consumption models. SaaS storage is always accessed via a web-based
user interface or client/server application. If the storage is accessible via API
then it’s considered PaaS. Many SaaS providers also offer these PaaS APIs.
SaaS may Provide:
Content/file storage: File-based content is stored within the SaaS appli-
cation (reports, image files and documents) and made accessible via the
web based user interface.
Information storage and management: The data is entered into the sys-
tem via the web interface and stored within the SaaS application (usually
a back-end database). Some SaaS services offer data set upload options
or PaaS APIs.
120 • CLOUD COMPUTING BASICS
sender with a Proof Of Receipt (POR) which proves that the recipient
received the data. With receiver non-repudiation the recipient is pro-
vided with a Proof Of Origin (POO), which proves that the originator
sent the data. Non-repudiation can be achieved using a digital signature.
A digital signature is a mathematical scheme to show the authenticity of
a digital message or document.
g. Privacy: Internet privacy involves the desire or mandate of personal
privacy concerning transactions or transmission of data via the Internet.
It states certain rules to have control over the type and amount of infor-
mation revealed about a person on the Internet and who may access said
information. The provider should guarantee that there is no third-party
access to the platform processor, memory, and/or disk files.
Some of the privacy threats include:
Visits to websites will be tracked secretly.
E-mail addresses and other personal information can be used for
marketing or other purposes without approval.
Credit card theft.
Personal information can be sold to third parties without permission.
h. Trust: Trust revolves around assurance and confidence that people,
data, entities, information, or processes will function or behave in
expected ways. Trust may be machine to machine (like a handshake pro-
tocol), human to human, human to machine (like a digital signature), or
machine to human.
i. Policy: The term policies are high-level requirements that specify how
access is managed and under what circumstances who may access what
information. A security policy should fulfill many purposes. It should
protect people and information and set the rules for expected behavior
by users, system administrators and management and security person-
nel. The policy should define and authorize the consequences of viola-
tion, help reduce risk and help track compliance with regulations and
law formulation.
j. Authorization: Authorization is the act of checking to see if a user has
the proper permission to access a particular file or perform a particular
action. It enables us to determine exactly what a user is allowed to do.
Authorization is typically implemented through the use of access con-
trol. Access control is a mechanism that prevents unauthorized access
and ensures that authorized users cannot make improper modifications.
128 • CLOUD COMPUTING BASICS
all the VMs running in the data center or cloud. For the native virtualization
architecture, there have been no known attacks on a hypervisor due to its
nature of being embedded in the hardware. A hypervisor can be attacked in
two ways: attack on hypervisor through the host OS and attack on hypervisor
through a guest OS.
Attacks on hypervisor through host OS: This is to exploit vulnerabili-
ties of the host OS on which the hypervisor runs. The native virtualization
architecture requires specially configured hardware; most virtualization
deployments are done with the hosted architecture. With vulnerabilities and
security lapses in most modern operating systems, attacks can be made to
gain control of the host OS. Since the hypervisor is simply a layer running on
top of the host OS, once the attacker has control of the host OS the hyper-
visor is essentially compromised. Thus, the administrative privileges of the
hypervisor enable the attacker to perform any malicious activities on any
of the VMs hosted by the hypervisor. This propagation of attacks from the
hosted OS to the hypervisor then to the VMs is shown in Figure 6.4.
attacks directly on the real physical resources. Modifying the virtual mem-
ory in a way that exploits how the physical resources are mapped to each
VM, the attacker can affect all the VMs, the hypervisor and potentially other
programs on that machine. Figure 6.5 shows the relationship between the
virtual resources and the physical resources, and how the attacker can attack
the hypervisor and other VMs.
These two types of attacks are the most distinct vulnerabilities in virtu-
alization, whereas there are other potential ways to exploit a virtualized data
center or cloud too. Other forms of attack such as virtual library checkout,
migration attacks and encryption attacks are exploits on the characteristics
and infrastructure of virtualization. The fast growth in virtualization and vir-
tualization security has solved many problems of new and existing compa-
nies, but still it faces challenges in areas such as monitoring, visibility, and
infrastructure.
Monitoring is the ability for data centers and clouds to log authentic
data in VMs or the hosts. Usually a company only imposes strong defense
and monitoring on the perimeter networks, whereas there is no or insuffi-
cient protection against internal threats. However even for companies that
provide extensive internal monitoring, the characteristics of virtualization
make monitoring very difficult. The new management layer created in vir-
tualization is intended to abstract away the underlying resources from the
VMs, but due to this new layer some information may be abstracted away
132 • CLOUD COMPUTING BASICS
other customers’ systems, data and applications are invisible to him. Some of
best practices for the cloud providers include:
– Physical data center security—This includes building security like key card
protocols, biometric scanning protocols, round-the-clock interior, and exterior
monitoring and access to data center only by the authorized personnel.
– Isolating and securing networks—Each isolated network has to have
proper perimeter controls and policies to limit access to it.
– Host machine operating system security—Manages many guest virtual
machines at once, and any security hole might give the attacker access to
multiple customer environments. Host machine protection should include:
– Intrusion detection system monitoring network and system for any
malicious activities.
– As small a number of user accounts as possible with limited administra-
tor access to them.
– Policy on strong and complex access passwords.
– Performing regular vulnerability scanning of cloud infrastructure in
order to find and identify any new or recurring vulnerability to pre-
pare proper mitigation strategies.
– Strong authorization and authentication must be implemented to pro-
vide the customer with secure access to their data and resources. The
basis of least privilege should be taken into consideration ensuring that
the user can access only the resources he needs. And only the authorized
administrators can access the cloud’s resources.
– Ensuring auditing mechanisms are in place logging every time the cus-
tomers or administrators access and use the resources.
– Frequent backups of data should be carried out by the provider. It has to
be transparent to the customer what backups the provider will perform
and what should be done by the user.
– Encrypting APIs through which the customers access the cloud resources
with SSL, recommended to provide secure communication over Internet.
6.6.2 Security by Cloud Customers
Even though a significant amount of security responsibility falls on the pro-
vider, the cloud’s customers have to be aware of certain practices such as:
– Proper firewall protection is required to analyze the incoming and outgoing
traffic and making sure any unauthorized access is blocked. The user has
to make sure that the hardware firewalls are properly configured to cor-
rectly protect all the machines on a local network. Software firewalls have
to be installed on individual machines to prevent a third party from taking
control of the machine and to protect the customer’s virtual machines.
136 • CLOUD COMPUTING BASICS
not supposed to. In such cases, the proper authentication and encryption
techniques e.g., IPsec, should be implemented to ensure that the VM
only communicates with the ones which it is supposed to.
– The users can manage a part of a cloud and access the infrastructure by
web interfaces or HTTP end points. In this case the interfaces have to
be properly developed, and standard security techniques of web applica-
tions have to be used to protect the diverse HTTP requests.
– Security policy must be implemented in the organization cloud to pro-
tect the system from any attacks originating within the organization. The
proper security rules and principles should exist across the organization’s
departments to implement the security control.
The hybrid cloud model is a combination of the public and private
clouds. Hence, the security issues explained above with respect to both the
public and private clouds are relevant to hybrid clouds also. However, a trust
model of cloud security in terms of social security has to be defined.
CHAPTER
7
CASE STUDY
from the first ones and sub-leasing them to second ones. Coordinators take
the responsibility of publishing and advertising services on behalf of the ven-
dors and can gain benefits from reselling them to brokers. Every single par-
ticipant has his own utility function that they want to optimize. Negotiations
and trades are carried out in a secure and dependable environment and are
mostly driven by SLAs, which each party must fulfill.
Several components contribute to the realization of the cloud exchange
and implement its features. The reference model depicted in Figure 7.1
identifies three major components:
c. Bank: This takes care of all the financial aspects associated with the
operations happening in the virtual market place. It also ensures that all
the financial transactions are carried out in the secure and dependable
environment. Providers and Consumers may register with the bank and
can own one or multiple accounts which can be used to perform the
transaction in the virtual market place.
v. Resource Monitor: This monitors the status of the virtual and physical
computing resources. Infrastructure as a service mostly focusses on
keeping track of the availability of VMs and their resource entitle-
ments. Platform as a service providers monitor the status of the dis-
tributed middleware enabling the elastic execution of applications
and load of each node.
vi. Service Request Monitor: This component keeps track of the
information related to the execution progress of service requests is
being maintained by this component. This information is helpful to
analyze the performance of the system and to provide quality feed-
back about the capability of the provider in satisfying requests. For
instance, elements of interest are the average processing time of a
request, or its time to execution, etc.
c. Virtual Machine (VMs): Virtual machines constitute the basic building
blocks of a cloud computing infrastructure, especially for infrastructure
as a service. They represent the unit of deployment for addressing a
user’s requests. Also, VMs are among the most important components
influencing the quality of service which a user requested and is served.
d. Physical Machine: At the lowest level of the reference architecture
resides the physical infrastructure that can comprise of one or more
datacenters. All the service demands are being fulfilled at this layer by
providing resources.
cloud storage vendors and uses them as distributed elastic storage where
the user content is stored. MetaCDN provides users with the high-level
services of a CDN for content distribution. It also interacts with the low-
level interfaces of storage clouds to optimally place the user content in
accordance with the expected geography of its demand. The architecture of
MetaCDN is shown in the Figure 7.3.
The MetaCDN interface exposes its services through users, and appli-
cations through the web: users interact with a portal, while applications take
advantage of the programmatic access provided by means of web services.
Main operations of MetaCDN are the creation of deployments over storage
clouds and their management. Four different deployment options can be
selected, and they are:
a. Coverage and Performance Optimized Deployment: In this,
MetaCDN will deploy as many replicas as possible to all available
locations.
CASE STUDY • 145
capacity requirement changes. It works best for web application and relies
on the assumption of a request-reply structure, which assumes long periods
of no CPU utilization.
App Engine is a strictly public offering of Google although it provides
a secure data connector. The Secure Data Connector (SDC) ensures that
private data is securely accessible to the Google App Engine application.
Google App Engine is an application hosting and development platform that
boosts up everything from enterprise web applications to mobile games. The
parameter which is of prime importance is the time-to-market, and with
Google App Engine’s simple development, robust APIs, and worry-free host-
ing it can accelerate the application development and hence take advantage
of simple scalability as the application grows.
One of the prominent features of the Google App Engine is the fact that
it is free for moderate levels of use. Every person that possesses a Gmail
account can have up to ten free applications running on the Google infra-
structure and in the case of one of them becoming very popular and the traf-
fic going above the allowed level of the free account, one can pay to use more
of Google’s resources. As the application scales, all the hardware, data stor-
age, backup and network provisioning for the customer are taken care of by
Google engineers. The payment of Google resources is likely to be way lower
than maintaining the same resources by the customer themselves. Google
focuses on providing hardware and network, while the customer focuses on
the development and the user community around his application.
Google App Engine makes it easy to take the application idea to the next
level. Following are some features of it:
To model and deploy applications by the users within an hour with no
software or hardware to buy and maintain.
The rich set of APIs that help to build feature-rich services faster and
easier with Google App Engines.
It is simple to use, and Google App Engine includes the tools you need
to create, test, launch and update your application.
Pay for what you use with App Engine’s free tier and pay only for the
resources you use as your application grows.
Immediate scalability; there is almost no limit to how high or how quickly
your app can scale.
powerful hardware. App Engine shares the available resources among mul-
tiple applications but isolates the data and security between each application
as well. Your application is allowed to use some of the Google services like
URL fetch, Memcache, and mail to execute a process on its behalf.
App Engine is meant for an application that reacts quickly to requests.
It is expected to respond within hundreds of milliseconds to a web request.
A request can be as simple as getting a chunk of data from a data store or
contact a remote server. The working of Google App Engine is depicted in
the Figure 7.4
The Azure Platform lays the foundation for running applications and
storing data on the cloud. It has three services: compute service, storage
service, and fabric. Compute service enables applications to run in the cloud,
storage service provides storage for content and fabric provides a framework
to monitor and manage the applications running on the cloud. SQL Azure is
a fully relational database support on Windows Azure.
in the number of users accessing the system. Fabric controller manages the
Windows Azure Fabric and is responsible for automating the load balancing
to ensure that the scalability is achieved. The Windows Azure Fabric has
parallel virtual machines running the image of the applications utilizing a
Hyper-V, which is a fine-tuned version specific to Windows Azure. The fol-
lowing Figure 7.6 displays the Windows Azure Fabric.
SQL Azure database has few key areas that are disaster recovery, rep-
lication and backup which are of concern in terms of database administra-
tion functions. The data in the SQL Azure database can be accessed by the
Tabular Data Stream (TDS) protocol.
The key benefits with SQL Azure are:
i. Supports multi-tenant.
ii. Ease of use (simple provisioning and deployment of multiple databases).
iii. Built-in high availability and multi-tolerance.
iv. No physical administration is required.
v. Ability to scale up or down based on business needs.
vi. Support T-SQL based relational data model.
vii. Integration with SQL Server and Visual Studio tools for designing and
building.
based on claims-based identities and access control services. The pay slip
generation, which happens once in a month, can be handled by Worker Role
based on a trigger controlled by the Web Role instance of the application.
These pay-slip formats can be stored in blobs while the metadata associated
with it can be stored in the Azure Tables.
Organizations can utilize a free usage tier and after that enjoy low fees
for the number of emails sent plus data transfer fees.
– Using SMTP or a simple API call, an organization can now access a
high-quality, scalable email infrastructure to efficiently and inexpen-
sively communicate to their customers. For high email deliverability,
Amazon SES uses content filtering technologies to scan an organiza-
tion’s outgoing email messages to help ensure that the content meets
ISP standards. The email message is then either queued for sending
or routed back to the sender for corrective action. To help organiza-
tions further improve the quality of email communications with their
customers Amazon SES provides a built-in feedback loop, which
includes notifications of bounce backs, failed and successful delivery
attempts, and spam complaints.
– Amazon CloudSearch: Amazon CloudSearch is a fully-managed ser-
vice in the AWS Cloud that makes it easy to set up, manage, and scale a
search solution for your website or application. Amazon CloudSearch
enables you to search large collections of data such as web pages,
document files, forum posts, or product information. With Amazon
CloudSearch, you can quickly add search capabilities to your web-
site without having to become a search expert or worry about hard-
ware provisioning, setup and maintenance. With a few clicks in the
AWS Management Console you can create a search domain, upload
the data you want to make searchable to Amazon CloudSearch, and
the search service automatically provisions the required technology
resources and deploys a highly tuned search index. As your volume of
data and traffic fluctuates, Amazon CloudSearch seamlessly scales to
meet your needs.
– Amazon Elastic Transcoder: Amazon Elastic Transcoder is media
transcoding in the cloud. It is designed to be a highly scalable, easy to
use and a cost-effective way for developers and businesses to convert
(or “transcode”) media files from their source format into versions
that will playback on devices like smartphones, tablets, and PCs.
– There’s no need to administer software, scale hardware, tune per-
formance, or otherwise manage transcoding infrastructure. You sim-
ply create a transcoding “job” specifying the location of your source
video and how you want it transcoded. Amazon Elastic Transcoder
also provides transcoding presets for popular output formats, which
means that you don’t need to guess about which settings work best
on particular devices. All these features are available via service APIs
and the AWS Management Console.
164 • CLOUD COMPUTING BASICS
7.6 ANEKA
Aneka is an Application Platform-as-a-Service (Aneka PaaS) for Cloud
Computing. For building customized applications and deploying them on
either public or private clouds, Aneka acts as a framework.
Aneka is a .NET-based application development Platform-as–a-Service
(PaaS). It offers a runtime environment with a set of APIs that enable devel-
opers to build customized applications by using multiple programming
models such as Thread Programming, Task Programming, and MapReduce
Programming, which can leverage the compute resources on either pub-
lic or private Clouds. It provides a number of services that allows users to
reserve, control, monitor, auto-scale and bill users for the resources used by
their applications. One of its key characteristics is to support provisioning of
resources on public Clouds such as Windows Azure, GoGrid, and Amazon
EC2, while also harnessing private Cloud resources ranging from desktops
and clusters to virtual data centers when needed to boost the performance
of applications.
CASE STUDY • 167
which mimics the semantics of the common local thread but is executed
remotely in a distributed environment. This model offers finer control on
the execution of the individual components (threads) of an application.
Thread Programming but requires more management as compared to Task
Programming, which is based on a “submit and forget” pattern. An Aneka
thread has been designed to mirror the interface of the System Threading
Thread NET class, so that developers can easily move existing multi-
threaded applications to the Aneka platform with minimal changes. Ideally,
applications can be transparently ported to Aneka just by replacing local
threads with Aneka Threads and thus making minimal changes to the code.
Task Programming Model: Fast and Simple—This Model provides
developers with the ability to express applications as a collection of indepen-
dent tasks. Each task can perform same or different operations on different
data, and can be executed in any order by the runtime environment. This is
a scenario that makes it a very popular model for grid computing in which
many scientific applications fit. Moreover, Task programming allows the par-
allelization of legacy applications on the Cloud.
MapReduce Programming Model: Data Intensive Applications—The
Programming Model designed to process extensive quantity of data by using
simple operations that extract useful information from a dataset (map func-
tion) and aggregates this information together (reduce function) to produce
the final results. The logic for these two operations and the dataset are pro-
vided by developer and rest Aneka will do, making the results accessible
when the application is completed.
7.7 SALESFORCE
Salesforce.com is a social enterprise software-as-a-service (SaaS) provider
based in San Francisco. It was founded by former Oracle executive Marc
Benioff in March 1999. Salesforce helps to manage customer relationships,
integrate with other systems and build applications. The company is well
known for its Salesforce Customer Relationship Management (CRM) prod-
uct, which is composed of Sales Cloud, Service Cloud, Marketing Cloud,
Commerce Cloud, IoT Cloud, Analytics Cloud, Health Cloud, App Cloud,
and Financial Services Cloud.
Salesforce Sales Cloud manages contact information and integrates social
media and real-time customer collaboration through Chatter. It supports
sales, marketing, and customer support in both B2B and B2C contexts. Sales
CASE STUDY • 169
Cloud helps track customer information and interactions in one place, auto-
mates complex business processes, keeps all information up to date, nurtures
leads, and tracks the effectiveness of marketing campaigns. Features in Sales
Cloud include contact management, opportunity management, Salesforce
Inbox, Salesforce Engage, lead management, reports and dashboards, Wave
App for Sales, marketing automation, and more.
Salesforce Service Cloud is a service platform for customer service and
support. It includes a call center–like case tracking feature and a social net-
working plug-in for conversation and analytics. Service Cloud helps agents
solve customer problems faster, gives customers access to answers to solve
problems on their own, helps personalize service, predicts needs, and helps
deliver support to customers wherever they may be. Features in Service
Cloud include a live agent, communities, LiveMessage, Snap-ins, Field
Service Lightning, Omni Routing, and social customer service.
Salesforce Marketing Cloud helps in personalized email marketing at
scale; engagement with mobile messaging; connecting social to marketing,
sales and service; managing ad campaigns to help with customer acquisitions.
It also efficiently delivers personalized web content and creates a 1-to-1 cus-
tomer journey across channels.
Salesforce Commerce Cloud, formerly known as Demandware, is a cloud-
based service unifying the way businesses engage with customers over any
channel. Commerce Cloud allows businesses to manage digital commerce
with integrated solutions for commerce, point of sale, and order manage-
ment. The Cloud helps launch new sites, create new customer experiences,
bring stores online and integrate partner technologies.
Salesforce IoT Cloud is a platform in Salesforce.com that harnesses the
power of the internet of things (IoT) and turns data generated by customers,
devices, partners and sensors in meaningful information. It allows users to
process huge quantities of data, build rules with intuitive tools and engage
with customers in real time.
Salesforce Analytics Cloud, or Salesforce Wave Analytics, is a business
intelligence platform that allows organizations to instantly get important
answers and start making data-driven decisions. Analytics allows users to act
on data instantly, connect easily to Sales and Service cloud data, work from
any device, analyze data for better insights, and utilize analytics apps for
every function including sales, service, marketing, HR, and IT.
Salesforce Health Cloud, is a health IT CRM system that integrates
record management services of doctor-patient communications. The cloud
creates an individual profile from each member including demographics,
communications and any other pertinent information all in one location.
170 • CLOUD COMPUTING BASICS
It helps patients to track progress toward care plans and health goals. The
cloud can also monitor cases and prioritizes tasks based on immediate needs
or level of importance. It even enhances the systems by incorporating apps
in a secure and flexible platform.
Salesforce App Cloud is a collection of development tools that allows
developers to quickly create applications that will run on the Salesforce plat-
form. App Cloud provides native integration, eliminating the need for IT.
It allows users to build apps that integrate customer data for more engag-
ing customer experiences. It helps automate business processes and extend
powerful APIs for added security.
Salesforce Financial Services Cloud helps deliver experiences that drive
client loyalty through personalized tools. The cloud allows more visibility
into existing household opportunities and the ability to track referrals, allows
instant access to all client data in one central location, and addresses regula-
tory compliance.
7.8 EUCALYPTUS
Eucalyptus 2.0 is an open source Linux-based software architecture that
implements scalable, efficiency-enhancing private, and hybrid clouds within
an organization’s IT infrastructure. Eucalyptus provides Infrastructure as
a Service (IaaS),where users can provision their own resources (hardware,
storage, and network) via Eucalyptus’ self-service interface on an as-needed
basis. A Eucalyptus cloud is deployed across an enterprise’s “on-premises”
data center and users access it over enterprise intranet. Thus, with a
Eucalyptus private cloud, sensitive data remains secure from external
intrusion behind the enterprise firewall. It was designed to be easy to install
and as nonintrusive as possible. The software framework is highly modular,
with industry standard, language-agnostic communication as shown in
Figure 7.10. It interoperates seamlessly with Amazon’s EC2 and S3 public
cloud services and thus offers the enterprise a hybrid cloud capability.
Eucalyptus is also unique by providing a virtual network overlay that both
isolates network traffic of different users and allows two or more clusters to
belong to the same Local Area Network (LAN).
The Eucalyptus design is primarily motivated by two engineering goals:
extensibility and non-intrusiveness. Eucalyptus is extensible as a result of
its simple organization and modular design. Eucalyptus components have
well defined interfaces, support secure communication and rely upon
industry-standard web-services software packages.
CASE STUDY • 171
[1] R. Buyya, High Performance Cluster Computing: Architecture and Systems, Prentice
Hall PTR, NJ, 1999.
[2] J. Broberg, S. Venugopal and R Buyya, Market Oriented Grids and Utility Computing:
the state of the art and future directions, Journal of grid computing, Springer,
Netherlands, pp 255–276, 2008.
[3] R. Buyya and K Bubendorfer, Market Oriented Grid Computing and utility Computing,
Wiley, 2009.
[4] R. Buyya and S. Venugopal, The Gridbus toolkit for service oriented grid and utility
computing: An overview and status report, proceeding of the 1st IEEE International
Workshop on Grid Economics and Business Models, IEEE, 2004.
[5] M. P. Papazoglou, P. Traverso, S. Dustdar and F. Leymann, Service Oriented Computing:
State of the Art and Research Challenges, IEEE Computer Society, 2007.
[6] R. Buyya, C.S. Yeo and S. Venugopal, Market Oriented Cloud Computing: Vision,
Hype and Reality for Delivering IT Services as Computing Utilities, Proceedings of
the 10th Conference on High Performance Computing and Communication, China,
2008.
[7] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff and
D. Zagorodnov, The Eucalyptus Open-source Cloud Computing System, in Proc of
9th IEEE/ACM International Symposium on Cluster Computing and the Grid, China,
2009.
[8] C. Vecchiola, X. Chu, M. Mattess and R. Buyya, Aneka-Integration of Public and
Private Clouds, in Cloud Computing: Principles and Paradigm, Willey, 2011.
[9] P. Mell and T. Grance, NIST Working Definition on Cloud Computing, National
Institute of Standard and Technology (NIST).
176 • REFERENCES
[10] A. M. Vouk, Cloud Computing Issues, Research and Implementation, Proc of the 30th
International Conference of Information Technologies and Interfaces, Croatia, 2008.
[11] S. Ghemawat, H. Gobioff and S. T. Leung, The Google File System, Proceedings of the
19th ACM Symposium of Operating Systems Principles, ACM, 2003.
[12] T. Erl, Service Oriented Architecture: Concept, Technology and Design, Prentice Hall,
PTR, 2009.
[13] OASIS, Reference Architecture Foundation for Service Oriented Architecture, Ver
1.0, 2009.
[14] R. Buyya, R. Ranjan and R. N. Calheiros, InterCloud: Utility Oriented Federation of
Cloud Computing Environment for Scaling of Application Services, Proc. of the 10th
International Conference on Algorithms and Architectures for Parallel Processing,
South Korea, 2010.
[15] Open Cloud Standard Incubator, Interoperable Clouds: A White paper from the open
cloud Standards Incubator, Distributed Management Task Force (DMTF), 2009.
[16] J. A. Bowen, Legal Issues in Cloud Computing, Cloud Computing: Principles and
Paradigms, Wiley Press, USA, 2011.
[17] J. W. Rittinghouse and J. F. Ransome, Cloud Computing Implementation, Management
and Security, CRC Press, 2010.
[18] J. Broberg, R. Buyya and Z. Tari, MetaCDN: Harnessing Storage Clouds for high
performance content delivery, Journal of Network and Computer Application,
Netherland, 2009.
[19] R. Buyya, M. Pathan and A. Vakali, Content Delivery Networks, Springer, Germany,
2008.
[20] Jin Liu, Fei Liu, Jing Zhou and Cheng Wan He, Irregular Community Discovery for
Social CRM in Cloud Computing, Springer, Volume 5931.
[21] Grid Computing, Dr Marco Quaranta, www.sun.com
[22] Virendra Singh Khushwah and Aradhana Saxena, A Security approach for data Migration
in cloud computing, International Journal of Scientific and Research Publication, Vol 3.
[23] Judith Hurwitz, Robin Bloor, Marcia Kaufman and Fern Halper, Characteristic of
Virtualization in Cloud Computing.
[24] Torry Harris, Cloud Computing—An Overview.
[25] Microsoft, TechNetMagazine.technet.microsoft.com/en-us/library/hh509051.aspx
[26] www.oocities.org/media-h/technology/documentations/p2p_computing.html
[27] www.pctechguide.com/networking/p2p_networking
REFERENCES • 177
[52] www.evanshortiss.com/development/mobile/2014/02/22/sns-push-notification-using-
nodejs.html
[53] Tata consultancy services, whitepaper on Window Azure.
[54] NIST Special publication 500–299, NIST CC Security Reference Architecture.
[55] Aneta Poniszewska–Maranda, Selected aspect of security mechanism for cloud
computing–current solution and development perspective, Journal of Theoretical and
Applied Computer Science, Vol-8, 2014.
[56] Handbook of Cloud Computing 2010.
[57] Cloud Computing—A Practical Approach.
[58] VMWare-cloudops-servicedeliverymodels-white-paper.
[59] Cloud_computing_use_cases_whitepaper_4_0.
[60] NIST _CC_Reference_Architecture_v1_March_30_2011.
[61] HighTech_Whitepaper_Windows_Azure_09_2011.
[62] Sergebazhievsky_Introduction_to_Hadoop_MapReduse_v2.
[63] R. Buyya, Christian Vecchiola, S. Thamarai Selvi, Mastering Cloud Computing, 2013.
INDEX
A Business Process Management (BPM)
Amazon Elastic Compute Cloud (Amazon business challenges, 84–85
EC2), 156 lifecycle, 85
Amazon Route 53, 157 PaaS, 84
Amazon Virtual Private Cloud (Amazon
VPC), 157 C
Amazon Web Service (AWS) Client side desktop virtualization, 50
analytics, 160–161 Cloud adoption
application services, 161–163 reasons for, 23
compute & networking, 156–157 sectors that can benefit, 23–24
database, 159–160 Cloud analytics
deployment and management, 164–166 analytics as a service (AaaS), 87–88
features, 154–155 elements, 88
global physical infrastructure, 155 knowledge process, 87
history, 154 models as a Service (MaaS), 88
storage and content delivery network, Cloud computing, 6–7
157–159 adoption, 22–25
Amazon WorkSpaces, 156 advantages and disadvantages of, 27–29
Analytics as a service (AaaS), 87–88 analytics, 86–88
Aneka attributes, 17
architecture, 167–168 benefits, 11
characteristics, 166 BPM, 84–85
Application services, 24 challenges
Application virtualization, 53–54 cloud data management, 20
Auditability, 20 common cloud standards, 22
AWS Direct Connect, 157 energy resource management, 21
interoperability, 20–21
B multitenancy, 21
Bare-metal/native hypervisors (type-1), reliability and availability of services,
37, 39–40 21–22
Block-level storage systems, 43 security, 20
180 • INDEX
HDFS, 92 L
MapReduce, 92
Local area networks (LANs), 3
storage and compute, 92
Hadoop Distributed File System (HDFS) M
advantages, 92
architecture, 95–96 MapReduce
Datanode, 95 advantages, 90
features, 95 algorithm, 90
vs. generic file system, 94 mappers and reducers, 90
goals, 96–97 Map subprogram, 91
Hadoop Common, 95 programming model, 90
Hadoop YARN, 95 Reduce subprogram, 91
Namenode, 94 Market Oriented Cloud Computing (MOCC)
Hypervisor auctioneer, 140
advantages, 39 bank, 141
bare-metal/native hypervisors (type-1), characteristics, 139
37, 39–40 for datacenters
embedded/host hypervisor (type-2), 37, 40 physical machine, 143
fault tolerance (FT), 38 SLA resource allocator, 142–143
guest VM, 37 users/brokers, 142
high availability (HA), 37 virtual machines, 143
history, 36 directory, 140
live migration, 38–39 reference model, 140
logical memory blocks (LMBs), 36 virtual market place, 139
physical memory blocks (PMBs), 36 MetaCDN
responsibility, 37 architecture, 144
virtualization security management components, 145
attacks through guest OS, 130–131 core value, 145
attacks through host OS, 130 deployment options, 144–145
Metering of resources, 25
I Models as a Service (MaaS), 88
Multi-tenancy, 21, 66, 108–109
IaaS, 71
Infrastructure as a Service (IaaS) N
benefits and challenges, 82
Namenode, 94, 96
cloud consumer, 69
Network attached storage (NAS), 44–46
cloud information architecture, 119
Network virtualization
cloud role evolution, 83
advantages, 48
Eucalyptus, 170
virtual IP (VIP), 48–49
InterCloud, 78
virtual LAN (VLAN), 48
virtual private network (VPN), 49
J Non-SOA system
Jeeva portal, architecture of, 13 architecture of, 59
Jungle computing, 8 pharmaceutical application, design of, 59
184 • INDEX
U security management
US National Institute of Standards and attacks on hypervisor through guest
Technology (NIST) OS, 130–131
actors attacks on hypervisor through host
definition, 68 OS, 130
interaction, 69 infrastructure, 132
architecture, 67 monitoring, 131–132
definition, 66 solutions based on virtualization
multi-tenancy, 66 architecture, 132–133
Utility computing, 4–5 solutions based on virtualization
infrastructure, 133–134
V visibility, 132
server virtualization, 54–56
Virtual Desktop Infrastructure (VDI), storage virtualization, 41–42
50–52 terms used in, 33
Virtual IP (VIP), 48–49 traditional vs. virtual system, 32
Virtualization virtual machine monitor (VMM)
application virtualization, 53–54 example, 33
bare-metal approach, 34, 35 Virtual LAN (VLAN), 48
benefits, 35–36 Virtual machine (VM), 54
characteristics, 34 Virtual machine monitor (VMM)
compute virtualization, 52–53 definition, 33
desktop virtualization, 49–52 example, 33
factors influencing, 31–32 virtualization approaches, 34
hosted approach, 34, 35 Virtual private network (VPN), 5, 49
hypervisor
Virtual Private Networks (VPNs), 134
advantages, 39
fault tolerance (FT), 38
W
guest VM, 37
high availability (HA), 37 Windows Azure platform
history, 36 compute service, 149–150
live migration, 38–39 fabric, 151–152
logical memory blocks (LMBs), 36 real world scenarios, 153–154
physical memory blocks (PMBs), 36 SQL Azure
responsibility, 37 benefits, 153
Type 1 and Type 2 hypervisors, challenges, 152
37, 39–40 snapshot of, 153
network virtualization, 47–49 storage service, 151