Saturday, 15 October 2022

MST 2

Cloud Computing
Unit-3
- Service monitoring
• Cloud monitoring is a method of reviewing, observing and managing the
operational work ow in a cloud-based IT infrastructure. These can be
done both manually or automatically which helps predicting the possible
vulnerabilities to future issues.

• Types of monitoring are:

- Database Monitoring
- As the cloud apps rely on databases, this technique reviews processes,
queries, availability and consumption of cloud database resources.
- This also tracks queries and data integrity, monitoring connections to
show real-time usage of data, access request can also be tracked for
security concerns

- Webistie Monitoring
- This tracks processes, tra c, availability, and resource utilisation of
cloud-hosted websites.

- Virtual network monitoring

- This creates software versions of network technology like rewalls,
routers and load balancers.
- As there are designed softwares these tools give you a wealth of data
about their operations.

- Cloud Storage Monitoring

- This tracks multiple analytics with storage resources and processes that
are provisional to virtual machines, service, databases and applications.
- This is often used to host IaaS, SaaS solutions.
- You can track performance metrics , processes, users, databases and
available storage of the application.

1
fl
ffi
fi
 - Virtual Machine Monitoring
- This is a simulation of a computer within a computer. Its usually used in
IaaS as virtual server that hosts several virtual desktops.
- This tracks the users, tra c and status of each machine
• Bene ts of Monitoring:
- Scaling is seamless and works in any size of organisation.
- Dedicated tools and hardwares are maintained by the host.
- Tools are used across several types of devices like desktops, tablets,
etc.
- Installation is simple.
- System doesn’t su er interruptions when local problem emerges.
- Low cost
- Load Balancing
• It is de ned as the method of splitting workloads and computing
properties in a cloud computing. It allows to manage workload demands
or application demands by distributing resources among numerous
computers, networks or servers.

• It includes holding the circulation of workload tra c and demands that

exist over the internet.

• Solutions to overcome overloading problem:

- Single server solution - In this the server is upgraded to a higher performance
server. However this upgrade may also not be su cient and there may be a
chance to require another upgrade which is a tedious and expensive task.
- Multiple server solution - In this a scalable service system on a cluster of
server is built. It is more cost-e ective and scalable.

• This is bene cial with almost any type of service like HTTPS, SMTPS,
DNS, FTP, etc.

• This service is provided by dedicated hardware device or program.

• Solution can be categorised into two types:

2
fi
fi
fi
ff
ffi
ff
ffi
ffi
 - Software-based load balancers - This run on standard hardware and
standard OS.
- Hardware-based load balancer - These are dedicated boxes which include
Application Speci c Integrated Circuits (ASICs) adapted for a particular
use.ASICs allows high speed promoting network tra c and are frequently
used for transport-level load balancing as it is faster.

• Example of load balancers:

- Direct Routing Request Dispatching Technique - A real server and load
balancer share the virtual IP address. The load balancer takes an interface
constructed with the virtual IP add that accepts request packets and it
directly routes the packet to the select server.

- Database recovery
• Cloud backup and recovery preserves copies of data in a secondary,
o site storage location. The cloud provider o ers access to the storage
and additional managed backup and recovery services.

- Backup management
• Cloud backup is a strategy for sending a copy of a physical or virtual le
database to a secondary location for preservation in case of equipment
failure. The secondary server or data storage system is usually hosted by
a third-party service provider, who charges for the services provided.

• Cloud backup helps in bolstering data protection strategy without

increasing the workload.

• Approaches to cloud backup:

- Backing up directly to the public cloud - Duplicate resources in the public
cloud by writing the data directly to cloud providers like AWS. The cloud
storage service provides the destination and safekeeping for the data, but
does not speci cally provide a backup.
- Backing up to a service provider - Data is written to a cloud service provider
that o ers backup services in a managed data centre. The backup software
may also be provided as a service.
- Using online cloud backup systems - There are hardware alternatives that
facilitate backing up data to a cloud backup service. These provide backup
software and disk capacity along with backup server.

3
ff
ff
fi
fi
ff
ffi
fi
- Virtual machine management
• It is a software that interfaces with virtual environments and underlying
physical hardware to simplify resource administration, enhance data
analyses, and streamline operations.

• Virtual management systems are unique but most have easy user
interface, streamline VM creation process, monitor virtual environments,
allocate resources, compile reports and automatically enforce rules.

• Managing traditional virtual environments:

- These environment are straightforward, they contain physical hardware and
VMs but these can also unmanageable due to many instances. Thus
management software can take some burden o IT guys so they can solve
big problems.

• Managing hybrid environments - This environment consist of 2 or more

interconnected virtual, containers, private cloud or public cloud
environments. These are far more complex than traditional environments.

- SLA(Service Level Agreement)

• It is a legal agreement that states the parameters related to QoS which
depends on the availability of the system CPU, data storage, and
network for e cient execution of the application at peak loads.

• Example: some SLA may state that the application’s server will be
available 99.9% of the key business hours of application’s end users
called core time and 85% of the non-core time.

• It provides a framework within which both seller and buyer of a service

pursue a pro table service business relationship.

• Formally, It is de ned as the necessary terms and conditions that bind

the service provider to provide services continually to the service
consumer.

• It can be modelled using Web Service-level agreement (WSLA) language.

It’s components are:
- Service-Level parameter - It describes observable property of a service
whose value is measurable.

4
fi
ffi
fi
ff
 - Metrics - They are de nition of values of service properties that are
measured from a service-providing system or computed from other
metrics and constants.
- Function - It speci es how to compute a metrics’s value from the values
of other metrics and constants.
- Measurement Directives - Speci es how to measure a metric.
• There are two types of SLAs:
• Infrastructure SLA
- It manages and o ers guarantees on availability of the infrastructure,
server machine, power, network connectivity, etc.
- The machine are leased to the customer and are isolated from the
machines of other customers.

• Application SLA
- The server capacity is available to the applications based solely on their
resource demands.
- The service providers are exible in allocating and de-allocating
resources among the co-located applications. They are also responsible
for ensuring to meet their customer’s application SLOs.

• Challenges for provisioning SLA are:

• Application is a black box to the MSP and the MSP has virtually no
knowledge about the application runtime characteristics.

• The MSP needs to understand the performance bottlenecks and the

scalability of the application.

• The MSP analyses the application before it goes live. However, the
subsequent operations by the customer’s to their application can impact
the performance of the application.

• The risk of capacity planning is with the service provider instead of the
customer.

• Life Cycle of SLA:

- It consists of ve phases:
- Contract De nition -> De ne a set of service o erings and
corresponding. These form a catalog.

5
fi
fi
ff
fi
fi
fl
fi
fi
ff
 - Publishing and discovery -> Advertising base services o erings
through standard publication media and the customer should be able to
locate the service provider by searching the catalog.

- Negotiation -> The SLA terms and conditions needs to be mutually

agreed upon before signing the agreement for hosting the application.

- Operationalisation -> Operations consists of SLA monitoring which

involves measuring parameter values and calculating the metrics and
determine the deviations, SLA accounting involves capturing and
archiving the SLA adherence for compliance, and SLA enforcement
involves taking appropriate action when the runtime monitoring detects a
SLA violation.

- Decommissioning -> It involves termination of all activities performed

under a particular SLA when the hosting relationship between the service
provider and the service consumer has ended.

• SLA management involves ve phases:

- Feasibility -> Three kinds of feasibility: Technical, Infrastructure and
Financial

- On-boarding -> Moving an application to the MSP’s hosting platform is

called on-boarding.

- Preproduction -> The application is hosted in a simulated production

environment in order to verify and validate the MSP’s ndings on
applications runtime characteristics and agree on the de ned SLA.

- Production -> The application is made accessible to its end users under
the agreed SLA. There could be a chance that the managed application
tends to behave di erently in a production environment compared to the
preproduction environment. This may cause breach to the SLAs terms
and conditions allowing the customer to request the MSP for inclusion of
new terms and conditions.

- Termination -> When the customer wishes to withdraw the hosted

application and does not wish to continue to avail the services of the
MSP for managing the hosting of its application the termination activity
is initiated. All the data related to the application are transferred to the
customer and only essential info is retained for legal compliance.

- Migration of virtual machine and Techniques

6
ff
fi
fi
fi
ff
 • It is the process of moving a VM from one host server or storage location
to another.

• Di erent techniques of VM migration:

• Live Migration(Hot/Real-Time migration)
- It is de ned as the movement of a CM from one physical host to
another while being powered on. The process takes place without
any noticeable e ect from the end users POV.
- Advantage - It facilitates proactive maintenance in case of failure as
the potential problem can be solved before disruption of service
occurs.
- It can also be used for load balancing to optimise the utilisation of
CPU resources.

• Regular Migration(Cold Migration)

- It is the migration of a peered-o VM. With this you have the option
of moving the associated disks from one data store to another.
- TheVMs are not required to be on a shared storage. While in live
migration they are required to be on the shared storage.
- There are no need for compatibility checks in cold migration while it
is in hot migration.
- It is simple to implement than hot migration.
• Live storage migration
- It constitutes moving the virtual disks or con guration le of a
running VM to new data store without any interruption in the
availability of the VMs service.

- Di erent types of management issues

• Ethical Issues
- Issues like security, con dential, privacy, integrity and availability as
the service provider have an ethical duty to protect data and
information stored in their data centre.

- Security
• It involves con dentiality, integrity and availability which aid the
development of secure systems.

7
ff
ff
fi
fi
ff
fi
ff
fi
fi
 • It is the biggest management issue with cloud computing.
• Applications and data being hosted are prone to vulnerabilities
from unauthorised parties thus measures should be taken to
prevent unauthorised access to data, applications, software and
hardware.

• Con dentiality means that only authorised person will have the
access to data. The unauthorised access increases by the
increase in the number of users using the same resources.

• Integrity means only an authorised person can make changes to

data, software and hardware.

• Availability means that data, software and hardware will be

accessible and usable on demand also the continue working
without any interruptions even when there is breach in security.

- Legal and Jurisdictional

• These issues are very important Information Systems
management issues in cloud computing as the possibility of data
centres being located in locations with di erent jurisdictions.

• There is a need for law makers to come up with useful regulations

which will help in determining the applicable legislation.

- Data Lock-In
• The APIs for cloud computing are not standardised and moves
from one service provider to another might be di cult. The lack of
user standardisation gives rise to management issues like fear of
uncertainty that the provider might go out of business, price might
increase as well as reliability issues.

• The solution is to enable users to move freely from one service

provider to another without fear of possible data lock-in.

- Lack of standardised SLA

• As there are variety of SLAs in cloud computing market due to
di erent de nitions of cloud computing resources like execution
time, inbound bandwidth,CPU cores, etc causes di culty to have
a standardised SLA.

- Customisation

8
ff
fi
fi
ff
ffi
ffi
 • It is also an IS management issues as organisations like to
customise their applications and services in order to make them
unique and gives them a competitive edge over rivals.

• Sharing of resources allows the provider to face the issue with

customising their services for di erent customer needs.

- Technological Bottlenecks
• As new data structure are being introduced which makes the
provider to upgrade their services accordingly which raises the
management issue that involves them to e ciently and
economically achieve this without incurring too much cost

- Strategy Issues
• As cloud computing will be introduced to di erent parts of the
organisation which will arise strategy issues like What type of
cultural changes will the organisation need and how will the
change be addressed and how the organisation will prevent
employee resistance of cloud computing.

• One change that will a ect the IT department is the downsizing of

IT department as most of the work done by the IT department will
now be done by the cloud computing service provider.

- Change Management
• The implementing of cloud computing brings about a lot of
change in the way organisation works. This change management
is a serious management issue as it will determine the success of
the implementation.

- Implementation Issues
• Organisations will nd it di cult to determine how they should
move their data into the cloud and what datas should be moved.

• They will also be concerned about how this implementation be

carried out with the data security and without a ecting their
business.

• They will also face the integration issue and how they have to
change their working way after the implementation.

- Transparency

9
fi
ff
ffi
ff
ffi
ff
ff
 • Cloud service provider does not disclose their security policies,
design, practices and relevant security measures in daily
operations to their customers as this helps gain trust.

• SLAs should contain services to be delivered, performance,

tracking and reporting, problem management, legal compliance
and con dential information termination as well to ensure the
service.

Unit-4
- Various issues in cloud
- Security & Privacy
- This is the biggest challenge to cloud computing and this can be
overcome by employing encryption, security hardware and security
applications.

- Portability
- Applications should be easily migrated from one cloud provider to
another which is not yet possible in cloud computing as each of the
provider uses di erent standard languages for their platform.

- Interoperability
- It means app on one platform should be able to incorporate services
from other platforms which is possible via web services but it is very
complex.

- Computing Performance
- Data intensive app on cloud requires high network bandwidth which
results in high cost and low bandwidth does not meet the desired
performance.

- Reliability and Availability

- It is necessary for the cloud system to be reliable and robust as most of
businesses are now becoming dependent on cloud services.

- Cloud security services

- Cloud security is a collection of procedures and technology designed
to address external and internal threats to business security. As
organisations are moving towards these services they are faced with

10
fi
ff
 various di erent challenges and keeping their data safe has become
critical.
- Most of the cloud service providers follow best security practices and
take active steps to protect the integrity of their servers however, the
organisation need to make their own actions to protect their data, apps
and workloads on the cloud.
- Security threats are advancing as more organisation are joining these
services and makes their data vulnerable due to lack of visibility in data
access and movement.

- Secure cloud software requirements

• Providing true multi-tenancy
• Seamless integration on Demand
• Business driven con gurability
• World class data centre and security
• High performance sustainable infrastructure
• Control over the data
- Cloud security challenges
- Lack of visibility
- It’s easy to lose track of how your data is being accessed and by whom
as many services are accessed from third parties.

- Multi-tenancy
- Public cloud has multiple users infrastructures under the same cloud so
it’s possible your hosted service can get compromised by malicious
attackers.

- Compliance
- Regulatory compliance management can be a source of confusion for
enterprises using public or hybrid cloud. Heavy reliance on third party
solutions to manage their data can lead to costly compliance issues.

- Miscon gurations

11
fi
ff
fi
 - This includes leaving default administrative passwords in place, or not
creating appropriate privacy settings can be a challenge.

- Network security
• Cloud network security is the area of cybersecurity focused on
minimising the chances that malicious attacker can access, change or
destroy the information on a cloud network.

• As more organisation are moving to the cloud network, more sensitive

data are being stored in the cloud which needs to be protected which
brings various challenges:
- As new infrastructure can be added to the cloud network easily which
makes it easy to expand it also brings less security as the new
infrastructure may be vulnerable to attack.
- There are fast changes in the cloud that creates a window for the
attacker to exploit it.

• To minimise these network threats:

- To de ne a security baseline for the cloud environment which lays out
what the cloud network should look like from a security perspective. A
baseline can help address a number of challenges.
- The visibility of the cloud network should mostly be in the read-only
access to all the organisation’s cloud accounts.
- Organisation should assign only one team that manages all these
security measures.
- Having a vulnerability management solution which can continuously
monitor and detect vulnerabilities in cloud network will be helpful.
- A modern threat detector can automatically detect threats and help the
security team to instantly act on any threat.
- During the pre-deployment period of the code organisation should
evaluate all the security issues that could arise.

- Virtual machine security

• Virtualised security refers to security solutions that are software-based
and designed to work within a virtualised IT environment.

12
fi
 • This is more exible and dynamic than the traditional hardware security
which is helpful for securing hybrid and multi-cloud environments where
data and workloads migrate around a complicated ecosystem.

• It can be deployed anywhere in the network and is often cloud-based.

• This is the key for virtual machine security in cloud computing in which
operations spin up workloads and apps dynamically

• It allows security services and functions to move around with those

dynamically created workloads.

• It includes isolating multi tenant environments in public cloud

environments.

• This is more cost-e ective as cost is determined by usage which allows

for cost cutting.

- Threats
- Account Hijacking
• An account theft can be performed by di erent ways such as social
engineering and weak credentials. After gaining access to a users account
the attacker can access sensitive data, manipulate data and redirect
transactions.

- Data Scavenging
• Attackers maybe be able to recover data as datas cannot be completely
removed.

- Data Leakage
• It happens when the data gets into the wrong hands while it is being
transferred, stored, audited or processed.

- Denial of Service
• Malicious users my take all the possible resources thus system cannot
satisfy any request from other legit users as resource being unavailable.

- Customer-data manipulation
• Users attack web apps by manipulating data sent from their application
component to the server’s app.

- VM escape

13
fl
ff
ff
 • Designed to exploit the hypervisor in order to take control of the
infrastructure.

- VM hopping
• It happens when a VM is able to gain access to another VM.
- Malicious VM creation
• Attackers with a valid account can create a VM image contains malicious
code like Trojan.

- Insecure VM migration
• Live migration exposes the contents of the VM to the network which the
attacker can access illegally or transfer a VM to untrusted host or cause
disruption.

- Spoo ng Virtual network

• Malicious VM can listen to the virtual network.

14
fi