UNIT 2

SERVICES DELIVERED FROM THE CLOUD

Model architecture, Benefits, Drawbacks & Service providers: Infrastructure-as-a-Service (IaaS), Amazon
EC2, Platform-as-a- Service (PaaS), Google App Engine, Force.com, Software-as-a-Service (SaaS),
SalesForce.com, Zoho.com, Google Docs, Business- Process-as-a-service (BPaaS), Identity-as-as-Service
(IDaaS), Communication-as-a-service (CaaS), Monitoring-as-a-service (MaaS), Storage as a service:
Traditional storage versus storage cloud.

INFRASTRUCTURE-AS-A-SERVICE (IAAS):--
IaaS provides virtual machines, virtual storage, virtual infrastructure, and other hardware assets as resources that
clients can provision. Most large Infrastructure as a Service (IaaS) providers rely on virtual machine technology
to deliver servers that can run applications. Virtual servers described in terms of a machine image or instance
have characteristics that often can be described in terms of real servers delivering a certain number of
microprocessor (CPU) cycles, memory access, and network bandwidth to customers. Virtual machines are
containers that are assigned specific resources. The software that runs in the virtual machines is what defines the
utility of the cloud computing system. In order to represent how control and management responsibilities are
shared, the IaaS cloud component Stack with scope of control is shown below.
 The cloud provider controls the most privileged, lower layers of the software stack. As depicted in the figure
above the provider maintains total control over the physical hardware and administrative control over the
hypervisor layer e.g. Xen5. Thus the consumer can make requests to the cloud to create and manage VMs but
these requests are honored only in case they conform to the provider‘s policies over resource assignment. Via
hypervisor, the provider will normally supply interfaces for the networking functions that the consumers can use
in order to configure the virtual network within the provider‘s infrastructure. The consumer maintains the
complete control over the guest operating system functionality in each of virtual machines, and all the software
layers above. This structure gives very significant control over the software stack to consumers that have to take
responsibility to operate, update and configure these computing resources for security and reliability. As such in
this sense the approach of IaaS is very different from SaaS and PaaS clouds where most of those issues are
handled transparently for consumers .
Below can be seen a simplified view of the interactions within an IaaS cloud.

The figure 2.13 A Shows clients that are interacting with an IaaS cloud over a network. The provider has several
available virtual machines that he can allocate to clients. In the figure, client A has access to vm1 and vm2, and
client B has access to vm3. The provider retains vm4 through vmn, where it is presumed that n is larger than the
number of VMs any client is expected to request. Another situation is shown on the figure 2.13 B, where just
after a new client C has requested and acquired access to three more vms. At this stage, client C has access to
vm4, vm5, and vm6, and the provider now retains only vm7 through vmn. The above is extremely simplified
schema of how IaaS cloud really works. Thus figure 2.13 only depicts virtual machine allocation (by a provider)
and interaction (by a consumer). Practical According to the online reference Wikipedia, Infrastructure-as-a-
Service (IaaS) is the delivery of computer infrastructure (typically a platform virtualization environment) as a
service. IaaS leverages significant technology, services, and data center investments to deliver IT as a service to
customers. Unlike traditional outsourcing, which requires extensive due diligence, negotiations ad infinitum, and
complex, lengthy contract vehicles, IaaS is centered around a model of service
delivery that provisions a predefined, standardized infrastructure specifically optimized for the customer‘s
applications. Simplified statements of work and à la carte service-level choices make it easy to tailor a solution
to a customer‘s specific application requirements. IaaS providers manage the transition and hosting of selected
applications on their infrastructure. Customers maintain ownership and management of their application(s)
while off-loading hosting operations and infrastructure management to the IaaS provider. Provider-owned
implementations typically include the following layered components:
 Computer hardware (typically set up as a grid for massive horizontal scalability)
 Computer network (including routers, firewalls, load balancing, etc.)
 Internet connectivity (often on OC 192 backbones 4)
 Platform virtualization environment for running client-specified virtual machines
 Service-level agreements
 Utility computing billing
Benefits
 IaaS allows the cloud provider to freely locate the infrastructure over the internet in cost-effective
 manner. Some of the key benefits of IaaS are listed below:
 Full Control of the computing resources through Administrative Access to VMs.
 Flexible and Efficient renting of Computer Hardware.
 Portability, Interoperability with Legacy Applications.
Issues
 Here are the issues associated with IaaS:
 Compatibility with Legacy Security Vulnerabilities
 Virtual Machine Sprawl
 Robustness of VM-level tion
 Data Erase Practices
Characteristics
Here are the characteristics of IaaS service model:
 Virtual machines with pre-installed software.
 Virtual machines with pre-installed Operating Systems such as windows, Linux, and Solaris.
 On-demand availability of resources.
 Allows storing copies of particular data in different locations.
 The computing resources can be easily scaled up and down.
Benefits
Although proprietary cloud providers do not release technical information about their system architectures,
three Open Source systems i.e. NASA Nebula, Eucalyptus, Ubuntu Enterprise Cloud (all based on the
Eucalyptus source code) provide detailed technical information about specific system architectures.
Furthermore are described main benefits of IaaS pointed out by the source.
-front costs, and access to cloud services over the open Internet.
Freedom of choice. A very important aspect of administrative access to a VM is that consumer can run
almost any software that he wants, including a custom operating system.
Rapid and effortless hardware employment. In public and outsourced IaaS clouds the ability to quickly rent
and then release large numbers of VMs or other cloud resources is provided. This gives a consumer the
possibility of quickly setting up large networks of VMs running software chosen by consumer to solve large
problems without incurring the expense of purchasing and maintaining the necessary hardware.
Compatibility with local environment. Due to the fact that IaaS clouds allow consumers to install and run
operating systems of their choice, a high level of compatibility can be maintained between legacy applications
and workloads in an IaaS cloud. Also, many user-facing applications can be run in an IaaS cloud by virtual
desktop technology.

Drawbacks
As in other service models IaaS cloud shares similar concerns in regards to network dependence, and browser
dependency. The following are the issues related exclusively with IaaS cloud pointed out by the source.
Legacy Security Vulnerabilities impact. Most of IaaS systems give its users a possibility to create and
retain virtual machines in various states e.g., running, suspended and off. An inactive VM can become out of
date with important security updates; whenever such out-of-date VM is activated it may become compromised.
Virtual Machine Sprawl. IaaS clouds expose consumers to all of the security vulnerabilities of the legacy
software systems allowed by consumers to run in the provider‘s infrastructure.
Iaas provider authenticity verification. The user´s browser will most likely use public key cryptography to
establish a private link to the cloud provider. Nevertheless, it is consumer that is in charge of checking the
identity of the cloud Website in order to check if the private link is not with an imposter.
Robustness of VM-level Isolation. Cloud consumers must be isolated from each other except when
they choose to interact. Normally an IaaS cloud uses a hypervisor (which is a software layer), in combination
with hardware support for virtualization (e.g., AMD-V and Intel VT-x), to split each physical computer into
multiple virtual machines. Isolation of the virtual machines depends on the correct implementation and
configuration of the hypervisor. Hardware virtualization provided by hypervisors has become a widely used
technique for providing isolated, computing environments, but the strength of the isolation in the presence of
sophisticated attackers is an open research question.
Features for Dynamic Network Configuration for Providing Isolation. In order to prevent unwanted
interactions among consumers, the cloud network must prevent a consumer from observing other consumer‘s
packets. Furthermore it has to reserve enough bandwidth to ensure that each consumer has the expected level of
service. The allocation a Virtual Machines typically is a matter of a few minutes, and the corresponding
network configuration must be performed just as quickly. Various techniques for logical view of network‘s
topology, such as Virtual Local Area Networks (VLANs) and overlay networks, can be quickly reconfigured.
Thus they (and perhaps support in hypervisors as well) have to be configured carefully in order to prevent
interference between networks belonging to different consumers.
Data Erase Practices. Virtual machines access disk resources maintained by the provider. When a consumer
releases such a resource, the provider must ensure that the next consumer that rents the resource does not
observe data residue from previous tenants. Strong data erase policies (e.g., multiple overwriting of disk blocks)
are time consuming and may not be compatible with high performance when tenants are changing. Data
replication and backup practices also complicate data erase practices.

Examples of IaaS service providers include:

• Amazon Elastic Compute Cloud (EC2)
• Eucalyptus
• GoGrid
• FlexiScale
• Linode
• RackSpace Cloud
• Terremark

AMAZON WEB SERVICE COMPONENTS AND SERVICES:

Amazon Web Services is comprised of the following components, listed roughly in their order of importance:
• Amazon Elastic Compute Cloud (EC2; http://aws.amazon.com/ec2/), is the central application in the AWS
portfolio. It enables the creation, use, and management of virtual private servers running the Linux or Windows
operating system over a Xen hypervisor. Amazon Machine Instances are sized at various levels and rented on a
computing/hour basis. Spread over data centers worldwide, EC2 applications may be created that are highly
scalable, redundant, and fault tolerant. EC2 is described more fully the next section. A number of tools are used
to support EC2 services:
Amazon Simple Queue Service (SQS; http://aws.amazon.com/sqs/) is a message queue or transaction system
for distributed Internet-based applications. See ―Examining the Simple Queue Service (SQS)‖ later in this
chapter for a description of this AWS feature. In a loosely coupled SOA system, a transaction manager is
required to ensure that messages are not lost when a component isn't available.
Amazon Simple Notification Service (SNS; http://aws.amazon.com/sns/) is a Web service that can publish
messages from an application and deliver them to other applications or to subscribers. SNS provides a method
for triggering actions, allowing clients or applications to subscribe to information (like RSS), or polling for new
or changed information or perform updates.
EC2 can be monitored by Amazon CloudWatch (http://aws.amazon.com/cloudwatch/), which provides a
console or command line view of resource utilization, site Key Performance Indexes (performance metrics), and
operational indicators for factors such as processor demand, disk utilization, and network I/O. The metrics
obtained by CloudWatch may be used to enable a feature called Auto Scaling
(http://aws.amazon.com/autoscaling/) that can automatically scale an EC2 site based on a set of rules that you
create. Autoscaling is part of Amazon Cloudwatch and available at no additional charge.
Amazon Machine Instances (AMIs) in EC2 can be load balanced using the Elastic Load Balancing
(http://aws.amazon.com/elasticloadbalancing/) feature. The Load Balancing feature can detect when an instance
is failing and reroute traffic to a healthy instance, even an instance in other AWS zones. The Amazon
CloudWatch metrics request count and request latency that show up in the AWS console are used to support
Elastic Load Balancing.
• Amazon Simple Storage System (S3; http://aws.amazon.com/s3/) is an online backup and storage system,
which is described in ―Working with Amazon Simple Storage System (S3)‖ later in this chapter. A high speed
data transfer feature called AWS Import/Export (http://aws.amazon.com/importexport/) can transfer data to and
from AWS using Amazon's own internal network to portable storage devices.
• Amazon Elastic Block Store (EBS; http://aws.amazon.com/ebs/) is a system for creating virtual disks
(volume) or block level storage devices that can be used for Amazon Machine Instances in EC2.
• Amazon SimpleDB (http://aws.amazon.com/simpledb/) is a structured data store that supports indexing and
data queries to both EC2 and S3. SimpleDB isn't a full database implementation, as you learn in ―Exploring
SimpleDB (S3)‖ later in this chapter; it stores data in ―buckets‖ and without requiring the creation of a database
schema. This design allows SimpleDB to scale easily. SimpleDB interoperates with both Amazon EC2 and
Amazon S3.
• Amazon Relational Database Service (RDS; http://aws.amazon.com/rds/) allows you to create instances of
the MySQL database to support your Web sites and the many applications that rely on data-driven services.
MySQL is the ―M‖ in the ubiquitous LAMP Web services platform (for Linux, APACHE, MySQL, and PERL),
and the inclusion of this service allows developers to port applications, their source code, and databases directly
over to AWS, preserving their previous investment in these technologies. RDS provides features such as
automated software patching, database backups, and automated database scaling via an API call.
• Amazon Cloudfront (http://aws.amazon.com/cloudfront/) is an edge-storage or content-delivery system that
caches data in different physical locations so that user access to data is enhanced through faster data transfer
speeds and lower latency. Cloudfront is similar to systems such as Akamai.com, but is proprietary to
Amazon.com and is set up to work with Amazon Simple Storage System (Amazon S3). Cloudfront is currently
in beta, but has been well received in the trade press.
• Amazon Elastic MapReduce (http://aws.amazon.com/elasticmapreduce/) is an interactive data analysis tool
for performing indexing, data mining, file analysis, log file analysis, machine learning, financial analysis, and
scientific and bioinformatics research. Elastic MapReduce is built on top of a Hadoop framework using the
Elastic Compute Cloud (EC2) and Simple Storage Service (S3).

PLATFORM-AS-A-SERVICE (PAAS):--
Cloud computing has evolved to include platforms for building and running custom web-based applications, a
concept known as Platform-as-a- Service. The PaaS model makes all of the facilities required to support the
complete life cycle of building and delivering web applications and services entirely available from the Internet,
all with no software downloads or installation for developers, IT managers, or end users. PaaS providers offer a
platform for others to use. What is being provided is partially operating system and partially middleware. A
proper PaaS provider has to take care of everything that is necessary in order to run a specific language or
technology stack. PaaS provides a carefree environment for developers to work i.e. it lets them focus on code
without having to worry about configuration and maintenance of the underlying infrastructure. Architects
though, might take advantage of the flexibility provided by PaaS. Individual computing needs, like a database,
can be used without requiring internal expertise for running it.

Types of PaaS Not all Platform-as-a-Service (PaaS) solutions are created equal. You need to carefully evaluate
PaaS offerings and choose the platform which suits your needs:
Social Application Platforms - Platforms such as Facebook provide APIs so that developers can write new
application functionality and make it available to the platform‘s users.
Computing Platforms - Platforms such as Amazon Web Services, Rackspace and others provide storage,
processing and bandwidth as-a-service. As a developer you can upload a traditional software stack and run
applications on their computing infrastructure.
 Web Application Platforms – Google Apps provides APIs and functionalities for developers to build Web
applications that leverage its different services such as mapping, calendar and spreadsheets.
Business Application Platforms - Platforms such as WOLF provide a layer of abstraction from the underlying
technical complexities and are specifically geared towards transactional business applications such as online
databases and integration, workflow, and user interface services. Developers & business analysts can develop
complex and robust business applications with a custom user interface – providing higher flexibility with lesser
technical efforts and minimum maintenance.
As it is illustrated on the figure below, the cloud provider has control over the more privileged, lower
layers of the software stack (also has control over networking infrastructure such as LANs and routers between
data centers). Thus it also shows how control and management responsibilities are shared.

The provider makes programming and utility interfaces available to the consumer at the middleware layer. Thus
those interfaces provide the execution environment within which consumer applications run and provide access
to needed resources such as CPU cycles, memory, persistent storage, data stores, data bases, network
connections, etc. The provider determines the programming model, i.e., the circumstances under which consumer
application code gets activated, and monitors the activities of consumer programs for billing and other
management purposes. Once a consumer has used the facilities of the PaaS cloud to implement and deploy an
application, the application essentially is a SaaS deployment and the consumer has administrative control over
the application subject only to the provider supporting the consumer according to the terms of use.
Figure A shows the PaaS provider that has a current inventory of three applications deployed (apps), set
of development tools (dev tools), and a set of execution environments (extri). There are also depicted two active
applications, B→exr1 and C→exr2 indicating that applications B and C are using separate execution resources.
The figure B shows the developer client accessing the development tools of the provider. The example of such
tools could be programming languages, compilers, interfaces, testing tools, and tools for deployment of an
application. In figure C it can be seen how the developer uses the tools. Thus one may download tools and use
them locally in the developer‘s infrastructure or can access those tools in the provider‘s infrastructure as well. In
each case the result is a new application D, as depicted in the figure, which is deployed onto the provider‘s
infrastructure. In figure D can be observed an administrator configuring the new application that has been made
available, as well as a new client, C2 using that new application.
Below is shown a simplified view of Provider-Consumer interaction flow in PaaS.

The Traditional On-Premises Model

The traditional approach of building and running on-premises applications has always been complex, expensive,
and risky. Building your own solution has never offered any guarantee of success. Each application was
designed to meet specific business requirements. Each solution required a specific set of hardware, an operating
system, a database, often a middleware package, email and web servers, etc. Once the hardware and software
environment was created, a team of developers had to navigate complex programming development platforms
to build their applications. Additionally, a team of network, database, and system management experts was
needed to keep everything up and running. Inevitably, a business requirement would force the developers to
make a change to the application. Enormous amounts of electricity also were needed to power the servers as
well as to keep the systems cool. Finally, all of this required use of fail-over sites to mirror the data center so
that information could be replicated in case of a disaster. Old days, old ways—now, let‘s fly into the silver
lining of today‘s cloud.
The New Cloud Model
PaaS offers a faster, more cost-effective model for application development and delivery. PaaS provides the
entire infrastructure needed to run applications over the Internet. Such is the case with companies such as
Amazon.com, eBay, Google, iTunes, and YouTube. The new cloud model has made it possible to deliver such
new capabilities to new markets via the web browsers. PaaS is based on a metering or subscription model, so
users pay only for what they use. PaaS offerings include workflow facilities for application design, application
development, testing, deployment, and hosting, as well as application services such as virtual offices, team
collaboration, database integration, security, scalability, storage, persistence, state management, dashboard
instrumentation, etc.

Key Characteristics of PaaS

Chief characteristics of PaaS include services to develop, test, deploy, host, and manage applications to support
the application development life cycle. Web-based user interface creation tools typically provide some level of
support to simplify the creation of user interfaces, based either on common standards such as HTML and
JavaScript or on other, proprietary technologies.
Supporting a multitenant architecture helps to remove developer concerns regarding the use of the
application by many concurrent users. PaaS providers often include services for concurrency management,
scalability, fail-over and security. Another characteristic is the integration with web services and databases.
Support for Simple Object Access Protocol (SOAP) and other interfaces allows PaaS offerings to create
combinations of web services (called mashups) as well as having the ability to access databases and reuse
services maintained inside private networks. The ability to form and share code with ad-hoc, predefined, or
distributed teams greatly enhance the productivity of PaaS offerings. Integrated PaaS offerings provide an
opportunity for developers to have much greater insight into the inner workings of their applications and the
behavior of their users by implementing dashboard-like tools to view the inner workings based on
measurements such as performance, number of concurrent accesses, etc. Some PaaS offerings leverage this
instrumentation to enable pay-per-use billing models.

Benefits
No additional software. Working on the provider‘s environment is very convenient as very often it is just
the browser that is needed for most of the operations.
Centralization of data. From the consumer‘s point of view in PaaS model, management and data are
centralized. As such the PaaS provider can supply professional management of the data, including compliance
checking, security scanning, backup, and disaster recovery. When these services are provided off-premises PaaS
management of data gives protection against the possibility of a single catastrophe destroying both the
consumer‘s facility and data. For on-site private and community PaaS clouds, the benefits of centralized
management are similar, however there is less resilience against catastrophic losses unless consumers explicitly
plan for those contingencies.
Ready to use development environment. In case of outsourced and public PaaS clouds, consumers need not
become involved with the management of a provider's infrastructure.
Pay for what you use model. Outsourced and public PaaS clouds allow a consumer to begin using an
application without the up-front costs of equipment acquisition, but potentially with a recurring usage fee.
Alleviated Scalable Application Development and Deployment. Organizations can develop and deploy
enterprise applications and maintain centralized control over their operation and the data that is processed with
them. Application development frameworks in PaaS normally provide design patterns that support a high level
of scalability, which enables well-written applications to operate smoothly through large fluctuations in
demand. In on-premises scenarios, scalability will be limited to the resources provided by consumer data
centers. Nevertheless in outsourced scenarios more resources may be available at the providers' facilities and,
particularly in the case of public cloud, well-written PaaS applications can be rapidly deployed to large amounts
of consumers and provide very large quantities of data and processing services.

Drawbacks
Possibility of information disclosures. For example, the very presence or absence of message traffic, or the
sizes of messages sent, or the originating locations may leak information that is indirect but still of importance
to some consumers
Network Dependency. In case of network failure outsourced PaaS platforms become non-operational as
there is no connection with them in such case.
PaaS clouds are not portable. This is a concern particularly when platforms require proprietary languages
and run-time environments.
Vendor lock-in. In many cases of PaaS happens (e.g. Google App Engine) that uploaded application to PaaS
cloud is not retrievable from the providers´ servers. It is also called a vendor lock-in, i.e. once a company
deploys its software onto the cloud it becomes dependent on that cloud provider.
Event-based Scheduling. PaaS applications can be event driven with the events composed of HTTP messages.
This kind of design is cost effective (absent an outstanding request, few resources are consumed), however it
poses resource constraints on applications, such as they must answer a request within a time interval or they
must continue a long-running request by queuing synthetic messages that then can be serviced. Moreover, tasks
that execute rapidly in a local application not necessarily offer equivalent performance in a PaaS application.
Security Engineering of PaaS Applications. Unlike the case of an application that can potentially run in an
isolated environment using only local resources, PaaS applications access networks intrinsically. Moreover,
PaaS applications must use cryptography in an explicit way, and must interact with the presentation features of
common Web browsers that provide output to consumers.

Main Providers
Since the next chapter is fully dedicated to PaaS, where more detailed description of main PaaS cloud providers
will be given, below is a short list of the few leading players on the market.

Google App Engine

Google App Engine (GAE) is a Platform as a Service (PaaS) cloud-based Web hosting service on Google's
infrastructure. This service allows developers to build and deploy Web applications and have Google manage
all the infrastructure needs, such as monitoring, failover, clustering, machine instance management, and so
forth. For an application to run on GAE, it must comply with Google's platform standards, which narrows the
range of applications that can be run and severely limits those applications' portability.
GAE supports the following major features:
• Dynamic Web services based on common standards
• Automatic scaling and load balancing
• Authentication using Google's Accounts API
• Persistent storage, with query access sorting and transaction management features
• Task queues and task scheduling
• A client-side development environment for simulating GAE on your local system
• One of either two runtime environments: Java or Python
When you deploy an application on GAE, the application can be accessed using your own domain name or
using the Google Apps for Business URL.
Google App Engine currently supports applications written in Java and in Python, although there are
plans to extend support to more languages in the future. The service is meant to be language-agnostic. A
number of Java Virtual Machine languages are compliant with GAE, as are several Python Web frameworks
that support the Web Server Gateway Interface (WSGI) and CGI. Google has its own Webapp framework
designed for use with GAE. To encourage developers to write applications using GAE, Google allows for free
application development and deployment up to a certain level of resource consumption. Google uses the
following pricing scheme:
• CPU time measured in CPU hours is $0.10 per hour.
• Stored data measured in GB per month is $0.15 per GB/month.
• Incoming bandwidth measured in GB is $0.10 per GB.
• Outgoing bandwidth measured in GB is $0.12 per GB.
• Recipients e-mailed is $0.0001 per recipient.
Applications running in GAE are isolated from the underlying operating system, which Google
describes as running in a sandbox. This allows GAE to optimize the system so Web requests can be matched to
the current traffic load. It also allows applications to be more secure because applications can connect only to
computers using the specified URLs for the e-mail and fetch services using HTTP or HTTPS over the standard
well-known ports. URL fetch uses the same infrastructure that retrieves Web pages on Google. The mail service
also supports Gmail's messaging system. Applications also are limited in that they can only read files; they
cannot write to the file system directly. To access data, an application must use data stored in the memcache
(memory cache), the datastore, or some other persistent service. Memcache is a fast in-memory key-value cache
that can be used between application instances. For persistent data storage of transactional data, the datastore is
used. Additionally, an application responds only to a specific HTTP request—in real-time, part of a queue, or
scheduled—and any request is terminated if the response requires more than 30 seconds to complete. GAE has a
distributed datastore system that supports queries and transactions. This datastore is non-relational or ―schema-
less,‖ but it does store data objects or entities that are assigned properties. The datastore uses an optimistic
concurrency control and maintains strong consistency. An application can execute transactions with multiple
operations, and they either all succeed or fail as a unit. To support the distributed nature of the datastore, the
concept of an entity group is employed. Transactions manage entities as a single group, and entity groups are
stored together in the system so operations can be performed faster.
The App Engine relies on the Google Accounts API for user authentication, the same system used when
you log into a Google account. This provides access to e-mail and display names within your app, and it
eliminates the need for an application to develop its own authentication system. Applications can use the User
API to determine whether a user belongs to a specific group and even whether that person is an administrator
for your application. Many applications have been built and are running on Google App Engine.

Force.com
Force.com is Salesforce.com‘s on-demand cloud computing platform—billed by Salesforce .com as the
world‘s first PaaS. Force.com features Visualforce, a technology that makes it much simpler for end customers,
developers, and independent software vendors (ISVs) to design almost any type of cloud application for a wide
range of uses. The Force.com platform offers global infrastructure and services for database, logic, workflow,
integration, user interface, and application exchange.
Visualforce is essentially a framework for creating new interface designs and enables user interactions
that can be built and delivered with no software or hardware infrastructure requirements. Force.com delivers
PaaS, a way to create and deploy business apps that allows companies and developers to focus on what their
applications do, rather than the software and infrastructure to run them. The Force.com platform can run
multiple applications within the same Salesforce.com instance, allowing all of a company‘s Salesforce.com
applications to share a common security model, data model, and user interface. This is a major benefit found in
cloud computing solutions. Add to that an on-demand operating system, the ability to create any database on
demand, a workflow engine for managing collaboration between users, and a programming language for
building complex logic. A web services API for programmatic access, mash-ups, and integration with other
applications and data is another key feature.
Visualforce
As part of the Force.com platform, Visualforce provides the ability to design application user interfaces for
practically any experience on any screen. Visualforce uses HTML, AJAX, and Flex, for business applications.
Visualforce provides a page-based model, built on standard HTML and web presentation technologies, and is
complemented with both a component library for implementing common user interface elements, and a
controller model for creating new interactions between those elements.
Visualforce features and capabilities include
• Pages Enables the design definition of an application‘s user interface.
• Components Provides the ability to create new applications that automatically match the look and feel of
Salesforce.com applications or easily customize and extend the Salesforce.com user interface to specific
requirements.
• Logic Controllers The controller enables customers to build any user interface behavior.

SOFTWARE-AS-A-SERVICE (SAAS):--
In reality the term SaaS dates from the 1990s and thus it predates the term cloud computing itself. Thus email
clients such as Gmail or Hotmail, and many different software solutions accessible over Internet, could be given
as an example of SaaS, that is software offered as a service. This leads to a most descriptive definition of SaaS
which is ―Software deployed as a hosted service and accessed over the Internet‖. In order to facilitate the
understanding of scope and division of roles between cloud consumer and cloud provider, the following figure
is placed as a reference.
 The figure above depicts a ―user level control‖, which represents that a consumer has control over the
application-specific resources that SaaS application makes available. In some cases, a consumer also has some
limited administrative control over an application. A provider normally has significantly more administrative
control at the application level. The responsibilities of a provider are to deploy, configure, update, and manage
the operation of the application in order to provide expected service levels to consumers. The middleware layer
provides software blocks that are the base of an application. It can take various forms, ranging from: traditional
software libraries, to software interpreters, to invocations of remote network services. Moreover, middleware
components can provide database services, user authentication services, identity managements, etc. Basically
consumers cannot have an access to this layer; neither should they have access to the operating system nor
hardware layers. SaaS can be seen as a Platform for renting access to an application. In order to take a closer
look at consumer/producer interaction dynamics the following figure will serve as a reference

Figure 2.9 A. represents a cloud providing services to two clients, C1 and C2. In a private cloud, the clients will
belong to (or be associated with) a single consumer organization; in other deployment models the clients may
represent different consumers. Abstractly, the cloud provider possesses a set of software applications ("apps" in
the figure) that it is offering to the clients for use over the network. Moreover, the cloud provider manages
application execution resources ("exr" in the figure). In Figure 2.9 A, client C1 is currently using two
applications, B and C. To execute the apps for client C1, the cloud provider has allocated two execution
resources, exr1 and exr2, with exr1 supplying the processing power and other resources to run the B application
(―B→exr1‖ in the figure), and exr2 supplying the processing power and other resources to run the C application
(―C→exr2‖ in the figure). An execution resource could be, e.g., a physical computer, a virtual machine
(discussed in Section 7), or a running server program that is capable of serving client requests, start a virtual
machine, or even rent computing cycles and storage from another organization. Similarly, client C2, is using
one application, C, which is supported by execution resource exr3. It should be noticed that the same
application (C in this case) can be rented out to multiple clients at the same time, as long as the cloud provider
can provide the execution resources to support the application. As shown in Figure 2.9 B, when an additional
client requests applications from the cloud, the cloud provider allocates extra execution resources for supporting
the requested applications
The traditional model of software distribution, in which software is purchased for and installed on
personal computers, is sometimes referred to as Software-as-a-Product. Software-as-a-Service is a software
distribution model in which applications are hosted by a vendor or service provider and made available to
customers over a network, typically the Internet. SaaS is becoming an increasingly prevalent delivery model as
underlying technologies that support web services and service-oriented architecture (SOA) mature and new
developmental approaches become popular. SaaS is also often associated with a pay-as-you-go subscription
licensing model. Meanwhile, broadband service has become increasingly available to support user access from
more areas around the world. The huge strides made by Internet Service Providers (ISPs) to increase bandwidth,
and the constant introduction of ever more powerful microprocessors coupled with inexpensive data storage
devices, is providing a huge platform for designing, deploying, and using software across all areas of business
and personal computing. SaaS applications also must be able to interact with other data and other applications in
an equally wide variety of environments and platforms. SaaS is closely related to other service delivery models
we have described. IDC identifies two slightly different delivery models for SaaS. The hosted application
management model is similar to an Application Service Provider (ASP) model. Here, an ASP hosts
commercially available software for customers and delivers it over the Internet. The other model is software on
demand model where the provider gives customers network-based access to a single copy of an application
created specifically for SaaS distribution. The architecture of SaaS-based applications is specifically designed to
support many concurrent users (multi-tenancy) at once. This is a big difference from the traditional client/server
or application service provider (ASP)-based solutions that cater to a contained audience. SaaS providers, on the
other hand, leverage enormous economies of scale in the deployment, management, support, and maintenance
of their offerings.
Types of SaaS
Business Utility SaaS - Applications like Salesforce automation are used by businesses and individuals for
managing and collecting data, streamlining collaborative processes and providing actionable analysis. Popular
use cases are Customer Relationship Management (CRM), Human Resources and Accounting.
Social Networking SaaS - Applications like Facebook are used by individuals for networking and sharing
information, photos, videos, etc.
Characteristics
Here are the characteristics of SaaS service model:
 SaaS makes the software available over the internet.
 The Software is maintained by the vendor rather than where they are running.
 The license to the software may be subscription based or usage based. And it is billed on recurring basis.
 SaaS applications are cost effective since they do not require any maintenance at end user side.
 They are available on demand.
 They can be scaled up or down on demand.
 They are automatically upgraded and updated.
 SaaS offers share data model. Therefore multiple users can share single instance of infrastructure.
 It is not required to hard code the functionality for individual users.
 All users are running same version of the software.
Benefits
Nowadays, more and more companies decide to take advantage of SaaS solutions, as they provide scalability
and also shift significant burdens from consumers to providers. Thus it gives better efficiency and sometimes
even better performance. The main benefits of SaaS cloud can be pointed as follows:
Browser based. SaaS application deployment is very convenient and efficient with typically almost no
software required.
Licence management. Consumers can employ a single license on multiple computers at different times instead
of purchasing extra licenses for separate computers that may not be used and thus over-provisioning the license.
Moreover, traditional license management protocols and license servers are not necessary to protect the
intellectual property of application developers because the software runs in the provider's infrastructure and can
be directly metered and billed.
Centralized data administration. From the consumer´s point of view in SaaS model, management and data
are centralized. As such the SaaS provider can supply professional management of the data, including
compliance checking, security scanning, backup, and disaster recovery. When these services are provided off-
premises SaaS management of data gives protection against the possibility of a single catastrophe destroying
both the consumer´s facility and data. For on-site private and community SaaS clouds, the benefits of
centralized management are similar however there is less resilience against catastrophic losses unless
consumers explicitly plan for those contingencies.
 No infrastructure involvement. In case of outsourced or public SaaS clouds, consumers need not become
involved with the management of a provider's infrastructure.
Pay for what you use model. Public SaaS clouds allow a consumer to begin using an application without the
up-front costs of equipment acquisition, but potentially with a recurring usage fee.
Scalability Hosted software, another term for SaaS offers you more scalability in using the software. By
utilizing SaaS you are free to use as much or as little part of any software as you need. This gives you easy and
economical access to many programs.
Regular Upgrading SaaS Vendors regularly upgrade their software, so that the users don‘t have to put any
effort into installing and upgrading the applications.
Easy Access A major advantage of SaaS is it can easily and quickly be accessed from anywhere with a web
browser. This gives users a great facility even when they are at home or in another country. They can access
real time synchronized applications from Laptops and Smart Phones.

Drawbacks
For all scenarios, SaaS clouds place significant reliance on consumer browsers as most of computation is done
on provider side. This brings up number of issues and concerns [31].
Lack of 100% Security. Although browsers encrypt their communications with cloud providers, subtle
disclosures of information are still possible. For example, the very presence or absence of message traffic, or the
sizes of messages sent, or the originating locations may leak information that is indirect but still of importance
to some consumers. Moreover man-in-the-middle attacks on the cryptographic protocols used by browsers can
allow an attacker to hijack a consumer's cloud resources.
Browser Dependence. If a consumer visits a malicious Web site and the browser becomes contaminated,
subsequent access to a SaaS application might compromise the consumer's data. Data from different SaaS
applications might be inadvertently mixed on consumer systems within consumer Web browsers.
Network Dependence - In the public SaaS cloud scenario, the network's reliability cannot be guaranteed
either by the cloud consumer or by the cloud provider as the Internet is not controlled by either one.
No Portability. Formats for exporting and importing data may not be entirely compatible between
SaaS clouds. Customized workflow and business rules, user interface and application settings, support scripts,
data extensions, and add-ons developed over time can also be vendor specific and not easily transferable.
Main providers
Theoretically any email client or online software provider could be called a SaaS provider. Thus two leading
cloud providers that identify their services as SaaS will be described.

Salesforce.com
Salesforce.com is the leading CRM SaaS vendor and had 10.6% of the overall CRM market in 2008. The CRM
of Salesforce.com is broken down into various categories [36]:
The Sales Cloud - it includes a real-time sales collaborative tool that is Chatter, it provides sales
representatives with a customer profile and account history. It also allows the user to manage marketing
campaign spending and performance across a variety of channels from a single application, tracks all
opportunity-related data including milestones, decision makers, customer communications, and any other
information unique to the company's sales process.
THe Service Cloud - The Service Cloud provides companies with a call center-like view that enables
companies to create and track cases coming in from every channel, and automatically route and escalate what is
important.
Chatter - It is a real-time collaboration platform for users. The service sends information via a real-time
news stream. Users can follow coworkers and receive broadcast updates about project and customer status.
Users can also form groups and post messages on each other's profiles to collaborate on projects.
AppExchange - It is a marketplace for cloud computing applications built for the Salesforce.com community
and delivered by partners or by third-party developers, which users can purchase and add to their
Salesforce.com.
Configuration - Salesforce users can configure their CRM application. In the system, there are tabs such as
"Contacts," "Reports," and "Accounts." Each tab contains associated information.
Web services - In addition to the web interface, salesforce.com provides a SOAP/REST Web service API
that allows for integration with other systems.

Google Docs
Google Docs (http://docs.google.com) is a collection of office applications that users can create, modify, share,
and work on documents collaboratively with others. Google Docs has a very large user base, mainly due to the
dominant position of the search engine company in the marketplace and its free use. Google Docs is supported
on Linux, Macintosh OS X, and Microsoft Windows, as well as on Android and iPhone mobile phones. Only
word processor and spreadsheets are supported by mobile phone applications at the moment; viewing
presentations, database files, and PDFs are not. Google Docs creates native HTML files that are stored online.
When you import files from Microsoft Word (DOC or DOCX), RTF, OpenOffice (ODF), data files in CSV, or
PowerPoint (PPT), they are converted to HTML. You can export a Google Docs document to standard formats
such as Microsoft Word DOC or Adobe PDF. Open documents are automatically saved, and Google Docs
retains document revisions. You can tag and archive documents and use the tags to search your documents.
When you click the Share button, you can specify who can either view or collaborate on that document.
The people you indicate are sent an e-mail with a link to that document in it. Collaboration on a document can
be done simultaneously by two or more collaborators.
These are important features of Google Docs:
• Google Docs: This is a full featured word processor with an interface similar to Microsoft Office 2003. It has
support for templates, a basic drawing function (Google Draw), and a LaTeX equation editor available in the
word processor. The following file types can be imported into Google Docs: text (TXT), Word, RTF, HTML,
Open Office (ODF), and StarOffice Writer (SXW).
• Spreadsheets: This allows you to create, import, modify, and share spreadsheets. You can collaborate on your
spreadsheet and chat in real time, embed the worksheet in a document, or post your worksheets to a block or a
Web site.
• Presentation: This is a presentation creation program. You can import and modify presentation files from
PowerPoint (PPT or PPS) files or create new presentations that you can share. Presentations support images,
audio, and video content. You can provide a real-time presentation from a remote site or publish your
presentation to a Web page.
• Reader (http://reader.google.com): This RSS feed aggregator can be read online or offline. If you choose, you
can populate Reader with your RSS feeds used on your iGoogle pages. The front page shows summaries of new
items, and you can view a list or an expanded view of an item. Items may be imported or exported from Reader
in an OPML file. Google also can search across all your feeds and updates in your subscriptions.
• File Manager: The central application in the Google Docs suite lets you upload documents, open documents,
and share documents. When you open a document, the application that supports the file type launches. The free
account gives a user 1GB of disk storage. The current restrictions on content for a free account are 5,000
documents, 5,000 images, 1,000 spreadsheets, and up to 100 Adobe PDF files. Spreadsheets can have 256
columns maximum and up to 200,000 cells divided into no more than 99 worksheets. Images embedded in
documents must be no more than 2MB in size.
• Calendar (http://calendar.google.com): Google's event and time management application uses an Ajax
interface to support drag and drop of events between dates and times. Google Calendar is thought to be the most
widely used online calendar today. It has a number of different viewing modes, including Day, 4 Day, Week,
Month, and Agenda views; it also supports a To-Do list. Events in the calendar can be set up to generate SMS
messages (called GVENTs) or e-mail through Google Gmail. You can use a gadget to populate your iGoogle
home page with your events, and another gadget can allow you to search your calendars from within the Google
Desktop application. Calendar can import Microsoft Outlook calendar (CSV) and iCalendar (ICS) files. An
account can support multiple calendars, which can be shared with other users and groups. Among the platforms
supported by Google Calendar are Android, Blackberry, iPhone, and Pocket PC mobile devices, Apple
Macintosh through iCal, and Microsoft Windows through Outlook.

Zoho Office Suite

The Zoho Office Suite is one of the more highly regarded online office suites. With the exception of Google's
apps, Zoho probably offers more modules than any of the other cloud-based office suite vendors. Zoho was
created by an Indian company called AdventNet, Inc., which later rebranded itself as ZOHO Corporation. The
first module, Zoho Writer, appeared in 2005.
The Zoho applications are mostly free for basic functions, but they carry a charge as you use the application
more heavily or access the more professional features. The Zoho Office Suite contains the following major
applications:
• Writer: This full-featured word processor supports multiple author document creation and review. The
program offers a LaTeX Equation Editor and works with MathMagic and MathType to incorporate formatted
equations and expressions. Documents it creates can support embedded video files from sites such as Flickr.
Figure 16.11 shows the Zoho Writer word processor. Writer supports the following standard file formats: text
(TXT), Microsoft Word (DOC), RTF, Office Open XML (DOCX), OpenDocument text (ODT), OpenOffice.org
text (SXW), HTML, and image files (JPEG, GIF, PNG).
• Sheet: This spreadsheet application is interoperable with Microsoft Excel and has a number of online features
that make it valuable to users. For example, Sheet can be used to create and publish charts in Web pages and in
blogs. It is available as an Excel plugin and a desktop widget. Facebook and box.net both offer Zoho sheet
services.
• Show: This presentation program interoperates with Microsoft PowerPoint (PPS and PPT), OpenDocument
Presentations (ODP), and OpenOffice (SXI) presentations; it also can export to those formats.
• Notebook: The content creation and management system is similar to both Microsoft OneNote and Google
Notebook. Pages in Notebook can include not only text, but images, audio, video content, RSS feeds, and
allows you to launch and access other applications.
• Creator: This database system interoperates with Microsoft Access and other standard file formats. Database
rules can be added to Creator using a drag-and-drop scripting engine, and it does not require a database
language to implement. The module supports import of XLS, CSV, and TSV files and exports to XLS, CSV,
TSV, HTML, PDF, JSON, and RSS files.
• Projects: The project management module creates and manages tasks, tracks milestones and deadlines, and
provides reports and Gantt charts. Projects may be viewed by a group. In the free version of Zoho, you have
access to only one project and a limited number of features. The premium version of Zoho removes these
limitations.
• Planner: The calendar and event system compiles to-do lists, creates event reports, and has an alert e-mail
system. Planner interoperates with Microsoft Outlook and Google Calendar.
• Mail: The e-mail system integrates into Zoho Writer, Sheet, and Show modules. It provides such collaborative
services as a calendar, contacts, document tools, and task management tools.
• Chat: This instant messaging application can be embedded into Web pages or blogs. Chat supports feeds to
and from other chat system providers.
• Discussions: This is an online forum for groups that you either create or join.
• Meeting: This is a conferencing application with screen sharing technology. A presenter can designate that a
participant be allowed to control the presenter's desktop. A Zoho Meeting Viewer can be embedded into a Web
page or placed in a Zoho Show slide for viewing from that module. The creator must be on Microsoft Windows,
but other meeting participants can be using a different operating system's browser. To view the meeting, the
viewer must have Java, Flash, or ActiveX installed.
• CRM: This customer relationship management package provides a procurement and inventory function, along
with invoicing and some other limited accounting support, as well as reporting.
• People: This is a Human Resource Information System and an Application Tracking System for a company.
• Wiki: This HTML editor creates Wiki pages from a graphical interface. When you create a Wiki on Zoho, you
are given a URL that you can publish that allows others to add content to your page. Zoho also offers an online
test creation tool called Challenge and a survey tool called Polls; both can be added to a Web page. Other
utilities include Site 24X7 Web site monitoring tool and a set of preview applications called Zoho Viewer.
These tools are free for you to use. Zoho has plugins for some of its applications that initiate support for a
module within an office application or browser. Some of the Zoho modules also offer an open API for
developers to use; at the moment the list of developer-customizable modules includes Writer, Sheet, Show,
Creator, Meeting, and Planner. With Zoho for Google Apps, a number of the modules described above and
some additional ones, including CRM, Projects, Invoice, Creator, and Creator Helpdesk can be used with a
Google Apps account. Icons for these functions can be placed on the Google navigation bar. With Zoho CRM
for Google Apps, for example, you can provide for icon-initiated Sync Google Mail with Zoho CRM, Import
Contacts from Google Apps, Attach Files from Google Docs, Export Events to Google Calendar, and Embed
Gadgets into Google Sites. Similar icon support for Zoho Project, Creator, and Creator Helpdesk also exists.
Zoho was one of the first online office suites to offer the feature of offline content editing and synchronization.
This feature allows users to work on documents even when they don't have an Internet connection. The system
then makes their changes when the users become connected. Zoho applications can be b undled by developers
and sold as a service to users through a custom dashboard by its partners.

IDENTITY AS A SERVICE (IDAAS):

The establishment and proof of an identity is a central network function. An identity service is one that
stores the information associated with a digital entity in a form that can be queried and managed for use in
electronic transactions. Identity services have as their core functions: a data store, a query engine, and a policy
engine that maintains data integrity.
Distributed transaction systems such as internetworks or cloud computing systems magnify the
difficulties faced by identity management systems by exposing a much larger attack surface to an intruder than
a private network does. Whether it is network traffic protection, privileged resource access, or some other
defined right or privilege, the validated authorization of an object based on its identity is the central tenet of
secure network design. In this regard, establishing identity may be seen as the key to obtaining trust and to
anything that an object or entity wants to claim ownership of.

What is an identity?
An identity is a set of characteristics or attributes that make something recognizable or known. In computer
network systems, it is one's digital identity that most concerns us. A digital identity is those attributes and
metadata of an object along with a set of relationships with other objects that makes an object identifiable. Not
all objects are unique, but by definition a digital identity must be unique, if only trivially so, through the
assignment of a unique identification attribute. An identity must therefore have a context in which it exists. This
description of an identity as an object with attributes and relationships is one that programmer's would
recognize. You can extend this notion to the idea of an identity having a profile and profiling services such as
Facebook as being an extension of the notion of Identity as a Service in cloud computing. An identity can
belong to a person and may include the following:
• Things you are: Biological characteristics such as age, race, gender, appearance, and so forth
• Things you know: Biography, personal data such as social security numbers, PINs, where you went to school,
and so on
• Things you have: A pattern of blood vessels in your eye, your fingerprints, a bank account you can access, a
security key you were given, objects and possessions, and more
• Things you relate to: Your family and friends, a software license, beliefs and values, activities and
endeavors, personal selections and choices, habits and practices, an iGoogle account, and more To establish
your identity on a network, you might be asked to provide a name and password, which is called a single-factor
authentication method. More secure authentication requires the use of at least two-factor authentication; for
example, not only name and password (things you know) but also a transient token number provided by a
hardware key (something you have). To get to multifactor authentication, you might have a system that
examines a biometric factor such as a fingerprint or retinal blood vessel pattern—both of which are essentially
unique things you are. Multifactor authentication requires the outside use of a network security or trust service,
and it is in the deployment of trust services that our first and most common IDaaS applications are employed in
the cloud.
Of course, many things have digital identities. User and machine accounts, devices, and other objects
establish their identities in a number of ways. For user and machine accounts, identities are created and stored in
domain security databases that are the basis for any network domain, in directory services, and in data stores in
federated systems. Network interfaces are identified uniquely by Media Access Control (MAC) addresses,
which alternatively are referred to as Ethernet Hardware Addresses (EHAs). It is the assignment of a network
identity to a specific MAC address that allows systems to be found on networks. The manner in which
Microsoft validates your installation of Windows and Office is called Windows Product Activation and creates
an identification index or profile of your system, which is instructive. During activation, the following unique
data items are retrieved:
• A 25-character software product key and product ID
• The uniquely assigned Global Unique Identifier or GUID
• PC manufacturer
• CPU type and serial number
• BIOS checksum
• Network adapter and its MAC address
• Display adapter
• SCSCI and IDE adapters
• RAM amount
• Hard drive and volume serial number
• Optical drive
• Region and language settings and user locale
From this information, a code is calculated, checked, and entered into the registration database. Each of
these uniquely identified hardware attributes is assigned a weighting factor such that an overall sum may be
calculated. If you change enough factors—NIC and CPU, display adapter, RAM amount, and hard drive—you
trigger a request for a reactivation based on system changes. This activation profile is also required when you
register for the Windows Genuine Advantage program. Windows Product Activation and Windows Genuine
Advantage are cloud computing applications, albeit proprietary ones. Whether people consider these
applications to be services is a point of contention.

Networked identity service classes

To validate Web sites, transactions, transaction participants, clients, and network services—various forms of
identity services—have been deployed on networks. Ticket or token providing services, certificate servers, and
other trust mechanisms all provide identity services that can be pushed out of private networks and into the
cloud. Identity protection is one of the more expensive and complex areas of network computing. If you think
about it, requests for information on identity by personnel such as HR, managers, and others; by systems and
resources for access requests; as identification for network traffic; and the myriad other requirements mean that
a significant percentage of all network traffic is supporting an identification service. Literally hundreds of
messages on a network every minute are checking identity, and every Ethernet packet contains header fields
that are used to identify the information it contains. As systems become even more specialized, it has become
increasingly difficult to find the security experts needed to run an ID service. So Identity as a Service or the
related hosted (managed) identity services may be the most valuable and cost effective distributed service types
you can subscribe to.
Identity as a Service (IDaaS) may include any of the following:
• Authentication services (identity verification)
• Directory services
• Federated identity
• Identity governance
• Identity and profile management
• Policies, roles, and enforcement
• Risk and event monitoring, including audits
• Single sign-on services (pass-through authentication)
The sharing of any or all of these attributes over a network may be the subject of different government
regulations and in many cases must be protected so that only justifiable parties may have access to the minimal
amount that may be disclosed. This level of access defines what may be called an identity relationship. Certain
codes of conduct must be observed legally, and if not legally at the moment, then certainly on a moral basis.
Cloud computing services that don't observe these codes do so at their peril. In working with IDaaS software,
evaluate IDaaS applications on the following basis:
• User control for consent: Users control their identity and must consent to the use of their information.
 • Minimal Disclosure: The minimal amount of information should be disclosed for an intended use.
• Justifiable access: Only parties who have a justified use of the information contained in a digital identity and
have a trusted identity relationship with the owner of the information may be given access to that information.
• Directional Exposure: An ID system must support bidirectional identification for a public entity so that it is
discoverable and a unidirectional identifier for private entities, thus protecting the private ID.
• Interoperability: A cloud computing ID system must interoperate with other identity services from other
identity providers.
• Unambiguous human identification: An IDaaS application must provide an unambiguous mechanism for
allowing a human to interact with a system while protecting that user against an identity attack.
• Consistency of Service: An IDaaS service must be simple to use, consistent across all its uses, and able to
operate in different contexts using different technologies.

Federated Identity Management (FIDM)

FIDM describes the technologies and protocols that enable a user to package security credentials across
security domains. It uses Security Markup Language (SAML) to package a user's security credentials as
shown in the following diagram:

OpenID is a developing industry standard for authenticating ―end users‖ by storing their digital identity in a
common format. When an identity is created in an OpenID system, that information is stored in the system of
any OpenID service provider and translated into a unique identifier. Identifiers take the form of a Uniform
Resource Locator (URL) or as an Extensible Resource Identifier (XRI) that is authenticated by that OpenID
service provider. Any software application that complies with the standard accepts an OpenID that is
authenticated by a trusted provider. A very impressive group of cloud computing vendors serve as identity
providers (or OpenID providers), including AOL, Facebook, Google, IBM, Microsoft, MySpace, Orange,
PayPal, VeriSign, LiveJournal, Ustream, Yahoo!, and others.
The OpenID standard applies to the unique identity of the URL; it is up to the service provider to store
the information and specify the forms of authentication required to successfully log onto the system. Thus an
OpenID authorization can include not only passwords, but smart cards, hardware keys, tokens, and biometrics
as well.
These are samples of trusted providers and their URL formats:
• Blogger: <username>.blogger.com or <blogid>.blogspot.com
• MySpace: myspace.com/<username>
• MyOpenID: <username>.myopenid.com
• Orange: openid.orange.fr/username or simply orange.fr/
• Verisign: <username>.pip.verisinglabs.com
• WordPress: <username>.wordpress.com
• Yahoo!: openid.yahoo.com

Amazon Web Services Provides IAM as IDaaS

After you have logged onto a trusted provider, that logon may provide you access to other Web sites that
support OpenID. When you request access to a site through your browser (or another application that is referred
to as a user-agent), that site serves as the ―relying party‖ and requests of the server or server-agent that it verify
the end-user's identifier. You won't need to log onto these other Web sites, if your OpenID is provided. Most
trusted providers require that you indicate which Web sites you want to share your OpenID identifier with and
the information is submitted automatically to the next site. CardSpace is a Microsoft software client that is part
of the company's Identity Metasystem and built into the Web Services Protocol Stack. This stack is built on the
OASIS standards (WS-Trust, WS-Security, WS-SecurityPolicy, and WS-MetadataExchange), so any
application that conforms with the OASIS WS- standards can interoperate with CardSpace. CardSpace was
introduced with .NET Frameworks 3.0 and can be installed on Windows XP, Server 2003, and later. It is
installed by default on Windows Vista and Windows 7.
A SAML assertion is a security statement in the SAML file that makes a claim regarding authentication,
attributes, or authorization. The SAML protocol request is often referred to as a query; the three different
supported query types are an authentication query, an attribute query, and an authorization decision query.
SAML requests use a SOAP binding; that is, the SAML request or response is embedded in a SOAP wrapper
within an HTTP message. SAML is used to provide a mechanism for a Web Browser Single Sign On (SSO). In
this instance, a Web browser is the user agent, which requests access to a resource that is authorized by a SAML
service provider. The service provider takes a request from a user for access to the resource and sends an
authentication request to the SAML identity provider directly from the initiating user agent (Web browser).
Figure 4.10 shows the SAML Single Sign on Request/Response mechanism.
 The Service Provisioning Markup Language (SPML) is another of the OASIS open standards developed
to provide for service provisioning. Provisioning is the process by which a resource is prepared for use,
reserved, accessed, used, and then released when the transaction is completed. A classic example of
provisioning a resource is the reservation and use of a phone line or a Virtual Private Network. A provisioning
system has three types of components: A Requesting Authority (RA) is the client, the Provisioning Service
Point (PSP) is the cloud component that receives the request and returns a response to the RA, and a
Provisioning Service Targets (PST) is the software application upon which the provisioning action is
performed. The SPML provisioning system (which can be thought of as an architectural layer) means that
identity information need only be entered into these three components once.
SPML is used to prepare Web services and applications for use, signal that the resource is available for
use and waiting for instructions, and signal when the use or transaction has been completed. With SPML, a
system can provide automated user and system access, enforce access rights, and make cloud computing
services available across network systems. Without a provisioning system, a cloud computing system can be
very inefficient and potentially unreliable.
FIGURE 4.10:SAML provides a mechanism by which a service requester can use a Single Sign On logon to
access Web services securely.
COMMUNICATION-AS-A-SERVICE (CAAS):--
Communications as a Service (CaaS) goes beyond traditional VoIP offerings by delivering a fully hosted
VoIP and Unified Communications solution. As an outsourced solution, CaaS requires little oversight from you
and your team so you can re-allocate IT budget and personnel resources to where they‘ll create the most
business growth and value. With a CaaS solution, you can leverage enterprise-class communication services
without the complexity and time required to build a premises-based solution – and without the capital
investment. CaaS is designed to include a utility-based pricing model that provides users with a comprehensive,
flexible and simple-to-understand VoIP service. The bundled service typically includes integrated access (voice
and data), a handset, local and long-distance voice services, voicemail, VoIP technology infrastructure and
advanced PBX functionality.
In the CaaS model, you contact with a single vendor for all of your entire communication needs.
Bundled services usually include voice and data access, long-distance and local voice services, telephone
handsets, voicemail, software, and advanced Unified Communications functionality such as video calling, Web
collaboration, chat, real-time presence and unified messaging. The vendor offers this functionality from one or
more remote, secure and fully redundant data centers.
Communications as a Service or CaaS similar in concept to Software as a Service or SaaS, CaaS
represents the virtualization of the PBX. The newest and most innovative of the hosted applications, CaaS
includes a full complement of Unified Communications functionality. In the CaaS model, the PBX is located in
the IP ―cloud‖ instead of residing at the user premises. Like other hosted models, users outsource the day-to-day
management responsibilities and pay for usage, not ownership.
At the user level, calls can be routed to cell or home phones. Inherent collaboration and mobility
features ensure business continuity for each employee. Callers dial your office number and get you on the line –
no matter where you are. Communications can also continue using only a laptop and the CaaS soft client. CaaS
is an outsourced enterprise communications solution. Providers of this type of cloud-based solution (known as
CaaS vendors) are responsible for the management of hardware and software required for delivering Voice over
IP (VoIP) services, Instant Messaging (IM), and video conferencing capabilities to their customers. This model
began its evolutionary process from within the telecommunications (Telco) industry, not unlike how the SaaS
model arose from the software delivery services sector. CaaS vendors are responsible for all of the hardware
and software management consumed by their user base. CaaS vendors typically offer guaranteed quality of
service (QoS) under a service-level agreement (SLA).
A CaaS model allows a CaaS provider‘s business customers to selectively deploy communications
features and services throughout their company on a pay-as-you-go basis for service(s) used. CaaS is designed
on a utility-like pricing model that provides users with comprehensive, flexible, and (usually) simple-to-
understand service plans. CaaS service offerings are often bundled and may include integrated access to
traditional voice (or VoIP) and data, advanced unified communications functionality such as video calling, web
collaboration, chat, realtime presence and unified messaging, a handset, local and long-distance voice services,
voice mail, advanced calling features (such as caller ID, three-way and conference calling, etc.) and advanced
PBX functionality. CaaS offers flexibility and scalability that small and medium-sized business might not
otherwise be able to afford. CaaS service providers are usually prepared to handle peak loads for their
customers by providing services capable of allowing more capacity, devices, modes or area coverage as their
customer demand necessitates. Network capacity and feature sets can be changed dynamically, so functionality
keeps pace with consumer demand and provider-owned resources are not wasted. From the service provider
customer‘s perspective, there is very little to virtually no risk of the service becoming obsolete, since the
provider‘s responsibility is to perform periodic upgrades or replacements of hardware and software to keep the
platform technologically current.
CaaS requires little to no management oversight from customers. It eliminates the business customer‘s
need for any capital investment in infrastructure, and it eliminates expense for ongoing maintenance and
operations overhead for infrastructure.
Companies including AT&T, IntelePeer, Alteva and Cypress Communications offer services that
fall into this category. Recently, there have been announcements by BT and Verizon that they are entering the
market with hosted VoIP services.

Advantages of CaaS:
Hosted and Managed Solutions
Remote management of infrastructure services provided by third parties once seemed an unacceptable situation
to most companies. However, over the past decade, with enhanced technology, networking, and software, the
attitude has changed. This is, in part, due to cost savings achieved in using those services. However, unlike the
―one-off ‖ services offered by specialist providers, CaaS delivers a complete communications solution that is
entirely managed by a single vendor. Along with features such as VoIP and unified communications, the
integration of core PBX features with advanced functionality is managed by one vendor, who is responsible for
all of the integration and delivery of services to users.

Fully Integrated, Enterprise-Class Unified Communications

With CaaS, the vendor provides voice and data access and manages LAN/ WAN, security, routers, email, voice
mail, and data storage. By managing the LAN/WAN, the vendor can guarantee consistent quality of service
from a user‘s desktop across the network and back. Advanced unified communications features that are most
often a part of a standard CaaS deployment include:
  Chat
 Multimedia conferencing
 Microsoft Outlook integration
 Real-time presence
 ―Soft‖ phones (software-based telephones)
 Video calling
 Unified messaging and mobility
Providers are constantly offering new enhancements (in both performance and features) to their CaaS services.
The development process and subsequent introduction of new features in applications is much faster, easier, and
more economical than ever before. This is, in large part, because the service provider is doing work that benefits
many end users across the provider‘s scalable platform infrastructure.

No Capital Expenses Needed

When business outsources their unified communications needs to a CaaS service provider, the provider supplies
a complete solution that fits the company‘s exact needs. Customers pay a fee (usually billed monthly) for what
they use. Customers are not required to purchase equipment, so there is no capital outlay. Bundled in these
types of services is ongoing maintenance and upgrade costs, which are incurred by the service provider. The use
of CaaS services allows companies the ability to collaborate across any workspace.
Advanced collaboration tools are now used to create high-quality, secure, adaptive work spaces
throughout any organization. This allows a company‘s workers, partners, vendors, and customers to
communicate and collaborate more effectively. Better communication allows organizations to adapt quickly to
market changes and to build competitive advantage.

No Risk of Obsolescence
Rapid technology advances, predicted long ago and known as Moore‘s law, 2 have brought about product
obsolescence in increasingly shorter periods of time. Moore‘s law describes a trend he recognized that has held
true since the beginning of the use of integrated circuits (ICs) in computing hardware. Since the invention of the
integrated circuit in 1958, the number of transistors that can be placed inexpensively on an integrated circuit has
increased exponentially, doubling approximately every two years. Unlike IC components, the average life
cycles for PBXs and key communications equipment and systems range anywhere from five to 10 years. With
the constant introduction of newer models for all sorts of technology (PCs, cell phones, video software and
hardware, etc.), these types of products now face much shorter life cycles, sometimes as short as a single year.
CaaS vendors must absorb this burden for the user by continuously upgrading the equipment in their offerings
to meet changing demands in the marketplace.

No Facilities and Engineering Costs Incurred

CaaS providers host all of the equipment needed to provide their services to their customers, virtually
eliminating the need for customers to maintain data center space and facilities. There is no extra expense for the
constant power consumption that such a facility would demand. Customers receive the benefit of multiple
carrier-grade data centers with full redundancy—and it‘s all included in the monthly payment.

Guaranteed Business Continuity

If a catastrophic event occurred at your business‘s physical location, would your company disaster recovery
plan allow your business to continue operating without a break? If your business experienced a serious or
extended communications outage, how long could your company survive? For most businesses, the answer is
―not long.‖ Distributing risk by using geographically dispersed data centers has become the norm today. It
mitigates risk and allows companies in a location hit by a catastrophic event to recover as soon as possible. This
process is implemented by CaaS providers because most companies don‘t even contemplate voice continuity if
catastrophe strikes. Unlike data continuity, eliminating single points of failure for a voice network is usually
cost-prohibitive because of the large scale and management complexity of the project. With a CaaS solution,
multiple levels of redundancy are built into the system, with no single point of failure.

MONITORING-AS-A-SERVICE (MAAS):
Monitoring-as-a-Service (MaaS) is the outsourced provisioning of security, primarily on business
platforms that leverage the Internet to conduct business. MaaS has become increasingly popular over the last
decade. Since the advent of cloud computing, its popularity has, grown even more. Security monitoring
involves protecting an enterprise or government client from cyber threats. A security team plays a crucial role in
securing and maintaining the Confidentiality, Integrity, and Availability (CIA) of IT assets. However, time and
resource constraints limit security operations and their effectiveness for most companies. This requires constant
vigilance over the security infrastructure and critical information assets. Many industry regulations require
organizations to monitor their security environment, server logs, and other information assets to ensure the
integrity of these systems. However, conducting effective security monitoring can be a daunting task because it
requires advanced technology, skilled security experts, and scalable processes—none of which come cheap.
MaaS security monitoring services offer real-time, 24/7 monitoring and nearly immediate incident response
across a security infrastructure—they help to protect critical information assets of their customers. Prior to the
advent of electronic security systems, security monitoring and response were heavily dependent on human
resources and human capabilities, which also limited the accuracy and effectiveness of monitoring efforts. Over
the past two decades, the adoption of information technology into facility security systems, and their ability to
be connected to security operations centers (SOCs) via corporate networks, has significantly changed that
picture. This means two important things: (1) The total cost of ownership (TCO) for traditional SOCs is much
higher than for a modern-technology SOC; and (2) achieving lower security operations costs and higher security
effectiveness means that modern SOC architecture must use security and IT technology to address security
risks.

Protection Against Internal and External Threats

SOC-based security monitoring services can improve the effectiveness of a customer security infrastructure by
actively analyzing logs and alerts from infrastructure devices around the clock and in real time. Monitoring
teams correlate information from various security devices to provide security analysts with the data they need to
eliminate false positives9 and respond to true threats against the enterprise. Having consistent access to the
skills needed to maintain the level of service an organization requires for enterprise-level monitoring is a huge
issue. The information security team can assess system performance on a periodically recurring basis and
provide recommendations for improvements as needed. Typical services provided by many MaaS vendors are
described below.

Early Detection
An early detection service detects and reports new security vulnerabilities shortly after they appear. Generally,
the threats are correlated with thirdparty sources, and an alert or report is issued to customers. This report is
usually sent by email to the person designated by the company. Security vulnerability reports, aside from
containing a detailed description of the vulnerability and the platforms affected, also include information on the
impact the exploitation of this vulnerability would have on the systems or applications previously selected by
the company receiving the report. Most often, the report also indicates specific actions to be taken to minimize
the effect of the vulnerability, if that is known.

Platform, Control, and Services Monitoring

Platform, control, and services monitoring is often implemented as a dashboard interface10 and makes it
possible to know the operational status of the platform being monitored at any time. It is accessible from a web
interface, making remote access possible. Each operational element that is monitored usually provides an
operational status indicator, always taking into account the critical impact of each element. This service aids in
determining which elements may be operating at or near capacity or beyond the limits of established
parameters. By detecting and identifying such problems, preventive measures can be taken to prevent loss of
service.

Intelligent Log Centralization and Analysis

Intelligent log centralization and analysis is a monitoring solution based mainly on the correlation and matching
of log entries. Such analysis helps to establish a baseline of operational performance and provides an index of
security threat. Alarms can be raised in the event an incident moves the established baseline parameters beyond
a stipulated threshold. These types of sophisticated tools are used by a team of security experts who are
responsible for incident response once such a threshold has been crossed and the threat has generated an alarm
or warning picked up by security analysts monitoring the systems.

Vulnerabilities Detection and Management

Vulnerabilities detection and management enables automated verification and management of the security level
of information systems. The service periodically performs a series of automated tests for the purpose of
identifying system weaknesses that may be exposed over the Internet, including the possibility of unauthorized
access to administrative services, the existence of services that have not been updated, the detection of
vulnerabilities such as phishing, etc. The service performs periodic follow-up of tasks performed by security
professionals managing information systems security and provides reports that can be used to implement a plan
for continuous improvement of the system‘s security level.

Continuous System Patching/Upgrade and Fortification

Security posture is enhanced with continuous system patching and upgrading of systems and application
software. New patches, updates, and service packs for the equipment‘s operating system are necessary to
maintain adequate security levels and support new versions of installed products. Keeping abreast of all the
changes to all the software and hardware requires a committed effort to stay informed and to communicate gaps
in security that can appear in installed systems and applications.

Intervention, Forensics, and Help Desk Services

Quick intervention when a threat is detected is crucial to mitigating the effects of a threat. This requires security
engineers with ample knowledge in the various technologies and with the ability to support applications as well
as infrastructures on a 24/7 basis. MaaS platforms routinely provide this service to their customers. When a
detected threat is analyzed, it often requires forensic analysis to determine what it is, how much effort it will
take to fix the problem, and what effects are likely to be seen. When problems are encountered, the first thing
customers tend to do is pick up the phone. Help desk services provide assistance on questions or issues about
the operation of running systems. This service includes assistance in writing failure reports, managing operating
problems, etc.

Delivering Business Value

Some consider balancing the overall economic impact of any build-versusbuy decision as a more significant
measure than simply calculating a return on investment (ROI). The key cost categories that are most often
associated with MaaS are (1) service fees for security event monitoring for all firewalls and intrusion detection
devices, servers, and routers; (2) internal account maintenance and administration costs; and (3) preplanning
and development costs. Based on the total cost of ownership, whenever a customer evaluates the option of an
in-house security information monitoring team and infrastructure compared to outsourcing to a service provider,
it does not take long to realize that establishing and maintaining an in-house capability is not as attractive as
outsourcing the service to a provider with an existing infrastructure. Having an in-house security operations
center forces a company to deal with issues such as staff attrition, scheduling, around the clock operations, etc.
Losses incurred from external and internal incidents are extremely significant, as evidenced by a regular stream
of high-profile cases in the news.

Cloud Computing involves many activities for which monitoring is an essential task. The most important ones
are:
• Capacity and Resource Planning. One of the most challenging tasks for application and service developers,
before the large scale adoption of Cloud Computing, has always been resource and capacity planning (e.g. web
services ).
• Data Center Management. Cloud services are provided through large scale data centers, whose management
is a very important activity. Data center management includes two fundamental tasks: (i) monitoring, that keeps
track of desired hardware and software metrics; (ii) data analysis, that processes such metrics to infer system or
application states for resource provisioning, troubleshooting, or other management actions.
• SLA Management. The unprecedented flexibility in terms of resource management provided by Cloud
Computing calls for new programming models in which Cloud applications can take advantage of such new
feature, whose underlying premise is monitoring.
• Billing. In order to offer ―measured services‖ allowing the Consumer to pay proportionally to a metered
parameter, monitoring is fundamental.
• Troubleshooting. The complex infrastructure of a Cloud represents a big challenge for troubleshooting (e.g.
root cause analysis), as the cause of the problem has to be searched in several possible components (e.g.
network, host, etc.), each of them made of several layers. Monitoring is therefore needed for Providers to
understand where to locate the problem inside their complex infrastructure and for Consumers to understand if
any occurring performance issue or failure is caused by the Provider or by other causes.
• Performance Management. Being the hardware infrastructure maintenance delegated to the Providers, the
Cloud Computing model is attractive for most Consumers (primarily medium sized enterprises and research
groups). However, despite the attention paid by Providers, some Cloud nodes may attain performance orders of
magnitude worse than other nodes .
• Security Management. Cloud security is very important for several reasons. It is one of the most significant
obstacles to the spread of Cloud Computing, especially considering certain kinds of applications (e.g. business-
critical ones) and Consumers (e.g. governments)

Providers:

Commercial: CloudWatch, AzureWatch, CloudKick, CloudStatus, Nimsoft, Monitis, LogicMonitor, Aneka,

Open Source: Hyperic-HQ, OpenNebula, CloudStack, ZenPack, Nimbus, PCMONS, DARGOS, Sensu.

STORAGE AS A SERVICE:
Cloud data storage is a critical component in the cloud computing model; without cloud storage, there can be no
cloud service. A storage cloud provides storage as a service to storage consumers. A storage cloud can be used
to support a diverse range of storage needs, including mass data stores, file shares, backup, archive, and more.
Implementations range from public user data stores to large private storage area networks (SAN) or network-
attached storage (NAS), hosted in-house or at third-party managed facilities. The following examples are
publicly available storage clouds:
_ IBM SmartCloud offers a variety of storage options, including archive, backup, and object storage.
_ Skydrive from Microsoft allows the public to store and share nominated files on the Microsoft public storage
cloud service.
_ Email services, such as Hotmail, Gmail, and Yahoo, store user email and attachments in their respective
storage clouds.
_ Facebook and YouTube allow users to store and share photos and videos.
Storage cloud capability can also be offered in the form of storage as a service, where you pay based
on the amount of storage space used. There are various ways a storage cloud can be used, based on your
organization's specific requirements. Figure 2-1 describes how various electronic or portable devices can access
storage through the Internet without necessarily knowing the explicit details of the type or location of storage
that is used underneath.

Figure 2-1 Overview of storage cloud

Storage usage differences within a storage cloud infrastructure

Within a cloud infrastructure, a useful distinction can be made between how storage capacity is used, similar to
the difference that exists in traditional IT between system data (files, libraries, utilities, and so on), and
application data and user files. This distinction becomes important for storage allocation in virtual server
implementations.
Storage as cloud: A storage cloud exhibits the characteristics that are essential to any cloud service (self-
service provisioning, Internet and intranet accessibility, pooled resources, elastic, and metered). It is a cloud
environment on which the offered services provide the ability to store and retrieve data on behalf of computing
processes that are not part of the storage cloud service. A storage cloud can be used in combination with a
compute cloud, a private compute facility, or as storage for a computing device. Storage in a storage cloud can
be categorized as follows:
Hosted storage: This category is primary storage for block or file data that can be written and read on demand,
and is provisioned as generally higher performance and availability storage.
Reference storage: This category is fixed content storage to which blocks or files are typically written to once,
and read from many times. Examples of data typically residing on reference storage include multimedia,
archival data, medical imaging, surveillance data, log files, and others.

Storage for cloud : Storage for cloud is a general name applied to the type of storage environment,
implemented in cloud computing that is required to provision cloud computing services. For example, when a
virtual server machine is created, some storage capacity is required. This storage is provisioned as part of the
virtual machine creation process to support the operating system and runtime environment for the instance. It is
not delivered by a storage cloud. However, it may be provisioned from the same storage infrastructure as a
storage cloud. The types of storage provisioned for a cloud service can be categorized as follows:
Ephemeral storage: This storage is required only while a virtual machine is running. It is freed from use and
made available to the storage pool when the virtual machine is shut down. Examples of this category of storage
include boot volumes, page files, and other temporary data.
Persistent storage: This storage is required across virtual machine reboots. It is retained even when a virtual
machine is shutdown. It includes ―gold‖ (master template) images, systems customization, and user data.

Figure 2-2 Storage categories used in cloud

Traditional storage versus storage cloud

This section compares the various challenges of traditional and cloud storage, outlines the advantages of cloud
storage, and explains key implementation considerations for potential storage cloud infrastructure deployments.
Challenges of traditional storage
Before exploring the advantages and benefits of storage cloud, we list several limitations of current IT
infrastructure, which businesses deal with on a daily basis. This categorization is from a high level; challenges
in one category can sometimes be applicable to other categories.
1) Constrained business agility
The time required to provision storage capacity for new projects or unexpectedly rapid growth affects an
organization‘s ability to quickly react to changing business conditions. This situation can often negatively affect
the ability to develop and deliver products and services within competitive time-to-market targets. The
following constraints are examples:
_ Time required deploying new or upgraded business function
_ Downtime required for data migration and technology refresh
_ Unplanned storage capacity acquisitions
_ Staffing limitations
Often substantial reserve capacity is required to support growth that requires planning and investment far in
advance of the actual need to store data. The reason is because the infrastructure cannot easily scale up the
needed additional capacity as a result of an inability to seamlessly add required storage resources. This key
issue makes it more difficult to cope with rapidly changing business environments, adversely affecting the
ability to make better decisions more rapidly and proactively optimize processes with more predictable
outcomes.

2) Sub-optimal utilization of IT resources

The variation in workloads and the difficulty in determining future requirements typically results in IT storage
capacity inefficiencies:
_ Difficulty in predicting future capacity and service level needs
_ Peaks and valleys in resource requirements
_ Over and under provisioning of IT resources
Extensive capacity planning effort is needed to plan for varying future storage capacity and service level
requirements. Capacity is often underutilized as the storage infrastructure requires reserve capacity for
unpredictable future growth requirements and therefore cannot be easily scaled up or down. Compounding these
issues is the frequent inability to seamlessly provision additional storage capacity without impacting application
uptime.

3) Organizational constraints
Another barrier to efficient use of resources can be traced to artificial resource acquisition, ownership, and
operational practices:
_ Project oriented infrastructure funding
_ Constrained operational budgets
_ Difficulty implementing resource sharing
_ No chargeback or showback mechanism as incentive for IT resource conservation
The limited ability to share data across the enterprise especially in the context of interdepartmental sharing can
degrade overall use of IT resources including storage capacity. Parallel performance requirements in existing
storage systems result in one node supporting one disk, leading to multiplication of nodes and servers.
4) IT resource management
Efficient IT support is based on cost-effective infrastructure and service-level management to address business
needs.
_ Rapid capacity growth
_ Cost control
_ Service-level monitoring and support (performance, availability, capacity, security, retention, and more)
_ Architectural open standardization
The continued growth of resource management complexity in the storage infrastructure is often based on a lack
of standardization and high levels of configuration customization. For example, adjusting storage performance
through multiple RAID settings and manual tuning the distribution of I/O loads across various storage arrays
consumes valuable staff resources. Sometimes, the desire to avoid vendor lock-in because of proprietary
protocols for data access also creates tremendous pressure on storage resource management. Other challenges
are related to managing and meeting stringent SLA requirements and lack of enough in-house expertise to
manage complex storage infrastructures. New service levels, adjusting existing SLAs to align IT disaster
recovery, business resilience requirements, and high-availability solutions are also factors.
Duplicate data existing in the form of copies across organizational islands within the enterprise leads to
higher costs for data storage and also backup infrastructure. Compounding all of this are ever-shrinking
operational and project budgets, and lack of dynamic chargeback or show back models as incentives for IT
resource conservation.

ADVANTAGES OF A STORAGE CLOUD:

Storage cloud has redefined the way storage consumers can do business, especially those who have seasonal or
unpredictable capacity requirements, and those requiring rapid deployment or contraction of storage capacity.
Storage cloud can help them focus more on their core business and worry less about supporting a storage
infrastructure for their data.
Here are the advantages:
_ Facilitates rapid capacity provisioning supporting business agility
_ Improves storage utilization by avoiding unused capacity
_ Supports storage consolidation and storage virtualization functionality
_ Chargeback and show back accounting for usage as incentive to conserve resources
Storage cloud helps companies to become more flexible and agile, and supports their growth. Improvement in
quality of service (QoS), by automating provisioning and management of underlying complex storage
infrastructure, helps improve the overall efficiency of IT storage.
Benefits and features of storage cloud
The overall benefits of storage cloud vary significantly based on the underlying storage infrastructure. Storage
cloud can help businesses achieve more effective functionality at lower cost while improving business agility
and reducing project scheduling risk. Figure 2-4 identifies basic differences between the traditional IT model
and a storage cloud model.

1) Dynamic scaling and provisioning (elasticity)

One of the key advantages of storage cloud is dynamic scaling, also known as elasticity. Elasticity means that
storage resources can be dynamically allocated (scaled up) or released (scaled down) based on business needs.
Traditional IT storage infrastructure administration most often acquires capacity needed within the next year or
two, which necessarily means this reserve capacity will be idle or underutilized for some period or time. A
storage cloud can start small and grow incrementally with business requirements, or even shrink in size to lower
costs if appropriate to capacity demands. For this key reason, storage cloud can support a company‘s growth
while reducing net capital investment in storage.
2) Faster deployment of storage resources
New enterprise storage resources can be provisioned and deployed in minutes compared to less optimized
traditional IT, which typically takes more time, sometimes days or even months.
3) Reduction in TCO and better ROI
Enterprise storage virtualization and consolidation lowers infrastructure total cost of ownership (TCO)
significantly, with centralized storage capacity and management driving improved usage and efficiency,
generally providing a significantly higher return on investment (ROI) through storage capacity cost avoidance.
In addition, savings can be gained because of reduced floor space, energy required for cooling, labor costs, and
also support and maintenance. This gain can be important where storage costs grow faster than revenues and
directly affect profitability.
4) Reduce cost of managing storage Virtualization helps in consolidating storage capacity and helps achieve
much higher utilization, thereby significantly reducing the capital expenditure on storage and its management.
5) Greener data centers
By consolidating geographically dispersed storage into fewer data centers, you achieve a smaller footprint in
terms of rackspace; You can save on energy (electrical power) and charges for infrastructure space, which also
improves TCO and ROI.
6) Dynamic, flexible chargeback model (pay-per-use)
By implementing storage cloud, an organization pays only for the amount of storage that is actually that is used
rather than paying for an incremental spare capacity, which remains idle until needed. This model can provide
an enterprise with enormous benefits financially. Savings can also be realized from hardware and software
licensing for functionality such as replication and point-in-time copy.
7) Multiuser file sharing
By centralizing the storage infrastructure, all users can have parallel and simultaneous access to all the data
across the enterprise rather than dealing with isolated islands of data. This also helps in collaboration and file
sharing with higher data access rates.

BUSINESS PROCESS AS A SERVICE (BPAAS):

In today‘s challenging and complex business environment, firms need streamlined business processes in
order to run efficient and sustained operations. Business process management (BPM) is very critical to a firm
because it helps to create efficient and effective workflow processes that integrate with different functions of the
firm. In the advent of the internet and mobility, firms establish flexible and robust business processes so that
process owners, users and stakeholders could take advantage of the integrated and ubiquitous connectivity
approach to execute the business processes anywhere in the world.
Business Process as a Service (BPaaS) employs the cloud computing service model to outsource
Business Process Management (BPM) dependent on related cloud services; these include Software as a Service
(SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
Traditional BPM Systems (BPMS) run business processes and track active instances of these processes.
A BPMS automates the workflow of a business process step by step and provides reporting on the status of a
process instance giving details on whether it is completed or stalled. In the case of a stalled process, BPMS
shows which step a process has stalled on; allowing companies to be proactive in their approach to optimizing
their processes and resolving workflow steps that may continually stall.
 BPaaS on the other hand is simply Business Processes uploaded to a cloud service that performs the
tasks and allows for monitoring and reporting on the workflow status of active and completed tasks. The added
advantages of BPaaS over traditional BPMS are what set it apart. Some examples of outsourcing services
available with the BPaaS model include payroll, procurement, tender and industry operation processes. The aim
of BPaaS is to reduce labour costs through an increase in automation of business processes and adheres to the
usual cost structures typical of cloud computing - ‗pay as you go‘.
BPaaS differs from traditional business logic software packages as it is specifically designed-oriented
towards delivering services. BPaaS therefore will tend to have well-defined application interfaces that are
useable by many different businesses and offer a consistent, automated and repeatable service assisting in the
standardization of business processes.
Automating business processes is not a new concept and has been achieved in the past either manually
or programmatically often incurring costly modifications to existing ERP, CRM or other business logic
software packages.
Although, cloud revolution has helped firms to approach business transformation with radical changes to
IT infrastructure and practices. IT plays a critical role in selecting the necessary infrastructure to support the
firms‘ business operations. Choosing the right platform for BPaaS depends on how well the corporate
infrastructure is architected and designed to support cloud based solutions and services.

BPaaS integrates very well with other cloud services of a hybrid cloud model thereby creating an integrated
delivery platform for efficient business process management. Hybrid cloud model is a combination of private,
community or public clouds that offer firms to build necessary technology platform and services without
worrying about the infrastructure ownership, maintenance, and support.
The figure above clearly depicts how BPaaS fits well in a corporate hybrid cloud structure along with
other cloud-based services. Infrastructure as a Service (IaaS) provides necessary computing resources, storage
and networking capabilities, hosted by a service provider who takes responsibility to manage, maintain and
support the underlying infrastructure and offers as on-demand services to customers. Platform as a Service
(PaaS) offers a broad range of middleware services including integrated application development environment,
application delivery platform, and database services. Software as a Service (SaaS) offers a wide range of
software services hosted in a cloud infrastructure using a pay-per-use pricing model or subscription service-
based model.
BPaaS sits on top of the other cloud-services as a robust business process management system and offers
firms to experiment new innovative business process ideas, thereby creating a well-integrated business approach
for firms in order to establish a superior competitive advantage. Consequently, IT brings the needful business
process innovation into reality through efficient and effective IT governance, quality assurance and control, and
robust program management practices, thereby providing immense value to reap business benefits.
There is a practical reason to select a business process service. First, an organization can select a process
that matches business policy. It can then be used in many different application environments. This ensures that a
well-defined and, more importantly, a consistent process exist across the organization. For example, a company
may have a complex process for processing payroll or managing shipping. This service can be linked to other
services in the cloud, such as SaaS, as well as to applications in the data center.
Like SaaS cloud services, business processes are beginning to be designed as a packaged offering that
can be used in a hybrid manner. These business processes can really be any service that can be automated,
including managing e-mail, shipping a package, or managing customer credit.
The difference between traditional packaged applications and BPaaS is that BPaaS is designed to be
service-oriented. So, BPaaS is likely to have well-defined interfaces. In addition, a BPaaS is a standardized
service for use by many different organizations.

The following characteristics define BPaaS:

 The BPaaS sits on top of the other three foundational cloud services: SaaS, PaaS, and IaaS.
 A BPaaS service is configurable based on the process being designed.
 A BPaaS service must have well-defined APIs so it can be easily connected to related services.
 A BPaaS must be able to support multiple languages and multiple deployment environments because a
business cannot predict how a business process will be leveraged in the future.
 A BPaaS environment must be able to handle massive scaling. The service must be able to go from
managing a few processes for a couple of customers to being able to support hundreds if not thousands
of customers and processes. The service accomplishes that objective by optimizing the underlying cloud
services to support this type of elasticity and scaling.