Cloud Computing (Code : 410253(C) : Elective IV) ‘Semester VII - Computer Engineering (Savitribai Phule Pune University) Pravin Goyal ¥ TechKnowledge Publications (Book Code : PE67A) PEG7A Price® 215/- {MMCloud Computing (Code : 410253(C) : Elective IV) Pravin Goyal (Semester VIII — Computer Engineering, (Savitribai Phule Pune University)) Copyright © by Author. All tights reserved. No part of this publication may be reproduced, copied, or stored ina retrieval system, distributed or transmitted in any form or by any means, including photocopy, recording, ot other electronic or mechanical methods, without the prior written permission of the publisher. ‘This book is sold subject to the condition that it shall not, by the way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher's prior written consent in any form of binding or cover other than which it is published and without a similar condition including this condition being imposed on the subsequent purchaser and without limiting the rights under copyright reserved above. : December 2019 (TechKnowledge Publications) ‘This edition is for sale in India, Bangladesh, Bhutan, Maldives, Nepal, Pakistan, Sri Lanka and designated countries in South-East Asia. Sale and purchase of this book outside of these countries is unauthorized by the publisher. Printed at: 37/2, Ashtavinayak Industrial Estate, Near Pari Company, Nathe, Pune, Maharashtra State, India. Pune— 411041 ISBN : 978-93-89748-21-5, Copyright Number : L-86236/2019 Published by ‘TechKnowledge Publications Head Office : B/S, First floor, Maniratna Complex, Taware Colony, Aranyeshwar Comer, Pune -411 009. Maharashtra State, India Ph: 91-20-24221234, 91-20-24225678. Email: [email protected], Website: www techknowledgebooks.com [410253(C) (FID : PE67) (Book Code : PE67A) ‘(Book Code : PETA) PF RTC rerWe dedicate this Publication soulfully and wholeheartedly, in loving memory of our beloved founder director, Late Shri. Pradeepji Lalchandji Lunawat, who will always be an inspiration, a positive force and strong support behind us. “My work is my prayer to God” ~ Lt. Shiri. Pradeepji L. Lunawat Soulful Tribute and Gratitude for all Your Sacrifices, Hardwork, and 40 years of Strong Vision...eR ES a de eeDedicated to Krishna, the Greatest AlmightyMy Dear Students, Tam extremely happy to come out with this book on “Cloud Computing” for you. The topics within the chapters have been arranged in a proper sequence to ensure smooth flow of the subject. I present this book in the loving memory of Late Shri, Pradeepji Lunawat, ‘our source of inspiration and a strong foundation of “TechKnowledge Publications”. He will always be remembered in our heart and motivate us to achieve our milestone. 1 am thankful to Shri. J. S. Katre, Shri. Shital Bhandari, Shri. Arunoday Kumar and Shri. Chandroday Kumar for the encouragement and support that they have extended. Tam also thankful to the staff members of TechKnowledge Publications and others for their efforts to make this book as good as it is. I have jointly made every possible cfforts to eliminate all the errors in this book. However if you find any, please let me know, ‘because thal will help me to improve further. I am also thankful to my family members and friends for patience and encouragement. ST TAA BOE TE iT aSyllabus Savitribai Phule Pune University Fourth Year of Computer Engineering (2015 Course) Elective IV 410253(C) : Cloud Computing ‘Teaching Scheme : Credit ‘Examination Scheme : TH : 03 Hours/Week 03 In-Sem (Paper) : 30 Marks End-Sem (Paper) : 70 Marks Prerequisite Courses : 310245 Computer Networks Companion Course : 410255-Laboratory Practice IV Course Objectives : ‘© To-understand cloud computing concepts; ‘© To study various platforms for cloud computing + _Tocexplore the applications based on cloud computing ‘Course Outcomes : ‘On completion ofthe course, student will be able to - * To install cloud computing environments. © To develop any one type of cloud © Tocaplore future trends of cloud computing Course Contents ‘Overview, Applications, Intranets and the Cloud. Your Organization and Cloud Computing - Benefits, Limitations, Security Concems. Software as a Service (SaaS) - Understanding the Multitenant Nature of SaaS Solutions, Understanding SOA. Platform as a Service (PaaS) - IT Evolution Leading to the Cloud, Benefits of Paas Solutions, Disadvantages of PaaS Solutions. Infrastructure as a Service (IaaS) - Understanding IaaS, Improving Performance through Load Balancing, System and Storage Redundancy, Utilizing Cloud-Based NAS Devices, Advantages, Server ‘Types. Identity as a Service (IDaaS). Cloud file systems : GFS and HDFS, BigTable, HBase and Dynamo Cloud data stores : Datastore and Simple DB Gautam Shrauf, Cloud Storage - Overview, Cloud Storage Providers. [Anthony T. Velte}3 Securing the Cloud - General Security Advantages of Cloud - Based Solutions, Introducing Business Continuity and Disaster Recovery. Disaster Recovery - Understanding the Threats (Book Code : PE67A)Se Implementation Levels of Virtualization, Virtualization Structures/Tools and Mechanisms, Types of Hypervisors, Virtualization of CPU, Memory, and VO Devices, Virtual Clusters and Resource Management, Virtualization for Data - Center Automation, Common Standards : The Open Cloud Consortium, Open Virtualization Format, Standards for Application Developers : Browsers (Ajax), Data (XML, JSON), Solution Stacks (LAMP and LAPP),Syndication (Atom, Atom Publishing Protocol, and RSS), Standards for Security Sie 2a Hands - on Amazon, EC2 - Configuring a server, Virtual Amazon Cloud, AWS Storage and Content Delivery Identify key AWS storage options Describe Amazon EBS Creating an Elastic Block Store Volume Adding an EBS Volume to an Instance Snap shotting an EBS Volume and Increasing Performance Create an Amazon $3 bucket and manage associated objects. AWS Load Balancing Service Introduction Elastic Load Balancer Cloud Trends in Supporting Ubiquitous Computing, Performance of Distributed Systems and the Cloud, Enabling Technologies for the Intemet of Things (RFID, Sensor Networks and ZigBee Technology, GPS), Innovative Applications of the Intemet of Things (Smart Buildings and Smart Power Grid, Retailing and Supply - Chain “Management, Cyber-Physical System), Online Social and Professional Networking. ea How the Cloud Will Change Operating Systems, Location - Aware Applications, Intelligent Fabrics, Paints, and More, ‘The Future of Cloud TV, Future of Cloud - Based Smart Devices, Faster Time to Market for Software Applications, Home - Based Cloud Computing, Mobile Cloud, Autonomic Cloud Engine, Multimedia Cloud, Energy Aware Cloud ‘Computing, Jungle Computing. Docker at a Glance : Process Simplification, Broad Support and Adoption, Architecture, Getting the Most from Docker, The Docker Workflow. (Book Code : PE67A){Cloud Computing (SPPU - Sem.8 - Comp.) Table of Contents ont] 185 Cloud Pye nsnnennnnnnnn Chapter 1: Basics of Cloud Computing 4-1to156 | 1? (Clorek Capita Rieti. = ‘Syllabus : Overview, Applications, Intranets and the Cloud, Your 198t ce as, ee ~ aaa Craizaton and Cod Conpuing- Beefs, 192 Publ cloud — Lmtatons,SecurtyConceme-Setware as aSerice || 10:3 Community Chua fon (Seas) Understanding the Muttenat Nature of SaaS ‘Solutions, Understanding SOA, Platform as a Service Cat (Pees). IT Eyoution Leading tothe Goud Benet of | | 185 Comparson of Cloud Deployment Mo nnn 38 ‘PaaS Solutions, Disadvantages of PaaS Solutions, 1.10 ‘Summary of Cloud Characteristics, Service Model, Inescture esa Sence (2a) - Understanding os a8 aa, proving Peromance trough Loed Balancing, beeomen ‘System and Storage Redundancy, Utilizing Cloud- 1.40.1 Types of Cloud . z : 138 Based NAS Devices, Avartages, Sever Types, 1102 ntercious or Federated Clu 38 1.41 Cloud Enabing Technologies. 88 {111 Broadband Networks ad niemet Arie... 1-40 1.441 Concept Biking -Consuing Senices -e- tne ban Gener tem ue 1 ee eee 4.11.3. Virtualization Technology. 443 412 Whats Goud Computing? en 2 os a 4.11.4 Web Technology.... 113 Goals of Goud Computing soon | pyre ie Memes . 1.14. Applicetions of Cloud Computing. 1-5 | 4.11.5(A) Comparison between Single-Tenant and 118 Advantages of Cloud CoMpUtiNg.nnenen 48 Mut Tenat Appin. 138 sone ctauCanghg.-1 | 198 Soa Tea Sen re 0 in Q Arter GOA) nn tar ” 42 Identity 28a Serdce (1DaaS) “ “ 1-48 13 Basic Concepts and Terminologies... 17 | 4.12.4 1AM Challenges in the Cloud. 88 : 44 Secury Risks and Chalengesin Goud Computing. 10 | 3.222 deny Management Lite. 60 144 Concapt Biking - Shared Respnsity Mode... 1-10 | 1.123° Type of Went Providers Used inthe Gud. 1-51 142 Cloud Secrty ks and Counemeasu@8 un t-tt | 1424 entity Federation 182 15 Roles incioud Computing 4.20 | 12418) Components of ently Fedo nn 8 18 Boundton i Oe Coping. 424 (une ] 7 (Cloud Characteristics. 1-22 | Chapter2: Data Storage and Security in Cloud 1.74 On-Demand Setf-Servce.... 122 2-4 to 2-28 472 Broad Netw Acces +23 | [ Sytapus: Cua fe stone: GFS ond HDFS, Bitable, HBase, 173 Resource Posing 13 ‘and Dynamo, Cou data stores: Detastoe nd SimpleD8, Gautam Strau,Clou Storage -Orenow, 174 Rapid Eastcty 124 Cloud Storage Providers. Securing the Cloud - General 178 Mensur S600 124 Se oeanreier couse 18 Cloud Delivery (Service) Models . 1-25 Introducing Business Continuity and Disaster Recovery, | 1181 Concept Bling ~ Sec Deer Mas... 25 DiseserRecovery- Understanding the Tete 182 Cloud Senice Moss 425 | 21 Goud Fie Sten aA 1829)" Sofwee a sents (Sar5)_——_—— 126 | 211 Genera Arcitecture of Goud Fle Systems. 22 1.82(B) Piatto as a Service (PaaS). 2p | 24-A) Client-Server Architecture 22 1.8210) Intact as Service (a5) son 429 | 21418) Clsterbased Arctecure nn 8 1.83 Resource Management. Wise Comparison, 4-32 | 22 Google File System (GFS), mee eee een Te | 221 characters an Feats FS nnn 2 ms Pans 22.2 — Architecture of GFS. ~ “ 24{Cloud Computing (SPPU - Sem.8 - Comp.) Table of Contents 23 Hadioop Distributed Fle System (HFS) nnn 24 23.1 Characteristic and Features of HDFS...... 24 23.2 Architecture Of HDS ene BS a es BB 241 Characteristics and Features of Bigtable......... 28 242 —_Archtecture of Biglable. 28 25 Hace... er 25.1 Characteristics and Features of HBase... 28 252 26 281 262 27 274 2740) 27.408) 272 2720) 273 28 2aa 28.1(A) Cloud Based Benefis ne BAB 2.8.1(8) Staffing and Expertise. 282 Business Continuity and Disaster Recovery. 2.8.2(A) Benefits of Business Continuity Planning 2416 28.218) 28.210) 2.8.2{D) Business Continuity in the Cloud Era n= 2-25 Seer: Vewetiraticn sie ser. ‘Syllabus : inplomentaton Levels of Vitualzaton, Vitualzaton ‘Structures / Tools and Mechanisms, Types of Hyperisors, Vitualzation of CPU, Memory and YO Devices, Vitual Custer and Resource Management, ‘Virtualization for Data-Center Automation, Common ‘Standards, The Open Cloud Consort, Open Virtualization Format, Standards for Application Developers, Browsers (Ajax), Data (XML, JSON), ‘Solution Stacks (LAMP and LAPP), Syndication Atom, ‘Atom Publishing Protocol and RSS), Standards for ‘Secu 3.4 ntroduction to Virtualization nnn BA 32 Core Components of Vitualization. 32 324 322 323 324 325 328 33 334 332 333 334 335 34 344 342 343 344 345 348 35 354 352 353 384 385 356 361 36.114) 362 363 364 36.4(A) 36.48) 36.40) 36.4(0) 37 374 372 373 Physical Server / Hardware. nen 8 Virtualization Layer... Virtual Machines (VM) a Guest Operating System (OS). ‘Applications (App).. ‘Summary of Mapping Vitualization ‘Components to Cloud Computing 38 Improved Productivity and Operational Efficiency Improved Securty.. Improved Resiliency eve Challenges / Limitations of VituaZatON nna AZ ‘Could be a Single Point of Fast nae 2 [Not Everything can be Virtualized ne AZ Requires Skilled Stal. Virtual Machine Spraw ~ 3.43 Capacity Planning 6 Hat cnn MB Managing Licenses. ~ 344 Implementation Levels of Virtualization an 14 Instruction Set Architecture (ISA) Level Vituaizaton.... M4 Hardware Abstraction Layer (HAL) Level Vituai2 0. 348 ‘Operating System Level Virtualization. 345 Lary Level Viualization... 316 ‘Application Level Vituaization a7 ‘Comparison between various Implementation Levels of Virtualization. 319 Virtuatestion Structures / Tools and Mechanisms....3-19 ‘Type 1 : Baremetal Hypervisor. KOR on Type 2: Hosted Hypenis0r ‘Comparison between Type 1 and ‘Type 2 Hypenisor. — 323 ‘Types of Hardware-Level Virtualization. 323 Full Vitualizaion using Binary Translation. 3.24 (0S Assisted Vitualization or Parevitualization.....3-25 Hardware Assisted Vituali2sti09 ccm 2B ‘Comparison between Types of Hardware-Level Virtualization a7 Virtualization of CPU, Memory and VO Devices... 327 (CPU Virtualization. Memory Virtualization. VO Device Virtualization. E 'Cloud Computing (SPPU - Sem. 8 Comp) Table of Contents 38 Virtual Custers and Resource Management. 41 Services Offered by Amazon Web Services (AWS)... 4-1 381 Vetual Clusters. ore 41.1 Amazon EC2.. — ase ceca Oe Vine ae (4.1.1(A) Characteristics and Features of EC2....... oem (4.1.1(8) Creating an EC2 instance. we 30) ‘41.2 Amazon Virtual Private Cloud (VPC).. AAT 20 ‘amy accent ve 2 ‘20 Ooms a ss 2 Net ee Dey na 8 eo oo we 304 395 3.10 3404 3102 EEEEEEREEERERES Ghegeeeeeeges 42a) 4218) 4210) 422 42210) ANG BBR 430 £4302(A) Caractere Of OVE nnn te £11026) Lec of on OVF based Vitual System. a 3103 ANAK is 104 ML. “is 3105 JSON. 3:10:54) Compareon between JSON an XML on as7 1406 Solon Stack -LAMP and LAPP 38 3107 Syndeaton 444 Inodution © Load BAn6 8 SB 4.107) Realy Sinple Sypeaton (RSS). 845 | 441A) Lod Balancer Algorthms (Method, Schemes Techniques). onl 8 310716) Atom. se 444(@) Peromance Benet of using a Loed Batanoer....#-39 3:11 Standards for See nn 14 Tpot ayer seasty 3) 442 roduc to Amazon ELB Ado * one 442(A)_ Charecerstics and Features of Amazon ELB.. Suz | re ~ ‘4.4.2(B) Comparison between Types of ELB... ‘442(C) Creating and Verifying ELB. no ‘Syllabus : Services offered by Amazon, Hands-on Amazon , EC2 - Configuring a server, Vitual Amazon Cloud, AWS| ‘Storage and Content Delivery Identify key AWS options, Describe Amazon EBS, Creating an Elastic Block Store Volume, Adding an EBS Volume to an Instance, Snapshotting an EBS Volume and Increasing, | Performance, Create en Amazon $3 bucket and manage associated objects, AWS Load Balancing Service, Introduction, Elastic Load Balancer, Creating and Verifying Elastic Load Balancer Chapter 5: Ubiquitous Clouds and the Intemnet of Things 6-1 105.27 ‘Syllabus : Cloud Trends in Supporting Ubiquitous Computing, Performance of Distributed Systems and the Cloud, Enabling Technologies forthe Internet of Things (RFID, ‘Sensor Networks and ZigBee Technology, GPS), Innovative Applications of the Internet of Things (Smart Buildings and Smart Power Grid, Retailing and ‘Supply-Chain Management, Cyber-Physical System), Online Social and Professional Networking5A saa 5A.1(A) 51.108) 512 54.210) 82 53 631 532 53.210) 53.218) 53.20) 533 534 53.4(0) 53.4(0) 53.4(c) 535 53.50) 53.508) 54 55 56 581 562 56210) 58.218) 583 564 56.4(A) 57 874 Cloud Computing (SPPU - Sem. 8 - Com; (Cloud Trends in Supporting Ubiquitous Computing... 54 (Cloud Mashup ‘Advantages of Cloud Mashup. Disadvantages of Cloud Mashup . Mobile Cloud Computing — Comparison between Cloud and Cloudlet. Performance of Disibuted Systems and the Cious.. Enabling Technologies forthe Intemet of Tings. Architecture of fo os RRadio-Frequency Identification (RFID). ~ How REID Work 2 = ‘Application of RFID in oT. - ‘Advantages of RFID... Disadvantages of RFID... ‘Wireless Sensor Networks (WSN). ZigBee Technology Benefits of ZigBee nn ZigBee Technical Specifications ZipBee Architecture... Gobel Positioning System (GPS) . How GPS Works?.... {oT wth GPS Benefits of using Wireless [Network for Ubiquitous Computing... Challenges and Outlook of Ubiquitous Systems. Innovative Applications of tho Intomet of Things. ‘Smart Buildings. ‘Smart Power Grid. ‘Characteristics of Smart Power Grid. Applications of Smart Power Gideon BAD Retaiing and Supply-Chain Management (Cyber Physical System (CPS). 521 Architecture Of CPS vc ev BOA ‘Online Social and Professional Networking... 5-22 Facebook esgeger rege 5.7.4(A) Architecture of Facebook.. 872 Twiter. 57.2(A) Architecture of Titer. ‘Syilabus : How the Glood Wil Change Operating Syetoms, Location Aware Applications, Inteligent Fabric, Paints and More, The Future of Cloud TV, Future of (Cloud Based Smart Devices, Faster Te to Market for ‘Software Appications, Home-Based Cioud Computing, Mobile Cloud, Autonomic Cloud Engine, Muitimedia Cloud, Energy Aware Cloud Computing, Jungle ‘Computing, Docker ata Glance : Pracess Simplification, Broad Support and Adoption, Architecture, Getting the Most from Docker, The Docker Workflow. 61 How the Cloud Will Change Operating Systems... 64 62 Location Aware AppICEIONS ann 63 Inteligent Fabris. 62 4 64 Inteligent Paint. 85 65 67 65 The Futureof Coud TV 68 Future of Cloud-Based Smart Devices. 6.7 Faster Time to Make for Software Appications..... 7 88 Home Based Cloud Computing 69 Mobile Cows. 6410 Auton Cloud Ng) ener 6.11 Mutimedia Cus. 6:12 Energy Aware Coud Computing. 8.13 Jungle Computing 6.14 Docker sta Giance... 6.14.1 Architecture of Docker... 0.142 Building a Docker mage ous era e145 ous e147 goaA Note to Readers from the Author ‘Thank you for choosing to read this book to learn about the fascinating world of Cloud Computing, I welcome and appreciate your decision. It is with great pleasure that I have written this book for you to give you the latest and greatest and not ancestral view of cloud computing. Cloud computing is an evolving field and it matters that you read what is recent and relevant. All ‘examples, diagrams, architectures and discussions in this book are carefully provided to ensure that what you read is very much relevant even in the year 2020! Cloud Computing involves several key concepts that are crucial for your understanding and appreciating the depth of the subject. To make it easy for you to grasp the subject, I have carefully added some related reading material that, at times, you may not find listed directly in the course syllabus. Do not panic! These topics would make you exam ready as well as ready for real world. Not having a solid understanding of these topics would make it very difficult for you to understand the listed course syllabus topics. So, read on and read all. ‘Also, if you are looking to build your career in computer domain, | would suggest that ‘you retain this book for your future reference. This book is not writen only to give you pointed and limited understanding of the syllabus topics aimed at only passing the exam, This can be a ‘g00d reference aid when you are actually onthe job. Finally, T hope you enjoy reading this book and build a strong foundation and ‘understanding ofthe subject that is required for your sucess! ‘Thanks and regards, Pravin Goyal‘At the end of this unit, you should be able to understand and comprehend the following syllabus topics : = Overview - Applications = Intranets and the Cloud — Your Organization and Cloud Computing © Benefits © Limitations © Security Concems — Software as a Service (SaaS) ‘© Understanding the Multitenant Nature of SaaS Solutions © Understanding SOA ~ Platform as a Service (PaaS) © IT Evolution Leading to the Cloud © Benefits of PaaS Solutions: © Disadvantages of PaaS Solutions — Infrastructure as a Service (laa) Understanding laaS Improving Performance through Load Balancing ‘System and Storage Redundancy Utilizing Cloud-Based NAS Devices Advantages ‘Server Types. = Identity as a Service (IDaaS) co 00000 4.4 _ Introduction to Cloud Computing Before | discuss anything on cloud computing with you, it is important for you to understand the mindset of a service and what makes it different from the regular product consumption. 1.1.1 Concept Building - Consuming Services -vs- Owning Products = Let's take the example of on-demand taxi service. You must have used it at different times and across different cities ‘and would have found it to be very convenient as well as cost effective. — Let's compare it with owning a car yourselfCloud Computing (SPPU - Sem. 8 Comp.) 42 Basics of Cloud Computing ‘Comparison between Cohsuming Services -vs- Owning Products 1 |Service Provider ~ You 2. _|Maintenance, Taxes, Cleaning|Service Provider You 3._ [Fuel Service Provider lrou 4. |Overnight Parking [Service Provider You 5. [liability /Commitment [Only during the service consumption [Long-term or until Iifetime 6. _|Consumption Model |On demand, self-service via app |Always available 7._|Availability |Anywhere in the world [Only in the city you own the car 8. [Used by |Anyone in the world |Whomsoever you choose 9. [Price / iting Pay as you go (computed for actual distance Capital and Operational investment 10. [Number of cars you can use _|Nearly unlimited [Limited to cars that you own Its crucial to understand the above characteristics of service consumption. ! would be referring to this basic block of information several times throughout this unit as an analogy to explain various topics on cloud computing. You could refer Table 1.1.1 for quickly understanding the topics as | discuss them with you. 1.1.2. What is Cloud Computing ? In a nutshell, the above definition means that the cloud computing is a service consumption mindset where you consume the various information technology services without having to own the hardware required for delivering them. For example, suppose you need 5 computers. Using the cloud computing model, you can get access to those 5 computers vviaa service provider over the internet. You would be charged for the time duration for which you use the computer. Using the cloud computing technology scenario described above, 1. You did not have to buy the 5 computers yourself. 2. Youwere only charged for the duration you actually used those 5 computers. 3. Those 5 computers are accessible from anywhere (since they are provided over internet). 4. You don’t really have to worry about power, network, disk, or other hardware and operational maintenance yourself. 5 ‘Tomorrow, if you need another 5 computers, you can easily update your subscription and instantly get them. (Copyight No.~ 1862362019) | i :Cloud Computing (SPPU - Sem. 8 - Comp.) 1-3 Basics of Cloud 4.1.3. Goals of Cloud Computing Fig. 1.1.1 shows the high-level goals of cloud computing. Fig. 1.1.1 : Goals of Cloud Computing Quick time to value — Cloud computing allows you to quickly consume the IT resources and focus on key areas of your business without having to worry about managing the underlying infrastructure. — Example : You do not have to worry about how electricity is produced. You just consume it for your purpose ‘without having to think about electricity production. 2. Reduced costs — Without having to put capital investment in procuring the hardware and setting up the datacentre yourself (that ‘requires managing facilites, staff, power supply, etc), cloud computing enables you to pay for only what you use. — Example : You do not have to setup electricity production plant yourself. You just consume electricity and pay for what you use based on the predetermined tariff. ne 3. Infinite Scaling Cloud providers typically have massive amount of computing resources. These resources can be dynamically ‘consumed based on your needs. — Example : You don’t really think from consumption perspective that how much electricity you are left with in- stock. You just go on using it assuming that itis infinitely available to you. 4, Maximum availability = Cloud provides maximum availablity of computing resources. The resources are aggregated in a large resource pool. If any of the resource is temporarily out of service, itis easily replaceable by another resource without impacting the service. = The cloud service providers typically provide Service Level Agreements (SLA) with respect to the services that . they provide. The availabilty is generally referred in the industry in terms of “nines”. The Table 1.1.2 outlines . what different “nines” of availability mean, (Copyright No. L-4523672019)Cloud Computing (SPPU - Sem. 8 - Comp.) 14 Basios of Cloud Table 1. + Meaning of different “nines” of Availability __Avalabitiey 99.9% ("three nines") 8.77 hours 99.95% ("three nines five") | 4.38 hours 99.99% (“four nines" 52.60 minutes 99.995% (“four nines five") | 26.30 minutes 199.999% ("five nines”) 5.26 minutes 99,9999% ("six nines”) 31.56 seconds 99,99999% ("seven nines") | 3.16 seconds 99,999999% ("eight nines") | 315.58 milliseconds 99,9999999% (“nine nines") | 31.56 milliseconds = _ Itis not unusual for a cloud service provider to provide an SLA of “five nines” which just means a downtime of 5.26 minutes in a year! — Example : Here is the SLA from Microsoft Azure for some of its services. ‘Azure DNS We guarantee that valid DNS requests wil receive a response fom atleast one Azure DNS name server at least 99.99% of the tne View Rt detais Event Grid ‘We guarantee that Customers wile able to pubsh messages to Event Grid 98.99% of the time. For Event Hubs Basic and Standard tes. we guarantee that a least 99.9% ofthe time, properly configured applications wil ‘beable to send or reosive messages or perform other operations on the Event Hub. Fig. 1.1.2 : Example SLAs for some Microsoft Azure Services (Conyight No. —1-8623672019) id &3 Cloud. (SPPU - Sem. 8 - Comp. Rapid innovation — Cloud providers are rapidly innovating to bring new services and to deliver optimum performance at a cheapest possible cost. You directly benefit from any key technology breakthrough or any cost savings arising out of such innovation. 15 Basics of Cloud Computin = Example : If a country moves from hydro-electric power plants to nuclear power plants, the benefits are automatically provided to its consumers. The consumers need not know how a nuclear reactor works for power generation. Similarly, new breakthroughs in technologies or better ways of computing are adopted by cloud service providers and you are benefitted automatically. 1.1.4 Applications of Cloud Computing Cloud computing can be used for almost any computing requirements. There is hardly anything for which a cloud service does not exist today (as you would read in subsequent sections). For example, take a look at the broad spectrum of services provided by Amazon Web Services. Under each category there are multiple cloud services. Overall, there could be ‘more than 100 services provided by a cloud provider. Fig. 1.1.3 : Applications of Cloud Computing Following are a few common applications of cloud computing. 1 (Copytight No. —1-862362019) wv General computing : You can use cloud computing services for your general computing requirements such as hosting a website or processing digital transactions. You could fulfil all your general computing requirements. Cloud ‘computing provides various choices for you to pick the most suitable computing resource in terms of CPU, RAM, Disk and network requirements.Cioud Computing (SPP ‘Sem. 8 - Comp.) 16 Basics of Cloud Computing 2. Media distribution : Cloud computing can be used for effectively delivering media content, such as audio, video, images, documents, etc, globally. You might have used services such as Netflix, Gaana, YouTube, Spotify and other streaming services. These services often use cloud computing resources for effectively reaching out to a wider audience globally. 3. Cloud Storage : Cloud computing also provides storage resources. You can store massive amount of data (think peta bytes and above) without having to procure storage devices yourself. The data can be stored temporarily or for long ‘term. You only pay for the amount of storage you use. ‘4 Business Applications. : There are plenty of cloud services around business applications such as email, word processing, customer relationship management (CRM), point of sales applications, etc. These applications enable businesses to run various critical business services smoothly. 1.1.5 Advantages of Cloud Computing 1 Costeffective 2. Massive resources to consume (infinite scaling opportunity) 3. Lowmaintenance required 4. Lesser liabilities and commitments, 5. Quick time to value with increased focus on business 4.1.6 Disadvantages of Cloud Computing Limited flexibility and customization (services designed for mass consumption) Vendor lock-in Lower control on day to day infrastructure operations Increased burden of security and compliance high speed network connectivity ye ene 1.2 _ Origins and Influences ‘Now that you have a good handle on what cloud computing is, let me brief you upon the origin of cloud computing ‘and what were some of the key milestones and influences that lead to its development. While the cloud computing, evolution can be assumed to be from old networking, internet, general computing era, etc, let’s focus only on the relevant timelines that influenced cloud computing development instead of covering the history of computers. (Copyright No. -1-8623672019)Cloud Computing (SPU - Sem. 8 Basics of Cloud Computing 1997 1999 Cloud Saeco 2011 ‘Computing ‘Cloud 2008 Google Paradigm ‘Computing Google Docs NASA's Cloud 1997-98 2008 2007 2010 Mass. ‘Amazon 'BM,Google Microsoft adoption of ‘Web and ‘Azure Virtualization Services University (aas) Partnership Fig. 1.2.1 : Timeline of Cloud Computing Professor Ramnath Chellapa of Emory University defined Cloud Computing as the new “computing, paradigm, where the boundaries of computing will be determined by economic rationale, rather than technical limits alone.” ‘Year 1997-98: Apple created a program called Virtual PC that could run Windows OS on Mac. 1998, VMware was established, and it started selling virtualization technology which allowed to run multiple OSs simultaneously on one machine. ‘Year 1997 Year 1999: Salesforce becarie the first popular implementation of cloud computing platform. Year 2006: Amazon Web Services began providing iaaS through its compute (EC2) and storage services ($3). Year 2006: Google started delivering office software as Google Docs via SaaS. ‘Year 2007: IBM, Google and various universities came together to establish massive server farms for research Projects. ‘Year 2008: NASA provided the first open source software called OpenNebula that could be used to host Private and Hybrid clouds. Year 2010: Microsoft launched its Public cloud called Azure. Year 2011: Google launched its Public cloud called Google Cloud Platform. Hence, you find that the cloud computing has majorly evolved in the last two decades. There were other underlying technologies such as the internet which were key to demonstrating the real cloud computing feasibility. Cloud computing is ‘evolving strongly with rapid innovations every day. 1.3 Basic Concepts and Terminologies Let's list some of the basic concepts and terminologies that you should be familiar with when talking about cloud computing and the related technology. 1, Mresources: These are general information technology resources that you can consume for meeting your computing requirements. These are predominantly segregated into following categories : {@) CPUs : The CPUs can be consumed by utilizing the physical servers (machines) or virtual machines. You typically ‘order them in terms of processor family and clock speed in GHz. {b) Memory : This is the RAM that holds the working memory during computation cycles. You typically order them in Gas. {c)_ Storage: Storage disks hold the data for longer term use. You typically order them in GBs or TBs. (d)_ Network : Network refers to the various interconnections between computing points and equipment. The cloud services are heavily dependent upon high-speed networking. (e) Software : These are various kind of application programs that helps you effectively use the hardware resources. It could be word processor, calculator, browser, OS or anything else that helps you program several devices. (Copyright No. 13623672019) Ww2 3 ‘Cloud Computing (SPPU - Sem. 8 - Comp.) 18 Basics of Cloud Computir Service Providers — These are the organisations that are into the business of providing cloud services based on various market demands. — For example, Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). These providers ‘typically provide several options for cloud services (as you will learn about SaaS, PaaS and laaS later on). Subscription — Subscription is a mechanism to define your interest in consuming a service or a product. — For example, you might have subscribed for a digital TV connection or a broadband connection or newspaper. ‘Once you have a valid subscription, you are required to make continuous payment as per the terms to use the service or the product. Service Consumers ‘These could be end users or the organisations that rely on the service providers and consume the several services based on their requirements. Typically, SaaS is consumed by end users and PaaS and laaS are oriented towards organisation level consumption. ‘On-premises ‘On-premises typically means on-site. This term specifically refers to the practice of deploying IT resources within the boundaries of an organisation (in your own datacentre). Most of the cloud services are delivered over the network and are typically housed in service provider's campus. Thus cloud services are consumed off-premises (or off-site). ‘Goud Broker Like the general broker terminology, a cloud broker organisation creates and maintains relationships with multiple loud service providers. It acts as a liaison between the customers and the cloud service providers, selecting the best provider for each customer and monitoring the services. Basically, the cloud brokers help to match the various customer requirements to the right cloud service offering and acts as a middleman. Federation Have you ever used Facebook login details to login into other apps such as Book My Show? That is what precisely federation is. Federation is the act of combining data or identities across multiple systems. One of the parties (identity provider) holds the user identity and data and the relying party (service provider) consumes the identity and data over ‘the network. This way you only need to maintain your information at one place and other systems can consume that information. Cloud broker could typically play that role when federating customers with multiple cloud providers. ‘Multitenancy ‘Multitenancy is a property of the service or an application to host and support multiple clients (tenants) at the same time. Cloud providers can typically support multiple tenants at the same time in term of resource availability, performance, security and meeting service level agreements. ‘SLA (Service Level Agreement) — An SLAis contract between a provider and a consumer that specifies consumer requirements and the provider's commitment to fulfilling them. Typically, an SLA includes items such as uptime (availability), privacy, security and backup and recovery procedures. = For example, you can establish an SLA of 99.9% on a cloud computing service. Ifthe cloud provider's service is not available 99.9% of time, you can either get refund or service credits or can take actions as per the agreement. (Copyight No. 1-8623672019) W.Cloud Computing (SPPU - Sem. 8 Basics of Cloud 410. Application Programming interface (AP!) ‘Pls serve as an interface that enables users to access information from other services or applications and consume this information into their own application or as per their own requirements. The access is granted via a set of defined requests, routines and protocols. APIs are heavily used in cloud computing for automating various computing tasks ‘and consuming majority of the cloud resources. 11, Guster — A.group of similar IT resources is called a cluster. = For example, a group of machines can be called as a compute cluster. A group of storage systems and disks can be called storage cluster. Clustering systems helps to distribute the load proportionally on the resources in the luster. — For example, if you get 50 queries per second and you have 5 serves in a cluster, then each server can handle 10 ‘queries. The response is not only faster this way but also cost effective since you don’t have to invest in very ‘expensive hardware that has large serving capacity. 12. Scalability Scalability is the ability ofa process, system, or framework to handle dynamic demand. A scalable system is adaptable to both increasing as well as decreasing demands. The ability to scale on demand is one of the biggest advantages of cloud computing, At a high-level, scaling is of two types as shown in Fig. 1.3.1. ‘Types of Scaling () Vertical Scaling (2) Scaling Up } (6) Sealing in Fig, 1.3.1 : Types of Scaling (1) Vertical Scaling (a) Sealing up In scaling up, you add more hardware resources to the same equipment improve performance and handle demand. — For example, ifa server has 8 GB of RAM and you increase the RAM to 16 GB to boost performance, this is called scaling up or vertical scaling, (Copyright No.-1-8623672019)PU - Sem. 8 - Comp) (b) Scaling Down ~ In scaling down, you remove the extra hardware from the same equipment which is not utilized. ~ For example, ifa server has 16 GB of RAM and historically RAM consumption was just 25% (4 GB), you can take out, say, 8 GB of RAM from it and use it somewhere else as needed. This helps us to re-orient the hardware and ensure adequate utilisation. (0) Horizontal Scaling {2} Scaling Out : n scaling out, you add a greater number of similar hardware equipment and form a healthy cluster ‘that can distribute the workload and match the performance with the increasing demand. For example, if there ‘was just one server and you add another server that has similar specifications, it is called scaling out. {(b) Scaling in = In scaling in, you remove a few similar hardware equipment when the demand is decreasing. The ‘luster stil runs healthy as it has enough resources to meet the current demand. If the demand again picks up, scaling out could be performed to add more resources to the cluster. Table 1.3.1 : Scaling Methods 1_| Sealeup Increases _| Switch to more powerful hardware 2 | Scaledown —_| Decreases | Switch to less powerful hardware a. | Scale out Increases | Add more of simitar equipment 4. | Scalein Decreases | Add less of simitar equipment ‘The Table 1.3.2 summarises the basis differences between Scaling Up / Down and Scaling Out / in. ‘Table 1.3.2: Comparison between Scaling Methods 1 | Costistigh Costis Low 2._| Complexity is tow Complexity is High 3. _ | Cluster not mandatory Cluster mandatory 4. _| Distributed system not mandatory | Distributed system mandatory 4.4 Security, Risks and Challenges in Cloud Computing Securing your cloud resources is quite different from regular datacentre security. You are moving your resources outside the boundaries of your own organisation and thus it requires careful planning and attention to details to ensure ‘that your cloud resources are adequately secured. 4.4.4 Concept Building - Shared Responsibility Model = Before | discuss risks and challenges in the cloud computing, itis important to understand why cloud computing risks and challenges are different from the traditional on-premises datacentres. — Based on the type of cloud service you choose to consume, there are certain activities and obligations that the cloud provider performs while there are certain activities that come as your duties. Unlike the traditional datacentres where ‘you were responsible for everything from physical to application delivery, in the cloud model, the confusion pertains ‘to who does what. How much are you responsible for and what responsibilty does the cloud provider take. ‘Copyright No. 1862362019) v. aFig. 1.41: Shared Responsibility Mode! The Fig. 1.4.1 is taken from Amazon Web Services. — Note the key difference between the responsibilities : © AWSis responsible for security OF the cloud © Customer s responsible for security IN the cloud ~ Cloud providers are typically responsible for managing and securing the underlying hardware and datacentre and operations. Anything above the service software layer is customer's responsibility. Customers cannot blame cloud providers for their responsibilities, and they must take adequate steps to perform what is expected of them. — Example : Suppose Microsoft releases a security patch for Windows 0S. Releasing a security patch to fix the security holes in a timely manner is Microsoft's responsibility, But, once the patch is out, and you don’t apply it and eventually your system undergoes a cyberattack, its not Microsoft to be blamed. You were supposed to install the patch, but you falled to do so. That is what precisely is the shared responsiblity model. You and cloud provider jointly can make cloud computing environment secure and lessen the risks. 1.4.2 Cloud Security Risks and Countermeasures saute = There are several cloud security risks. Some of them are specific to cloud computing while many are traditional ‘security risks associated with computing which continue to exist even for cloud computing, Just because you are using, ‘oud computing, the typical and traditional computing risks such as buffer overflow do not disappear. Fig. 1.4.2: Total Cloud Security Risks = We will only focus on some of the major cloud security risks which are specific to cloud computing and not general ‘computing issues such as disk failure, network failure, equipment failure, etc. (Copyright No. —1-8623672019) wr1 Basics of Cloud Com Fig. 1.4.3 : Cloud Security Risks Loss of Govemance Governance is the way an organisation administers its policies and day to day operations. When you choose loud computing, you also let go quite a few controls over its administration. For example, when you take a cab, ‘you do not have administrative capabilities over it such as which insurance policy the car has, the car interiors, the car service and its maintenance. The cab driver or the cab service provider dictates what service standards a ‘car must maintain for its operations. — Similarly, the cloud service provider is responsible for governance of the cloud. You do not have much flexibility ‘over the way the cloud service provider operates. The cloud service providers though maintain the best possible ‘and industry-accepted standards to ensure that your security needs are adequately taken care off and their platform and services continue to be attractive to you. - Another challenge with loss of governance is that it is extremely easy to consume cloud computing resources. All It takes is creating an account with the cloud service provider and updating the billing and payment information. Unlike the traditional datacentre setup process which used to go through several hierarchies for approval, in loud computing the individual users or departments can setup their cloud accounts of their own and senior ‘management may not be completely aware of such a purchase and usage. The risks associated with such a usage ‘may not be accounted for at the organisation wide level Countermeasures for Loss of Governance (Contracts : The primary countermeasure for governance in the cloud is the contract between the cloud service provider and the organisation. Refer to the shared responsibility model that you learnt earlier. When dealing with ‘loud service providers you need to define the roles and responsibilities between your organisation and cloud service Provider. The contract gives an assurance that the cloud service provider would do what has been mutually agreed ‘between it and your organisation. ‘Some of the agreements on the contract could be around {a) Service Level Agreement (uptime of the service, time to repair, support, etc.) (b) Supplier management (Copmtghe Na. —1-8623672019)Cloud Computing (SPPU - Sem. 8 - Comp.) (©) Clear roles and responsibilities (d) Use of technologies to provide solutions (e) Right to investigate the cause of a security breach (f)_ Right to review cloud service provider's security program and documentation (@) Ri Basics of Cloud Computi t to evaluate the overall provider, such as finances/stability, reputation, and outsourcers (h) Right to carry out penetration testing on the resources corresponding to organisation's account (i) Lega jurisdiction incase of any legal liabilities arising out of cloud usage (i) Risk Management and Planning : You should include cloud usage as part of your overall risk management and planning process. You should have a clear plan on managing the risks arising from cloud resources. (iil) Compliance Reporting : Compliance refers to an organisation's responsibility to operate in agreement with established laws, regulations, standards, and specifications. Various types of security and privacy laws and regulations exist within different countries at the national, state, and local levels. ‘An organisation could ask for a detailed audit report proving that the cloud service provider is following the compliance requirements as needed by the organisation. Compliance assessments are independently done by auditors and could be taken as a proof that the cloud service provider is adequately meeting the requirements defined ina particular standard. Most ofthe cloud providers have proven compliance against several standards to make them attractive to various industries. For example, following are some of the various compliance programs that Amazon Web Services (AWS) has fulfilled. ‘Globet 27001 27677 27018, CSA Se. 5 Soran Soasire Somes Signe Soran to Stranesston se Sinaesaoe se Sunarasstan esa 180 9001 #80 27001 18027017 180 27018 Cloud Secutty Global Qualty Security Management Cloud Spectic Personal Dota JAlfence Controls Standard Controls ‘Controls Protection oma PCIDsS Levelt SOC1 soc2 003 Payment Card Audit Controls Securly, Availabilty, General Controls ‘Standards eport ‘and Confidntaly Report Report Fig. 1.44 : Global Compliance Programs ‘Copyrieht No. —1-862362019) Wet14 Basics of Cloud Comput oS FedRAMP @ «= DoD SRG FedRAMP FERPA Crimalusico DoD Data Poseesing Govern Dala tvatonal Privacy rane Information ‘Standards Intttions Services Regulation eS eisma so HIPAA. @) FISMA HIPAA Goverment Federaifomation Guay Guldelnes Protiedeath Intonation Ame Securty ‘Secutty ‘and Flegulations Information Hogulations| b Standards Management men NIST SEC Rule \VPATISection # National Insttute of 47a-4(f) 508 # Protected Media "Standards and Financial Data Accessiblity Content “Technology ‘Standards Standards Fig. 1.4.5: United States specific Compliance Programs 2 Locktn — As an organisation, when you start to build your business around cloud service provider's resources and capabilities, you could face the lock-in situation where you could find it difficult to switch the resources to a different cloud provider or your own datacentre. — Example : Before Mobile Number Portability (MNP) came in, your mobile phone number was tied to a specific telecom service provider. if you needed to retain your number for whatever reasons, there was no choice other than to continue with the same telecom service provider irrespective of whether its service was good or not. ‘Security Risk related to Lock-n Lock-In could potentially have security risks as well. (i) temight be difficult to move your resources quickly if there was a breach on the cloud service provider side. (You may not be able to recover all your data when you plan to migrate to a different provider. (Copyright No.~L-8623672019)‘Cloud Computing (SPPU - Sem. 8 - Comp. 15 Basics of Cloud Computing (li) tf the cloud service provider is experiencing outages or downtimes, there is no way you can get those cloud resources for your business. This could mean loss of availability for your own business and impact business continuity. (iv) Your task force may be competent or skilful in operating with one cloud provider and you may need to re-skil them or hire new talent when you move to a different cloud provider. This could make your transition journey painful and again impact availabilty for your business. Countermeasures for Lock-In () Contracts : You should specifically have agreements regarding lock-in in the contract between your organisation and the cloud service provider. This could be a clause mentioning the help from the provider when you need to move your data and application. There should not be specific restrictions applied when you try to exit. (i) Mutti-doud or hybrid approach : Instead of locking down all the resources and skills with one cloud service provider, It is better to choose a hybrid approach where you continue to operate a part of your business in-house and a part distributed with multiple cloud providers. This way you could leverage the skills and resources across multiple cloud service providers and need not be locked-in with one. 3. Isolation Failure — Cloud services heavily rely on hardware and software based virtualization. The hardware at the cloud service Provider's datacentre is not used to host just one organisation (or tenant). Multiple tenants share the same hardware and are separated from each other using software isolation techniques. isolation protects the tenants from seeing or impacting resources assigned to each other. Isolation is applied at the virtual machine, storage, network, routing and pretty much anywhere thats within a tenant's scope. = _ If this isolation were to fall for whatever reason, the resources of one tenant could be entirely exposed to ‘another. This could be business secrets, networks, critical user data, storage or machines processing customer transactions every second. The isolation could fail due to hypervisor vulnerabilities, vulnerabilities at any other software layer or could be an implementation error from the cloud providers side. Such an isolation failure could damage the cloud provider's reputation and trust and may severely impact its users (tenants). ~ However, note thatthe likelihood of such an isolation failure is extremely low. The technologies used inthe cloud are time tested and regularly examined to ensure that they are operating as expected. Countermeasures for Isolation Failure ‘There may not be any other countermeasure than to ensure that you are using a reputed cloud service provider. You could examine the isolation techniques it uses for providing various services and resources and ensure that the compliance requirements are fulfilled with respect to the isolation guarantees. 4. Proving Compliance Irrespective of what technology an organisation uses, it cannot transfer its responsibility of compliance management to the vendor. Various industries are subjected to various regulatory controls under which they need to mait suitable security standards of operations. Compliance requirements are governance objectives that an organisation Uses to ensure that its operations are in good shape. jin a (Copyright No. 1-8623672019)Cloud Computing (SPPU - Sem. 8 - Comp.) Common Regulatory Standard ‘Some of the common regulatory standards are as following : Basics of Cloud () Payment Card industry Data Security Standards (PC! DSS) : Used to protected card holder data (i) Health insurance Portability and Accountability Act (HIPPA) : Used to protect health information (International Arms Regulations (ITAR) : Used to protect defence technology = Compliance regulations are jurisdiction based (location based). So, f you are in India and use cloud services from United States, will cloud provider help you maintain and prove compliance regulations of India? If the law prohibits exporting and storing citizen’s data in a different country, will the cloud provider help storing the data within the country? Those are the questions to evaluate when choosing a cloud provider. The compliance requirements, that an organisation is subjected to, must be fulfiled irrespective of what technology it uses. = Uke security, proving compliance is a shared responsibility between the cloud service provider and the cloud ‘consumer (tenant or the organisation) as shown in Fig, 1.4.6. =-@ Fig. 1.4.6 : Compliance in the cloud = Both must work together to provide an assurance that the overall compliance objectives are met. There are certain responsibilities that the provider needs to comply with {for example, securing the datacentre or using secure isolation technologies) and there are certain responsibilities that remain with the tenant (for example, applying patch on the cloud virtual machines and configuring the cloud account with multifactor authentication). Countermeasures for Proving Compliance (i) Make compliance as part of the evaluation criteria when choosing a cloud service provider : When evaluating coud service providers, ensure that the compliance requirements, that your organisation is subjected to, are achievable when you consume services from that particular cloud service provider. Prefer cloud service providers that are already compliant. (li) Identify the scope of compliance : All cloud services may not meet the compliance objectives. You should be particular about which cloud services are certified to meet compliance requirements and which do not match the compliance requirements. Use only those services that are explicitly certified to meet the required compliance objectives. (iil) Contract : Clearly specify the compliance requirements and obligations in the contract between your organisation and the cloud service provider. Clearly articulate clauses such as the roles and responsibilities, frequency of compliance ‘audits, obligation to provide compliance evidence, reports and certifications in the agreement. Such key clauses ‘should be negotiated, and your organisation and the cloud service provider must mutually agree to honour them. (iv) Engage with right auditors : You must engage with the right auditors who have experience in auditing for cloud based environments. Auditors can clearly set the scope of audit and help you identify gaps in meeting compliance objectives. (Copyright No. 1-8623602019)Basics of Cloud Com, your own datacentre, cloud resources are generally consumed over the public network and stored with the data of other tenants. Data is critical for ensuring business continuity. If your organisation is placing sensitive and regulated data in the public cloud, It should be kept secured at all the times —data in transi, data at rest and data at use, = Any exposure of sensitive or regulated data could be detrimental to your business and may impact your business ‘eputation. You will laarn more about data protection in cloud later in the chapter. Countermeasures for Data Exposure o i) Enerypt Ensure that your data is encrypted during transit and at rest. No part of data at any time should be transmitted or stored in cleartext. Sniffing, spoofing, man-in-the-middle attacks, side channel and replay attacks are the traditional threat sources that continue to be relevant in cloud computing. ‘Access Control Ensure that only the authorised entities have access to data, and it is not exposed publicly. Define information security Policies for data classification and access control policies for limiting the exposure of data. Backup — Data can be lost due to accidental deletion, natural disasters or human error. It is crucial to ensure that the data is adequately backed up and could be successfully restored whenever needed. — Cloud service providers have proven resiliency (ability to recover) for enduring any loss of data. But, you should hhave backup of your data as well in case the data is lost. Cloud service providers typically have backup solutions that can give you even geographic level redundancy. — Example : Ifyou are in india, your data can be backed up in London or any other region in the world. Malicious Insider / Disgruntied Employees Though this looks ike a traditional computing ris, itis relevant for cloud computing environment as well because ‘you now have to consider the malicious insider (disgruntled employees are angry employees of the company) at ‘cloud service provider side. Users, that support cloud operations and ensure that the cloud services are up and ‘running, have administrative rights over the system where your cloud resources and data may be residing, These administrative users can be targeted for social engineering or might tum malicious of their own and can then potentially destroy your resources or expose your data = Another viewpoint to look at the insider threat is that it does not always involve malicious actors. Insiders might not necessarily be malicious. Sometimes, they can just do the wrong thing unknowingly as part of getting their Job done. For example, they might forget to delete the temporary copy of your data or copy the encryption keys ‘toa public location. — Note here that a malicious insider may not always be the cloud service provider's employees or contractors or third parties. It could be other tenants as well who might carry out malicious tasks on the shared systems. Effective isolation is crucial to ensure that one tenant's activity does not impact the other. (Copyright No. 1-8623672019)Cloud Computing (SPPU - Sem. 8 - Comp.) Basics of Cloud Countermeasures for Malicious insiders o (Copyright No. L-862362019) Review cloud service provider policies = You should review the cloud service provider's policies on background checks, hiring, training and how it plans to protect your data and resources from malicious insiders. There should be segregation of duties and roles and no insider should have too much access to carry out everything by herself. Additionally, the cloud service provider should provide effective logging, monitoring and auditing capabilities to review administrative actions carried out ‘on your resources and data. — Even though insiders might have administrative access to the system, they may not necessarily have a direct ‘access to your data and resources. The actions on the resources could be of purely administrative nature without providing access for interacting with the resource itself. For example, an administrator can work with the virtual ‘machine but may not have login rights to the OS running inside the virtual machine. Similarly, the administrator might maintain the database but may not have access to run SQL queries. So, you should ensure that you have placed sufficient access control around your resources and data. Maintain your own keys wherever possible Wherever possible, maintain cryptographic keys and secrets yourself instead of letting the cloud service provider ‘manage them for you. You can then be assured that the data is protected and is useless to anyone without access to keys. Insufficient IAM (Identity and Access Management) Controls Like your traditional datacentre, Identity and Access Management (IAM) is crucial in cloud. Unlike your datacentre, where the resources are housed inside your organisation's premises, the resources on cloud are accessible over public networks. Without sufficiently strong identity and access management, those resources ‘could be accessed by anyone in the world. = Example : The IP addresses used by the cloud service providers are well-known. Take a look at Fig. 1.4.7 snapshot ‘where you can download the entire IP range used by Amazon Web Services (AWS). eas Ser gq | nes tease ranger Sen 2 LESS ica tandoori pcan = | = ~ [= Fig. 1.4.7 : AWS IP Address Ranges.Cloud Computing (SPPU - Sem. 8 - Comp.) 19 Basics of Cloud Com, Now, an attacker can go through the entire IP range and find out resources that are not protected by trying out the various exploits. if you haven't protected your resources using strong identity and access control mechanisms, then those resources can be accessed and further exploited for known vulnerabilities. Countermeasures for Insufficient IAM Controls () Set 1AM controls ‘There is no better countermeasure than setting good IAM controls around your cloud resources and data. Be specific ‘and provide minimal rights required for the entities to carry out the required tasks ~no more, no less. Understand the various IAM controls provided by the cloud service provider and understand the best practices around setting those 1AM controls. Use strong IAM controls such as multi-factor authentication and strong cryptographic keys. (i) Review IAM controls, Use products, solutions or processes to review the permissions and various access rights assigned to the cloud resources. An overall view of “who can do what” can go a long way to ensure that your resources are adequately protected. Entities that no more require access should be removed. 8. Insecure Interfaces and APIs Most of the cloud resources and data are consumed using the cloud service provider's user interface or the APIs {Application Programming Interfaces). These interfaces must be secure to ensure the availability of cloud services. The interfaces must require authentication for any entity requiring access and then allow the entity to access only those ‘resources and data as itis authorised to. It is cloud service provider's responsibilty to ensure that these interfaces are ‘adequately secured and periodically tested for any vulnerabilities. ‘Countermeasures for Insecure Interfaces and APIs ()_ Follow the cloud service provider's guidelines and best practices : You should follow the guidelines and best practices recommended by the cloud service provider to ensure that you are using the interfaces securely. Avoid things like (2) Storing your cloud account password in your browser, (b)_ Writing your cloud account password (€) Putting secret keys into your code (i) Use strong IAM controls : Use strong IAM controls appropriate for the interfaces. For example, not everyone might require accessing APIs. So, allow only selected users to have access to resources and data using APIs. Similarly, the users that have API access might not require access to the user interface (UI). If so, restrict their UI access. Another ‘example could be that your cloud application users might require data access only using your application and not directly. in that case, do not provide access to the data via any of the interfaces (UI or API). Only allow the users to ‘access the data using your application and provide API access to only the application to read or write the user data. (Conyriht No. —1-8623672019)W cow ‘Sem. 8 - Comp, 4.5 _ Roles in Cloud Computing NIST identifies a conceptual reference model for key roles and their activities inthe cloud a shown in Fig. 15.1. Fig. 15.4: Fig. 4.5.2 : Roles in Cloud Computing 4. Cloud Consumer This can be a person or an organisation that has established a relationship with the cloud provider and uses the cloud services to consume resources for carrying out several computing activities based on the business requirements. — Example : It could be you or your company. 2. Cloud Provider = This is typically an organisation or entity that develops and provides various cloud services to its consumers. The ‘services could include compute, storage, network, database and several others. Example : Amazon Web Services, Microsoft Azure and Google Cloud Platform. (Copyright No. L-862362019)‘Cloud Computing (SPPU - Sem. 8 - Comp.) 421 Basics of Cloud Com, ‘Cloud Auditor — Aloud Auditor could be an individual or an organisation that conducts independent and non-partial assessment of cloud services, cloud operations, cloud security, cloud performance and other key aspects of delivering and ‘consuming cloud services. — Example : Companies such as Deloitte, EY, KPMG and PwC are reputed top 4 firms that provide various audit related services. 4 Cloud Broker = Aloud Broker is the middleman or the organisation that helps to negotiate deals between Cloud Consumers and Cloud Providers and establish business and service level agreements. Many a times, Cloud Brokers provide miscellaneous services such as management, tuning, performance and setting up cloud services for the consumers. = Example :Infosys’s Cloud Ecosystem Hub. 5. Cloud Carrier — These are organisations that provide connectivity between Cloud Consumers and Cloud Providers. These are specialized network providers that help you setup your cloud access without having to go through the internet. ‘The cloud carriers have their own leased lines to the cloud providers that could be used to deliver cloud services to you without touching the internet for the most part of it. — Example : AT&T and Vodafone are Cloud Carrier partners for AWS Direct Connect. 1.6 Boundaries in Cloud Computing — There are several boundaries to be considered for cloud computing. It is important to understand that these ‘boundaries help to define isolation of resources and several operations required for cloud computing, Let's discuss boundaries in cloud computing as shown in Fig. 1.6.1. 1. Organisational Boundary 2. Cloud Provider Boundary ‘3. Trust Boundary Fig. 1.6.1 : Boundaries in Cloud Computing (Organisational Boundary Organisational boundary is the logical perimeter (not Physical perimeter or fencing) of IT resources which are within ‘the organisation's premises and within its control. The organisation owns the resources. 2. Cloud Provider Boundary ‘Cloud Provider's Boundary defines the logical perimeter of cloud-based IT resources. You typically use the network to ‘access such resources once you have a valid subscription. Cloud service providers safeguard their boundaries from ‘malicious users to ensure authorised access only. (Copyright No. -1-8623672019)Cloud Computing (SPPU - Sem. 8 - Comp.) 4:22 Basics of Cloud Computing 3, Trust Boundary Trust boundary defines the logical perimeter within which you can consume IT resources. Once you have a valid subscription, you extend your trust boundary to include cloud resources along with the resources that you own. Once you have established the trust boundary, any IT resource within it is available for your use. 4. Jurisdictional Boundary From legal perspective itis important to realize the actual physical location of the resources. For example, if you as a user in Pune commit a crime using cloud resources in Mumbai, which jurisdiction would prosecute you? Jurisdiction boundaries and legal agreements help to define such areas and you should consider them carefully. 4.7 Cloud Characteristics ‘As per NIST, there are five essential cloud characteristics as shown in Fig. 2.7.1. Fig. 4.7.1 : Cloud Characteristics Let’s understand each one of them in detail. Also, refer to the taxi service example shared earlier in this chapter to build the concepts. 4.7.1 On-Demand Self-Service — This is perhaps the most important characteristic of cloud computing. % ee = ttrmeans that whenever you desir to acquire information technology resources, such as computers, storage, network, applications and several others, these resources are available for immediate consumption. You don’t require to procure hardware, provision the servers, install and deploy applications or carry out any placement or maintenance planning before consuming the resources for your requirements. ~ Drawing our analogy to taxi services, whenever you need a taxi, you pull out your smart phone, open the taxi app, choose from and to locations, choose the type of taxi you want, confirm the fare for that trip and done. A taxi comes 10 pick you up and drops you to your chosen desired location within minutes. Now, compare that with you having to ‘buy a car to go from location to location B. I takes several days before a car is actually delivered to you, you need to know driving, you should have license, you should know the route and you should be able to plan maintenance and ‘other operational requirements. There isa clear distinction between the first on-demand self-service model -vs- you hhaving to buy a car. (Conrigh No. L-sez362019) aCloud: sPPU - Sem. 8 - Comp.) 423 Basics of Cloud Com, = On-demand (Whenever you need it) and self-service (you book it for yourself via internet) are thus very essential to delivering information technology resources via the cloud computing model. Cloud computing model enables you to ‘consume the resources instantly without having to own the underlying hardware or take operational headaches. 1.7.2 Broad Network Access ‘The IT resources that you wish to consume are delivered over the internet. Internet is widely accessible via means of ‘several devices such as laptops and smart phones. Thus, cloud computing model enables you to consume the resources {from anywhere instead of tying you to a particular location or mech 1.7.3, Resource Pooling — The above definition might sound convoluted but, in reality, itis extremely simple to understand. Let’s go back to our taxi service example. As you know, there are thousands of taxis that a service provider has. You may get any taxi when you book a taxi. What actually happens when you try to book? Your request goes to the taxi service provider and a taxi ‘nearest to you is chosen from the entire set of taxis that a service provider has. This entire set of taxis is collectively ‘called a resource pool. One resource pool can have multiple resources, — Bxample : A resource pool in Pune City would have different set of taxis than the resource pool in Mumbai City. All users like you would be served from the same resource pool in a particular city. — _ Drawing from the above analogy, the cloud computing service provider has a wide resource pool of IT resources such ‘as CPU, Memory, Disk and Network. This resource pool is used to serve multiple users. In cloud computing world, a User or a company consuming the cloud resources is called a tenant similar to tenants in the rental apartments. Hence, from the NIST definition of Resource Pooling, the following points are evident. (0 Cloud providers aggregate the IT resources into a large pool (ii) This large resource pool serves multiple users (or more accurately multiple tenants) ‘The resources from this pool are dynamically assigned to the tenant based on her demand (Iv) Except higher level location sense (similar to taxis in Pune or Mumbai), the tenants are not aware of where the resources are exactly located in a resource pool (¥)_ Finally, once the tenant is done with consuming the resources, the resources are then returned to the resource oo! for consumption by other potential tenants. For example, if you subscribed to 20 GB of hard disk and if you ‘no more need it after 3 days, you release your subscription and that 20 GB of hard disk size is returned back to tthe disk resource pool for subscription and consumption by any other tenant in future. (Copyright No.-L-8623672019)Basics of Cloud. = The term elasticity refers to the stretch-ability. Assume that you have a rubber band, it can be pulled at both the ends without breaking it. The rubber band is then said to have elastic property. = Similarly, the cloud service provider has a large resource pool. Suppose, you initially subscribe to 100 GB of hard disk ‘and then after a few days you need another 500 GB. Your subscription can be immediately updated to give the extra resources that you need without taking any hassles. In case you want to return 300 GB from your total subscription of {600 GBs, you can do that effortlessly as well. =. So, in a nutshell, rapid elasticity of cloud allows you to dynamically change and adjust your cloud resource ‘consumption based on your needs. You are not stuck on choosing one set of resource subscription and then facing inflexibility as your demand grows or comes down. = Thisis easy to understand. Any service model is billed on the actual consumption of resources. Cloud services are no different. Like the taxi fare that you pay based on the type of taxi distance travelled and the time of the day, similarly cloud services are billed according to what you have subscribed to and consumed. You are not directly or additionally charged for any hardware or any other operational costs associated with providing the services to you. If you ‘consumed 5 hours of computing, you are billed for 5 hours. No more and no less. — Hence, the cloud providers have a mechanism to measure the services provided to you and then charge you hased an that measurement. Different types of resources are billed differently. For example, CPU is billed according to its clock speed and the family of micro-processor that you subscribed for whereas RAM is billed in terms of its size. There could be other billing parameters that a cloud provider may choose to use to calculate your bill. For example, the specific location of the resource pool from where you are demanding the cloud resources. Cloud providers typically provide a catalogue (menu) of services avaitable with them along with the pricing information respectively. ‘Copyright No.—L-462362019) bka ;PPU - Sem. 8 - Comp) 1:25 Basics of Cloud Computin 1.8 Cloud Delivery (Service) Models Cloud delivery or service models provide the way in which the cloud services can be consumed. But, first, let's understand the general service delivery concept. 1.8.1 Concept Building - Service Delivery Models — The cloud-based IT resources are so much varied that you need to segregate them into three broad categories based ‘on how they are delivered by the cloud service provider. — Before you jump into understanding the cloud delivery model, lets understand scenario of living in an apartment. ‘What options you have? 1. Fully furnished apartment with all amenities set : In this scenario, you just bring your personal stuff and start living. ‘You don’t have to fix lightings, setup kitchen, buy furniture or fix other amenities required for a comfortable living. ‘Your liabilities are just your personal belongings. You don’t own any of the fittings that you gat and most likely you are ‘not allowed to change anything such as furniture or fittings in the apartment. 2. Semifurnished apartment : inthis scenario, the landlord (or the service provider) gives you the basic living structure, ‘plumbing, electrical wiring, etc. done and you need to setup other amenities as you want such as geyser, sofa, tv, etc. Your liability is no more towards only your personal stuff, but you also own other things that you setup out of your pocket. You have higher flexibility than the full furnished apartment in terms of designing your living space. 3. Unfurnished apartment : Here, you just get walls and the underlying foundation infrastructure. You need to setup everything yourself — plumbing, electrical wiring, drainage, etc. This scenario requires quite a bit of work before you ‘can start enjoying a comfortable living. Usually, you don’t go for this option until you are planning to stay there for a longer-term such as 20 years of lease. This model is typically used by shopkeepers where the landlord gives only a vacant shop space and the shopkeeper than designs the layout of the shop. Lighting, seating, shelves, counters and other required facilities to suit his business requirements. Table 1.8.1 : Comparison between Fully, Semi and Unfurnished Apartment [Sr.No-| Comparison Atibute | Fully furnished Semifumished | E 1. |Whatyoubring? Your personal tuft [Your personal stuff + otherlEverything except core building! lamenities as you like infrastructure 2. [Fexibiteyto change least [somewhat flexible exible 3. [investment required [least [ro some extent Signin 4 [rent charge highest Medium tow 5. tsbitty /Commitment [Could be short term [Could be short or medium term [Long-term 1.8.2 Cloud Service Models Now that you have a fair idea of service delivery models, let's understand cloud delivery (service) models. As per NIST, there are three cloud service models as shown in Fi {(A) Software as a Service (SaaS) (8) Platform as a Service (PaaS) (C) infrastructure as a Service (1aaS) Fig. 1.8.1 : Cloud Service Models (Copyright No. —1-3623672019) WhittsPPU - Sem. 8 - Comp.) 1.8.2(A) Software as a Service (SaaS) = Very much like your fully furnished living option, SaaS delivery model Is the turnkey solution provided by the service provider. The user just has to bring her data and can start consuming the service instantly. Users do not require to maintain the underlying infrastructure, For example, Dropbox. if you are using Dropbox to store your personal files or hackup, you just worry about your files. Neither you worry about Dropbox service development and deployment and neither the hardware nor the datacentre where the Dropbox service is running. Other several examples are mobile apps such as Facebook, WhatsApp, Instagram, Twitter and various others. These vendors just make the software available to you for consumption. You don’t really have to do anything else except to create your profile (bring your data) and start using the service. — Fig. 1.8.2 depicts the respective responsibilities of cloud service provider and the customer (user or consumer) in SaaS. cpacaa | corn FE cee | same | Fig. 1.8.2 : Shared Responsibility Model in SaaS (Copyright No.~L-862362019) 1 OR TTS TSFCloud Computing (SPPU - Sem. 8 - Comp.) 427 Basics of Cloud Comy Advantages of SaaS Following are the advantages of SaaS. 1. Immediate consumption : the user requires to do very minimal job before consuming the service. This is self- explanatory. You don't really need to make any changes to services before consuming, These services are immediately available for consumption. 2. Lower cost : The user need not setup the costly resources herself. At a very minimal cost, the desired IT resources are available. Imagine if you had to setup Instagram software yourself? tt could be complex and require significant hardware resources and manpower. Instead, you just prefer to use the service based on your lifestyle. 3. Quicker upgrades : when a new version of the service is avalable, the user can use it without much disruption. The entire deployment and testing lifecycle are performed by the cloud provider before rolling out the upgrades to the Users. Did you have any hassles when Google updates its Gmail service? Not really, right? 4, Massive Scale : Suppose, you have a requirement of 2 TB of storage. SaaS storage providers could give it to you in a moment's time. They have large pool of resources which can go to any scale (imit) depending upon the consumer demand, 5. Widely Accessible : You can use the service from nearly anywhere in the world as long as you meet the connectivity requirements. You are not tied toa particular location or a hardware when using the service. You can use the service via Mobile Phone, Desktops or Laptops seamlessly and get a similar experience. For example, you could use Google Drive to backup files from your phone as wel rom your laptop. Disadvantages of SaaS Following are the disadvantages of SaaS. 1. Lack of control / inflexibility : You cannot really make modifications to the service. You would need to consume the service the way itis designed for mass consumption. Individual or selective customisation in service features is seldom possible. 2. Requires regular connectivity : SaaS is provided over the internet. A regular connectivity is thus required to consume the service. For example, you cannot really use Google drive if you are offline to backup data from your phone. However, some of the vendors are coming up with innovative solutions that allow the service to be temporarily used ‘when offline and restore the service experience as and when the connectivity is re-established. 3. Vendor lock-in : How easy it isto move your WhatsApp chat to Telegram? How easy itis to move your Facebook data ‘and history to a different application? t's tough, Isn't it? This is called vendor lock-in problem. The lack of vendor's support to let users migrate from its application to another vendor's application leads you to a locked-out state. There isno easy way, at times, to switch from one SaaS service to another. 4. Security and privacy concerns: Have you heard ofthe Facebook data leaks? Imagine ifthe service that you are using ‘gets compromised by a third party or a malware. All your personal and private data could be exposed to almost anyone on the internet. You heavily rely upon the service provider to secure and keep your personal data private. You 40 not have much say in how well your data is treated within the service. (Copyright No, 18623672019) OesPPU - Sem. 8 - Com 1.8.2(B) Platform as a Service (PaaS) Basies of Cloud Com — The above might read convoluted to you. Allow me to explain. PaaS is mostly used by the software developers and is ‘not meant for consumption by direct software end users. Before cloud era, software development was tied to the developer's desktop or set of machines where she used to code and test her software. Increasingly the software became complex and developers needed various kind of software development environment where they could effectively develop and test and run their software. That is precisely the problem that PaaS solved. = The cloud providers provide software development environment that are easy to setup quickly and many a times automatically and thus avoiding manual labour drastically. Developers require various kind of support for software development such as programming languages, libraries, and various types of software development tools such as a text editor. Some of the examples of PaaS are Force.com, Amazon RDS, Google App Engine and Red Hat Openshift. — Fig. 1.8.3 depicts the respective responsibilities of cloud service provider and the customer (user or consumer) in PaaS. Fig. 1.8.3 : Shared Responsibility Model in PaaS Advantages of PaaS Following are the advantages of PaaS. 1. Quick availability of the development environment : PaaS helps to setup the development environment most rapidly. It houses a set of pre-built packages, tools, libraries and various developer-oriented resources that alds her to quickly focus on software development and produce quality software. 2. Lower cost of development : As the cloud provider makes various tools and libraries available at no separate and ‘extra charge, the overall cost of development is low. Some of the tools have expensive licenses. Cloud provider provides such tools without you having to procure your own license to use such tools. (Conight No. —1-862362019) Vent PPE a kW cioud Computing (SPPU - Sem. 8 - Comp) 4.29 Basics of loud Computing 3. Up-to-date development infrastructure : The cloud provider ensures that the development environment stays up-to- date and necessary libraries are upgraded time to time. The developer need not worry about upgrading this development environment and be on the top of everyting. She can continue to focus on her application development and maximize her development time without having to upkeep the underiying environment. ‘4, Massive Scale : Suppose you are a budding developer. You write an application and give it to your customers. Initially, ‘you may have 10 customers. But, suppose, your application becomes very popular and after a few months, your ‘customer count reaches to 1,000. You would require that your application can handle the increased load. PaaS allows ‘you to quickly scale up your application to match your new requirement. The application that you hosted on PaaS is supplied with increased resources and thus the application can support the increased load and you can grow your business very well. 5. Maximize availability : You as a developer would want to ensure that your application remains available without any disruption. in the PaaS environment, the cloud service provider employs several mechanisms to maximize availability of resources that you have subscribed to. For example, if you require 100 GB of hard disk, the cloud provider ensures that 100 GB of hard disk is continuously avallable to you without failure, Such a service-oriented guarantee (also known as service level agreement) from the cloud provider helps you to host your application confidently with ‘maximum uptime and availability. Disadvantages of PaaS Following are the disadvantages of PaaS. 1. Lack of adequate environment : While PaaS environments are great for developing general software applications, some specialized application developments have special needs in terms of environment and the underlying hardware. The cloud provider may not have such environment available. 2. Requires regular connectivity : PaaS is also provided over the internet. A regular connectivity is thus required to consume the service. So, if you are in an airplane and want to code, it might not be feasible. You may need to wait ‘until you land and get connectivity to the environment. 3. Vendor lock-in: Since you as a developer do not really worry about managing the environment, it might be hard for you to migrate to a different environment. You may not know the entire dependency that your application has on the existing PaaS environment. There might be some cloud provider specific settings that must be changed for you to start development and application hosting again. This could be disruptive to your business. 4. Security and privacy concerns : Your software code as well as your customer's data on your application are hosted on the PaaS environment. Any security breach could be disruptive to your business. You might leak out customer's data or there could be other application security issues that could be exposed to the malicious community. 1.8.2(C) Infrastructure as a Service (laa) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental “computing resources where the consumer is able to deploy and run arbitrary softwore, which-can include operating, systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has ‘control aver operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.9, host firewalls). (Copii No. —1-862360019) WwCloud Com sPPU - Sem. 8 - Cor 4-30 Basics of Cloud Computi = Intthis type of cloud delivery model, the cloud provider gives you the maximum flexibility. You can choose to deploy ‘computers (virtual machines) in the cloud along with a wide variety of networking, database and storage. It is as good ‘as you are having your own datacentre but without having to manage the underlying servers, the core networking ‘equipment such as routers and switches, cooling, power management, administrators and other data center operation activities. You just use the IT resources starting from the operating system (OS) and above. Anything below the OS {physical servers, racks, power, etc.) are owned and managed by the cloud service provider. Some of the examples of laaS are Amazon EC2, Amazon $3, Microsoft Azure VM and Google Cloud VM. — One keynote here is that unlike SaaS and PaaS, laaS Is predominantly used by Organisations rather than individuals. Various big organisations such as Netflix traditionally use to run their applications in their own datacentres. Now, these hhave moved to various laaS cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud due to several benefits that the cloud computing model provides. — Fig. 1.8.4 depicts the respective responsibilities of cloud service provider and the customer (user or consumer) in laaS. Fig. 1.8.4 : Shared Responsibility Model in laaS Advantages of laaS Following are the advantages of laaS. 1. Full Control : You have full control over laaS provided IT resources. You can modify the OS, design your own networking, choose how fast storage you want, which location you want to pull IT resources from and several other ‘options to customize your computing experience. You can choose to run anything in your virtual machines and majorly have a lt of options to match your computing requirements. 2. No need to manage physical devices : You don’t need to manage the underlying physical devices such as servers, routers, switches, storage devices, etc. You can maximize your potential by just focusing on the resources you require. 3. Cheaper to run than your datacenter : Since you pay for only what you use, and you don’t need to manage the cost of. running an entire datacentre, there are significant cost advantages. Imagine you are founding a startup. Your ‘computing requirements might be limited. l2aS provides you with the IT resources without you putting your seed ‘money into building and managing your own data center. You can focus on problem solving and increasing the value ‘that your startup provides to your customers at a competitive price. (Copyright No.— 1862362019) fe TEE -WW clout Computing (SPU — Sem. 8 -Comp) 431 Basics of Cloud Computing 4. Performance : The laaS providers use top-notch hardware that deliver significantly higher performance than regular hardware. This hardware is expensive. Since, there are multiple tenants that use the same hardware, the cloud provider can provide such expensive hardware and recover the cost from its earnings. The economies of scale (buying in bulk at cheap) helps the cloud provider to negotiate big deals at a cheaper rate and thus providing you a great balance of performance and price. 5. Security: laaS providers have varied tenants ~ they could be banks, government agencies, media companies or just a startup with 5 members. Now, the provider needs to ensure that the interests of various parties are met. For example, banks and government agencies have very high security requirements. 1aaS providers when designing their solutions design for highest possible security requirements that matches the needs of their customers. This way of designing taa5 solutions helps all the organisations even though they themselves may not have such high security requirements. A startup may not have the same security requirements as banks but since the startup is also on the same laaS provider as the bank, the startup benefits since the laaS solutions were designed keeping requirements of banks in mind. Disadvantages of laaS Following are the disadvantages of laaS. 1. Costly: laaS is the costliest of all cloud delivery options. Since the amount of IT resources that you can consume is unlimited, if you do not keep a check on your spending, you might be spending more in the cloud, You need to carefully evaluate what kind of computing requirements you have and match it with the most appropriate option available in the service catalogue. 2. Requires management : As the saying goes, “with greater power, you have greater responsibilities”. laaS is very “ similar. Since you have the full control of OS, networking, storage, etc. you need to manage these resources yourself. ‘The cloud provider only manages physical hardware and anything on OS or above it is your responsibility. This is also called the “Shared Responsibility Modet”. You need to ensure to put appropriate firewall rules, govern identity and ‘access management policies, install security patches on your OS and maintain the overall upkeep of the resources granted to you. 3. Legal implications : In some of the industries or countries, using the cloud provider services could significantly mean ‘added legal implications for organisations. The burden of compliance with various rules are regulations need to be ‘carefully evaluated and discussed with the service provider. This is the exact reason why service providers are increasingly certifying their services to give confidence to their customers that running their organisation in the cloud ‘can safely handle legal implications. Some of the compliance requirements frequently talked about in the industry are PCL DSS, HIPAA and ISO. 4. Connectivity : Like any other cloud delivery model, 1aaS requires high-speed connectivity to consume and manage the resources. Now that you understand SaaS, PaaS, laaS and how do they differ from your own private datacentre, lets do some comparisons based on their characteristics. (Conyight No. L-8673672019) WrstCloud Computing (SPPU - Sem. 8 - Comp.) 1.32 Resource Management-Wise Comparison Basics of Cloud Com 1d SaaS Table 1.8.2 : Resource Managk jement-wise Comparison between laaS, PaaS anc [se.now] Res urDatacentve | taas ie] 1 Data Youmanage | You manage Youmanage You manage ‘epcation | Youmanage | You manage Youmanage | Provider manages Runtime /Middleware| You manage | Youmanage | Provider manages | _ Provider manages ‘ os Youmanage | Youranage | Provider manages | Provider manages 5. Virtualization You manage Provider manages Provider manages Provider manages 6. | _Physicalservers | Youmanage | Providermanages | Provider manages | Provider manages 7. | Physical Storage | Youmanage | Provider manages | Provider manages | _ Provider manages &._| Physical Networking | Youmanage | Provider manages | Provider manages | Provider manages 9, [Datacentre Operations] Youmanage | Provider manages | Provider manages | Provider manages 1.8.4 Characteristics-Wise Comparison Table 1.8.3 : Characterist 3tics-wise Comparison between laaS, PaaS and SaaS jo.| Characteristics eae ‘PaaS = Used By Organisations Developers End users Used for Building datacentre | Application Development | Application consumption Costs High Medium Low Flexibility High Medium Low Provider responsibilty xlofelelelele 1.8.5 Cloud Pyramid (Copyight No. 18623672019) Fig. 4.8.5 : Cloud PyramidCloud Computing (SPPU - Sem. 8 - Comp.) 4.33 Basics of Cloud Computing You can layover the 3 service models as a cloud pyramid as shown in Fig. 1.8.5. The bottom most layer is laaS, laaS has the broadest width and covers everything from OS and above. Next layer is PaaS that packages several libraries and tools for software development and application hosting. The topmost layer is SaaS, which abstracts the underlying complexities ‘and directly delivers the application to the end user. 1.9 Cloud Deployment Models Cloud deployment models describe the location of the cloud services as deployed by the cloud provider. While all the Services are required to be consumed over network, sometimes, in certain ‘scenarios, the network connectivity is restrictive. Let us learn some cloud deployment models. Fig. 1.9.4 : Cloud Deployment Models Let us go over these in detail. 1.9.1. Private Cloud — Private cloud is created for self-use of any organisation. The organisation itself creates a private cloud or it can let 3 third-party vendor set it up and manage on behalf of it. The resources in the private cloud are for exclusive use of the ‘organisation for which the private cloud is created. The organisation can choose to have its private cloud deployed within its physical perimeter (on-premises or on-site) or outside the company boundaries (off-premises or off-site). — Drawing from our taxi service example, private cloud is like you buying or renting a bus for your employees on long- term basis. Only the employees of the company can use the bus and no one else even if the bus is lying idle during office hours. (Copyright No, -1-8623672019)WW cioud Computing (SPPU - Sem. 8 Comp. 4-34 Basics of Cloud Computing Advantages of Private Cloud Following are the advantages of Private Cloud. High flexibility : Since the organisation is creating it for its exclusive self-use, it can design it exactly the way it Is planning to use the private cloud. High Security and Privacy : Since the private cloud is only accessible to the organisation, it can sufficiently secure the resources for its own limited use. The access is generally provided using a dedicated network and thus traffic does not need to move via the internet. ‘Mission critical business opportunity : The other deployment models may not provide high guarantees of availability ‘that might be crucial for the organisation’s business. So, if the organisation has any such mission critical business requirements, the private cloud deployment option is a very viable choice. Increased performance : The network bandwidth is exclusively used only for the organisation's purpose. The bandwidth is not shared between other tenants. Also, most of the times, private cloud is deployed within company premises. So, the data requires lesser time to travel and does not have to be routed over the internet. This boosts the ‘network performance and the overall cloud experience. Easier to achieve compliance : Since the organisation has exclusive access to the cloud, proving compliance is slightly ‘easier. The resources are not shared between other tenants and hence the organisation need not prove resource isolation and other forms of access controls that are generally required during compliance audits. Disadvantages of Private Cloud Following are the disadvantages of Private Cloud. High cost : Since the organisation is building the private cloud for just its sel-use, it involves high costs. It needs to pay for setting up the cloud as well as the underlying hardware resources and operational activities. Inadequate resource utilisation : The organisation might over provision the resources based on its future plans and estimates. Not all the resources are utilized 100% all the time. This leads to under-utilisation of resources. Limited capacity : Since the organisation must procure the hardware and deploy it either themselves or via a third party, there is an upper limit of how much resources it can consume dynamically. For example, if it has decided to procure 5 TB of storage, it cannot dynamically consume 6 TB. The resources are constrained based on what they were initially planned for. Lock-in : Since the private cloud deployment involves high cost and time investment, it creates a locked mindset for ‘management. It is dificult to justify the switch over to any other cloud option or make significant changes to the hardware or any other equipment already deployed in the private cloud. 1.9.2, Public Cloud 2 TA =‘Cloud Computing (SPU - Sem.8 - Comp. Basics of Cloud Computing Public cloud is the cloud deployment environment that is open to public use. Its not tied to a particular organisation’s sage exclusively. This is the most prevalent form of cloud deployment option today. Public cloud providers serve multiple. ‘tenants by sharing and isolating the computing resources. Several public cloud providers exist in the market today ~ ‘Amazon Web Services, Microsoft Azure and Google Cloud Platform are the most preferred public cloud providers. Advantages of Public Cloud Following are the advantages of Public Cloud. 1. Cheap resources : Public cloud provides the cheapest options for consuming cloud services. Typically, public cloud providers enjoy economies of scale (buy in bulk at cheap) and then pass the cost benefits to the customers. 2. High avaltability : Public cloud providers often have stringent availability requirements. They guarantee you service uptime failing to which you may get refund or service credits. They are governed by Service Level Agreements (SLAs) that enforce action if the cloud provider falls to deliver services as per the agreement. 3. Long service catalogue : The varied customer base ensures that the cloud provider has a wide range of cloud services available. You are likely to get all your computing requirements met with the reputed cloud service providers. 4, Rapid innovation : Public cloud providers bring rapid innovation in terms of designing new solutions and making it ‘easy to program your applications or automate your computing infrastructure. The dedicated teams which individually look at the service excellence work meticulously to bring newer and better ways to do things. 5. Quick time to setup : Consuming the public cloud services does not have any pre-requirements to be fulfilled. You can Just create an account and get started within a few minutes. Based on whatever your computing requirements are, Yyou can start small and grow big within no time, 6. Global presence : Public cloud services allow you to go global within minutes. Today if your business isin india and then you want to develop something for your customers in UK, you can do so within minutes. You can leverage the sobal footprint ofthe public cloud provider and deliver your business services from a location near to them for better performance. Disadvantages of Public Cloud Following are the disadvantages of Public Cloud. 2. Umited control : Public cloud providers have their own operational guidelines and processes. You have little or no control over how day to day operations are executed. There might be certain actions that disrupt the services you ‘consume. There is no way you can control such disruptive events to match your business. 2. Limited customisation possibility : Public cloud providers design services for mass consumption. There is little scope for any customisation possible in terms of how those services are designed to operate or in terms of how these services are delivered to you and other service quality metric. 3. Securing your cloud resources : Public cloud providers allow you to manage your own security requirements via the ‘means they provide. if you fail to adequately secure it, the provider takes no responsibility for it. The resources are exposed over the internet and are subject to exploitations. 4. Connectivity requirements : You do require high speed connectivity for managing and consuming your public cloud resources. (Copytight No. - 18623672019) WheyCloud Computing (SPPU - Sem. 8 - Comp) 4.36, Basics of Cloud Computing 1.9.3 Community Cloud ‘the private cloud is created, community cloud is created by and for a group of organisations. These organisations are ‘similar in nature in terms of their mission, business, market requirements, policies, legal implications, compliance and ‘customers = Example : Various banks such as ICICI, HDFC, IDFC, etc. can come together and build a community cloud that can serve their respective requirements, These banks have more or less the same business requirements and thus mutually benefit by sharing the infrastructure cost and leveraging community cloud service for their exclusive use. A common ‘example of community cloud is AWS GovCloud (US) which is created to be used only by the US based Government agencies and has strict tenant qualification criteria for using its cloud services. Advantages of Community Cloud Following are the advantages of Community Cloud. 41. Shared investment : If the companies choose to come together and form a community cloud instead of private cloud, the investment is shared amongst them. This reduces the burden on every single company that participates in the ‘community instead of building and operating its own private cloud. 2. Specialized to handle the specific business requirements : Unlike public cloud, the community cloud is specifically built to address the business requirement of a specific community. The cloud services are designed as per ‘community's mission and business objectives. 3, Easy to meet compliance requirements : Since the community cloud is designed specifically for a particular group of ‘organisations, itis easier to achieve compliance requirements. The organisations in the community share the similar requirements and thus the community cloud needs to focus only on those requirements and not on any other ‘compliance requirements for generic public consumption and use cases. Disadvantages of Community Cloud Following are the disadvantages of Community Cloud. Lower trust and adoption : Since the organisations that form the community are also business competitors, there is in-general lower trust amongst them. Hence, the adoption of community cloud might be lower. 2. Limited capacity : It is difficult to do adequate resource planning based on future growth potential of every organisation in the community. Community cloud is thus restrictive in terms of flexibility in capacity. You cannot dynamically match the resources to the demand if the underlying resources are limited as per your intial planning. 1.9.4 Hybrid CloudCloud Computing (SPPU - Sem. 8 - Comp.) 4.37 Basics of Cloud Computing — Hybrid cloud is necessarily an interconnection between any of the first 3 types of deployment models discussed above ~ private, public or community. Hybrid cloud can also be created by extending your datacentre and connecting it to any of the above cloud deployment models. Organisation usually do this to get benefits from their respective ‘characteristics and to overcome any limitation or challenges. — Example : The limited capacity of private cloud could be extended if there is a possibly to use public cloud as the ‘demand increases. This way, you can not only reap the benefits of the private cloud but also can use public cloud whenever is required. ‘Advantages of Hybrid Cloud Following are the advantages of Hybrid Cloud. 1. Reuse existing infrastructure : One of the biggest advantages of hybrid clouds is the ability to retain your existing datacentres while leveraging the benefits of other cloud technologies. The existing business models are not disrupted ‘as you plan your transformation to the cloud. 2. Security : Organisations that are super sensitive to security requirements can plan to keep the most secure part of the ‘operations within its own datacentre while leveraging cloud technologies for not-so-security-sensitive infrastructure. In this way, you meet the complex security requirements without having to deal with designing your security in the loud. 3. Scalability : Hybrid cloud allows for “cloud bursting”. Cloud bursting isa process in which as the demand increases, the ewer resources are automatically consumed from the cloud instead of loading the existing infrastructure in the datacentre. As the demand decreases, the cloud resources are released, and the operations are continued within the datacentre. This way, you pay for only resources that could not be fulfilled by your own datacentre and quickly meet the demand by using the cloud resources dynamically. ~~. Flexibility : Hybrid cloud helps you to design your infrastructure based on your specific requirements. For example, if there Is specialized hardware needed for a particular project, you can place it in your own datacentre, whereas the other projects can use cloud resources. Disadvantages of Hybrid Cloud Following are the disadvantages of Hybrid Cloud. 1. Complex Design : Designing hybrid cloud is complex. It requires expertise from networking, hardware and other ‘computing background to design effective hybrid solutions. 2. Maintaining inter-operability : The inter-operability between cloud or your datacentre could be challenging to ‘maintain. The hardware equipment, networking speed, solutions, administration and operational activities could significantly differ between your datacentre and cloud or amongst various other cloud deployment models. 3, Managing data and applications : You need to ensure to adequately safeguard your data and application. Between cloud and datacentre, there should be several access control requirements that ensure adequate security for data and application. You need to carefully evaluate such security requirements and ensure that these are implemented correctty. ‘Copyright No. —1-862362019) we