PGP in Cloud Computing

Declaration

Questions in this exercise are intentionally complex and could be convoluted or confusing. This is by
design and to simulate real life situations where customers seldom give crystal clear requirements and
ask unambiguous questions.

I have read the above statement and agree to these conditions

I AGREE
<Enter your name above this line to indicate that you are in agreement>

Instructions

Every screenshot requested in this workbook is compulsory and carries 1 point

Your AWS account ID must be clearly visible in every screenshot using the AWS console; missing id or
using someone else's id is not permitted. Such cases will be considered as plagiarism and severe
penalty will be imposed.

All screenshots must be in the order mentioned under "Expected Screenshots" for every step

DO NOT WAIT UNTIL THE LAST MINUTE. The program office will not extend the project submission
deadline under any circumstances.

The file should be renamed in the format BATCH_FIRSTNAME_LASTNAME_PROJECT1.

For example: PGPCCMAY18_VIJAY_DWIVEDI_PROJECT1.pdf

Resource Clean Up

Cloud is always pay per use model and all resources/services that we consume are chargeable.
Cleaning up when you’ve completed your lab or project is always necessary. This is true whether you’re
doing a lab or implementing a project at your workplace.

After completing the lab, make sure to delete each resource created in reverse chronological order.

1
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Scenario
According to recent research, 40-75% of employees are using Dropbox to share files inside and outside
of their businesses. Half of those Dropbox users do this even though they know it's against the rules.
More than 40% of businesses have experienced the exposure of confidential information and the
estimated average cost of a data breach equaled $5.5 Million in 2011.

These files, containing sensitive company and customer data, are stored in a public cloud outside of the
businesses' control - possibly even outside of the country. The potential for data leakage and security
breaches is enormous and companies need to stay compliant with their own policies and procedures for
security and governance

Architecture diagram

Architecture Implementation

1 Implement 2 different subnets (one public and the other private) in a virtual network

2 Install and configure MySQL on an Ubuntu virtual machine on the private subnet using the
instructions provided. (Hint: Use a bastion host and a NAT gateway)

3 Install and configure OwnCloud on an Ubuntu virtual machine on the public subnet using the
provided instructions.

4 Configure the network security groups to allow the required ports

5 Test the installation by accessing the IP of the application server in a browser

2
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step 1: VPC and Subnet Creation

Step number a

Step name Creation of Virtual Network

Instructions 1) Create a new resource group. You need to use this resource group to deploy all the
resources in this exercise
a) Search for resource groups using the search bar at the top of the screen
b) Click on Create
c) Enter a name and region of your choice. Remember to use the same region
for all deployments in this exercise.
d) Click on Review +Create and create the resource group
2) Navigate to Virtual Networks and click on Create
a) Name : P1VNET
b) IPv4 CIDR Block : 10.0.0.0/16
c) Delete the default created subnet and add the following subnets
i) Public subnet with CIDR 10.0.1.0/24
ii) Private subnet with CIDR 10.0.2.0/24
d) The rest of the options can be set to the default values
e) Click on Create to create the virtual network

Expected 1) Created virtual network with properties visible

screenshots 2) Properties of public subnet
3) Properties of private subnet

<Insert Screenshot a(1) here>

<Insert Screenshot a(2) here>
<Insert Screenshot a(3) here>

3
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step number b

Step name Creation of NAT Gateway

Instructions 1) Navigate to NAT Gateways

2) Click on "Create"
a) Use the resource group created above and the same region it is deployed in
b) Use a new public IP and public IP prefix for the NAT gateway. Ensure that
the public IP prefix has a CIDR size of /30
c) When asked to select the subnet, select the private subnet created above
d) Click on Create

3) Navigate to virtual network and select the network created above

4) Select the private subnet created under Subnets in the menu on the left of the
screen.
5) Under NAT Gateway, select the gateway created just now and select Save.

Expected 1) Created NAT gateway

screenshots

<Insert Screenshot b(1) here>

Step number c

Step name Creation and configuration of Network security groups

Instructions 1) Navigate to Network Security Groups

2) Click on Create
a) Resource Group: Use the one previously created
b) Enter the name: AppNSG
c) Region: Same as the resource group
4) Click on Create
5) Create another security group with the name DbNSG
6) Navigate to the security group AppNSG
7) Add inbound rules for ports 22 and 80 for any sources and destinations
8) Navigate to the security group DbNSG
9) Add inbound rules for ports 3306 and 22 for any sources and destinations

Expected 1) AppNSG security rules

screenshots 2) DbNSG security rules

<Insert Screenshot c(1) here>

<Insert Screenshot c(2) here>

4
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step 2 : Instance Creation

Step number a

Step name Creation of Application server

Instructions 1) Navigate to Virtual machines

2) Click on "Create"
3) Create a virtual machine with the following properties
a) Resource Group: As Created above
b) Region: Same as used before
c) Image: Ubuntu 22.04 LTS
d) Size : Standard B1s
e) Authentication type: SSH public key
f) Username: ubuntu
g) Create a new key pair
h) Inbound rules: Allow 22 and 80
i) Virtual Network : P1VNET
j) Subnet : Public subnet create above
k) Create a new public IP
l) Network security group: Select Advanced and then pick AppNSG from the
dropdown
m) The rest of the options can be set to their default Values

Expected 1) Created Application server Overview page

screenshots

<Insert Screenshot a(1) here >

5
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step number b

Step name Creation of Database server

Instructions 1) Create a virtual machine with the following properties

a) Resource Group: As Created above
b) Region: Same as used before
c) Image : Ubuntu 20.04 LTS
d) Size : Standard B1s
e) Authentication type: SSH public key
f) Username: ubuntu
g) Create a new key pair (or reuse the one created for the application server)
h) Inbound rules: Allow 22 and 80
i) Virtual Network : P1VNET
j) Subnet : Private subnet create above
k) No public IP is required here
l) Network security group: Select Advanced and then pick DbNSG from the
dropdown
m) The rest of the options can be set to their default Values

Expected 1) Created Database server overview page

screenshots

<Insert Screenshot 2(b) here>

6
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step 4: Application and Database Installation and Testing

Step number a

Step name Installation and configuration of MySQL

Instructions 1) Copy the database pem file into the application server using the below command
scp -i <application server pem file> <database server pem file > ubuntu@<application
server public IP>:/home/ubuntu
2) Log into the application server using your SSH client of choice
3) From the application server, log into the database server using the pem file copied in
step 1and the private IP address of the database server with the following command
ssh -i <database server pem file> ubuntu@<private IP of database server>

Note: Use your existing knowledge of SSH and copying files to cloud VMs to
perform the above SSH and SCP operations

4) Enter the following commands to install and configure MySQL on the database server
sudo apt update
wget https://d6opu47qoi4ee.cloudfront.net/azure_install_mysql.sh
sudo chmod 700 azure_install_mysql.sh
sudo apt install dos2unix
sudo dos2unix ./azure_install_mysql.sh
sudo ./azure_install_mysql.sh

5) Type exit to exit the database server and go back to the application server

Expected 1) Downloading of the provided script

screenshots 2) Executing the script

<Insert screenshot a(1) here>

<Insert screenshot b(1) here>

7
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step number b

Step name Installation and configuration of Owncloud

Instructions 1) Enter the following commands after logging into the application server via SSH to
install and configure Owncloud
Learning Tip: The version of Owncloud has no bearing on this project. When migrating a
legacy version of an application to the cloud, it might not be possible to update the
application to current technological trends.

sudo apt update

sudo add-apt-repository ppa:ondrej/php -y
sudo apt update

Note : The following 4 lines are a single command

sudo apt install -y apache2 libapache2-mod-php7.4 mariadb-server openssl redis-
server wget php7.4 php7.4-imagick php7.4-common php7.4-curl php7.4-gd php7.4-
imap php7.4-intl php7.4-json php7.4-mbstring php7.4-gmp php7.4-bcmath php7.4-
mysql php7.4-ssh2 php7.4-xml php7.4-zip php7.4-apcu php7.4-redis php7.4-ldap php-
phpseclib

sudo a2enmod dir env headers mime rewrite setenvif

sudo systemctl restart apache2
cd /var/www/html
sudo rm *
sudo wget https://download.owncloud.com/server/stable/owncloud-complete-
latest.tar.bz2
sudo tar -xjf owncloud-complete-latest.tar.bz2
sudo chown -R www-data. owncloud
sudo systemctl restart apache2

2) Check whether the server has been successfully deployed by visiting the public IP of
the web server in the web browser in the below format

<public IP of the application server VM>/owncloud

Expected 1) Downloading the script

screenshots 2) Executing the script
3) Accessing the application via web browser

<Insert screenshot b(1) here>

<Insert screenshot b(2) here>
<Insert screenshot b(3) here>

8
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

Step 5: Answer the following questions

1) Which of the following resources is optional at the time of VM creation?

a) Public IP address
b) Virtual Network
c) Network Interface
d) Resource Group
Answer:

2) Network Security group rules are evaluated in order of ________.

a) Priority
b) Name (Alphabetical)
c) Direction
d) Port number
Answer:

3) Which of the following properties may change depending on the size of the VM?
a) All of these
b) Max number of disks
c) Memory
d) vCPUs
Answer:

4) Which of the following qualifies as a destination for inbound NSG rules?

a) NIC
b) Virtual Network
c) Resource Group
d) Virtual machine
Answer:

5) At which point in a VMs life cycle can it be assigned to an availability set?

a) At the time of creation
b) Only when the VM is running
c) At any point of time
d) While it is stopped
Answer:

6) Which of the following would qualify as a point-to-site VPN connection?

a) Local machine to VPN gateway
b) VM to VM within the same virtual network
c) VM to VM within the different virtual network
d) VM to MySQL deployment within the same virtual network
Answer:

9
V1.8 © Great Learning. All rights reserved.
 PGP in Cloud Computing

7) Which of the following is not a property of an incoming load balancer request?

a) Source IP
b) Protocol
c) Destination port
d) Name of virtual network
Answer:

Grades distribution
MCQs 7 (1 point each)

Implementation screenshots 13 points (1 point each)

Total 20 points

10
V1.8 © Great Learning. All rights reserved.