LAB EXPERIMENTS :05

OBJECTIVE : To Study Cloud Security Management.

From this experiment, the student will be able,To understand the security features of Cloud.
To learn the technique of application security management and its complexityTo understand
the importance of cloud security management from application point of view

Hardware / Software Required: Ubuntu operating system, Virtual machine, WAMP/ZAMP

server, Any tool or technology can be used for implementation of web application e.g., JAVA,
PHP, etc.
Theory:
Cloud computing security is the set of control-based technologies and policies designed to
adhere to regulatory compliance rules and protect information, data applications and
infrastructure associated with cloud computing use. Because of the cloud's very nature as a
shared resource, identity management, privacy and access control are of particular concern.
With more organizations using cloud computing and associated cloud providers for data
operations, proper security in these and other potentially vulnerable areas have become a
priority for organizations contracting with a cloud computing provider.

Cloud computing security processes should address the security controls the cloud provider
will incorporate to maintain the customer's data security, privacy and compliance with
necessary regulations. The processes will also likely include a business continuity and
databackup plan in the case of a cloud security breach.

Physical security :-Cloud service providers physically secure the IT hardware (servers,
routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure
that essential supplies (such as electricity) are sufficiently robust to minimize the possibility of
disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e.
professionally specified, designed, constructed, managed, monitored and maintained) data
centers.

Personnel security :-Various information security concerns relating to the IT and other
professionals associated with cloud services are typically handled through pre-, para- and post-
employment activities such as security screening potential recruits, security awareness and
training programs, proactive security monitoring and supervision, disciplinary procedures and
contractual obligations embedded in employment contracts, service level agreements, codes of
conduct, policies etc.
Application security :-loud providers ensure that applications available as a service via the
cloud (SaaS) are secure by specifying, designing, implementing, testing and maintaining
appropriate application security measures in the production environment. Note that - as with
any commercial software - the controls they implement may not necessarily fully mitigate all
the risks they have identified, and that they may not necessarily have identified all the risks
that are of concern to customers. Consequently, customers may also need to assure themselves
that cloud applications are adequately secured for their specific purposes, including their
compliance obligations.

1. Procedure: Security using MFA(Multi Factor Authentication) device code:

1) goto aws.amazon.com
2) click on "My Account"
3) select "AWS management console" and click on it
4) Give Email id in the required field
if you are registering first time then select "I am a new user" radio button
5) click on "sign in using our secure server" button
6) follow the instruction and complete the formalities
7) Again go to "My Account"
select "AWS management console" and click on it
Sign in again by entering the user name and valid password ( check "I am returning user andmy
password is" radio button)
Now you are logged in as a Root User
All AWS project can be viewed by you, but you cant make any changes in it or you cant create
new thing as you are not paying any charges to amazon (for reason refer step:6)
To create the user in a root user follow the steps mentioned below:
1) click on "Identity and Access Management" in security and identity project
2) click in "Users" from dashboard
It will take you to "Create New Users"
click on create new user button
enter the "User Name"
(select "Generate and access key for each user" checkbox, it will create a user with a
specifickey)
click on "Create" button at right bottom
3) once the user is created click on it
Permissions in user account:After creating the user by following above mentioned steps; you
can give certain permissions to specific user
1) click on created user
2) goto "Permissions" tab
3) click on "Attach Policy" button
4) select the needed policy from given list and click on apply.
Result:
Step 1 :goto aws.amazon.com

Step 2 : Click on "My Account". Select "AWS management console" and click on it. Give
Email id in the required field

Step 3: Addition of security features

Step 4: Sign in to an AWS account

Step 5 : Creation of users

Step 6: Adding users to group

Step 7: Creating Access key

Step 8 : Setting permissions to users

 LAB EXPERIMENTS :06

OBJECTIVE : IMPLIMENT SCHEDULING ALGORITHMS

From this experiment, the student will be able to,

Understand concepts of virtualization and to use cloud as Infrastructure as a services.
• Learn the technique and its complexity
• Understand the importance of this technique from application point of view
OwnCloud is open source file sync and share software for everyone from individuals operating
the free ownCloud Server edition, to large enterprises and service providers operating the
ownCloud Enterprise Subscription. ownCloud provides a safe, secure, and compliant file
synchronization and sharing solution on servers that you control. You can share one or more
files and folders on your computer, and synchronize them with your ownCloud server.

Step 2 : By default, the ownCloud Web interface opens to your Files page. You can add,
remove, and share files, and make changes based on the access privileges set by you (if you
are administering the server) or by your server administrator. You can access your ownCloud
files with the ownCloud web interface and create, preview, edit, delete, share, and re-share
files. Your ownCloud administrator has the option to disable these features, so if any of them
are missing on your system ask your server administrator.
Step 3: Apps Selection Menu: Located in the upper left corner, click the arrow to open a
dropdown menu to navigate to your various available apps. Apps Information field: Located
in the left sidebar, this provides filters and tasks associated with your selected app. Application
View: The main central field in the ownCloud user interface. This field displays the contents
or user features of your selected app.

Step 4: Share the file or folder with a group or other users, and create public shares with
hyperlinks. You can also see who you have shared with already, and revoke shares by clicking
the trash can icon. If username auto-completion is enabled, when you start typing the user or
group name ownCloud will automatically complete it for you. If your administrator has enabled
email notifications, you can send an email notification of the new share from the sharing screen.
Step 5: Five Share permissions are :
Can share; allows the users you share with to re-share.
Can edit; allows the users you share with to edit your shared files, and to collaborate using the
Documents app.
Create; allows the users you share with to create new files and add them to the share.
Change; allows uploading a new version of a shared file and replacing it.
Delete; allows the users you share with to delete shared files.

Conclusion: We have studied how to use ownCloud for ensuring identity management of the
users. We can create multiple groups and provide privileges to view or modify data as per
defined permissions. It also enables simplified look and feel to be used by anyone.
 LAB EXPERIMENTS :07

OBJECTIVE: AMAZONE WEB SERVICES/ MICROSOFT AZURE/GOOGLE

CLOUDE SERVICES.
The cloud provides many options for storing, serving, and processing data. Cloud networks
enable everything from Netflix and Major League Baseball to IoT sensors and machine
learning applications. The following are some benefits of cloud computing:

Cloud computing replaces upfront capital infrastructure expenses with low variable costs that
scale with your organization. Thanks to the cloud, businesses no longer need to prepare for and
purchase servers and other IT equipment weeks or months in advance. Instead, they may whiz
up hundreds or thousands of servers in minutes and deliver results faster.

Amazon Web Services (AWS) offers computer resources and services that may construct
applications in minutes at pay-as-you-go prices. For example, you can rent a server on AWS
to connect to, configure, protect, and run just like a physical server. The distinction is that the
virtual server runs on top of an AWS-managed planet-scale network.Notable users of Amazon
Web Services (AWS)

Coursera

Expedia

Netflix

Airbnb

Food and Drug Administration (FDA)

Coca Cola

Microsoft Azure is a public cloud platform that provides infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Software as a Service (SaaS) solutions for analytics, virtual
computing, storage, networking, and other services. It can enhance or replace your on-premise
servers.Notable users of Microsoft Azure

Bosch

Audi

ASOS

Mitsubishi Electric

Renault

Google Cloud :- originally App Engine, is a cloud computing services suite established by
Google in 2008. GCP offers enterprises all around the world infrastructure as a service (IaaS),
platform as a service (PaaS), and software as a service (SaaS). GCP, for example, is primarily
a service for developing and maintaining original applications that can then be published from
its hyper-scale data centers.

Nintendo

Spotify

Twitter

Paypal

UPS

Microsoft
Features Amazon Google Cloud
Azure

Age 11 years old 5 years old 6 years old

Per second pricing

Per-minute
Pricing with a 60-second Per-minute basis
basis
minimum

EC2 (Elastic
Compute Cloud)
provides all the
With Microsoft
computing As part of GCP
Azure, you can
administration. The (Google Cloud
create virtual
program oversees Platform), GCE
Compute machines and
virtual machines, (Google Compute
scale sets for
which can either be Engine) does a
virtual
designed by the similar function.
machines.
owner or have pre-
configured settings
for convenience

Azure uses ID Comparatively,

AWS provides
drives (transient Google's Cloud
apportioned,
capacity), and Platform offers
Storage transient (brief)
Page Blobs both brief
stockpiling. As soon
VM-based stockpiling and
as an instance
volumes are constant circles.
begins, it is
stored in Block For Object
 Microsoft
Features Amazon Google Cloud
Azure

demolished at the Storage stockpiling, GCP

end of the case. (Microsoft's has Google Cloud
choice). Object Storage.
Storage uses
Square Blobs
and Files.

AWS vs. Azure vs. Google Cloud

AWS, Microsoft Azure, and Google Cloud Platform are sweeping the new digital world with
a new storm of technology based on remote servers. There is fierce competition in the public
cloud market, and here is what sets each platform .

Microsoft Azure :-Microsoft Azure, known initially as Azure, was established in 2010 to
provide enterprises with a capable Cloud Computing platform. In 2014, Azure was renamed
'Microsoft Azure,' while 'Azure' is still widely used. Microsoft Azure has made significant
progress compared to its competitors since its debut.

Google Cloud Platform :-Google Cloud Platform launched in 2008, and in less than a decade,
it has established a strong foothold in the cloud business. Google Cloud strengthened Google's
products, including its hugely popular search engine and its video-sharing platform, YouTube.
However, they have now launched enterprise services, allowing anyone to access Google
Cloud Platform, which shares the same infrastructure as Google Search or YouTube.

Regions and availability :-When selecting a cloud provider, the supported regions and
availability are the first things to consider. Because of issues such as latency and compliance
regulations, especially when dealing with data, have a direct impact on performing your
cloud.Here are the Big Three as of March 2024:

Amazon Web Service divides into 22 geographic regions and 14 data centers. There are over
114 edge locations and 12 Regional Edge Caches.

Microsoft Azure operates in 54 regions, each with at least three availability zones and 116 edge
locations.

Google Cloud Platform comprises 34 cloud regions, 103 zones, and 200 plus edge locations.

Compute Services :- Compute is a term that describes how computers work. Connecting many
nodes is simple for a good cloud provider. Here is a look at each platform's computational
capabilities individually -
SERVICE AWS AZURE GCP

VM Google
Azure Virtual
(Compute EC2 (Elastic Compute) Compute
Machine
Instance) Engine

Google App
PaaS AWS Elastic Beanstalk App Service
Engine

Azure
AWS Elastic Google
Kubernetes
Container Container/Kubernetes Kubernetes
Service
Service Engine
(AKS)

Google
Serverless Azure
AWS Lambda Cloud
Functions Function
Functions

Machine
AWS Azure GCP
Type

In Azure, the Compared to AWS,

same type of GCP will supply you
AWS charges
instance, i.e., with the most basic
roughly US$69 per
an instance instance, including
month for a
Smallest with 2 CPUs two virtual CPUs and
primary instance
Instance and 8 GB of eight gigabytes of
with two virtual
RAM, will RAM, at a 25% lower
CPUs and eight
cost roughly cost. As a result, it will
gigabytes of RAM.
US$70 per cost you around
month. US$52 every month.

The most Azure's GCP leads the pack

expensive AWS largest with its largest
instance, with 3.84 instance instance, 3.75 TB of
Largest includes 3.89
TB of RAM and RAM and 160 CPUs.
Instance TB of RAM
128 CPUs, will It will cost you
cost you roughly and 128 approximately
US$3.97/hour. CPUs. It US$5.32/hour.
costs about
 Machine
AWS Azure GCP
Type

$6.79 per
hour.

Pros and Cons of Amazon Web Services

Pros:-

• Provides most services, from networking to robots.

• Considered the best for reliability and security
• More computational capacity than Azure and GCP

Cons

• All major software providers that make their applications available on AWS
Dev/Enterprise support must be paid.
• The sheer quantity of services and options available can be overwhelming for newbies.
• There are relatively few hybrid cloud alternatives.

Microsoft Azure

Pros

• Integration and migration of current Microsoft services are simple.

• Many options are accessible, including best-in-class AI, machine learning, and
analytics services.
• Most services are less expensive when compared to AWS and GCP.

Cons

• Fewer service choices compared to AWS

• Specifically designed for business customers

GOOGLE CLOUDE SERVICES :-

Pros

• Works well with other Google services and products.

• Excellent containerized workload support

Con

• Limited services compared to AWS and Azure Limited support for enterprise use cases