BCAE0203:Introduction to

Cloud Computing

Class Presentations on Introduction to Cloud Computing

CLOUD COMPUTING
Virtualization & Cloud Computing
 Definition
 Virtualization is the ability to run multiple
operating systems on a single physical system and
share the underlying hardware resources.
 It is the process by which one computer hosts the
appearance of many computers.
 Virtualization is used to improve IT throughput
and costs by using physical resources as a pool
from which virtual resources can be allocated.
 Virtualization Architecture
• A Virtual machine (VM) is an isolated
runtime environment (guest OS and
applications)
• Multiple virtual systems (VMs) can run on a
single physical system
 Benefits of Virtualization
 Sharing of resources helps cost reduction
 Isolation: Virtual machines are isolated from each
other as if they are physically separated
 Encapsulation: Virtual machines encapsulate a
complete computing environment
 Hardware Independence: Virtual machines run
independently of underlying hardware
 Portability: Virtual machines can be migrated
between different hosts.
Virtualization in Cloud Computing
Cloud computing takes virtualization one step
further:
 You don’t need to own the hardware
 Resources are rented as needed from a cloud
 Various providers allow creating virtual servers:
 Choose the OS and software each instance will have
 The chosen OS will run on a large server farm
 Can instantiate more virtual servers or shut down
existing ones within minutes
 You get billed only for what you used
 Hypervisor
 A hypervisor, a virtual machine manager/monitor
(VMM), or virtualization manager, is a program
that allows multiple operating systems to share a
single hardware host.
 Each guest operating system appears to have the
host's processor, memory, and other resources all
to itself. However, the hypervisor is actually
controlling the host processor and resources,
allocating what is needed to each operating
system in turn and making sure that the guest
operating systems (called virtual machines)
cannot disrupt each other.
• Hypervisor plays an important role in the virtualization scenario byhypervisor
virtualization of hardware. It provides support for running multiple operating
systems concurrently in virtual servers created within a physical server.

• The virtualization layer is the software responsible for hosting and managing all
VMs. The virtualization layer is a hypervisor running directly on the hardware.

• Example: VMWare, Xen, KVM.

 Server without virtualization

 Only one OS can run at a time

Multiple Software within a server.
Applications  Under utilization of resources.
 Inflexible and costly
Operating System infrastructure.
Hardware  Hardware changes require manual
effort and access to the physical
server.
CPU Memory NIC
DISK
 Server with virtualization

 Can run multiple OS

Multiple Software Multiple Software simultaneously.
Applications Applications
 Each OS can have different
Operating System Operating System hardware configuration.
Virtual Server 1 Virtual Server 2  Efficient utilization of
hardware resources.
Hypervisor  Each virtual machine is
independent.
Hardware
 Save electricity, initial cost to
buy servers, space etc.
 Easy to manage and monitor
CPU Memory NIC DISK virtual machines centrally.
 HYPERVISOR TYPE

Full virtualization
Multiple Software
Applications
Multiple Software
Applications  Enables hypervisors to run an
unmodified guest operating
Operating System Operating System system (e.g. Windows 2003 or
Virtual Server 1 Virtual Server 2 XP).
 Guest OS is not aware that it is
Hypervisor being virtualized.
Hardware  E.g.: VMware uses a
combination of direct
execution and binary
translation techniques to
CPU Memory NIC DISK achieve full virtualization of
server systems.
 HYPERVISOR TYPE

Multiple Software
Applications
Multiple Software
Applications
Para virtualization
Para virtualized Para virtualized  Involves explicitly modifying
Guest Guest
Operating System Operating System
guest operating system (e.g.
Virtual Server 1 Virtual Server 2
SUSE Linux Enterprise Server
11) so that it is aware of being
virtualized to allow near native
Hypervisor / VMM performance.
Hardware
 Improves performance.
 Lower overhead.
 E.g.: Xen supports both
CPU Memory NIC Hardware Assisted
DISK Virtualization (HVM) and Para-
Virtualization (PV).
 Hypervisor implementation approaches

Bare metal Approach

VM VM VM
 Type I Hypervisor.
 Runs directly on the system
hardware.
 May require hardware assisted
virtualization technology support by
the CPU.
Hypervisor
 Limited set of hardware drivers
provided by the hypervisor vendor.
Kernel Driver
 E.g.: Xen, VMWare ESXi

Hardware
 Hypervisor implementation approaches

VM VM Hosted Approach
 Type II Hypervisor.
Applications  Runs virtual machines on top of a
host OS (windows, Unix etc.)
Hypervisor
 Relies on host OS for physical
resource management.
 Host operating system provides
drivers for communicating with
Host Operating System the server hardware.
 E.g.: VirtualBox

Hardware
 Popular hypervisors
 Xen
 KVM
 QEMU
 virtualBox
 VMWare
 Any
Questions ?
Mrs. Ruchi Agrawal
Assistant Professor
Email: [email protected]
SECURITY & PRIVACY
CONCERNS IN CLOUD
COMPUTING
Definition of Cloud
Computing
According to Wikipedia:

"Cloud computing is Internet-

based computing, whereby shared
resource, software, and
information are provided to
computers and other devices on
demand, like the electricity grid.“

(http://en.wikipedia.org/wiki/Cloud_comp
uting)
Services provided by Cloud
Computing

§ Software as a Service
(Saas)
§Platforms as a Service
(Paas)
§Infrastructure as a Service
(Iaas)
Core Advantages
§ Cost saving: You pay for what you use
§ Easy on installation and maintenance
§ Increased storage
§ Highly automated
§ Flexibility
§ Better mobility
§ Shared resources
§ Back up and restoration
Trends of Cloud
Computing
 If cloud computing is so great,
why Companies are still afraid to
use clouds?
Impact of cloud computing on the
governance structure of IT
organizations
 Causes of Problems
Associated with Cloud
Computing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd party
management models
– Self-managed clouds still have security issues,
but not related to above
 Loss of Control in the Cloud

• Consumer’s loss of control

– Data, applications, resources are located with
provider
– User identity management is handled by the cloud
– User access control rules, security policies and
enforcement are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
Multi-tenancy Issues in the
Cloud
• Conflict between tenants’ opposing goals
– Tenants share a pool of resources and have opposing
goals
• How does multi-tenancy deal with conflict of interest?
– Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?

• Cloud Computing brings new threats

– Multiple independent users share the same physical
infrastructure
– Thus an attacker can legitimately be in the same physical
machine as the target
 Security and Privacy Issues
in Cloud Computing - Big Picture
• Infrastructure Security
• Data Security and Storage
• Identity and Access Management (IAM)
• Privacy

27
Infrastructure Security

• Network Level
• Host Level
• Application Level

28
 The Network Level
• Ensuring confidentiality and integrity of your
organization’s data-in-transit to and from
your public cloud provider
• Ensuring proper access control
(authentication, authorization, and auditing)
to whatever resources you are using at your
public cloud provider
• Ensuring availability of the Internet-facing
resources in a public cloud that are being
used by your organization, or have been
assigned to your organization by your public
cloud providers
29
 The Host Level
• SaaS/PaaS
– Both the PaaS and SaaS platforms abstract and
hide the host OS from end users
– Host security responsibilities are transferred to
the CSP (Cloud Service Provider)
• You do not have to worry about protecting hosts
– However, as a customer, you still own the risk of
managing information hosted in the cloud services.

30
The Host Level (cont.)
• IaaS Host Security
– Virtualization Software Security
• Hypervisor (also called Virtual Machine Manager (VMM)) security is
a key
– a small application that runs on top of the physical machine
H/W layer
– implements and manages the virtual CPU, virtual memory,
event channels, and memory shared by the resident VMs
– Also controls I/O and memory access to devices.
• Bigger problem in multitenant architectures
– Customer guest OS or Virtual Server Security
• The virtual instance of an OS
• Vulnerabilities have appeared in virtual instance of an OS
• e.g., VMWare, Xen, and Microsoft’s Virtual PC and Virtual Server
• Customers have full access to virtual servers.

31
 Local Host Security
• Are local host machines part of the cloud infrastructure?
– Outside the security perimeter
– While cloud consumers worry about the security on the
cloud provider’s site, they may easily forget to harden their
own machines
• The lack of security of local devices can
– Provide a way for malicious services on the cloud to attack
local networks through these terminal devices
– Compromise the cloud and its resources for other users
• With mobile devices, the threat may be even stronger
– Users misplace or have the device stolen from them
– Security mechanisms on handheld gadgets are often times
insufficient compared to say, a desktop computer
– Provides a potential attacker an easy avenue into a cloud
system.
– If a user relies mainly on a mobile device to access cloud
data, the threat to availability is also increased as mobile
devices malfunction or are lost
 What is Privacy?
• The concept of privacy varies widely among (and
sometimes within) countries, cultures, and jurisdictions.
• It is shaped by public expectations and legal
interpretations; as such, a concise definition is elusive if
not impossible.
• Privacy rights or obligations are related to the collection,
use, disclosure, storage, and destruction of personal data
(or Personally Identifiable Information—PII).
• At the end of the day, privacy is about the accountability
of organizations to data subjects, as well as the
transparency to an organization’s practice around personal
information.

33
 What Are the Key Privacy
Concerns?
• Typically mix security and privacy
• Some considerations to be aware of:
– Storage
– Retention
– Destruction
– Auditing, monitoring and risk management
– Privacy breaches
– Who is responsible for protecting privacy?

34
 Storage
• Is it commingled with information from other
organizations that use the same CSP?
• The aggregation of data raises new privacy
issues
– Some governments may decide to search through
data without necessarily notifying the data owner,
depending on where the data resides
• Whether the cloud provider itself has any
right to see and access customer data?
• Some services today track user behaviour for
a range of purposes, from sending targeted
advertising to improving services
35
 Retention
• How long is personal information (that is
transferred to the cloud) retained?
• Which retention policy governs the data?
• Does the organization own the data, or the
CSP?
• Who enforces the retention policy in the
cloud, and how are exceptions to this policy
(such as litigation holds) managed?

36
 Destruction
• How does the cloud provider destroy PII at the end of the
retention period?
• How do organizations ensure that their PII is destroyed by the
CSP at the right point and is not available to other cloud
users?
• Cloud storage providers usually replicate the data across
multiple systems and sites—increased availability is one of the
benefits they provide.
– How do you know that the CSP didn’t retain additional
copies?
– Did the CSP really destroy the data, or just make it
inaccessible to the organization?
– Is the CSP keeping the information longer than necessary
so that it can mine the data for its own use?
37
 Privacy breaches
• How do you know that a breach has
occurred?
• How do you ensure that the CSP notifies you
when a breach occurs?
• Who is responsible for managing the breach
notification process (and costs associated
with the process)?
• If contracts include liability for breaches
resulting from negligence of the CSP?
– How is the contract enforced?
– How is it determined who is at fault?
38
 Conclusion
• Cloud computing is sometimes viewed as a
reincarnation of the classic mainframe client-
server model
– However, resources are ubiquitous, scalable, highly
virtualized
– Contains all the traditional threats, as well as new ones
• In developing solutions to cloud computing
security issues it may be helpful to identify
the problems and approaches in terms of
– Loss of control
– Lack of trust
– Multi-tenancy problems
BCAE0203:Introduction to
Cloud Computing

Class Presentations on Introduction to Cloud Computing

CLOUD COMPUTING
Types of Virtualization
 Major Types of

42
 Types of Hardware virtualization
Hardware virtualization is further subdivided
into the following types:
 Full Virtualization – In it, the complete
simulation of the actual hardware takes place
to allow software to run an
unmodified guest OS.
 Para Virtualization – In this type of
virtualization, software unmodified runs in
modified OS as a separate system.
 Partial Virtualization – In this type of hardware
virtualization, the software may need
43
modification to run.
 Network Virtualization
Internal Network Virtualization: It refers to the
management and monitoring of a computer
network as a single managerial entity from a single
software ­based administrator’s console. It is
intended to allow network optimization of data
transfer rates, scalability, reliability, flexibility, and
security. It also automates many network
administrative tasks. Network virtualization is
specifically useful for networks experiencing a
huge, rapid, and unpredictable increase of usage.
External Network Virtualization: Combine many
networks, or parts of networks into a virtual unit.
External Network Virtualization involves and actual
physical device that caters to your network. This
type of virtualization has been around for some
time now, a typical example of this would be a
CISCO networking switch that provides VLAN
(virtual LAN) capabilities through its internal
44 CISCO iOS software.
 Storage Virtualization
In this type of virtualization, multiple network storage
resources are present as a single storage device for
easier and more efficient management of these
resources. It provides various advantages as follows:
 Improved storage management in a heterogeneous IT
environment
 Easy updates, better availability
 Reduced downtime
 Better storage utilization
 Automated management
In general, there are two types of storage virtualization:

Block virtualization ­ It works before the file system

exists. It replaces controllers and takes over at the disk
level.

File virtualization ­ The server that uses the storage

must have software installed on it in order to enable file­
45
level usage.
 Memory Virtualization
It introduces a way to decouple memory from the
server to provide a shared, distributed or
networked function. It enhances performance by
providing greater memory capacity without any
addition to the main memory. That’s why a portion
of the disk drive serves as an extension of the
main memory.
Application level integration – Applications
running on connected computers directly
connect to the memory
pool through an API or the file system.

46
 Memory Virtualization…
 Operating System Level Integration – The
operating system first connects to the memory
pool, and makes
that pooled memory available to applications.

47
 Software Virtualization

It provides the ability to the main computer to

run and create one or more virtual
environments. It is used to enable a
complete computer system in order to allow a
guest OS to run. For instance letting Linux to
run as a guest that is
natively running a Microsoft Windows OS (or
vice versa, running Windows as a guest on
Linux)
Types:
 Operating system
 Application virtualization
 Service virtualization
48
 Data Virtualization
Without any technical details, you can easily
manipulate data and know how it is formatted
or where it is physically
located. It decreases the data errors and
workload.

49
 Desktop virtualization
It provides the work convenience and security. As
one can access remotely, you are able to work
from any location and on any PC. It provides a lot
of flexibility for employees to work from home or
on the go. It also protects confidential data from
being lost or stolen by keeping it safe on central
servers.

50
 Any
Questions ?
Mrs. Ruchi Agrawal
Assistant Professor
Email: [email protected]
 BCAE203:Introduction to cloud computing

Class Presentations on Introduction to Cloud Computing

 CLOUD COMPUTING
ARCHITECTURE - Deployment Models
Deployment Models

• Public Cloud
• Private Cloud
• Hybrid Cloud
• Community
Cloud

2
Public Cloud
 Cloud infrastructure is provisioned for open use by the
general public. It may be owned, managed, and
operated by a business, academic, or government
organization, or some combination of them. It exists
on the premises of the cloud provider.

 Examples of Public Cloud:

 Google App Engine
 Microsoft Windows Azure
 IBM Smart Cloud
 Amazon EC2 Source:Marcus Hogue,Chris Jacobson,”Security of
Cloud Computing”

3
Public Cloud
• In Public setting, the provider's computing and storage resources
are potentially large; the communication links can be assumed to
be implemented over the public Internet; and the cloud serves a
diverse pool of clients (and possibly attackers).

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “

4
Public Cloud
• Workload locations are hidden from clients (public):
– In the public scenario, a provider may migrate a subscriber's
workload, whether processing or data, at any time.
• Risks from multi-tenancy (public):
– A single machine may be shared by the workloads of any
combination of subscribers (a subscriber's workload may be
co-resident with the workloads of competitors or
adversaries)

5
 Public Cloud
• Limited visibility and control over data regarding security (public):
– In many cases, the software employed by a provider is usually
proprietary and not
available for examination by subscribers
– A subscriber cannot verify that data has been completely
deleted from a provider's systems.
• Elasticity: illusion of unlimited resource availability (public):
– Public clouds are generally unrestricted in their location or size.
– Public clouds potentially have high degree of flexibility in the
movement of subscriber workloads to correspond with available
resources.

7
Public Cloud

• Low up-front costs to migrate into the cloud

(public)
• Restrictive default service level agreements
(public):
– The default service level agreements of public clouds
specify
limited promises that providers make to subscribers

8
Private Cloud
• The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may
be owned, managed, and operated by the organization, a third party, or
some combination of them, and it may exist on or off premises.

• Examples of Private Cloud:

– Eucalyptus
– Ubuntu Enterprise Cloud - UEC
– Amazon VPC (Virtual Private Cloud)
– VMware Cloud Infrastructure Suite
– Microsoft ECI data center.

9
Private Cloud
• Contrary to popular belief, private cloud may exist off
premises and can be managed by a third party. Thus, two
private cloud scenarios exist, as follows:
• On-site Private Cloud
– Applies to private clouds implemented at a
customer’s premises.
• Outsourced Private Cloud
– Applies to private clouds where the server side is
outsourced to a hosting company.

10
 On-site Private Cloud
 The security perimeter extends around both the subscriber’s
on-site
resources and the private cloud’s resources.
 Security perimeter does not guarantees control over the
private cloud’s resources but subscriber can exercise control
over the resources.

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “

11
On-site Private Cloud
• Organizations considering the use of an on-site private cloud should
consider:
– Subscribers still need IT skills (on-site-private):
• Subscriber organizations will need the traditional IT skills
required to manage user devices that access the private
cloud, and will require cloud IT skills as well.
– Workload locations are hidden from clients (on-site-private):
• To manage a cloud's hardware resources, a private cloud must
be able to migrate workloads between machines without
inconveniencing clients.

12
On-site Private Cloud
• Risks from multi-tenancy (on-site-private):
– Workloads of different clients may reside concurrently on the
same systems and local networks, separated only by access
policies implemented by a cloud provider's software. A flaw
in the software or the policies could compromise the security
of a subscriber organization by exposing client workloads to
one another
• Data import/export, and performance limitations (on-
site-private):
– On-demand bulk data import/export is limited by the on-
site private cloud's network capacity, and real-time or
critical processing may be problematic because of 13
networking limitations.
On-site Private Cloud
• Potentially strong security from external threats (on-site-
private):
– In an on-site private cloud, a subscriber has the option of implementing
an appropriately strong security perimeter to protect private cloud
resources against external threats to the same level of security as can
be achieved for non-cloud resources.
• Significant-to-high up-front costs to migrate into the cloud
(on-site-private):
– An on-site private cloud requires that cloud management software be
installed on computer systems within a subscriber organization. If the cloud
is intended to support process-intensive or data-intensive workloads, the
software will need to be installed on numerous commodity systems or on a
more limited number of high-performance systems. Installing cloud
software and managing the installations will incur significant
up-front costs, even if the cloud software itself is free, and even if much of
the hardware already exists within a subscriber organization. 14
On-site Private Cloud

• Limited resources (on-site-private):

– An on-site private cloud, at any specific time, has a fixed
computing and storage capacity that has been sized to
correspond to anticipated workloads and cost restrictions.

15
Outsourced Private Cloud
• Outsourced private cloud has two security perimeters, one
implemented
by a cloud subscriber (on the right) and one implemented by a
provider.
• Two security perimeters are joined by a protected
communications link.
• The security of data and processing conducted in the outsourced
private cloud depends on the strength and availability of both
security perimeters and of the protected communication link.

16
Outsourced Private Cloud
• Organizations considering the use of an outsourced private cloud
should
consider:
– Workload locations are hidden from clients
(outsourced-private):
– Risks from multi-tenancy (outsourced-private):
• The implications are the same as those for an on-site private
cloud.

17
Outsourced Private Cloud
• Data import/export, and performance limitations
(outsourced-private):
– On-demand bulk data import/export is limited by the network
capacity between a provider and subscriber, and real-time or
critical processing may be problematic because of networking
limitations. In the outsourced private cloud scenario, however,
these limits may be adjusted, although not eliminated, by
provisioning high-performance and/or high-reliability
networking between the provider and subscriber.
• Potentially strong security from external threats
(outsourced-private):
– As with the on-site private cloud scenario, a variety of
techniques exist to harden a security perimeter. The main
difference with the outsourced private cloud is that the
techniques need to be applied both to a subscriber's perimeter
and provider's perimeter, and that the communications link 18
needs to be protected.
Outsourced Private Cloud
• Modest-to-significant up-front costs to migrate into the
cloud (outsourced-
private):
– In the outsourced private cloud scenario, the resources are
provisioned by the provider
– Main start-up costs for the subscriber relate to:
• Negotiating the terms of the service level agreement (SLA)
• Possibly upgrading the subscriber's network to
connect to the outsourced private cloud
• Switching from traditional applications to cloud-hosted
applications,
• Porting existing non-cloud operations to the cloud
• Training
19
Outsourced Private Cloud

• Extensive resources available (outsourced-private):

– In the case of the outsourced private cloud, a subscriber
can rent resources in any quantity offered by the provider.
Provisioning and operating computing equipment at scale
is a core competency of providers.

20
 Community Cloud
 Cloud infrastructure is provisioned for exclusive use by a specific
community of consumers from organizations that have shared concerns
(e.g., mission, security requirements, policy, and compliance
considerations). It may be owned, managed, and operated by one or
more of the organizations in the community,
a third party, or some combination of them, and it may exist on or off
premises.

 Examples of Community Cloud:

 Google Apps for Government
 Microsoft Government Community
Cloud

21
 On-site Community Cloud
• Community cloud is made up of a set of participant organizations. Each
participant
organization may provide cloud services, consume cloud services, or
both
• At least one organization must provide cloud services
• Each organization implements a security perimeter

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “

22
On-site Community Cloud
• The participant organizations are connected via links between the
boundary controllers that allow access through their security
perimeters
• Access policy of a community cloud may be complex
– Ex. :if there are N community members, a decision must be
made, either implicitly or explicitly, on how to share a
member's local cloud resources with each of the other
members
– Policy specification techniques like role-based access control
(RBAC),
attribute-based access control can be used to express sharing
policies. 23
On-site Community Cloud
• Organizations considering the use of an on-site community cloud
should consider:
– Network Dependency (on-site community):
• The subscribers in an on-site community cloud need to
either provision controlled inter-site communication
links or use cryptography over a less controlled
communications media (such as the public Internet).
• The reliability and security of the community cloud
depends on
the reliability and security of the communication links.

24
On-site Community Cloud
• Subscribers still need IT skills (on-site-community).
– Organizations in the community that provides cloud resources,
requires IT skills similar to those required for the on-site private
cloud scenario except that the overall cloud configuration may be
more complex and hence require a higher skill level.
– Identity and access control configurations among the
participant organizations may be complex
• Workload locations are hidden from clients (on-site-
community):
– Participant Organizations providing cloud services to the
community cloud may wish to employ an outsourced private
cloud as a part of its implementation strategy.

25
On-site Community Cloud
• Data import/export, and performance limitations (on-
site-community):
– The communication links between the various participant
organizations in a community cloud can be provisioned to various
levels of performance, security and reliability, based on the
needs of the participant organizations. The network-based
limitations are thus similar to those of the outsourced-private
cloud scenario.
• Potentially strong security from external threats (on-
site-community):
– The security of a community cloud from external threats
depends on the security of all the security perimeters of the
participant organizations and the strength of the
communications links. These dependencies are essentially
similar to those of the outsourced private cloud scenario, but 26

with possibly more links and security perimeters.

On-site Community Cloud

• Highly variable up-front costs to migrate into the

cloud (on-site- community):
– The up-front costs of an on-site community cloud for a
participant organization depend greatly on whether the
organization plans to consume cloud services only or also
to provide cloud services. For a participant organization
that intends to provide cloud services within the
community cloud, the costs appear to be similar to those
for the on-site private cloud scenario (i.e., significant-to-
high).
27
Outsourced Community Cloud

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “

28
Outsourced Community Cloud
• Organizations considering the use of an on-site
community cloud
should consider:
• Network dependency (outsourced-community):
– The network dependency of the outsourced community
cloud is similar to that of the outsourced private cloud.
The primary difference is that multiple protected
communications links are likely from the community
members to the provider's facility.
• Workload locations are hidden from clients
(outsourced- community).
– Same as the outsourced private cloud
29
Outsourced Community Cloud
• Risks from multi-tenancy (outsourced-
community):
– Same as the on-site community cloud
• Data import/export, and performance limitations
(outsourced- community):
– Same as outsourced private cloud
• Potentially strong security from external threats
(outsourced- community):
– Same as the on-site community cloud
• Modest-to-significant up-front costs to migrate
into the cloud
(outsourced-community):
• Same as outsourced private cloud
30
Outsourced Community Cloud

• Extensive resources available (outsourced-

community).
– Same as outsourced private cloud

31
Hybrid Cloud
• The cloud infrastructure is a composition of two or more distinct
cloud infrastructures (private, community, or public) that remain
unique entities, but are bound together by standardized or
proprietary technology that enables data and application
portability

• Examples of Hybrid Cloud:

– Windows Azure (capable of Hybrid Cloud)
– VMware vCloud (Hybrid Cloud Services)

32
Hybrid Cloud
• A hybrid cloud is composed of two or more private, community, or
public
clouds.
• They have significant variations in performance, reliability, and
security properties depending upon the type of cloud chosen to
build hybrid cloud.

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “

33
Hybrid Cloud

• A hybrid cloud can be extremely complex

• A hybrid cloud may change over time with constituent
clouds joining and leaving.

34
 Any
Questions ?
Mrs. Ruchi Agrawal
Assistant Professor
Email: [email protected]
BCAE0203:Introduction to
Cloud Computing

Class Presentations on Introduction to Cloud Computing

CLOUD COMPUTING

IaaS
Infrastructure as a Service
 IaaS
• Infrastructure as a Service (IaaS) – aka Hardware as a
Service (HaaS) and Utility computing
– Why buy machines when you can rent resources?
– Utility computing billing – based on what used
– Provides basic storage and compute capabilities as
server
• Servers, storage systems, CPU cycles, switches,
routers, etc.
 Infrastructure-as-a-Service (IaaS)

• Resource Provisioning
• Provides the users the capability to provision computing and storage
resources.
• Virtual Machines
• These resources are provided to the users as virtual machine
instances and virtual storage. Users can start, stop, configure and
manage the virtual machine instances and virtual storage.
• Provider Managers Infrastructure:
• The cloud service provider manages the underlying infrastructure.
• Pay-per-use/Pay-as-you-go:
• Virtual resources provisioned by the users are billed based on a
pay-per-use/pay-as-you-go paradigm.
 IaaS

• Does not provide applications to customers (SaaS and

PaaS do)
• Saves cost of purchasing
• Infrastructure can be scaled up or down
• Multiple tenants can use equipment at the same time –
called multitenant
• Device independence – access systems on different
hardware
• Low barriers to entry
 IaaS Components
– Computer hardware – rented out, provider set up as a grid
for scalability
• Network – hardware for firewalls, routers, etc.
• Internet connectivity so user can access hardware
– Allows clients to run the VM they want
 Infrastructure-as-a-Service (IaaS)
IaaS

Benefits Characteristics Examples

- Shift focus from IT - Multi-tenancy - Amazon Elastic
management to core - Virtualized hardware Compute Cloud (EC2)
activities - RackSpace
- Management & monitoring
- No IT infrastructure tools - Google Compute
management costs Engine
- Disaster recovery
- Pay-per-use/pay- - Joyent
per-go pricing
- Terremark
- Guaranteed
performance Adoption - OpSource
- Dynamic scaling - Individual users: Low - Nimbula
- Small & medium
- Secure access - Enamoly
enterprises: Medium
- Enterprise grade - Large organizations: High - Eucalyptus
infrastructure - Government: High - Open Stack
- Green IT adoption
 Introduction to
• IaaS: IaaS
– Infrastructure as a Service (IaaS) is a form of cloud
computing that provides virtualized computing
resources over the Internet.
• IaaS is one of three main categories of cloud computing services,
alongside
• In an IaaS model, a third-party provider hosts hardware,
software, servers,
storage and other infrastructure components on behalf of its
users.
• IaaS providers also host users' applications and handle tasks
including system maintenance, backup and resiliency planning.
Software as a Service (SaaS) and Platform as a Service (PaaS)..

94
 Advantages of
• IaaS
Eliminates capital expense and reduces
ongoing cost.
• Improves business continuity and disaster
recovery.
• Innovate rapidly.
• Respond quicker to shifting business
conditions.
• Focus on your core business.
• Increase stability, reliability and
supportability.
• Better security.
• Gets new apps to users faster.

95
Iaa
S

96
 Common IaaS business
• scenarios
Typical things businesses do with IaaS include:
• Test and development. Teams can quickly set up and dismantle
test and development environments, bringing new applications to
market faster. IaaS makes it quick and economical to scale up
dev-test environments up and down.
• Website hosting. Running websites using IaaS can be less
expensive than traditional web hosting.
• Storage, backup and recovery. Organizations avoid the capital
outlay for storage and complexity of storage management, which
typically requires a skilled staff to manage data and meet legal
and compliance requirements. IaaS is useful for handling
unpredictable demand and steadily growing storage needs. It can
also simplify planning and management of backup and recovery
systems.

97
 Common IaaS Business
• WebScenarios
apps. IaaS provides all the infrastructure to support web
apps, including storage, web and application servers and
networking resources. Organisations can quickly deploy web
apps on IaaS and easily scale infrastructure up and down when
demand for the apps is unpredictable.
• High-performance computing. High-performance computing
(HPC) on supercomputers, computer grids or computer clusters
helps solve complex problems involving millions of variables or
calculations. Examples include earthquake and protein folding
simulations, climate and weather predictions, financial modeling
and evaluating product designs.
• Big data analysis. Big data is a popular term for massive data
sets that contain potentially valuable patterns, trends and
associations. Mining data sets to locate or tease out these hidden
patterns requires a huge amount of processing power, which
IaaS economically provides.
98
 Resource
• Virtualization
Anything required for the execution of a program is called a
resource.
• The processor, memory, displays, mice, keyboards, disk storage,
printers, and networks are all examples of resources.
• The primary functionsof an operating system are management
of resources and virtualization of resources.
1. Server Virtualization
2. Storage Virtualization
3. Network Virtualization

99
 Server
• Server Virtualization
virtualization can be defined as the conversion of one
physical server into several individual & isolated virtual spaces
that can be taken up by multiple users as per their respective
requirements.
• This virtualization is attained through a software application,
thereby screening the actual numbers and identity of physical
servers.
• TYPES OF SERVER VIRTUALIZATION
• Complete virtualization,
• Para-virtualization
• Operating System (OS) virtualization.
• While all the three modes have one physical server acting as host
and the virtual servers as guests, each of the methods allocates
server resources differently to the virtual space.

10
0
 Server
• Virtualization
Complete virtualization is done using the hypervisor software
that directly uses the physical server’s CPU and hard disk storage
space.
• However, the guests can use their respective versions and types
of OS, as the hypervisor keeps the virtual servers separate and
independent of each other.
• Para-virtualization, the guests are aware about all the existing
virtual servers, and work cohesively as a unit. The hypervisor in
this case keeps their OS independent, while making them aware
of the load put on the physical server by all the virtual creations
• OS-level virtualization no hypervisor is required and the host’s
OS is the controller
• It usage of the same OS on all the guest users’ systems.
• But this homogenous environment still maintains the individual
identity and independence of virtual servers.
10
1
 Server
Virtualization
Significance Of Server Virtualization
• Server virtualization leads to space consolidation, efficient &
effective usage of server resources & capabilities.
• Moreover, the redundancy practice of running one application on
multiple systems is a boon for commercial sector and software
programmers.
• Also, the assistance offered in disaster recovery, server
administration,
and system upgrading are all supporting factors in server
virtualization.

10
2
 Storage
Virtualization
There are three important reasons to implement storage virtualization:
1. Improved storage management in a heterogeneous IT environment
2. Better availability and estimation of down time with automated
management
3. Better storage utilization
Storage virtualization can be applied to any level of a SAN. The
virtualization techniques can also be applied to different storage functions
such as physical storage, RAID groups, logical unit numbers (LUNs), LUN
subdivisions, storage zones and logical volumes, etc.
The storage virtualization model can be divided into four main layers:
1. Storage devices
2. Block aggregation layer
3. File/record layer
4. Application layer
Some of the benefits of storage virtualization include automated
management, expansion of storage capacity, reduced time in manual
supervision, easy updates and reduced downtime. 10
3
 Network
• Network Virtualization
virtualization refers to the management and
monitoring of an entire computer network as a single
administrative entity from a single software-based
administrator’s console.
• Network virtualization also may include storage virtualization,
which involves managing all storage as a single resource.
• Network virtualization is designed to allow network optimization
of data transfer rates, flexibility, scalability, reliability and
security.
• It automates many network administrative tasks, which actually
disguise a
network's true complexity.
• All network servers and services are considered one pool of
resources, which may be used without regard to the physical
components.
• Network virtualization is especially useful for networks
experiencing a 10
4
 Network
• Virtualization
Network virtualization is accomplished by using a variety of
hardware and software and combining network components.
Network Virtualization Gives you
 optimize network
 speed
 reliability
 flexibility
 scalability
 security

10
5
 Virtual
• Machine
Resources Provision and Manageability
• Most business applications run in a mix of physical, virtual and
cloud IT
environments.
• Virtual environments are very dynamic by their nature.
• Virtualization solutions dynamically allocate IT resources to
applications, perform load balancing based on resource utilization
levels as well as perform dynamic power management to cut
down power costs.
• IT administrators need to ensure that sufficient server power is
available to
support these dynamic environments.
• However, this process can be time consuming and error prone if
done manually.

10
6
 Virtual
• Machine
Resources Provision and
Manageability

10
7
 Virtual
• Machine
Storage as Service
• Storage as a Service is a business model in which a large
company rents
space in their storage infrastructure to a smaller company or
individual.
• Storage as a Service is generally seen as a good alternative for a
small or mid-sized business that lacks the capital budget and/or
technical personnel to implement and maintain their own storage
infrastructure.

10
8
 Virtual
• Machine
Data Storage in Cloud Computing
• In which the digital data is stored in logical pools, the physical
storage spans multiple servers (and often locations), and the
physical environment is typically owned and managed by a
hosting company.
• These cloud storage providers are responsible for keeping the
data available and accessible, and the physical environment
protected and running.
• People and organizations buy or lease storage capacity from the
providers
to store user, organization or application data.

10
9
Examp
les
• Amazon E2C
• Amazon Elastic Compute Cloud (Amazon EC2) provides scalable
computing
capacity in the Amazon Web Services (AWS) cloud.
• Powerful, Scalable GPU instances for high-performance
computing.

• Pricing for Amazon EC2

• When you sign up for AWS, you can get started with Amazon
EC2 for free using the AWS Free Tier.
• Amazon EC2 provides the following purchasing options for
instances:
• On-Demand instances
• Reserved Instances
• Spot instances 11
0
 Any
Questions ?
Mrs. Ruchi Agrawal
Assistant Professor
Email: [email protected]
BCAE0203:Introduction to
Cloud Computing

Class Presentations on Introduction to Cloud Computing

CLOUD COMPUTING

Machine Image
 Machine Image
• An  image of virtual machine is a copy of
clone of entire computer system or
virtual machine inside a single container
of file. AMI - Amazon Machine image is
an example of image of virtual machine
which stores copies of virtual machine.
[it include Operating system, necessary
drivers for system , application and state
information that virtual machine have] 
• A virtual machine (VM) is a software
implementation of a machine (i.e. a
computer) that executes programs like a
physical machine.
• An image of a virtual machine is (in simple
words) a copy of the VM, which may
contain an OS, data files, and applications
(just like your personal computer).
• An image of a virtual machine is used to
transfer the virtual machine (running
instance) from one hosting computer
(physical) to another hosting computer.
• e. For example Amazon Machine Image
(AMI) is a system image that is used in
the cloud computing. The Amazon Web
Services uses AMI to store copies of a
virtual machine. An AMI is a file system
image that contains an operating system,
all device drivers, and any applications
and state information that the working
virtual machine would have.
• The AMI files are encrypted and
compressed for security purpose and
stored in Amazon S3 (Simple Storage
System) buckets as a set of 10MB
chunks. Machine imaging is mostly run
on virtualization platform due to this it is
also called as Virtual Appliances and
running virtual machines are called
instances.
 Any
Questions ?
Mrs. Ruchi Agrawal
Assistant Professor
Email: [email protected]