Faculty of Computer Studies

TM352
Web, mobile and cloud technologies

Final Examination
Fall 2021 – 2022
Date: /2022

Number of Exam Pages: (4) Time Allowed: (2) Hours

(including this cover sheet)

Instructions:

1- This exam has 3 parts.

 Part I: 10 True or False questions. (20 marks)
 Part II: 3 questions should be chosen from 4 questions. (30 marks)
 Part III: 2 questions (50 marks)
2- Write your answer in the answer booklets. Answers given on the exam paper
will not be marked.
3- Student handbooks are NOT permitted in this examination.
4- The use of electronic devices that could have a memory is NOT permitted.
5- At the end of the examination, check that you have written your student ID,
name and your section number on the first page.

TM352 / Final 1 of 8 Fall 2021‐22

 PART I (20 marks)
Mark the following statements are true or false
1. interruption is the security class threat that happens when flooding the network with
useless traffic to prevent legitimate user from accessing resources (T)
2. AWS is Cloud Platform by Amazon (T)
3. Any software agent that send and receive the SOAP messages is / are called SOAP
envelop (F)
4. Horizon component serves as a dashboard for users to manage OpenStack compute,
storage and networking services (T)
5. Web Mobile applications use only native APIs (F)
6. Digest authentication is used to Authenticate a client of a web server (T)
7. Caesar cipher is an example of a substitution cipher (T)
8. A responsive web design Uses media queries to determine size of viewports (T)
9. In SaaS, The tenant can deploy applications onto the cloud infrastructure that are
created using programming languages, libraries, services, and tools supported by the
provider. (F)
10. In computer security, Confidentiality means that computer system assets can be
modified only by authorized parities. (F)
PART II (30 marks)
Answer three questions only
1) Apply Diffie–Hellman key exchange for sender’s secret key is a = 3, Receiver’s secret
key is b = 4 and the message to be exchanged is 7. Generate the secret common key
and ensure its similarity on both sides. [10 marks]
1.plaintext message is x = 7.
2.Sender’s secret key is a = 3,
Receiver’s secret key is b = 4 and the encryption operation is simple
exponentiation.
3.Sender initially calculates x^a = 7^3 = 343 and sends this to Receiver. [2.5
marks]

At the same time, Receiver calculates x^b = 7^4 = 2401 and sends this to
Sender. [2.5 marks]

Sender receives 2401 and calculates 2401^3 = 823543; [2.5 marks]

Receiver receives 343 and calculates 343^4 = 823543. [2.5 marks]

4.Sender and Receiver have now created the exact same secret number,
having been calculated in two different orders:
(x^a)b = (7^3)^4 = 343^4 = 823543
(x^b)a = (7^4)^3 =2401^3 = 823543

2) Provide a XML representation corresponding to the following JSON description:

[10 marks]

TM352 / Final 2 of 8 Fall 2021‐22

 {
"id": "0001",
"type": "donut",
"name": "Cake",
"ppu": 0.55,
"batters":
{
"batter":
[
{ "id": "1001", "type": "Regular" },
{ "id": "1002", "type": "Chocolate" }

]
},
"topping":
[
{ "id": "5001", "type": "None" },
{ "id": "5002", "type": "Glazed" },
{ "id": "5005", "type": "Sugar" },

]
}

<root>
<batters>
<batter>
<element>
<id>1001</id>
<type>Regular</type>
</element>
<element>
<id>1002</id>
<type>Chocolate</type>
</element>
</batter>
</batters>
<id>0001</id>
<name>Cake</name>
<ppu>0.55</ppu>
<topping>
<element>
<id>5001</id>
<type>None</type>
</element>
<element>
<id>5002</id>
<type>Glazed</type>
</element>
<element>
<id>5005</id>
<type>Sugar</type>
</element>
</topping>
<type>donut</type>
</root>

TM352 / Final 3 of 8 Fall 2021‐22

//the ‘root’ element or equivalent [1 mark], each basic element of the six [1 mark] each array [1.5 mark]

3) Demonstrate the steps that should occur at sender and receiver to preserve the
confidentiality of a message sent from Omar to Ahmed using an Asymmetric key
method. [10 marks]
a. Omar wants to send a private message to Ahmed which no one else can read.
b. Omar looks up Ahmed’s public key (which might be published in a directory,
obtained in an open email from Ahmed or embodied in a digital certificate).
c. Omar then encrypts the message with Ahmed’s public key and sends the
encrypted message to Ahmed. [5 marks]
d. Ahmed receives the message and decrypts it using his private key[5 marks]

4) Compare between various types of cloud deployment models according to NIST

definition [10 marks]
[each 2.5: 1.5 for stating and 1 for description]
four different deployment models, as follows:
1. Private cloud. The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units).
It may be owned, managed, and operated by the organization, a third party,
or some combination of them, and it may exist on or off premises.
2. Community cloud. The cloud infrastructure is provisioned for exclusive use by a
specific community of consumers from organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance considerations).
It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some combination of them, and it may
exist on or off premises.
3. Public cloud. The cloud infrastructure is provisioned for open use by the general
public.
It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them.
It exists on the premises of the cloud provider.
4. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public).

PART III (50 marks)

A web application to be deployed on a cloud contains a currency converter service be used

to convert between various currencies according to formulas in a stored json file named
currency.json for each 100 unit.

The following represents a sample of the file content for only four currencies

[ {
“from”: “USD”,
“to”: {“EUR” :86, “CAD” :123, “AUD” : 133}

TM352 / Final 4 of 8 Fall 2021‐22

 },
{
“from”:”EUR”,
“to”:{“USD”:117, “CAD” :144, “AUD” : 156}
},
{
“from”:”CAD”,
“to”:{“USD”:81, “EUR” :69, “AUD” : 108}
}
]

For example if we want to convert from USD dollar to EUR the amount 17 then the result should be
17*86/100.0 =14.62 and so on.
The service should accept three parameters the “to”, “from” and the amount to be converted
and should return the resultant value to be displayed as HTML

1) Implement the service as RESTFUL service with the required annotations and read the
formulas from a JSON file called “currency.json” that contains an array of transactions
using the classes Json, JsonObject, and JsonArray
2) Design and write the HTML code the HTML page that would consume or call the service.
3) Specify the parameter type you have used in your implementation and the HTTP method
used.
4) In case that the web application should be viewed from a mobile browser, what are the
principles of responsive web design

Some Json class methods that could be used:

 static JsonArrayBuilder createArrayBuilder()//Creates a JSON array builder

 static JsonObjectBuilder createObjectBuilder()//Creates a JSON object builder
 static JsonReader createReader(InputStream in)//Creates a JSON reader from a
byte stream.
 static JsonReader createReader(Reader reader) //Creates a JSON reader from a
character stream.
 static JsonWriter createWriter(OutputStream out) //Creates a JSON writer to write
a JSON object or array structure to the specified byte stream.
 static JsonWriter createWriter(Writer writer) //Creates a JSON writer to write a
JSON object or array structure to the specified character stream.

Some JsonObject methods that could be used:

 boolean getBoolean(String name) //Returns the boolean value of the associated

mapping for the specified name.
 int getInt(String name)//returns int value to which the specified name is mapped.
 JsonArray getJsonArray(String name)//Returns the array value to which the
specified name is mapped.
 JsonObject getJsonObject(String name)//Returns the object value to which the
specified name is mapped.

TM352 / Final 5 of 8 Fall 2021‐22

  String getString(String name)//Returns the string value to which the specified
name is mapped

Some JsonArray methods that could be used

 int getInt(int index) //A convenience method for

getJsonNumber(index).intValue().
 JsonArray getJsonArray(int index) //Returns the array value at the specified
position in this array.
 JsonObject getJsonObject(int index) //Returns the object value at the specified
position in this array.
 String getString(int index) //Returns the String value at the specified position in
this array.

Some JsonReader methods that could be used

 void close() //Closes this reader and frees any resources associated with the
reader.
 JsonArray readArray() //Returns a JSON array that is represented in the input
source.
 JsonObject readObject() //Returns a JSON object that is represented in the input
source.

Some JsonWriter methods that could be used

 void close() //Closes this JSON writer and frees any resources associated with
the writer.
 void writeArray(JsonArray array) //Writes the specified JSON array to the output
source.
 void writeObject(JsonObject object) //Writes the specified JSON object to the
output source.

Any other correct solution would be accepted. This is one of the correct solutions,

1.@POST

@Consumes(MediaType.APPLICATION_FORM_URLENCODED)

@Produces(MediaType.TEXT_HTML)

public String convert(@FormParam("from")String from,@FormParam("to")String

to,@FormParam("amount")String amount) throws FileNotFoundException, IOException {

double Value=Double.parseDouble(amount);

double result=0;

JsonReader reader=Json.createReader(new FileReader("D:\\conversions.json.txt"));

TM352 / Final 6 of 8 Fall 2021‐22

 JsonArray array= reader.readArray();

reader.close();

for(int i=0;i<array.size();i++)

JsonObject ob=array.getJsonObject(i);

if(ob.getString("from").equals(from))

JsonObject toObejct= ob.getJsonObject("to");

result=toObejct.getInt(to)*Value/100.0;

break;

return ""+result;

//annotations 5 marks

//method header 3 marks

//array reading from file 3 marks

//array traversing for loop 3 marks

//object reading 3 marks

//calculations 2 marks

//whole structure and consistency with part 2 6 marks

2.

TM352 / Final 7 of 8 Fall 2021‐22

Design 7.5 marks

Html code writing 7.5 marks

<html>

<head>

<title>Conversions</title>

</head>

<body>

<form action="webresources/generic" method="POST">

<label>from :</label> <input type="text" name="from" value="USD" size="3" />

<label>To :</label> <input type="text" name="to" value="EUR" size="3" />

<label>amount :</label> <input type="text" name="amount" value="100" size="10" />

<input type="submit" value="Convert" name="convert" />

</form>

</body>

</html>

3.According to the used type : in this case form parameter[4 marks]

4. Three principles of responsive web design[6 marks each is rewarded with 2]

1. Fluid design
2. Flexible images
3. CSS media queries (and device breakpoints).

End of Questions

TM352 / Final 8 of 8 Fall 2021‐22

Solved by- Ayman Metwali

Faculty of Computer Studies

TM352
Web, mobile
and cloud technologies
Final Examination
Summer Semester
2019/2020

Date: 28 / 8 /2020
Number of Exam Pages: 4
Time Allowed: 3hours
(including this cover sheet(

Instructions:

1. This exam has 3 parts :

 Part I: 10 short essay questions. (20 marks)
 Part II: 5 problems. (35 marks)
 Part III: 2 questions. (45 marks)
2. Go through all the questions before you start answering them.
3. External materials are NOT allowed.
4. The use of electronic devices with a memory is NOT permitted.

TM352 / Final 1 of 4 Fall 2019-20

Solved by- Ayman Metwali

PART I

1) According to UCSB and IBM cloud model, the number of supported services in the
abstraction layer is

a. 8 c. 5
b. 1 d. 11

2) When using RESTful web services, requests are sent as

a. Html c. JSON
b. XML d. None of the choices

3) When using your fingerprint, you prove your identity by... ..

a. something you know. c. something you have.

b. something you are. d. None of the choices

4) .is an HTTP method responsible for getting the headers of a web page

a. PUT c. GET
b. HEAD d. POST

5) Cordova applications use for business logic

a. Java c. Objective-C
b. Swift d. javascript

6) Networking service is provided in OpenStack cloud by

a. Nova c. Swift
b. Neutron d. Cinder

7) In... .the encryption depends on the cipher’s state

a. Caesar cipher c. Block cipher

b. Stream cipher d. None of the choices

8) Authenticating a client of a web server can be done by

a. Digest authentication c. Client certificate

b. Basic authentication d. All of the choices

9) When using a container, the contained application communicates directly with

a. Hypervisor c. Host operating system

b. Guest operating system d. Hardware

10) OpenStack cloud is basically intended to offer... ..

a. PaaS c. SaaS
b. laaS d. HaaS

TM352 / Final 2 of 4 Fall 2019-20

Solved by- Ayman Metwali

PART II

1) Provide a complete HTML page that has the following features:

[10 marks]
- Send an HTTP “post” request to a RESTful service with the name “borrow” using
form
- The title is “BorrowingPage”
- The Librarian should be able to send the book id, book name, number of
borrowing days to the service

<!DOCTYPE html>
<head>
<title>Borrowing Page</title>
</head>
<form action="/borrow" method="post">
<label>Book ID </label>
<input name="book_id" id= “book_id” ><br>
<label>Book name </label>
<input name="book_name" id = “book_name”><br>
<label>number of borrowing days </label>
<input name="no_days" id = “no_days”>
<button type="submit">Submit</button>
</form>
</html>

2) Provide a JSON representation corresponding to the following xml description:

[10 marks]

<bookstore>
<book category="COOKING">
<title >The Boston Cooking—School Cookbook</title>
<author>Fannie Merrit Farmer</author>
<year>1896</year>
<price>49.99</price>
</book>
<book category="CHILDREN">
<title >The Wonderful Wizard of Oz</title>
<author>L. Frank Baum</author>
<year>1900</year>
<price>39.95</price>
</book>
<book category="CHILDREN ">
<title >Alice's Adventures in Wonderland</title>
<author>Charles "Lewis Carroll" Dodgeson</author>
<author>C'narles Dodgeson</author>
<author>Lewis Carroll</author>
<year>1865</year>
<price>29.99</price>
</book>
</bookstore>
TM352 / Final 3 of 4 Fall 2019-20
Solved by- Ayman Metwali

{
"bookstore": {
"book": [
{
"title": "The Boston Cooking—School Cookbook",
"author": "Fannie Merrit Farmer",
"year": 1896,
"price": 49.99
},
{
"title": "The Wonderful Wizard of Oz",
"author": "L. Frank Baum",
"year": 1900,
"price": 39.95
},
{
"title": "Alice's Adventures in Wonderland",
"author": [
"Charles \"Lewis Carroll\" Dodgeson",
"C'narles Dodgeson",
"Lewis Carroll"
],
"year": 1865,
"price": 29.99
}
]
}
}

3) Demonstrate the steps required to confirm the integrity and senders identity of a message that
should be sent by Ali to Hossam, separating the steps that should be done at the sender and
receiver using public and private keys.
[7 marks]

At the sender:
Ali wants to send a message to Hossam.
Ali first writes the message and hashes it, then encrypts the resulting message digest with his
private key.
He then sends both the message in plaintext and the encrypted message digest to Hossam.
At receiver
When Hossam receives the message and encrypted digest, he decrypts the digest using Ali’s
public key and also re-computes the message digest by hashing the plaintext message.
He then compares the digest he calculated with that sent by Ali: any discrepancy indicates that
the message has been tampered with, or that it didn’t come from Ali.

TM352 / Final 4 of 4 Fall 2019-20

Solved by- Ayman Metwali

4) Compare between using virtual machines and containers in applying virtualizations

[5 marks]

Virtual machines:
 The virtual machine form of virtualisation takes the resources of a single physical host
computer (CPUs, memory and input/output devices) and shares them between multiple
guest computers.
 The virtualisation software, or hypervisor, provides the code to manage and protect
the virtual servers, together with the code for device drivers.
 A guest OS consumes a lot of memory to store the code that will manage memory,
schedule processes, buffer disk drive reads and writes and communicate over a network.
 It is responsible for creating each virtual server, protecting a virtual server’s memory
space from other virtual servers, scheduling usage of the processors and cleaning up
when a virtual server is disposed of.
 Contained within each virtual server is the code for a ‘guest’ operating system (guest OS)
and its associated application.
 The guest OS is responsible for managing its own application.
 In the VM model, each VM requires a guest OS, even though two of the VMs run the
same application – in this case ‘App A’.
Virtual Machine Image

App A App A App B

Container Image
App A App A App B
Bin/Libs Bin/Libs Bin/Libs

Guest OS Guest OS Guest OS Bin/Libs Bin/Libs

Hypervisor Container Manager

Host OS Host OS

Server Server

Containers:
 Application container essentially a file containing an application and associated
libraries.
 The important difference is that an application container has no separate operating
system and is, therefore, much smaller: megabytes instead of gigabytes.
 In the container model, shown on the right, if two containers run the same application
they can share any common functionality, such as the middleware represented by the
‘Bin/Libs’ layer
5) List three main techniques used for responsive design, which helps in creating sites for mobile
environments [3 marks]
Fluid design
Flexible images
CSS media queries (and device breakpoints)

TM352 / Final 5 of 4 Fall 2019-20

Solved by- Ayman Metwali

PART III

Question 1(30 marks)

School bus monitoring software is responsible for sending the current location of the bus to
the parents. In the process of designing and developing such software you as part of the
development team are required to

Phase 1 (15 marks)

Implement a REST Web Service with appropriate annotations to calculate the distance
to the parents’ position using the ‘haversine’ formula implemented in the class
containing the service method with the header “double calculateHaversine(double
longitude1, double latitudet, double longitude2, double latitude2)”.

Provide an example of the URL that could be used to call the service. Note that the
class path is

http://School site/BusMonitoring/BusLocation/

http://school_site/Bus_monotring/BusLocation/longtiude1/latitude1/logtiude2/latitude2

@Path("Bus_monotring ")
public class school_site
{
@GET
@Path("BusLocation ")
@Produces(MediaType.TEXT_HTML)

public Double CalculateHaversine (@PathParam("longtiude1")Double longtiude1,@

PathParam("latitude1") Double latitude1,
@ PathParam("longtiude2")Double longtiude2,@ PathParam ("latitude2") Double latitude2)
throws IOException
{

return calculateHaversine(longtiude1, latitude1, longtiude2, latitude2);

}
}

TM352 / Final 6 of 4 Fall 2019-20

Solved by- Ayman Metwali
Phase 2415 marks)
Suggest a traditional infrastructure design for the complete system that supports DMZ,
database and local DNS server and show the connections between components.
User

Global DNS
Global NTP Server
Server
Internet

Router/NAT

Local NTP
Local DNS Server
Server Firewall

Load Balancer

Web Servers

Firewall

Database

myshop.co.uk

Question 2:(15 marks)

In order to register for (COVlD—tg) vaccination, an application should be developed to assist

in delivering the coronavirus disease vaccination to eligible citizens. Compare (in a table)
between creating the application as a web application or a mobile application in terms of

1. user expenence
a. installation ,
b. access time
2. development and update costs
3. used development technologies
4. the efficiency of using mobile device resources.

Based on the result of the comparison table provide a justification of your design choice for
acceptance or rejection for each choice

TM352 / Final 7 of 4 Fall 2019-20

Solved by- Ayman Metwali
Comparison WEB apps:
Installation: Run on the mobile device’s
web browser (or a specially
tailored browser).
User EXP. They are slower to load and
less responsive than native
apps.
Development and update Developers require less skill
costs and experience.
Used development Use HTML, CSS and
technologies JavaScript, and can therefore
run on any operating system
that will run a standard web
browser application.
The efficiency of using mobile Native apps are capable of
resources making full use of the
device’s hardware
capabilities (GPS,
microphones,
accelerometers, etc.).
End of Questions
TM352 / Final 8 of 4
NATIVE app:
These are the apps that you
have to download from
places such as Apple’s App
Store, Google Play or
Windows Marketplace.
But are likely to be more
time-consuming to port and
difficult to develop compared
to web apps
Developers (Android, iOS
and Windows Phones)
requires a specialised
technical skillset,
A native app for one platform
would require substantial
changes to make it run on
another platform.
Java for Android and
Objective-C for iOS
less efficiently than the native
apps
limited in scope than native
applications
Fall 2019-20
1) The NIST service model is very simple and ignores much of the detail required to
create and manage a cloud environment, you are asked to draw a diagram that shows
different layer.

2) Software as a Service (SaaS) is one the cloud model, you are asked to draw a diagram
that shows different layer, starting from the tenant down to the hardware.

3) Developing cross-platform applications is enabled using Cordova tools. In web app, if

a web view requires a picture to be taken on the device’s camera what would be the
JavaScript code?
Answer:
If a JavaScript code running within the web view requires a picture to be taken on the
device’s camera.
With Cordova, the code inJavaScript requestis as:
navigator.camera.getPicture(successCallBack, errorCallBack);
This code is the same on all platform the app is deployed to.
It is Cordova’s web view wrapper that transforms this JavaScript API request
into a native call appropriate for the mobile platform.

4) In HTML5 the <form> element becomes quite a powerful tool in terms of support for
exchanging data. In this question you are asked to provide a complete HTML page
that has the flowing features:
Send an HTTP “post” request to a server-side servlet with the name
“registration_method”
Uses German Language
Uses Character set "utf-8"
 Title “Engslish Skills Final Fall 2019”
The user should add his name, last name and a password to be able to submit a
“registration” request.

Provide the full HTML page that fulfill the above requirements.

Answer:

A basic form template is shown below:

<!DOCTYPE html>
<html lang="gr">
<head>
<meta charset="utf-8">
<title> Engslish Skills Final Fall 2019</title>
</head>
<body>
<form method="post" action="/ registration_ method ">
<label>First name:</label>
<input type="text" name="FirstName" value="Doug">

<label>Last name:</label>
<input type="text" name="LastName" value="Briggs">
label>User password:</label>

<input type="password" name="psw">

<!-- the main body of the form here -->

<button type="submit">registration</button>
</form>
</body>
</html>
5) Assuming A is 0 and Z is 26, in a 26-character alphabet, the Caesar Cipher for a single
character can be expressed in pseudocode as:
c = (p + k) mod 26
Assuming k is 3, and that a message (composed of three characters) has been
encrypt and the result is the word ‘XYZ .
You are asked to decrypt the message, by first providing the decryption formula and
Appling it to get the original message
Answer:

p = (c + k′) mod 26
where k′ is 23 =(26-k), Cipher:
‘XYZ
Answer: ‘XYZ’ (23,24,25). Decrypts to ‘uvw’ (20, 21, 22)

6) You are asked to write a JASON object that contains the following elements:
Inside the object, we have several name/value pairs. These are:
"CusomerID": 200
 A property with the name CusomerID and the integer value 200.
"CusomerName": “Sami Samer”
A property with the name CusomerID and the integer value 200.
"contents": [ ... ]
A property with the name contents, whose value is an array.
Inside the contents array, we then have two objects representing individual order lines
in the cart. Each object contains three properties: itemID, itemName and quantity.
( You are free to fill the value of the these objects)
"customerEmail": "[email protected]"
A property with the name customerEmail and the string
value [email protected].
"orderCompleted": true
A property with the name orderCompleted and the Boolean value true.
Answer:
{
"customerID": 200,
“customerName”: “Sami Samer”,
"contents": [
{# accept any value for these objects
"itemID":1 ,
"itemName": "dddd" ,
"quantity": 2
},
{
"itemID": 2,
"itemName": "fffff" ,
"quantity": 2
}
],
"customerEmail": "[email protected]",
"orderFinished": true
}

7) In HTML5 the <form> element is used to send an HTTP client “get” request. provide
a complete HTML page that has the flowing features:
▪ Send an HTTP “get” request to a server-side servlet with the name “login_
servlet”
▪ Uses English Language
▪ Uses Character set “utf-8"
▪ The title is “AOU login page”
▪ The user should add his short ID as text and a password to be able to submit a
“login” request.

Provide a full HTML page that fulfill the above requirements.

Answer:
A basic form template is shown below:
<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="utf-8">
<title> AOU login page </title>
</head>
<body>
<form method="get" action="/ login_ servlet ">
<label>Student ID:</label>
<input type="text" id="student id" value="1234">

<label>student password:</label>
<input type="password" name="psw">
<!-- the main body of the form here -->
<button type="submit">Login</button>
</form>
</body>
</html>
8) You are asked to write a JASON object that contains the following elements:

Inside the object, we have several name/value pairs. These are

o A property with the name courseCode and the integer value “TM298”.

o A property with the name tutorName and the integer value “Samer Adham”

o A property with the name semetser and the integer value “fall2020/2021”

o A property with the name Offred and the Boolean value true.

o A property with the name sections, whose value is an array.

o Inside the sections array, we then have two objects representing individual
section for this course. Each object contains two properties: secID and
secLOcation.

(You are free to fill the value of these objects)

Answer:
{
"courseCode": 55,
“tutorName”: “Samer Adham”,
"semester": "fall2020/2021",
"offred": true,
"sections": [
{# accept any value for these objects
"secID":1 ,
"secLocation": "Hall2" ,
},
{
" secID ": 2,
" secLocation ": "Lab2" ,

}
],
 }

9) Assuming A is 1 and Z is 26, in a 26-character alphabet, the Caesar Cipher for a

single character can be expressed in pseudocode as:
c = (p + k) mod 26
Assuming k is 4, and that a message (composed of three characters) has been encrypt
and the result is the word ‘ADF’.
You are asked to decrypt the message, by first providing the decryption formula and
Appling it to get the original message
Answer:

p = (c + k′) mod 26
where k′ is 22 =(26-k), Cipher:
‘DF’
Answer: ‘ADF’ (1,4,6). Decrypts to ‘X,Z,B’ (23, 26, 2)

10) Platform as a Service (PaaS) is one the cloud model, you are asked to draw a diagram
that shows different layer, starting from the tenant down to the hardware.
Answer:
1) Define the cloud computing using your own word.
Answer:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction.

2) This cloud model is composed of five essential characteristics

Answer:
On-demand self-service
Broad network access
Resource pooling.
Rapid elasticity.
Measured service

3) This cloud model is composed of three service models

Answer:
Software as a Service (SaaS).
Platform as a Service (PaaS).
Infrastructure as a Service (IaaS)

4) The cloud service model Software as a Service (SaaS).

Answer:
the consumer uses provider’s applications running on a cloud infrastructure.
The applications are accessible from various client devices through either a thin
client interface, such as a web browser.
The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, storage.

5) The cloud service model fPlatform as a Service (PaaS).

Answer:

The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider.
The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, or storage, but has control over the
deploye applications and possibly configuration
6) The cloud service model Infrastructure as a Service (IaaS).
Answer:
The capability provided to the consumer is to provision processing, storage,
networks, and other fundamental computing resources where the consumer is able
to deploy and run arbitrary software, which can include operating systems and
applications.
7) The final part of the NIST cloud definition describes four different deployment
models.
 Answer:
Private cloud
Public cloud
Hybrid cloud
Community cloud
8) Explain virtual machine:

Answer:

The virtual machine form of virtualisation takes the resources of a single physical
host computer (CPUs, memory and input/output devices) and shares them between
multiple guest computers.

9) What is the role of virtualisation software, or hypervisor?

Answer:
The virtualisation software, or hypervisor, provides the code to manage and protect
the virtual servers, together with the code for device drivers.
It is responsible for creating each virtual server, protecting a virtual server’s memory
space from other virtual servers, scheduling usage of the processors and cleaning up
when a virtual server is disposed of.

10) The solution to overcome the resource and time overhead of virtual machine?
Explain how?
Answer:

is the application container, essentially a file containing an application and

associated libraries.
The important difference is that an application container has no separate operating
system and is, therefore, much smaller: megabytes instead of gigabytes.
11) What is the role of load balancer within a cloud system?
Answer:
The load balancer receives all the incoming requests and redirects them to one of
the attached web servers, as illustrated for a 3-server configuration.
The role of the load balancer is to take the form of a dedicated piece of hardware or
software running on another server.

12) What is the role of global [ُ‫ إ‬server within a cloud system?
Answer:
The global NTP server sits outside the application, but its role is very important
because it provides the data required to synchronise the clocks of all the servers in
the application using the network time protocol (NTP)

13) What is the role of the global DNS server within a cloud system?

Answer:
 The global DNS server is the key to the way that browsers locate websites because
they convert fully qualified domain names (e.g. www.open.ac.uk) into IP addresses
(137.108.198.32).

14) The router element fulfils two essential functions, what are they?
Answer:

The first of these is to convert the low-level signals and packets of one network
type into the signals and packets of another network type
▪ for example, to convert between the IEEE 802.3 (Ethernet) standard for
wired networks and the ADSL standard that connects your home to the
internet
The second function of a router is to interconnect different networks, such as
between different organisations or between departmental networks within a single
organisation.

15) FffWhat is the role of a fire wall?

Answer:
The role of the firewall is to block (also referred to as filtering) unwanted packets of
data travelling between the internet and the LAN in order to protect the servers
sitting behind the firewall.

16) Fff OpenStack is an open-source IaaS project. Waht is it ?

Answer:
According to the Openstack Community Welcome Guide (June, 2015, p. 4) ‘The
OpenStack project is a global collaboration of developers and cloud computing
technologists producing the open standard cloud computing platform for both public
and private clouds.
The project aims to deliver solutions for all types of clouds by being simple to
implement, massively scalable, and feature rich.’

17) What is the responsibility of a network node with -in the openstack cloud project?
Answer:

The network node is responsible for managing the network elements that are used
by VMs to communicate with the internet, which includes assigning IP addresses to
VMs, routing traffic amongst the VMs and between the VMs and the internet.

18) What is the responsibility of a compute node with -in the openstack cloud project?
Answer:
A compute node is the host computer for the guest VMs.
When a new VM is to be launched, the controller node posts a message to the
selected compute node and the compute node loads the image from the image
storage device.

19) What does an image represent within the oprndstack project?

 Answer:

The images block represents the disk storage used for VM images and it is managed
by one of the services running on the controller node.
New images can be loaded or removed by tenants, shared between tenants, or
marked as private for use by a single tenant.

20) How can and admin we manage/control the openstack cloud system?
Answer:
An OpenStack cloud has two modes of control, a web-based interface and a set of
application programming interfaces (APIs) for use with RESTful web services

21) What is the starting point to building an AWS solution?

Answer:
The starting point to building an AWS solution is the creation of a virtual private
cloud (VPC), not to be confused with the private cloud deployment model described
by NIST.
A VPC exists within the AWS public cloud space, but it has a single owner – the
tenant – and is logically isolated from other VPCs.
A VPC is created within a region and contains a single availability zone.

22) The openstack is composed of many services, explain The networking Neutron
service.

Answer:
The networking Neutron service is chiefly concerned with providing connectivity for
VM instances so that they can interact with the outside world, usually on a company
intranet or the internet
23) The openstack is composed of many services, explain The compute service Nova.
Answer:
The compute service Nova is chiefly concerned with managing VM instances.
It can manage very large pools of VMs, scaling horizontally, and is very flexible in
working with a wide range of virtualisation technologies

24) The openstack is composed of many services, explain The image service Glance.

Answer:
The image service Glance manages the storage of VM images and disk images in a
range of different back-ends.
There are two types of storage in the basic architecture: block storage provided by
Cinder, and object storage provided by Swift.
25) Dd OpenStack is a collection of services, each service supports four approaches to
access, list all of them.

Answer:
The simplest method of accessing services is via the web dashboard Horizon
Each service has a command-line interface (CLI).
Each service has a set of Python-based application programmable interfaces (APIs).
Can be called using a declarative scripting approach written in YAML
(http://yaml.org/).
26) The mobile web (WAP 2.0) was established as standard circa 2002, for what kind of d
devices were built and how webpages where built?

Answer:
The ‘mobile web (WAP 2.0) standard circa 2002, was made tailored for viewing on
small-screen phones with low-resolution displays and GPRS (signaling).
Web pages built for the mobile web used a special markup language called Wireless
Markup Language (WML).

27) There are three broad ways in which mobile web designers can choose to address
the screen size issue:
Answer:
▪ do nothing
▪ maintain separate websites for desktop and mobile devices
▪ have one website that works for both desktop and mobile devices.

28) If the mobile web designers choose to do nothing to address the screen size issue,
what are the pros contras?
Answer:
Doing nothing doesn’t render the website unusable for mobile users, means relying
on touchscreen gestures to zoom in and out of the scaled-down website.
Extra effort for the user means that they may abandon your site for a competitor’s if
it offers a better mobile experience.
The advantage of doing nothing is, of course, that there is no extra work for
designers and developers, and so no extra cost.

29) What does the technique called ‘browser sniffing’ and in which context it is used ?
Answer:
The separate mobile site approach requires a way of detecting that a mobile device
is trying to access the website.
The redirection of mobile browsers to a separate URL is accomplished by a technique
called ‘browser sniffing
30) What does it mean “Responsive web design » in the contexte of web design.
Answer:
A design that offers the best possible user experience regardless of a user’s device,
screen size or resolution.
Works equally well on a desktop, tablet or mobile device.
 Mobile users do not do anything in order to use the website effectively
31) Responsive web design relies primarily on taking advantage of three web design
techniques, list all of them.
Answer:
▪ Fluid design
▪ Flexible images
▪ CSS media queries.

32) What is Fluid design in the context of web design?

Answer:
A fluid design is the opposite of a fixed-width design.
Instead of a fixed width of, say, 960 pixels, allow the page to flow to fit the available
viewport width.
It uses percentages instead of pixels for element widths.
The percentage is the percentage of the available viewport width that you want the
element to occupy.

33) How CSS media queries is used to allow wbpb pages well on a desktop, tablet or
mobile device?
Answer:

Responsive design is implemented using the same HTML but using different CSS in
order to present content differently according to screen width
34) What are A web apps? Give example.
Answer:
A web app is an application that runs inside a web browser.
It allows the user to fulfil a function that traditionally may have been fulfilled by a
desktop application.
For example, email, calendar and contacts used to require the installation of
software on your desktop machine.

35) List some Web app weaknesses.

Answer:
The always-on connectivity of web apps is both a strength and a weakness. A user
must typically be online.
Without this connectivity, the full functionality of a web app cannot be accessed.
Another issue with web apps is that everything takes place inside a web browser.
It presents a restricted user interface, and there is only so much you can do with
HTML, CSS and JavaScript.

36) What are Single-page applications (SPA) ?

Answer:
A web app in a single page is known as a single-page application (SPA).
If a user clicks a link or presses a button in a SPA, there is no redirection to another
URL.
 JavaScript fetches the data behind the scenes and then manipulates the Document
Object Model (DOM) to present the user with a different view without requiring a
page reload
37) Generally, mobile apps are categorised as either native or web-based, explain
native apps.
Answer:
Native apps are those that are built for, and deployed to, a particular platform and
operating system.
These are the apps that we have to download from places such as Apple’s App Store,
Google Play or Windows Marketplace.

38) D Generally, mobile apps are categorised as either native or web-based, what are
web-app, give example.

Answer:
Web apps are applications that run inside a web browser to simulate local
functionality.
Use HTML, CSS and JavaScript, and can therefore run on any operating system that
will run a standard web browser application.
Web apps → cross-platform.
Examples: Gmail, Outlook and Google Maps
39) List the main advantages of native apps.
Answer:
Native apps: include quality control through rating and feedback of other users.
They can be distributed through application stores: Google, Apple and Windows.
Work more efficiently with the target operating system.

40) List the main disadvantages of native apps.

Answer:
are likely to be more time-consuming to port and difficult to develop compared to
web apps
A native app for one platform would require substantial changes to make it run on
another platform.
Developers (Android, iOS and Windows Phones) requires a specialised technical
skillset

41) List the main advantages of web apps

Answer:
Web apps will work on all OSs,
Developers require less skill and experience
42) F List the main disadvantages of web apps.
Answer:
less efficiently than the native apps.
They are slower to load and less responsive than native apps.
There are also security issues: they reveal their source code to users.
 When connecting to a remote server-based system it can potentially compromise
security.

43) What are hybrid apps?

Answer:
A middle ground in the native versus web app debate-→is the hybrid approach.
It allows developers to deploy native code to multiple mobile device platforms from
a single code base made of HTML, CSS and JavaScript
44) List the main advantages of hybrid apps
Answer:
No need for native app developers skills.
Existing skills (web) enables quick and easy app deployment to multiple mobile
platforms.
The hybrid (partly web app, partly native app) approach to app development is
typically enabled by a software framework.
No need to know device-specific application program interfaces (APIs).

45) If we chose cordova a tool for hybrid app, how the Interaction between the web
view and device functionality is achieved?
Answer:
Interaction between the web view and device functionality is provided through
JavaScript APIs provided by the Apache Cordova framework.
Each API essentially consists of two parts:
A JavaScript library that allows code running within the web view to request tasks
available on the mobile platform in question.
A library of functions that translate a request into the appropriate call to a native
API.

46) What is main role of Cordova plug-in?

Answer:

Cordova plug-in can be seen as an intermediate JavaScript broker between browser

events and native APIs (Java for Android and Objective-C for iOS).
Plug-ins frees programmers form the details in native operating systems.

47) List at least five Cordova plug-ins for the device functions across mobile device
platforms.

Answer:
Cordova provides plug-ins for the following device functions across mobile device
platforms:
▪ battery status
▪ camera
▪ contacts
 ▪ accelerometer
▪ compass
▪ compass
▪ file system
▪ geolocation
▪ globalisation
▪ browser
▪ media
▪ media capture
▪ network information
▪ Web design typically follows the so-called model–view–controller
(MVC) pattern:
▪ Model – the underlying representation or data of the program.
▪ View – the presentation of the program to the users.
▪ Controller – where the business logic is held splash screen
▪ status bar
▪ storage
▪ vibration

48) What is Node.js? and what for is used?

Answer:
Node.js, or ‘Node’, as it is sometimes called, is a server-side JavaScript engine.
It allows the execution of JavaScript outside of the web browser.

49) Web design typically follows the so-called model–view–controller (MVC) pattern,
explain it.
Answer:
Model – the underlying representation or data of the program.
View – the presentation of the program to the users.
Controller – where the business logic is held
50) Specific to Cordova apps, what technology we use designing the presentation and for
implementing the business logic?
Answer:
Specific to Cordova apps, we use HTML5/CSS for designing the presentation, and
JavaScript for implementing the business logic.
We will use an internal data structure in the app for the timer model.
 Take Home Exam for Final Assignment 2020-2021/Spring Semester

TM354: Software Engineering

Cut-Off Date : 19 April 2021 Cut off Time : 08:05PM

Total Marks : 100 Duration : 24 Hours

KSA Branch
Contents: Page #

Warnings and Declaration…………………………………………….……………….…………………………………………………………….... 1

Question1 ...……………………….…………………………………………………..……………………………………….……….………………..…. 2
Question 2 …...……………………………………………………………………………………………………………………….……………….…..…. 2
Question 3 ………….………...………………………………………………………………………………………………………………………………. 5
Question 4 ………….………...………………………………………………………………………………………………………………………………. 6

General Instructions:

You are required to use the Answer Template attached with the FTHE to answer the
questions, you must declare the No Plagiarism Statement, and the footer of the
answer sheet must include your name and ID

Plagiarism Warning:
As per AOU rules and regulations, all students are required to submit their own THE-
Final work and avoid plagiarism. The AOU has implemented sophisticated techniques
for plagiarism detection. You will be penalized for any act of plagiarism as per the AOU's
rules and regulations.

TM354/ THE-Final/KSA 1 of 6 2020-2021/Spring

Question 1: (25 Marks)
1.1 Given below is a Java Programs.
1.1.1.Draw two control flow graphs
1.1.2.Determine the independent paths in each case
1.1.3.What does Cyclomatic Complexity measure?
1.1.4.Compare the LOCs and Cyclomatic complexities of the Java Programs.

public class Palindrome { class PrimeCheck{

public static void main(String[] args) { public static void main(String args[])
{
int num, reversedInteger = 0, remainder, originalInteger; int temp;
Scanner input = new Scanner(System.in); boolean isPrime=true;
System.out.println("Enter a number :"); Scanner scan= new Scanner(System.in);
num = input.nextInt(); System.out.println("Enter any number:");
originalInteger = num; int num=scan.nextInt();
for(int i=2; i<=num/2; i++)
while( num != 0 ) {
{ temp=num%i;
remainder = num % 10; if(temp==0) {
reversedInteger = reversedInteger * 10 + remainder; isPrime=false;
num /= 10; break;
} }
}
if (originalInteger == reversedInteger) if(isPrime)
System.out.println(originalInteger + " is a palindrome."); System.out.println(num + " is a Prime Number");
else else
System.out.println(originalInteger + " is not a palindrome."); System.out.println(num + " is not a Prime Number");
} }
} }
1.2 Given below is a Java Method. (5 Marks)

testSquireRoot(int num)
{
if (testNum < 0)
testNum := -testNum;
num := testNum;
}

1. Determine one test set to satisfy the statement.

2. Draw a control flow graph and determine the Cyclomatic complexity

Question 2: (30 Marks)

This question concerns the development of a small software system. The scenario below outlines the
problem domain. This description is not complete, but it contains all the information needed to answer the
questions from 2.1 to 2.7. [Any answer not related to the scenario will be given ZERO mark].

TM354/ THE-Final/KSA 2 of 6 2020-2021/Spring

 Due to COVID19 pandemic, an insurance organization started receiving only online applications from the
clients. The management would like to develop a module to integrate with the existing system. The proposed
module should allow the visitors to view the available policy schemes. During the registration process the
visitors are required to submit all required details. The system accepts registration requests with complete
details only. A request cannot be processed if the details are incomplete. Once they have registered as
clients they will be able to submit online applications. In addition to submit applications, the clients can edit
their profile, write feedbacks and pay online. The system verifies the login credentials and payment card
details. For inaccurate or incomplete credentials, the system rejects the processes. The manager of the policy
department approves the application after verifying the details. The system administrator can add users and
monitor the processes and he/she the system maintenance also.
The module should provide a user friendly web interface to the users and should be able to access using
various devices. The module is expected to be functioning within three months. The module along with the
system shall operate in accordance with the operating country’s monitoring agency and law. The module
should be designed in a way that a user should be able to learn to use 50% of the functionality of the system
in 2 hours
2.1 There are a set of functional requirements of the system mentioned in the given 1 Mark
scenario. List TWO of them with their types.
2.2 Identify TWO non-functional requirements matching with the scenario along with their 1 Mark
types.
2.3 Draw a use case diagram for the scenario 5 Marks
2.4 Suggest any two testing strategies to ensure correctness of the developed system. 1 Mark
 You must relate your testing appropriately with the scenario and related
components.
2.5  Identify any two quality attributes which affects the revision requirements of the 2 Marks
developed system.
 You must relate your answers appropriately with the system based on the given
scenario.
2.6 Discuss possible advantages of separating your proposed system’s user interface from 1 Mark
the domain logic mentioned in the scenario.
2.7 Write a brief description about the concept of partitioning a software system. What are 2 Marks
the advantages of this concept?

TM354/ THE-Final/KSA 3 of 6 2020-2021/Spring

 As part of an insurance management system, it is required to keep track of branches, staff, clients,
insurance plans, client companies, insurance theme and theme sub divisions. Below given scenario
must be used to answer questions 2.8 and 2.10.
2.8 Identify the classes and their corresponding attributes. 2 Marks
2.9 Build an initial level class diagram to store the entities details into a database based on 10 Marks
the given below assumptions. A part of a software development scenario is given below.
The insurance firm has multiple branches and a branch can offer many insurance plans. Each branch
is contracted with a number of staff members. A branch is identified by a unique branch number, a
name, a location and a telephone number. Exactly a single branch must hire each staff. A staff can
be an insurance theme leader for a number of themes and may or may not be an advisor for one
or more client companies at different times. As a rule, staff cannot be an advisor for more than
client companies can at the same time. For each staff, the database should record the staff id,
name, address, telephone and email. One of the staff may work as a supervisor. The two types of
the staff are office staff and field staff.

Clients can only take insurance themes from one of the firm's branches, and the appropriate branch
should be noted for each insurance plan. A branch must have at least one staff contracted with it.
Each client is assigned a unique id and the information about each client to be kept by the system
are id, name, address, telephone, nationality and national Id. Each client is permitted to book a
number of insurance themes. Each insurance plan must link a client with an insurance theme and
the branch in which the insurance plan was made earlier. A branch must have at least one insurance
plan offered for clients. For each plan, the system also keep the registration date and policy amount.
Each client company may have zero or more insurance plans. Each client company must be advised
by a single staff and must belong to a single insurance theme. Each client company has a maximum
number of registrations and the system must ensure that the number of plans for a client company
does not exceed this maximum. For each client company, the system should record a unique id,
registration date, maximum number of registrations and address. One staff must coordinate each
insurance theme. A theme can have multiple client companies.

Each insurance theme consists of a number, at least one, of theme sub divisions arranged in a
certain criteria. A division sequence number could indicate this criterion. Each insurance theme is

TM354/ THE-Final/KSA 4 of 6 2020-2021/Spring

 identified by a unique id and other details are a specific code and a description in the database.
Each theme sub division has a division id, type, description and price. A division may be part of zero
or more themes. Division details may or may not store for one or more sub divisions, which includes
client and the client company details also.
2.10  From the software engineering skills you have learned during the study, identify any 5 Marks
TWO object-oriented complexity metrics exactly matching with the above scenario.
 Describe what they measure and how it support to determine complexity of the
classes.

Question 3: (20 Marks)

3.1 TM354 module materials you have learned that a design pattern describes the 8 Marks
solution to some frequently recurring design problem.

Briefly describe any two design patterns using your own words.
 You should describe two key advantages of applying the design patterns you
have selected
 Provide at least one real world application of them.

3.2 Below given paragraph is based on the insurance management system scenario 12 Marks
described in question-2.

Assume a situation in which the insurance company’s HR system is utilizing a third party
billing system to provide a functionality to process the bonus amount of employees. In
the company’s HR System, the employee information has been stored as string array.
The third party billing system has various methods and a method called
computeBonus() will be used to calculate the employees’ bonuses. The method
requires an input value as a list, which is the employee list. This method is written in a
way to loop though each employee record. Then compute bonus and deposit into their
bank account. Here the problem is that the company’s HR System will not be able to
call the third party billing system because of the incompatibility of the data types
between the two systems. The third party billing system uses a list and the HR system
uses a string array which are in compatible.
 Suggest an architectural pattern to make the two systems or their interfaces
work together.
 Justify your answer
 Your answer should include an appropriate diagram to demonstrate the
suggested pattern with explanation.
 Identify all the operations in the classes.

TM354/ THE-Final/KSA 5 of 6 2020-2021/Spring

Question 4: (20 Marks)
4.1 You are required to draw a sequence diagram for the below given scenario based on 10 Marks
Question-2.

Construct a sequence diagram for the following scenario based on the insurance policy application process:

To approve the application process of a client in which the initial message from the user interface is sent to the
policy class to verify the client. Then the user interface sends a message to the client by sending the application
number. The client will identify a policy scheme and send to the policy class. The client will complete the
application and then send the details to the manager.

You are required to identify the classes and corresponding operations. You do not need to consider the
alternative scenario to answer this question.

4.2 You are required to draw a state chart diagram for the below given scenario based on 7 Marks
Question-1.

This question is based on the insurance management system scenario described in question-2. Assume a
scenario of insurance policy application various states according to the below given description.

The insurance company manages various types of policies for its clients. The policy application process can be
done online. For a client, the application documents are accessible from anywhere after login to the system.
When the client login to the system, he/she sees all the options available. When the client clicks on policies
option, he/she will be able to search for the type of policies. Once the client finds a particular policy type they
can select the policy. The policy details will be displayed on the screen. The client confirms and the process
ends. The client can do the search for another type also, if they could not find the one he/she is looking for.

4.3  What does a final state signify in your diagram? 3 Marks

 What is a self-transition? Provide one example from your diagram.
 What is a Guard? Provide one example from your diagram.

General Notes about diagrams

 All diagrams should be drawn based on the given scenario.

 Your ID and Name should be displayed on the top right corner of each diagram.
 Failure to adhere to the above will be lead into receiving zero mark for the diagram/s.

End of THE-Final

TM354/ THE-Final/KSA 6 of 6 2020-2021/Spring

 Final-Take Home Exam – Fall 2020/21

Code: TM352

Cut-Off Date : Jan 23, 2021 Cut off Time : 12:05 pm

Total Marks : 100 Duration : 48 Hours

Plagiarism Warning:
As per AOU rules and regulations, all students are required to submit their own THE-Final work and avoid plagiarism. The
AOU has implemented sophisticated techniques for plagiarism detection. You will be penalized for any act of plagiarism
as per the AOU's rules and regulations.

Declaration of No Plagiarism by Student (to be signed and submitted by student with THE-Final work):
I hereby declare that this submitted THE-Final work is a result of my own efforts and I have not plagiarized any
other person's work.

Name of Student : …………………………………………………..

Signature : …………………………………………………..

Date : …………………………………………………..

TM352 / Final-THE 1 of 2 2020-2021/First

This study source was downloaded by 100000836235535 from CourseHero.com on 05-08-2022 00:30:50 GMT -05:00

https://www.coursehero.com/file/78680573/TM352-THE-Final-2020-2021-Falldocx/
 Question 1: (80 marks)
Foreigner guide software is responsible for viewing and recommending various places. In the
process of designing and developing such software you as part of the development team are
required to

Phase 1 (50 marks)

Implement a RESTful Web Service with appropriate annotations to add locations of
restaurant, hotel, museum, etc. to be used later in the software. The places’ data associated
with a specific place type are saved in a Jason Array of place objects in a file named after the
place type. Each place object contains the following data: place_name, place_type, latitude,
longtitude.

Provide an example of the URL that could be used to access the Web service given that the
site is http://ForeignerGuide_site.com

Phase 2:(20 marks)

Implement Caeser Cipher to encrypt the sent data using a predetermined key, initialized to be
the last digit of your id, at the client of the service and decrypt the received data before
saving.

Phase 3:(10 marks)

Suggest a cloud infrastructure design for the complete system that takes high availability into
consideration with a detailed description of each used component.

Question 2 :(20 marks)

Road-Accidents reporting system is supposed to work in a mobile environment. Compare between
the some mobile application types, web application and hybrid, then determine the best usable type
and justify your choice for the current situation.

Using the following criteria for the comparison table

1- The app maintenance cost (app update)

2- The responsiveness and load time of the app (online and off line)
3- The efficiency of the app to take advantage of the device resources
4- The technology used to develop the app

Based on the result of the comparison table provide a justification of your design choice for
acceptance or rejection for each choice

End of Assessment

TM352 / Final-THE 2 of 2 2020-2021/First

This study source was downloaded by 100000836235535 from CourseHero.com on 05-08-2022 00:30:50 GMT -05:00

https://www.coursehero.com/file/78680573/TM352-THE-Final-2020-2021-Falldocx/
Powered by TCPDF (www.tcpdf.org)
 TM352 Web, Mobile and cloud technologies 1

Web, Mobile and cloud technologies

Final Revision
T M 3 52
 TM352 Web, Mobile and cloud technologies 2

TM352 Final Exam

Part I
1) Web design typically follows the so-called model–view–controller (MVC) pattern, explain it.
▪ Model – the underlying representation or data of the program.
▪ View – the presentation of the program to the users.
▪ Controller – where the business logic is held.

2) What is the role of load balancer within a cloud system?

The role of the load balancer is to take the form of a dedicated piece of hardware or software running on
another server.
The load balancer receives all incoming requests and redirects them to one of attached web servers
The original load balancers used a simple algorithm to apportion work known as ‘round robin’ in which
requests were assigned sequentially in order of arrival, so request 1 to server 1, request 2 to server 2,
request 3 to server 3 and then request 4 back to server 1, and so on, circulating requests to the three
servers.
Cloud Deployment
Image Store

Load
Balancer
Load
Balancer

Linux Configuration Linux Linux Linux

Apache Template Apache Apache Apache

Linux
MySQL
Linux Linux
MySQL MySQL

Important The elastic load balancing (ELB) service is responsible for distributing requests within and
across availability zones, As for a traditional network, it is the ELB that receives the internet traffic,
which it then distributes.

3) What is the main role of the Cordova plug-ins?

❖ A Cordova plug-in can be seen as an intermediate JavaScript broker between browser events and
native APIs (Java for Android and Objective-C for iOS).
❖ Plug-ins frees programmers form the details in native operating systems.
❖ Cordova provides plug-ins for the following device functions across mobile device platforms:
▪ battery status- camera- contacts- accelerometer- compass

4) How can and an admin manage/control the openstack cloud system?

❖ An OpenStack cloud has two modes of control, a web-based interface and a set of application
programming interfaces (APIs) for use with RESTful web services.
❖ Using these tools, a tenant can launch new (and review existing) instances, create and edit
flavors, load and unload images, create storage volumes and monitor usage.
❖ The website for this application can be created entirely through the OpenStack management
interface using a combination of the services running on the controller, network and compute
nodes.
 TM352 Web, Mobile and cloud technologies 3

5) What is the role of the global DNS server within a cloud system?
❖ The global DNS server is key to the way that browsers locate websites because they convert fully
qualified domain names (e.g. www.open.ac.uk) into IP addresses (137.108.198.32).
❖ Recall that messages sent over the internet are sent using IP addresses, not friendly names.
UK Domain

ISP AC.UK Domain

Router OPEN.AC.UK Domain

Computer

The global NTP server sits outside the application, but its role is very important because it provides
the data required to synchronise the clocks of all the servers in the application using the network
time protocol (NTP)

6) What is the role of virtualization software or hypervisor?

The virtualisation software, or hypervisor, provides the code to manage and protect the virtual
servers, together with the code for device drivers.
It is responsible for creating each virtual server, protecting a virtual server’s memory space from
other virtual servers, scheduling usage of the processors and cleaning up when a virtual server is
disposed of.
Hypervisor
Virtualisation software

Disk Drivers

Virtual
Drivers
Network
Operating
I/O System
Virtual server

Application

Virtual
Drivers

Operating
System
Virtual server

Application

Memory Allocation
 TM352 Web, Mobile and cloud technologies 4

7) List the main advantages (at least three) of hybrid apps.

1. It allows developers to deploy native code to multiple mobile device platforms from a single
code base made of HTML, CSS and JavaScript.
2. No need for native app developers’ skills.
3. Existing skills (web) enables quick and easy app deployment to multiple mobile platforms.
4. The hybrid (partly web app, partly native app) approach to app development is typically enabled
by a software framework.
5. A layer between the browser technology and the underlying device capabilities.
6. No need to know device-specific application program interfaces (APIs).
7. There are a number frameworks (development) to choose from.

Important : Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities, but are bound together by
standardized or proprietary technology that enables data and application portability (e.g., cloud bursting
for load balancing between clouds).

8) What does the technique called ‘browser sniffing’ and in which context it is used?
When creating Separate mobile site (maintain separate websites for desktop and mobile devices)
- The only way to cater for these differences was to have separate sites for mobile & desktop users.
- This approach requires a way of detecting that a mobile device is trying to access the website.
- It then needs to redirect user to a separate mobile URL using either client- or server-side techniques.
- The redirection of mobile browsers to a separate URL is accomplished by a technique ‘browser sniffing’.
- Browser sniffing works because when requests a web page it identifies itself with a user agent string.
- This string contains details of the type of browser and the platform it is running on.
- A client- or server-side script then uses this to call a different web page

9) List the main disadvantages of native apps.

- But are likely to be more time-consuming to port and difficult to develop compared to web apps
- A native app for one platform requires substantial changes to make it run on another platform.
 TM352 Web, Mobile and cloud technologies 5

10)What does an image represent within the openStack project and what for is used?
Images: the images block represents the disk storage used for VM images and it is managed by one of
the services running on the controller node.
- New images can be loaded or removed by tenants, shared between tenants, or marked as private
for use by a single tenant.

Important: Storage: the storage block represents disk storage used for persistent data required by the
VMs.

User

Global DNS
Global NTP Server
Server
Internet

Router

Firewall Local NTP

Local DNS Server
Server

Controller
Network

Images

Compute Compute Compute

VM1 VM2 VM3

Web Web Database

OpenStack Cloud

Storage

Key
Management
VM traffic
Internet
myshop.co.uk
 TM352 Web, Mobile and cloud technologies 6

11)How CSS media queries is used to allow web pages well on a desktop, tablet or mobile device?
CSS media queries (and device breakpoints)
- Responsive design is implemented using the same HTML but using different CSS in order to present
content differently according to screen width.
- In a responsive website when narrowing your browser window, you’ll notice that there are certain
widths at which the display contents change, these widths are called breakpoints.
- As a web designer, you decide at which widths you will implement these breakpoints.
- One way of deciding breakpoints is to work down from your desktop-designed website and narrow
your browser window until the design ‘breaks’.
- That is, it no longer works effectively for this screen size.
- At this width you will need a different design.
- For example, at a width of 960 pixels the website starts to break.
- Users can no longer see all of the Go button to activate a search, or ‘Contact Us’ link in global
navigation
- This would therefore be a good place to implement a breakpoint to call a different style sheet.

12)Describe in your own words the cloud service model Software as a Service (SaaS).
Software as a Service (SaaS). consumer uses provider’s applications running on a cloud infrastructure.
The applications are accessible from various client devices through either a thin client interface, such
as a web browser.
The consumer does not manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage

Tenant Tenant Tenant

Application

App Data App Data App Data

Middleware

Operating System

Hardware
 TM352 Web, Mobile and cloud technologies 7

PART II
1) Infrastructure as a Service (IaaS) is one of the cloud models, you are asked to draw a diagram
that shows the different layers, starting from the tenant down to the hardware.

Tenant Tenant Tenant

Application Application Application

App Data App Data App Data

Middleware Middleware Middleware

Operating System

Hardware

Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing,
storage, networks, and other computing resources where the consumer is able to deploy and run
arbitrary software, which can include operating systems and apps.
Consumer doesn’t manage or control underlying cloud infrastructure but has control over operating
systems, storage, and deployed applications; and possibly limited control of select networking
components

2) OpenStack is a collection of services each produced by a different project under the OpenStack
foundation. In general, each service supports four approaches to access it, explain each of them
carefully, and provide examples if necessary.
Accessing OpenStack: Each service supports four approaches to access:
1. The simplest method of accessing services is via the web dashboard Horizon,
2. Each service has a (CLI). Some client software has to be installed (OpenStack CLI clients), &
commands can then be issued from a shell or console. (glance image-list)
3. Each service has a set of Python-based application programmable interfaces (APIs).
In general the APIs can be used from the Python language, from an HTTP REST client such as
the Linux curl command, or from a browser-based REST client.
Example: Services cimport glanceclient.v2.client as glclient
glance = glclient.Client(...)
images = glance.images.list()
4. Can be called using a declarative scripting approach written in YAML (http://yaml.org/).
- In OpenStack terminology a YAML description, which can create any number of resources and
actions, is called a ‘stack’.
 TM352 Web, Mobile and cloud technologies 8

3) In HTML5 the <form> element is used to send an HTTP client “get” request. provide a complete
HTML page that has the flowing features:
- Send an HTTP “get” request to a server-side servlet with the name “login_ servlet”
- Uses English Language
- Uses Character set “utf-8"
- The title is “AOU login page”
- The user should add his short ID as text and a password to be able to submit a “login”
request. Provide a full HTML page that fulfill the above requirements.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title> AOU login page</title>
</head>
<body>
<form method="get" action="/ login_ servlet ">
<label> short ID:</label> <input type="text" name=" short ID " value="5577”>
<label> password:</label> <input type="password" name="password">
<button type="submit">login</button>
</form>
</body>
 TM352 Web, Mobile and cloud technologies 9

4) You are asked to write a JASON object that contains the following elements: Inside the object,
we have several name/value pairs. These are
- A property with the name courseCode and the integer value “TM352”.
- A property with the name tutorName and the integer value “Maher Maher”
- property with the name semetser and the integer value “fall2019/2020”
- A property with the name Offred and the Boolean value true.
- A property with the name sections, whose value is an array.
- Inside the sections array, we then have two objects representing individual section for this
course. Each object contains two properties: sectionID and sectionLOcation. (You are free
to fill the value of these objects)
{ "courseCode": "TM352",
“tutorName”: “Maher Maher”,
"semester": " fall2019/2020",
"offred": true,
"sections": [
{
" sectionID ":100 ,
" sectionLOcation ": "Floor 1" ,
},
{
" sectionID ": 2,
" sectionLOcation ": "Lab2" ,
}
],
}

5) Assuming A is 1 and Z is 26, in a 26-character alphabet, the Caesar Cipher for a single character
can be expressed in pseudocode as: c = (p + k) mod 26 Assuming k is 6, and that a message
(composed of three characters) has been encrypt and the result is the word ‘CED’. You are asked
to decrypt the message, by first providing the decryption formula and Appling it to get the original
message

K=6
K’ = 26 – k = 26 - 6 = 20
C = (p+k) mod 26
char C E D
number 3 5 4
P+k 23 25 24
Mod 26 23 25 24
Plain text w y x
 TM352 Web, Mobile and cloud technologies 10

PART III
There is only one (1) question, worth ten (10) marks. Suppose that you are in charge of the design of a
customer web application that is described below:
It is a startup company that collected crowd funds to develop a new game idea, where different players
across the world can cooperate to start a space mission to acquire the planet Mars. Players should be
able to use any devices, mobile and desktop having any kind of existing and future operating. The game
participants during any mission phase have to work together for many hours before moving to the next
phase.
Because mobile and desktop devices had different design considerations, there are two ways to cater for
these differences, you have the choice between the following two choices:
- Have separate sites for mobile and desktop users.
- Have one website that works for both desktop and mobile devices, using “Responsive web design
“.
You are asked to pick up one design and to justify your answer in front of a technical team form well
known consulting company, taking into consideration the audience who are going to use the web
application and the context of the application usage.
Provide a comparation table between your choice and the other choice. Use the following criteria for the
comparison table, you are free to add/replace any criteria.
[ one mark for each criterion, total of four marks]
1- Extra requirements to deploy the web site
2- User experience regardless of a user’s device, screen size or resolution
3- The technology used to develop the web site
4- Site maintenance

Based on the result of the comparison table provide a justification of your design choice that is in line
with table results. You are free to model the different criteria based on their importance for this kind of
app, some criteria are more relevant for this app context, so you have to provide a convincing design
choice, because this will be evaluated by experts, be precise and consistent and you should give the
impression that your technical skills about the different design choice are sound. [6 marks]
‫عمل الطالب حمدي ودعواتكم التوفيق للجميع‬
A protocol is a set of rules
All communications are governed by protocols.
Protocols are the rules that communications will follow.
Protocols Allow messages exchange between any two points on a network

Successful exchange of messages need to address:

• the format of a message (its syntax)

• the interpretation of message contents (its semantics)
• how to start and end a message
• the pattern of message exchange
• acknowledging the receipt of messages
• detecting and dealing with any errors.
Networks require the use of several protocols.
Each protocol has its own function and format.
network protocol as structured in layers.

Two layered models describe network operations:

• Open System Interconnection (OSI) Model : Developed by the International Organization

for Standardization (ISO) and the International Telecommunications Union (ITU)

• TCP/IP Model : The most common and is maintained by the Internet Engineering Task
Force (IETF)

Open Systems Interconnection (OSI) model was developed in the 1980s as a standard.
Open Systems Interconnection (OSI) model represent the communication functions of a
telecommunication or computing system without regard to the diverse underlying internal
structure and technology.
OSI Model
Description
Layer

7 - Application Contains protocols used for process-to-process communications.

6- Provides for common representation of the data transferred between
Presentation application layer services.
Provides services to the presentation layer and to manage data
5 - Session
exchange.
Defines services to segment, transfer, and reassemble the data for
4 - Transport
individual communications.
Provides services to exchange the individual pieces of data over the
3 - Network
network.

2 - Data Link Describes methods for exchanging data frames over a common media.

Describes the means to activate, maintain, and de-activate physical

1 - Physical
connections.
The TCP/IP Model becomes the most common model
The TCP/IP Model is maintained by the Internet Engineering Task Force (IETF)

TCP/IP Model
Description
Layer

Application Represents data to the user, plus encoding and dialog control.

Transport Supports communication between various devices across diverse networks.

Internet Determines the best path through the network.

Network Access Controls the hardware devices and media that make up the network.
The TCP/IP protocol suite does not specify which protocols to use when transmitting over a
physical medium.
OSI Layers Physical and Data Link discuss the necessary procedures to access the media and the
physical means to send data over a network.
Encapsulation
the process by which a lower-layer protocol receives data from a higher-layer protocol and then
places the data into the data portion of its protocol data unit (PDU) adding its own protocol
specific information .
Occurs at the sender
The reverse process is called decapsulation which occurs at the receiver
The HyperText Transfer Protocol (HTTP) is an application layer protocol enables communication
between distributed systems
It supports a mixture of network configurations : (HTTP)
Because (HTTP) makes no assumptions about hardware and network configuration it is defined
as a stateless, application-layer protocol
HTTP is essentially a request–response protocol
HTTP and HTTPS (the secure version of the protocol)
HTML web pages are pages written in HyperText Markup Language
The HTML document itself begins with <html> and ends with </html>.
The visible part of the HTML document is between <body> and </body>.
Client HTTP application could be an application that connects to the server typically on port 80
and sends HTTP requests
Client HTTP application is typically a web browser but we can connect to the server using an
programmed application(for example: java application )
The HTTP status codes are always three-digit numbers They are grouped into categories by the
first digit
The categories are shown in Table 4. Activity 2: Using HTTP from the client side
There are a number of things that can go wrong in any HTTP request

The HTTP protocol does not need to know messages are passed over networks

These details are governed in turn by other protocols that appear at lower levels in the Internet
Protocol (IP) stack
As HTTP messages pass down the stack, protocol layers add information to them.
GET: Requests a resource.
HEAD: The HEAD message asks for the headers but not the body that would be returned by an
identical GET method.
POST: Submits data.
PUT: Uploads a file or other resource.
DELETE: Deletes a file or other resource.
Packet loss, or ‘dropped packets’, occurs when one or more packets fail to reach their intended
destination.
Packet loss is typically caused by network congestion, or as faulty hardware or poor cabling.
at endpoints in the system determine whether or not packets were lost and whether through
TCP they should be retransmitted.
In a TCP connection the TCP protocol can also utilise the best route to avoid troublesome
network congestion.
A TCP connection consists of two socket endpoints, where each socket is specified as a host
and a port.
open standards are standards published for public use and available for third parties to read
and implement without royalties.
open standards are published for public use and available for third parties to read and
implement without royalties.
Open standards exist mainly to provide maximum interoperability irrespective of software,
operating systems and hardware.
Open standards also help to maximise access to resources and services on the web.
Engaging with open standards enables:
application independence: ensuring that access to resources is not dependent on any single
application
platform independence: ensuring access to resources is not restricted by particular hardware
platforms
architectural integrity: ensuring that the architectural framework for IT developments is robust
and can be further developed in the future.
The World Wide Web Consortium (W3C), the web standards body looking after a large number
of web technologies (HTML, URL, XML, HTTP (jointly with the Internet Engineering Task Force
IETF), CSS, WAI guidelines, Web Services, etc.)
W3C publishes documents that define Web technologies W3C publishes Recommendations,
which are considered Web standards.
The IETF is an open standards organisation responsible for publishing internet standards to
participate in the IETF there is no formal membership or membership requirements.
Architecture The discipline that defines the conceptual structure and functional behaviour of a
computer system, determining the overall organization, the attributes of the component parts,
and how these parts are combined.
It uses of open standards of the internet (XML, HTML, HTTP, TCP/IP, etc.).
Web services are typically intended for computer-to- computer interaction.
Commonly the protocols used in SOA include HTTP, FTP and SMTP
SOAP relies on other open application layer protocols, such as HTTP, or Simple Mail Transfer
Protocol (SMTP), for the exchange and transmission of the messages.
SOAP is a standard in its own right in that it is a W3C
◆ SOAP is an XML-based protocol with a message structure consisting of three distinct
parts:
an envelope that defines a framework for describing what is contained in a message and how
to process it
a set of encoding rules for expressing any specific instances of application-defined data types
a convention for representing remote procedure calls and responses
SOAP is a framework that specifies a structure and encoding for information.
SOAP consists of three parts:

• The SOAP envelope … construct defines an overall framework for expressing what is in
a message; who should deal with it, and whether it is optional or mandatory.
• The SOAP encoding rules … defines a serialization mechanism that can be used to
exchange instances of application-defined data types.
• The SOAP RPC representation … defines a convention that can be used to represent
remote procedure calls and responses.
A SOAP message consists of a single mandatory SOAP envelope
The SOAP message comprises an XML document information item that contains three distinct
elements:
<envelope>
<header>
<body>.
The request might be encoded in XML like this:
<?xml version="1.0"?>
<Convert>
<convert>
<fahr>41.0</fahr>
</convert>
</Convert>
The response might look like this:
<?xml version="1.0"?>
<Convert>
<convertResponse>
<celsius>5.0</celsius>
</convertResponse>
<Convert>
Upon request SOAP messages are transmitted from the sender to receiver.
Any software agent that sends or receives these messages is called a SOAP node.
The node that performs the initial transmission of a message is called the original sender.
The final node that consumes and processes the message is called the ultimate receiver and
any node the message between is called an intermediary.
Looks like this: SOAP defines three attributes to control how intermediaries and the ultimate
receiver process any given header block: role, Relay and mustUnderstand.
XML is a standard for documents that contain marked-up data and has become a common
format for data interchange on the web.
XML is an (approximate) abbreviation for Extensible Markup Language
XML is a standard published by the World Wide Web Consortium (W3C).

XML markup is very simple; each piece of data is marked with tags that both delimit and
identify it.
XML differs from HTML in one crucial aspect: the set of tags in XML is not fixed but can be
extended at will, simply by using a new tag for a new purpose.
An important difference between XML and HTML is that XML tags can focus on the
meaning of data rather than on its representation.
In being able to choose one’s own tags in authoring XML it is possible to create naming
conflicts within the code.

An XML namespace provides a methodology that ensures that

all element and attribute names are unique and unambiguous
An element is understood to be everything including the start and end tags and the content
between.
It is conventional to refer to an element using its opening tag.
A simple statement of these rules is as follows:
Names can contain letters, numbers and some punctuation characters.
Names must start with a letter.
Names must not start with the letters XML (in any mixture of upper or lower case).
Names cannot contain spaces.
Names are case-sensitive.
REST refers to an architectural style that encompasses the common web standards such as
HTTP, URL, HTML and XML
Resource, a piece of data that is accessible at any time over a network
Resource is defined by an unique address and a representation that is yielded by that address
The address of any resource on the internet is given by a URI
The idea behind REST: a client requesting any URI receives a response that places the client in
either a new or a refreshed state.
This view of web services reduces the model to a very simple set of concepts: ‘state’,
‘transition’ and a transport protocol to allow transitions to be navigated.
Mapping this view to the internet is quite simple:
A ‘state’ is an HTTP response (page and content),
A ‘transition’ is another state that is accessible from the current state (so this is a URI available
in the current state),
and the underlying protocol is simply HTTP.
Web services have a simple uniform interface that is usually realised by the standard HTTP
operations (GET, PUT, POST and DELETE). Resources are uniquely identified by URIs
Each standard HTTP operation has a well-defined action on the resources that make up a web
service
GET – Retrieve a representation of a resource in a specified representation (Internet media
type).
POST – Use the data in the request body to modify a resource. The URI identifies a resource
that will handle the enclosed data.
PUT – The body of the request creates or sets the current state of a resource identified by the
URI.
DELETE – Deletes a specified resource on the server.
HEAD – Retrieve information on the state of a resource such as the date last modified in the
form of HTTP headers.
We can use a standard HTTP PUT method to send requests to the light:
PUT "true" to http://lightbulb.example.com/on
To turn the light off, we can use:
PUT "false" to http://lightbulb.example.com/on
To determine whether the light is on or off, we can then use a standard HTTP GET method:
GET http://lightbulb.example.com/on
SOAP messaging cannot be monitored by a firewall.
SOAP can be carried over HTTP.
Firewalls can operate on REST requests, and so on.
REST web services can use HTTP directly.
XML as a text-based message system.
JSON (JavaScript Object Notation), is a simple text- based format that is frequently used in
conjunction with REST APIs,
It retrieves data from a web server and display that data within a web application, or simply a
web page.
JSON is a standard and it is maintained by http://www.json.org/.
Xml using a parser.
JSON is closely based on the notation JavaScript uses to create arrays and objects.
You can simply use standard JavaScript functions to convert JSON data into native JavaScript
objects.
JSON has many advantages:
The format is compact.
It is easy for both computers and people to read and write.
It maps very easily onto the data structures used by most programming languages (numbers,
strings, booleans, nulls, arrays, etc.).
Many programming languages contain functions or libraries that can read and write JSON
structures.
JSON is most commonly used in web applications where JSON data are transferred using Ajax.
 ◆ JSON basic syntax is considered a subset of JavaScript object
notation syntax:
➢ Data are represented by name/value pairs.
➢ The data (name/value pairs) are separated by commas.
➢ Curly braces hold objects and each name is followed by a ‘:’ (colon).
➢ Square brackets hold arrays, and values are separated by a ‘,’ (comma).

JSON values can be any of the following:

➢ a number (integer or floating point)
➢ a string (in double quotes)
➢ a Boolean (true or false)
➢ an array (contained in square brackets)
➢ an object (contained in curly braces)
➢ null.
JSON object is likely to contain more than one set of JSON data.
Hypertext Markup Language(HTML), Cascading Style Sheets (CSS) and JavaScript form the
backbone of all websites and all web content.
It is CSS that controls how the page looks.
JavaScript that controls how it behaves.
HTML is that single technology that provides the structure for the delivered content; without
HTML as an enabler, there would be no content.
HTML is markup language used to structure the basic page content.
CSS is used to specify the presentation of the structured content and
JavaScript gives the web page functionality or ‘behaviours’.
XHTML stands for EXtensible HyperText Markup Language
XHTML is a stricter, more XML-based version of HTML
XHTML is HTML defined as an XML application
XHTML is supported by all major browsers
 • The Most Important Differences from HTML
<!DOCTYPE> is mandatory
The xmlns attribute in <html> is mandatory
<html>, <head>, <title>, and <body> are mandatory
Elements must always be properly nested
Elements must always be closed
Elements must always be in lowercase
Attribute names must always be in lowercase
Attribute values must always be quoted
Attribute minimization is forbidden

HTML XHTML

XHTML stands for Extensible Hypertext Markup

HTML stands for Hypertext Markup Language.
Language.

It is extended from SGML.

(The Standard Generalized Markup Language
(SGML, defined in [ISO8879]), is a language for It is extended from XML and HTML.
defining markup languages. HTML is one such
"application" of SGML.

The format is a document file format. The format is a markup language.

All tags and attributes are not necessarily to be in In this, every tag and attribute should be in lower
lower or upper case. case.
 Doctype is very necessary to write at the top of
Doctype is not necessary to write at the top.
the file.

Filename extension used are .html, .htm. Filename extension are .xhtml, .xht, .xml.

A security policy defines what people can and can’t do with network components and
resources.
attacks result from a combination of poor coding standards, improperly configured servers,
and inadequate use of encryption techniques.
◆ The OWASP Top 10 – 2013 is as follows:
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
According to Stallings (2014), this definition introduces three key objectives that are at the
heart of computer security:
◆ Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made available or
disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.
◆ Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a specified and
authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly and service is not denied to authorized users.
These three concepts form a simple but widely applicable security model, often referred to as
the CIA triad

Exercise 1
15 minutes
For each of the following scenarios, which type of interference is taking place?

Alice alters Bob’s file without permission. /Modification

A hacker deploys software to observe packets travelling on a network. /Interception
A website receives a flood of requests for a web page, preventing callers from viewing the site.
/Interruption
A user receives an email appearing to be from his supervisor, who did not send the email.
/Fabrication
◆ Encryption is the process of encoding messages or information in such a way that only
authorized parties can read it.
◆ Encryption does
not in itself prevent interception, but it does deny the message content to the
interceptor.
The process of converting from plaintext to ciphertext is known as encryption; restoring the
plaintext from the ciphertext is known as decryption.
The simplest encryption schemes involve replacing each alphabet character with another, this
is known as substitution.
◆ A Stream Cipher, however, is an encryption algorithm that encrypts one bit or a byte of
plaintext at a time.
◆ As such, Stream Ciphers are usually implemented where the amount of data is either
unknown or continuous, such as network streams.
In symmetric key encryption the same key is used to encrypt and to decrypt messages.
Symmetric key methods are generally relatively efficient in the sense that they do not require
too much computation to achieve a good level of security against a brute force attack (that is,
one that tries every permutation of key).
There is a problem, however, with symmetric key methods: both parties need to have the
same key.
The key exchange has to happen in advance, which makes casual use difficult.
a hybrid system that relies on two different encryption schemes to produce the encryption.
◆ there are a number of important connotations regarding privacy, authenticity and
integrity.
 ◆ Privacy means that data are intelligible only to its rightful recipients.
◆ Authenticity means that the recipient should be certain that the data received are
created by the purported author, and have not been manipulated by another party.
◆ Integrity is when data is protected so that it is infeasible for its contents to be changed
in transit without any such changes being instantly obvious to the recipient.

A hash is a calculation performed on a message, with the result given as a single value.
will result in a different hash value, so the hash value acts as a fingerprint of the message.
The Diffie–Hellman protocol is a way of generating a shared secret between two people in such
a way that the secret can’t be seen by observing the communication.
Diffie–Hellman key exchange relies on a series of mathematical operations that, if carried out
in two different orders but with the same numbers, will produce the same result.
Authentication is related to identification: it is demonstrating that you are who you say you
are.
Authorisation relates to permissions: it’s about what you are permitted to do, which might be
related to who you are, but not necessarily so.
Modern web servers support several methods for authenticating users, but we will limit this
discussion to the following options:

basic authentication
digest authentication
client certificates.
The security mechanisms used in IPv6 are described within the IP Security (IPSec) architecture,
which IPv6 implements, and which are extensions to IP header capabilities.

The NIST (National Institute of Standards and Technology) document defines a set of five
essential characteristics.
 1. On-demand self-service. A consumer can unilaterally provision computing capabilities,
such as server time and network storage, as needed automatically without requiring
human interaction with each service provider.
2. Broad network access. Capabilities are available over the network and accessed through
standard mechanisms that promote use by heterogeneous thin or thick client platforms.
3. Resource pooling. The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, Examples of resources include storage,
processing, memory, and network bandwidth.
4. Rapid elasticity. Capabilities provisioned and released, in some cases automatically
(orchestration), to scale rapidly outward and inward commensurate with demand. To
the consumer, the capabilities available for provisioning often appear to be unlimited.
5. Measured service. Control and optimize resource use by leveraging a metering
capability to the type of service. Resource usage can be monitored, controlled, and
reported, providing transparency for both the provider and consumer of the utilized
service.
The three service models defined by NIST are:
1. Software as a Service (SaaS). the consumer uses provider’s applications running on a
cloud infrastructure.
Accessible from various client devices through either a thin client (web browser).
The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, storage
2. Platform as a Service (PaaS). The consumer can deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider.
The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed applications
and possibly configuration settings for the application-hosting environment.
3. Infrastructure as a Service (IaaS). The consumer can provision processing, storage,
networks, and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software, which can include operating systems and
applications.
The consumer does not manage or control the underlying cloud infrastructure but has control
over operating systems, storage, and deployed applications; and possibly limited control of
select networking components
The final part of the NIST cloud definition describes four different deployment models, as
follows:
1. Private cloud. The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units).
It may be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.
2. Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific
community of consumers from organizations that have shared concerns (e.g., mission,
security requirements, policy, and compliance considerations).
It may be owned, managed, and operated by one or more of the organizations in the
community, a third party, or some combination of them, and it may exist on or off premises.
3. Public cloud. The cloud infrastructure is provisioned for open use by the general public.
It may be owned, managed, and operated by a business, academic, or government
organization, or some combination of them.
It exists on the premises of the cloud provider.
4. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public).

The image service Glance manages the storage of VM images and disk images in a range of
different back-ends.
There are two types of storage in the basic architecture: block storage provided by Cinder, and
object storage provided by Swift.
OpenStack is a collection of services each produced by a different project under the OpenStack
foundation.
In general, each service supports four approaches to access:
1. The simplest method of accessing services is via the web dashboard Horizon,
2 Each service has a command-line interface (CLI). Some client software has to be installed
(OpenStack command-line clients), and commands can then be issued from a shell or console.
Example: glance image-list
3. Each service has a set of Python-based application programmable interfaces (APIs).
In general the APIs can be used from the Python language, from an HTTP REST client such as the
Linux curl command, or from a browser-based REST client.
Example:
Services cimport glanceclient.v2.client as glclient
glance = glclient.Client(...)
images = glance.images.list()
4. Can be called using a declarative scripting approach written in YAML (http://yaml.org/).
In OpenStack terminology a YAML description, which can create any number of resources and
actions, is called a ‘stack’.
3. The most common cloud operation performed in platforms such as OpenStack is to start a
VM.
Before you can start a VM you have to have established appropriate networking and an
environment for it to run in and be accessible. Before you go on to actually work with
OpenStack and run a VM, you can preview the process by viewing some short videos in Activity
Later, in a subsequent activity, you will be guided through the steps shown in the video

Mobile web v The ‘mobile web (WAP 2.0) standard circa 2002, was made tailored for viewing on small-
screen phones with low resolution displays and GPRS (signaling). v Web pages built for the mobile web
used a special markup language called Wireless Markup Language (WML). v A separate protocol for
sending and receiving these pages between browser and server called Wireless Application Protocol
(WAP). v Nokia’s 7110, released in 1999, was the first mobile phone to come with a WAP browser. v It
didn’t have a touch screen and the display was greyscale.
Mobile website design strategies
As a website designer, it is crucial that you know your audience.
Because of the growing part of your audience is likely to be using a
mobile device.
The unique characteristics that differentiate mobile and desktop.
devices pose challenges for those designers who want to create.
websites that will work well with both.
Foremost amongst these challenges is the issue of screen size.
Foremost amongst these challenges is the issue of screen size.

There are three broad ways in which designers can choose to

address the screen size issue:

• do nothing.
• maintain separate websites for desktop and mobile devices.
• have one website that works for both desktop and mobile devices.
We will consider each of these strategies in turn
Responsive web design

• A design that offers the best possible user experience regardless of a user’s device,
screen size or resolution.
• Works equally well on a desktop, tablet or mobile device.
• Mobile users do not do anything in order to use the website effectively.
• Adjusts their content according to the width of the web browser window.
• Text is reflowed and resized, columns collapsed and expanded, menu options appear
and disappear, images shrink and enlarge.
Three principles of responsive web design
v Responsive web design relies primarily on taking advantage of
three web design techniques:

• Fluid design
• Flexible images
• CSS media queries
Fluid design

• A fluid design is the opposite of a fixed-width design.

• Instead of a fixed width of, say, 960 pixels, allow the page to flow to fit the available
viewport width.
• It uses percentages instead of pixels for element widths.
• The percentage is the percentage of the available viewport width that you want the
element to occupy.
• A value of 100% would fill all of the viewport width, 50% would fill half, and so on
Flexible images

• Rather than images being cropped as the viewport width becomes smaller.
• The whole image got smaller as the viewport width decreased.
• The website is made up of layer upon layer of CSS styling, in orderto see the effect of
using flexible rather than fixed images.
CSS media queries (and device breakpoints)

• Responsive design is implemented using the same HTML but using different CSS in order
to present content differently according to screen width.
• In a responsive website when narrowing your browser window, you’ll notice that there
are certain widths at which the display contents change, these widths are called
breakpoints.
• As a web designer, you decide at which widths you will implement these breakpoints.
Web apps

• A web app is an application that runs inside a web browser.

• It allows the user to fulfil a function that traditionally may have been fulfilled by a
desktop application.
• For example, email, calendar and contacts used to require the installation of software
on your desktop machine.
• As web technologies became more sophisticated, and users spent more and more time
online, developers realised that developing and delivering apps from inside a web
browser was convenient for both them and their users.
Generally, mobile apps are categorised as either native or web-based.
Native apps are those that are built for, and deployed to, a particular platform and operating
system.
A downloaded app will only run on a compatible mobile platform.
 ❖ Web apps are applications that run inside a web browser to simulate local functionality.
❖ Use HTML, CSS and JavaScript, and can therefore run on any operating system that will
run a standard web browser application.
❖ Web apps → cross-platform.
❖ Examples: Gmail, Outlook and Google Maps.

❖ Native apps: include quality control through rating and feedback of other users.
❖ They can be distributed through application stores: Google, Apple and Windows.
❖ Work more efficiently with the target operating system.
❖ But are likely to be more time-consuming to port and difficult to develop compared to
web apps
❖ A native app for one platform would require substantial changes to make it run on
another platform.
❖ Native apps are capable of making full use of the device’s hardware capabilities (GPS,
microphones, accelerometers, etc.).
❖ Developers (Android, iOS and Windows Phones) requires a specialised technical skillset,
❖ Native apps for Android devices simpler than creating them for iOS.
❖ Developing apps for Windows mobile devices is also a comparatively simpler.
Native apps
Developers (Android, iOS and Windows Phones) requires a specialised technical skillset,
Native apps for Android devices simpler than creating them for iOS.
Developing apps for Windows mobile devices is also a comparatively simpler.
❖ Web apps will work on all OSs,
❖ Developers require less skill and experience.
❖ But less efficiently than the native apps.
❖ Are generally built using HTML5, CSS3 and JavaScript.
❖ Run on the mobile device’s web browser (or a specially tailored browser).
❖ HTML5 will encode the application’s interface, CSS3 will give it its distinctive ‘look and
feel’ and JavaScript will provide business logic processing.
Web apps

❖ They are slower to load and less responsive than native apps.
❖ There are also security issues: they reveal their source code to users.
❖ When connecting to a remote server-based system it can potentially compromise
security.
❖ Despite the fact that HTML5 introduces a number of new features (Canvas, Web
Workers, Video, etc.,).
❖ However, web applications will inevitably be rather more limited in scope than native
applications.
hybrid approach
❖ Developing a web app or a native app is not a simple choice.
❖ It is impossible to give a generic recommendation.
❖ unless you know the contextual factors such as programming experience, resources, the
intended scope of the application, and so on.
❖ A middle ground in the native versus web app debate-→is the hybrid approach.
❖ It allows developers to deploy native code to multiple mobile device platforms from a
single code base made of HTML, CSS and JavaScript.
❖ No need for native app developers skills.
❖ Existing skills (web) enables quick and easy app deployment to multiple mobile
platforms.
❖ The hybrid (partly web app, partly native app) approach to app development is typically
enabled by a software framework.
❖ A layer between the browser technology and the underlying device capabilities.
❖ No need to know device-specific application program interfaces (APIs).
❖ There are a number frameworks (development) to choose from.
❖ Most popular one is the open-source Apache Cordova
Hybrid apps
Interaction between the web view and device functionality is provided through JavaScript APIs
provided by the Apache Cordova framework.
Each API essentially consists of two parts:
▪ A JavaScript library that allows code running within the web view to request tasks
available on the mobile platform in question.
▪ A library of functions that translate a request into the appropriate call to a native API.
▪ A Cordova plug-in can be seen as an intermediate JavaScript broker between browser
events and native APIs (Java for Android and Objective-C for iOS).
▪ Plug-ins frees programmers form the details in native operating systems.
▪ Cordova provides plug-ins for the following device functions across mobile device
platforms: battery status
▪ camera
▪ contacts
▪ accelerometer
▪ compass
▪ compass
▪ file system
▪ geolocation
▪ globalisation
▪ browser
▪ media
▪ media capture
▪ network information
▪ splash screen
▪ status bar
▪ storage
▪ vibration.
▪ Apache Cordova supports building and deploying mobile apps to all major mobile device
platforms including:
▪ Android
▪ Blackberry
▪ iOS
▪ Ubuntu
▪ Windows Phone.
Installing and configuring Apache Cordova
▪ Setting up your hybrid development environment using the Apache Cordova framework
takes some time, but you only have to do it once.
▪ Cordova is the main piece of software that we need to build hybrid apps,
▪ But in order to install Cordova we need some software called Node.js, so we must install
this first.
▪
▪ Node.js, or ‘Node’, as it is sometimes called, is a server-side JavaScript engine.
▪ It allows the execution of JavaScript outside of the web browser.
▪ Your Node.js download included npm, the command line tool that enables installation
of additional Node.js applications, including Cordova.
Mobile requirements and design
▪ It is likely that you can already find some apps delivering the same, or similar, functions
to your idea.
▪ If not, congratulations, you have identified a gap.

❖ Web design typically follows the so-called model–view–controller (MVC) pattern:

▪ Model – the underlying representation or data of the program.
▪ View – the presentation of the program to the users.
▪ Controller – where the business logic is held.
Defined clouds:

It is an advanced way to store data or information at the lowest costs

Five essential characteristics:

1-on demand: The customer modify his service himself

2-resouse pooling: The provider's computing resources are pooled to serve multiple consumers

3-rapid elasticity: Modify the service quickly and at any time

4-measured service: A report on how you use for service

5- Broad network acces : Access to service across all devices

three service models:

1- Software as a Service (SaaS): The consumer provides a service in order to run some applications
Tenant Tenant Tenant

Application

App Data App Data App Data

Middleware

Operating System

Hardware

2- Platform as a Service (PaaS): Provides a service to the consumer in order to provide a software
environment to run the applications that he wants
Tenant Tenant Tenant

Application Application Application

App Data App Data App Data

Middleware

Operating System

Hardware

3- Infrastructure as a Service (IaaS): It provides the consumer with almost complete control over
the service
Tenant Tenant Tenant

Application Application Application

App Data App Data App Data

Middleware Middleware Middleware

Operating System

Hardware
 physical layer and abstraction layer

Applications (SaaS)
Abstraction
Layer Software (PaaS)
Infrastructure (IaaS)

Physical
Server, Storage & Network
Layer

-physical layer : The layer that the consumer controls the service

-abstraction layer :The part that the consumer cannot control or change anything in the service

four different deployment models:

1- Public cloud: Applications and services that everyone can access- It exists on the premises

2-Private cloud: applications and service specific for Organization-it may exist on or off premises.

3-hybrid: made up two or more (Private cloud + Public cloud)

4-Community cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns- it may exist on or off premises

California Santa Barbara (UCSB) and IBM layered cloud model (UCSB+IBM model) :

Note : model comprises physical layer five layers / abstraction layer two more layers
Cloud applications (SaaS)

Cloud software environments (PaaS)

Abstraction
Layer
Cloud software infrastructures

Computational Storage Communications

resources (IaaS) (DaaS) (CaaS)

Software kernels and middleware

Physical
Layer
Firmware/Hardware (HaaS)

physical layer five layers :

1-Storage(Dass)

2-communication(Cass)

abstraction layer two more layers:

1-software kemare and middeware

2-firmware/hardware(Haas

Hoff’s cloud model

Note: developed by Christofer Hoff to include in his professional presentations about cloud security.
fore the many elements hidden within the NIST and UCSB+IBM models:

de
Presentation Presentation

dd
Data Voice Video PC Mobile

be
Modality Platform

Em
t
en
em
APIs

ag
an
M
Salesforce

d
te
Applications Google Apps

ula
Native Web

Em
Oracle On Demand

d
d

re
re

ctu
c tu
Data Metadata Content

u
ru

str
St

Un

e
g

at
se

g
gin

tic
uin
ba
Integration and middleware Google App Engine

sa

n
e
ta

he
es

Qu
Da

t
Au
M
t
en
em
APIs an
ag Amazon API
M
Infrastructure as a Service (IaaS)

d
te
Software as a Service (SaaS)

de
Platform as a Service (PaaS)

ica
Presentation Presentation
g
lan d
Data Voice Video
Security PC Mobile

ed
cin
Ba Loa

ModalityCore connectivityPlatform
and delivery DNS

t
en

b
Em
th
Au
nt
me

Abstraction
APIs Images
ge
na
Ma

Amazon EC2
Salesforce
te

d
pu

Hardware
e

Network Storage
m

lat

Applications Native Web Google Apps

Co

u
Em

Oracle On Demand
ed

Facilities
d

Power HVAC Space

re

r
ctu
c tu

Data Metadata Content

u
ru

str
St

Un

a te
g
e

g
gin

1-IaaS
as

tic
uin

Integration and middleware Google App Engine

tab

n
e
ss

the
Qu
Da

Me

Au
t
en
em

APIs Amazon API

ag
n
Ma
Infrastructure as a Service (IaaS)

te
Software as a Service (SaaS)
Platform as a Service (PaaS)

ca
g
lan d
cin

nti
Ba Loa

Core connectivity and delivery DNS Security

the
Au

Abstraction Images

Amazon EC2
ute

Hardware Network Storage

mp
Co

Facilities Power HVAC Space

Note :five layers /ex

1-Facilities

power, cooling and space

2-Hardware

computers, network and data storage

3- Abstraction

Note: corresponds to the software kernels and middleware of the UCSB+IBM model and represents any
hypervisor or cluster management software./ image
4-Core Connectivity and Delivery

provides the essential services for network communication

Note : The graphical representation of the third and fourth layers is intended to highlight their
interdependence.

Domain NamePresentation
System (DNS), load balancing, security and authentication

d
de
Presentation
Data Voice Video PC Mobile

ed
Modality Platform

b
Em
5. APIs

nt
me
APIs

ge
Note : represents the application programming interface that gives the IaaS tenant the means to Ma
na
Salesforce
manage, monitor and control all of their cloud components./ managerment

d
e
lat
Applications Native Web Google Apps

u
Em
2- PaaS Oracle On Demand
ed
red

r
ctu

provides integration services for the cloud

tu

Data Metadata Content

uc

u
str
Str

Un

te
g
e

tica
g
gin
as

uin

Integration and middleware Google App Engine

tab

ssa

n
e

the
Qu
Da

Me

Au
t
en
em

Note: single
APIs layer Amazon API
ag
n
Ma
Infrastructure as a Service (IaaS)

- Integration and Middleware

te
Software as a Service (SaaS)
Platform as a Service (PaaS)

ca
g
lan d
cin

nti
Ba Loa

Core connectivity and delivery DNS Security

the

Note: These are not tenant services, but services that support functioning of the cloud.
Au

Abstraction Images
3-SaaS:
Amazon EC2
database, Hardware
messaging and authentication
ute

Network Storage
mp
Co

de

Presentation Presentation
dd

Data Voice Video PC Mobile

be

Modality Platform
Em

Facilities Power HVAC Space

t
en
em

APIs
ag
an
M

Salesforce
d
te

Applications Google Apps

ula

Native Web
Em

Oracle On Demand
d
d

re
re

ctu
c tu

Data Metadata Content

u
ru

str
St

Un

e
g

at
se

g
gin

tic
uin
ba

Integration and middleware Google App Engine

sa

Note :five layers /ex

e
ta

he
es

Qu
Da

t
Au
M
t
en
em

APIs Amazon API

ag

1-Data,Metadata’ and ‘Content

an
M
Infrastructure as a Service (IaaS)

te
Software as a Service (SaaS)
Platform as a Service (PaaS)

ica
g
lan d
cin
Ba Loa

Core connectivity and delivery DNS Security

t
en
th

Note :that represent the actual application data

Au

Abstraction Images

-include structured data (e.g. a relational database) Amazon EC2

te
pu

Hardware Network Storage

m
Co

-unstructured data (e.g. video and audio).

Facilities Power HVAC Space

2- Applications

Note: represents the actual application hosted on the cloud

native or web application, or an emulated application.

Note: Hoff likens these to the features provided by Salesforce, Google Apps, and Oracle On Demand.

3- API

Note: layer provides the means to manage the hosted/ management

4- Presentation Modality’ and ‘Presentation Platform

Note: layer two components

- Presentation Modality(data, video or voice)

- Presentation Platform(PC, mobile or embedded)

How to Choosing a model :

-The level of detailed required will depend on the end goals of the task.

Note: - NIST model: If migrating employees to a cloud-based email provider

- Hoff :if you need to implement regulatory requirements related to email usage
saas

Tenant Tenant Tenant

Application

App Data App Data App Data

Middleware

Operating System

Hardware

Paas

Tenant Tenant Tenant

Application Application Application

App Data App Data App Data

Middleware

Operating System

Hardware

Iaas
 Tenant Tenant Tenant

Application Application Application

App Data App Data App Data

Middleware Middleware Middleware

Operating System

Hardware

Service models of the cloud

Applications (SaaS)
Abstraction
Layer Software (PaaS)
Infrastructure (IaaS)

Physical
Server, Storage & Network
Layer

UCSB and IBM cloud model

 Cloud applications (SaaS)

Cloud software environments (PaaS)

Abstraction
Layer
Cloud software infrastructures

Computational Storage Communications

resources (IaaS) (DaaS) (CaaS)

d
de
Presentation Presentation
Data Voice Video PC Mobile

ed
Modality Platform

b
Software kernels and middleware

Em
Physical

nt
Layer

me
APIs Firmware/Hardware (HaaS)

ge
na
Ma
Salesforce

ed
lat
Applications Native Web Google Apps

u
Em
IaaS Oracle On Demand

ed
d
re

r
ctu
c tu
Data Metadata Content
Looking within the IaaS block you can see five layers.

u
ru

str
St

Un

a te
g
e

g
gin
as

tic
uin
Integration and middleware Google App Engine
tab

n
e
ss

the
Qu
Da

Me

Au
t
en
em

APIs Amazon API

ag
n
Ma
Infrastructure as a Service (IaaS)

te
Software as a Service (SaaS)
Platform as a Service (PaaS)

ca
g
lan d
cin

nti
Ba Loa

Core connectivity and delivery DNS Security

the
Au

Abstraction Images

Amazon EC2
ute

Hardware Network Storage

mp
Co

Facilities Power HVAC Space

Virtual machines
 Disk Drivers

Operating
System

Network

Application
I/O

Memory Allocation

Difference of container and virtual

Virtual Machine Image

App A App A App B Container Image

App A App A App B

Bin/Libs Bin/Libs Bin/Libs

Guest OS Guest OS Guest OS Bin/Libs Bin/Libs

Hypervisor Container Manager

Host OS Host OS

Server Server

Virtualisation and scaling

 Cloud Deployment
Image Store

Load
Balancer
Load
Balancer

Linux Configuration Linux Linux Linux

Apache Template Apache Apache Apache

Linux
MySQL
Linux Linux
MySQL MySQL

Traditional infrastructure design

User

Global DNS
Global NTP Server
Server
Internet

Router/NAT

Local NTP
Local DNS Server
Server Firewall

Load Balancer

Web Servers

Firewall

Database

myshop.co.uk
Expanded representation of the OpenStack cloud

Controller
Node Network
Node

Images

Compute Node Compute Node Compute Node

VM1 VM2 VM3

Web Web Database

Storage

Key
Management
VM traffic
Internet

Amazon (AWS) cloud