Cloud Computing

Lecture 01: Course Introduction

Instructor:
Monishanker Halder,
Assistant Professor,
Computer Science and Engineering,
Jashore University of Science and Technology.
Email: [email protected]
Course Logistics

Basic Course Information:

Time: 12:20 pm - 01:20 pm (Saturday, Sunday, and Monday)

Location: Room Number-234.

Grading Policy

● Final Examination: 72%

● Class Test and Assignment: 20%
● Attendance: 8%
Textbooks and Learning Resources

● Cloud Computing: Principles and Paradigms by Rajkumar Buyya, James

Broberg, Andrzej M. Goscinski.
● Cloud Computing: Principles, Systems and Applications by Nikos
Antonopoulos, Lee Gillam
● CompTIA Cloud+ Guide to Cloud Computing, 2nd Edition, 2023, Jill West,
ISBN-13: 978-0-357-88345-7
● Class Lecture Documents.
Course contents
● Introduction to Cloud Computing
● Cloud Infrastructure
● Virtualization of Physical Systems
● Migration to the Cloud
● Cloud Connectivity and Troubleshooting
● Securing Cloud Resources
● Identity and Access Management
● Cloud Storage
● Managing Cloud Capacity and Performance
● Cloud Automation
Introduction

❖ Definition of Cloud Computing

❖ Evolution process of Cloud Computing
❖ Cloud computing services
❖ Benefits, Challenges and Risks of cloud computing
❖ Enabling technologies and deployment models
❖ Cloud security issues
❖ Economic models and SLAs
❖ Network and Protocol stacks
❖ Popular cloud stacks and use cases
Cloud Computing

- Cloud computing is a technology to transform products into services over the

internet.
- It allows users to access and use computing resources such as storage,
computing power, networking, databases etc.
- On-demand delivery of computer system services.
Cloud Computing
Evolution
- First introduced in
1950s and it was
evolved from the term
distributed computing.
-Mainframe computing
in 1951 is capable of
handling large data
operations.
-Cluster computing in
1980s.
-Grid computing in
1990s.
Cloud Computing

Advantages of cloud computing:

❏ Cost saving
❏ Data redundancy and replication
❏ Scalability
❏ Flexibility
❏ Reliability
❏ High accessibility
❏ Malware protection
Cloud Computing

Disadvantages:

❏ Internet dependency
❏ Limitations on control
❏ Issues in security and privacy
❏ Data breaches
Cloud Computing Services

● Infrastructure-as-a-service (IaaS)
● Platform-as-a-service (PaaS)
● Software-as-a-service (SaaS)
IaaS

- Delivery of computing infrastructure as on demand service.

- Users can purchase servers, software data centers, network equipments
based on need.
- Additionally, users are able to rent those resources through a fully outsourced
on demand service.
- It allows dynamic scaling and the resources are distributed.
- Generally includes multiple users on a single piece of hardware.
 ● IAAS is like renting virtual computers and storage space in the cloud.
● You have control over the operating systems, applications, and development
frameworks.
● Scaling resources up or down is easy based on your needs.

Examples

❖ Amazon web services

❖ Microsoft Azure
❖ Google Compute Cloud
PaaS

● PAAS is like a toolkit for developers to build and deploy applications without
worrying about infrastructure.
● Provides pre-built tools, libraries, and development environments.
● Developers focus on building and managing applications, while the provider
handles infrastructure management.
● It speeds up the development process and allows for easy collaboration among
developers.
PaaS

Examples

● AWS Lambda
● Google cloud
● Google App engine
SaaS

● Applications are ready to use, and updates and maintenance are handled by
the provider.
● You access the software through a web browser or app, usually paying a
subscription fee.
● It’s convenient and requires minimal technical expertise, ideal for non-
technical users.
SaaS

Examples

● Salesforce
● Google Workspace apps
● Microsoft 365
● Trello
● Zoom
● Slack
● Adobe Creative Cloud
Cloud Computing Models

● Public cloud
● Private cloud
● Hybrid cloud
Cloud Computing
Delivery models
Software as a Service (SaaS) Deployment models
Platform as a Service (PaaS) Public cloud

Infrastructure as a Service (IaaS) Private cloud

Community cloud
Hybrid cloud

Cloud computing
Infrastructure
Distributed infrastructure
Defining attributes
Resource virtualization
Massive infrastructure
Autonomous systems
Utility computing. Pay-per-usage
Resources
Accessible via the Internet
Compute & storage servers
Networks Services Elasticity

Applications
Types of clouds
1. Public Cloud - the infrastructure is made available to the general public or a
large industry group and is owned by the organization selling cloud services
e.g. AWS, Google, Microsoft.

2. Private Cloud – the infrastructure is operated solely for an organization e.g.

Dell, IBM, Oracle.

1. Hybrid Cloud - composition of two or more Clouds (public, private, or

community) as unique entities but bound by a standardized technology that
enables data and application portability.

2. Other types: e.g., Community/Federated Cloud - the infrastructure is shared

by several organizations and supports a community that has shared concerns.
 Why cloud computing is (could) be successful when other
paradigms have failed?
 It is in a better position to exploit recent advances in software, networking,
storage, and processor technologies promoted by the same companies who
provide Cloud services.
 Economical reasons: It is used for enterprise computing; its adoption by
industrial organizations, financial institutions, government, and so on has a huge
impact on the economy.
Infrastructures Management reasons:
 A single Cloud consists of a mostly homogeneous (now more heterogeneous)
set of hardware and software resources.
 The resources are in a single administrative domain (AD). Security, resource
management, fault-tolerance, and quality of service are less challenging than in
a heterogeneous environment with resources in multiple ADs.
Challenges for cloud computing
1. Availability of service: what happens when the service provider cannot
deliver?

2. Data confidentiality and auditability, a serious problem.

3. Diversity of services, data organization, user interfaces available at

different service providers limit user mobility; once a customer is
hooked to one provider it is hard to move to another.

4. Data transfer bottleneck; many applications are data-intensive.

Challenges for cloud computing
5. Performance unpredictability, one of the consequences of resource
sharing.
How to use resource virtualization and performance isolation for QoS
guarantees?
How to support elasticity, the ability to scale up and down quickly?

6. Resource management: It is a big challenge to manage different

workloads running on large data centers. Are self-organization and
self-management the solution?

7. Security and confidentiality: major concern for sensitive applications,

e.g., healthcare applications.
Cloud Delivery Models
1. Software as a Service (SaaS)
(high level)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service
(IaaS) (low level)
The Three delivery models of Cloud Computing
Cloud activities
Service management and provisioning including:
 Virtualization.
 Service provisioning.
 Call center.
 Operations management.
 Systems management.
 QoS management.
 Billing and accounting, asset management.
 SLA management.
 Technical support and backups.
Cloud activities (cont’d)
Security management including:
 ID and authentication.
 Certification and accreditation.
 Intrusion prevention.
 Intrusion detection.
 Virus protection.
 Cryptography.
 Physical security, incident response.
 Access control, audit and trails, and firewalls.
Cloud activities (cont’d)
Customer services such as:
 Customer assistance and on-line help.
 Subscriptions.
 Business intelligence.
 Reporting.
 Customer preferences.
 Personalization.
 Integration services including:
 Data management.
 Development.
Ethical issues
Paradigm shift with implications on computing ethics:
 The control is relinquished to third party services.
 Data is stored on multiple sites administered by several organizations.
 Multiple services interoperate across the network.
Implications:
 Unauthorized access.
 Data corruption.
 Infrastructure failure, and service unavailability.
De-perimeterization
 Systems can span the boundaries of multiple organizations and cross
the security borders.

 The complex structure of Cloud services can make it difficult to

determine who is responsible in case something undesirable happens.

 Identity fraud and theft are made possible by the unauthorised access to
personal data in circulation and by new forms of dissemination through
social networks and they could also pose a danger to Cloud Computing.
Privacy issues
• Cloud service providers have already collected petabytes of sensitive personal
information stored in data centers around the world. The acceptance of Cloud
Computing therefore will be determined by privacy issues addressed by these
companies and the countries where the data centers are located.

• Privacy is affected by cultural differences; some cultures favour privacy, others

emphasize community. This leads to an ambivalent attitude towards privacy in
the Internet which is a global system.
Cloud Vulnerabilities
 Clouds are affected by malicious attacks and failures of the infrastructure, e.g.,
power failures.

Such events can affect the Internet domain name servers and prevent access to a
Cloud or can directly affect the Clouds:
 in 2004 an attack at Akamai caused a domain name outage and a major
blackout that affected Google, Yahoo, and other sites.
 in 2009, Google was the target of a denial of service attack which took down
Google News and Gmail for several days;
 in 2012 lightning caused a prolonged down time at Amazon.
Basics : Parallel Computing

“Parallel computing is a form of computation in which many calculations are

carried out simultaneously, operating on the principles that large problems can
often be divided into smaller ones, which are then solved concurrently (in
parallel).”

Hardware and software systems allow us to:

 Solve problems demanding resources not available on a single system.
 Reduce the time required to obtain a solution.
Parallel Computing – Amdahl’s Law

The speedup S measures the effectiveness of parallelization:

S(N) = T(1) / T(N)
T(1)  the execution time of the sequential computation.
T(N)  the execution time when N parallel computations are executed

Amdahl's Law: if α is the fraction of running time a sequential program spends on

non-parallelizable segments of the computation then:
S ≅ 1/ α

This is a theoretical upper bound on the best speedup we can get from parallelising a
certain program.
Basics : Distributed Systems
Collection of autonomous computers, connected through a network and distribution
software (often) called middleware which enables computers to coordinate their
activities and to share system resources for a common goal.
Characteristics:
1. The users perceive the system as a single, integrated computing facility.
2. The components are autonomous.
3. Scheduling and other resource management and security policies are
implemented by each system.
4. There are multiple points of control and multiple points of failure.
5. The resources may not be accessible at all times.
6. Can be scaled by adding additional resources.
7. Can be designed to maintain availability even at low levels of
hardware/software/network reliability.
Cloud Computing- Virtualization

Virtualization
Virtualization
Three fundamental abstractions are necessary to describe the operation
of a computing systems:
(1) interpreters/processors, (2) memory, (3) communications links
As the scale of a system and the size of its users grows, it becomes very
challenging to manage its recourses (see three points above)

Resource management issues:

provision for peak demands  overprovisioning
heterogeneity of hardware and software
machine failures
Cloud Computing- Virtualization
-Virtualization is a basic enabler of Cloud Computing, it simplifies
the management of physical resources for the three abstractions

For example, the state of a virtual machine (VM) running under a virtual
machine monitor (VMM) can de saved and migrated to another server to
balance the load
For example, virtualization allows users to operate in environments they
are familiar with, rather than forcing them to specific ones
Cloud Computing- Virtualization
“Virtualization, in computing, refers to the act of creating a virtual (rather
than actual) version of something, including but not limited to a virtual
computer hardware platform, operating system (OS), storage device, or
computer network resources.”
 Virtualization abstracts the underlying resources;
 simplifies their use;
 isolates users from one another; and
 supports replication which increases the elasticity of a system
 Cloud Computing- Virtualization
 Cloud resource virtualization is important for:
 Performance isolation
 as we can dynamically assign and account for resources across
different applications
 System security:
 as it allows isolation of services running on the same hardware
 Performance and reliability:
 as it allows applications to migrate from one platform to another
 The development and management of services offered by a provider

41
Cloud Computing- Virtualization
 Virtualization simulates the interface to a physical object by:
 Multiplexing: creates multiple virtual objects from one instance of a physical
object. Many virtual objects to one physical. Example - a processor is
multiplexed among a number of processes or threads.
 Aggregation: creates one virtual object from multiple physical objects. One
virtual object to many physical objects. Example - a number of physical disks
are aggregated into a RAID disk.
 Emulation: constructs a virtual object of a certain type from a different type
of a physical object. Example - a physical disk emulates a Random Access
Memory (RAM).
 Multiplexing and emulation. Examples - virtual memory with paging
multiplexes real memory and disk; a virtual address emulates a real address.

42
Cloud Computing- Layering and Virtualization
 Layering – a common approach to manage system complexity:
 Simplifies the description of the subsystems;
 each subsystem is abstracted through its interfaces with the other subsystems
 Minimizes the interactions among the subsystems of a complex system
 With layering we are able to design, implement, and modify the individual subsystems
independently
 Layering in a computer system:
 Hardware
 Software
 Operating system
 Libraries
 Applications
43
Layering and Interfaces
A1 Applications

API

Libraries A2

ABI
System calls

Operating System A3

ISA
System ISA User ISA
Hardware

Application Programming Interface (API), Application Binary Interface (ABI), and

Instruction Set Architecture (ISA). An application uses library functions (A1),
makes system calls (A2), and executes machine instructions (A3) 44
Interfaces
 Instruction Set Architecture (ISA) – at the boundary between hardware and
software.

 Application Binary Interface (ABI) – allows the ensemble consisting of the

application and the library modules to access the hardware; the ABI does not
include privileged system instructions, instead it invokes system calls.

 Application Program Interface (API) - defines the set of instructions the

hardware was designed to execute and gives the application access to the ISA; it
includes high-level language (HLL) library calls which often invoke system calls

45
Code portability
 Binaries created by a compiler for a specific ISA and a specific operating
systems are not portable

 It is possible, though, to compile a HLL program for a virtual machine (VM)

environment where portable code is produced and distributed and then
converted by binary translators to the ISA of the host system

 A dynamic binary translation converts blocks of guest instructions from the

portable code to the host instruction and leads to a significant performance
improvement, as such blocks are cached and reused

46
HLL Language Translations

HLL code

Compiler front-end Compiler

Intermediate Portable
code code

Compiler back-end VM loader

Object code VM image

VM compiler/ VM compiler/
Loader
interpreter interpreter

Memory Memory Memory

image image ISA-1 image ISA-2 47
History of Virtualization
(Reference “Modern Operating Systems” 4th Edition, p474 by Tanenbaum and Bos)

 1960’s, IBM: CP/CMS control program: a virtual machine operating system for the
IBM System/360 Model 67
 2000, IBM: z-series with 64-bit virtual address spaces and backward compatible
with the System/360
 1974: Popek and Golberg from UCLA published “Formal Requirements for
Virtualizable Third Generation Architectures” where they listed the conditions a
computer architecture should satisfy to support virtualization efficiently. The popular
x86 architecture that originated in the 1970s did not support these requirements for
decades.
 1990’s, Stanford researchers, VMware: Researchers developed a new
hypervisor and founded VMware, the biggest virtualization company of today’s. First
virtualization solution was is 1999 for x86.
 Today many virtualization solutions: Xen from Cambridge, KVM, Hyper-V, …
 IBM was the first to produce and sell virtualization for the mainframe. But, VMware
popularised virtualization for the masses.
48
Virtual Machine Monitor (VMM / Hypervisor)
 A virtual machine monitor (VMM/hypervisor) partitions the resources of computer system into
one or more virtual machines (VMs). Allows several operating systems to run concurrently on a
single hardware platform
 A VM is an execution environment that runs an OS
 VM – an isolated environment that appears to be a whole computer, but actually only has access to a
portion of the computer resources
 A VMM allows:
 Multiple services to share
the same platform
 Live migration - the movement
of a server from one platform to another
 System modification while maintaining
backward compatibility with the original system
 Enforces isolation among the systems, thus security
49
 A guest operating system is an OS that runs in a VM under the control of the VMM.
VMM Virtualizes the CPU and the Memory
 A VMM (also hypervisor):
 Traps the privileged instructions executed by a guest OS and enforces the
correctness and safety of the operation
 Traps interrupts and dispatches them to the individual guest operating systems
 Controls the virtual memory management
 Maintains a shadow page table for each guest OS and replicates any modification
made by the guest OS in its own shadow page table. This shadow page table points
to the actual page frame and it is used by the Memory Management Unit (MMU) for
dynamic address translation.
 Monitors the system performance and takes corrective actions to avoid
performance degradation. For example, the VMM may swap out a VM to avoid
thrashing.

50
Type 1 and 2 Hypervisors
Type 1 Hypervisor Type 2 Hypervisor

 Taxonomy of VMMs:
1. Type 1 Hypervisor (bare metal, native): supports multiple virtual machines
and runs directly on the hardware (e.g., VMware ESX , Xen, Denali)
2. Type 2 Hypervisor (hosted) VM - runs under a host operating system (e.g.,
user-mode Linux) 51
Examples of Hypervisors

52
Performance and Security Isolation
 The run-time behavior of an application is affected by other applications
running concurrently on the same platform and competing for CPU cycles,
cache, main memory, disk and network access. Thus, it is difficult to predict
the completion time!
 Performance isolation - a critical condition for QoS guarantees in shared
computing environments
 A VMM is a much simpler and better specified system than a traditional
operating system. Example - Xen has approximately 60,000 lines of code;
Denali has only about half: 30,000
 The security vulnerability of VMMs is considerably reduced as the systems
expose a much smaller number of privileged functions. For example, Xen VMM
has 28 hyper calls while Linux has 100s of system calls
53
Conditions for Efficient Virtualization :
 Conditions for efficient virtualization:
1. A program running under the VMM should exhibit a behavior essentially
identical to that demonstrated when running on an equivalent machine
directly.
2. The VMM should be in complete control of the virtualized resources.
3. A statistically significant fraction of machine instructions must be executed
without the intervention of the VMM. (Why?)

54
Dual-Mode Operation:
 Dual-mode operation allows OS to protect itself and other system components
 User mode and kernel mode
 Mode bit provided by hardware
 Ability to distinguish when system is running user or kernel code
 Some instructions are privileged, only executable in kernel mode
 System call changes mode to kernel, return resets it to user

55
User-mode vs Kernel-mode :
 Kernel-code (in particular, interrupt handlers) runs in kernel mode
 the hardware allows all machine instructions to be executed and allows
unrestricted access to memory and I/O ports
 Everything else runs in user mode
 The OS relies very heavily on this hardware-enforced protection mechanism

56
Challenges of x86 CPU Virtualization
 Four layers of privilege execution  rings
 User applications run in ring 3
 OS runs in ring 0
 In which ring should the VMM run?
 In ring 0, then, same privileges as an OS  wrong
 In rings 1,2,3, then OS has higher privileges  wrong
 Move the OS to ring 1 and the VMM in ring 0  OK
 Three classes of machine instructions:
1. privileged instructions can be executed
in kernel mode. When attempted to be
executed in user mode, they cause a trap
and so executed in kernel mode.
2. nonprivileged instructions the ones that can be executed in user mode
3. sensitive instructions can be executed in either kernel or user but they behave differently. Sensitive
instructions require special precautions at execution time.
4. sensitive and nonprivileged instructions are hard to virtualize 57
Techniques for Virtualizing CPU on x86

1. Full virtualization with binary translation

2. OS-assisted Virtualization or Paravirtualization
3. Hardware assisted virtualization

58
Techniques for Virtualizing CPU on x86
 Full virtualization – a guest OS can run unchanged under the VMM as if it was
running directly on the hardware platform. Each VM runs an exact copy of the
actual hardware.
 Binary translation rewrites parts of the code on the fly to replace sensitive but
not privileged instructions with safe code to emulate the original instruction
“The hypervisor translates all operating system instructions on the fly and caches
the results for future use, while user level instructions run unmodified at native
speed.” Examples: VMware, Microsoft Virtual Server

 Advantages:
-No hardware assistance,
-No modifications of the guest OS
-Isolation, Security
 Disadvantages:
-Speed of execution
Techniques for Virtualizing CPU on x86
 Techniques for Virtualizing CPU on x86
Paravirtualization – “involves modifying the OS kernel to replace non-
virtualizable instructions with hypercalls that communicate directly with the
virtualization layer hypervisor. The hypervisor also provides hypercall
interfaces for other critical kernel operations such as memory
management, interrupt handling and time keeping. “
 Advantage: faster execution, lower virtualization overhead
 Disadvantage: poor portability
 Examples: Xen, Denali

61
Techniques for Virtualizing CPU on x86
Full Virtualization and Paravirtualization
Guest OS Guest OS
Hardware Hardware
abstraction abstraction
layer layer

Hypervisor Hypervisor

Hardware Hardware

(a) Full virtualization (b) Paravirtualization

63
Techniques for Virtualizing CPU on x86
 Hardware Assisted Virtualization
– “a new CPU execution mode feature that allows the VMM to run in a
new root mode below ring 0.
- privileged and sensitive calls are set to automatically trap to the
hypervisor, removing the need for either binary translation or
paravirtualization“
Advantage: even faster execution
 Examples: Intel VT-x, Xen 3.x
VT-x, a Major Architectural Enhancement
 In 2005 Intel released two Pentium 4 models supporting VT-x.
 VT-x supports two modes of operations (Figure (a)):
1. VMX root - for VMM operations.
2. VMX non-root - support a VM.
 And a new data structure called the Virtual Machine Control Structure including host-state and guest-state
areas (Figure (b)).
 VM entry - the processor state is loaded from the guest-state of the VM scheduled to run; then the control is
transferred from VMM to the VM.
 VM exit - saves the processor state in the guest-state area of the running VM; then it loads the processor state
from the host-state area, finally transfers control to the VMM.

Virtual-machine control structure

VM entry
host-state
VMX root VMX non-root
guest-state
VM exit

(a) (b)
66
Xen - a VMM based on Paravirtualization
 The goal of the Cambridge group - design a VMM capable of scaling to about 100 VMs
running standard applications and services without any modifications to the Application
Binary Interface (ABI). (2003, Computing Laboratory, Cambridge University)
 Linux, Minix, NetBSD, FreeBSD and others can operate as paravirtualized Xen guest OS
running on x86, x86-64, Itanium, and ARM architectures.
 Xen domain - ensemble of address spaces hosting a guest OS and applications running
under the guest OS. Runs on a virtual CPU.
 Dom0 - dedicated to execution of Xen control functions and privileged instructions.
 DomU - a user domain.
 Applications make system calls using hypercalls processed by Xen; privileged
instructions issued by a guest OS are paravirtualized and must be validated by Xen.

67
 Xen
Management
OS Application Application Application

Guest OS Guest OS Guest OS

Xen-aware
device drivers
Xen-aware Xen-aware Xen-aware
device drivers device drivers device drivers

Xen
Domain0 control Virtual x86 Virtual physical Virtual block
interface Virtual network
CPU memory devices

X86 hardware

68
Dom0 Components
 XenStore – a Dom0 process.
 Supports a system-wide registry and naming service.
 Implemented as a hierarchical key-value storage.
 A watch function informs listeners of changes of the key in storage they have
subscribed to.
 Communicates with guest VMs via shared memory using Dom0 privileges.
 Toolstack - responsible for creating, destroying, and managing the resources and
privileges of VMs.
 To create a new VM, a user provides a configuration file describing memory and
CPU allocations and device configurations.
 Toolstack parses this file and writes this information in XenStore.
 Takes advantage of Dom0 privileges to map guest memory, to load a kernel and
virtual BIOS and to set up initial communication channels with XenStore and with
the virtual console when a new VM is created. 69