Basics of Cloud Computing
Basics of Cloud Computing
COMPUTING
I- Introduction
☞ Front End:
The client uses the front end, which contains a client-side interface and
application. Both of these components are important to access the Cloud computing
platform. The front end includes web servers (Chrome, Firefox, Opera, etc.), clients, and
mobile devices.
☞ Back End:
The backend part helps you manage all the resources needed to provide Cloud
computing services. This Cloud architecture part includes a security mechanism, a large
amount of data storage, servers, virtual machines, traffic control mechanisms, etc.
Backend refers to the cloud itself which is used by the service provider. It contains the
resources as well as manages the resources and provides security mechanisms. Along with
this, it includes huge storage, virtual applications, virtual machines, traffic control
mechanisms, deployment models, etc.
1. Client Infrastructure
2. Application
The application can be any software or platform which a client wants to access.
3. Service
The service component manages which type of service you can access according to
the client’s requirements.
4. Runtime Cloud
Runtime cloud offers the execution and runtime environment to the virtual machines.
5. Storage
6. Infrastructure
It offers services on the host level, network level, and application level. Cloud
infrastructure includes hardware and software components like servers, storage, network
devices, virtualization software, and various other storage resources that are needed to support
the cloud computing model.
7. Management
8. Security
9. Internet
Internet connection acts as the bridge or medium between frontend and backend. It
allows you to establish the interaction and communication between the frontend and backend.
• Hard drives are block-based storage systems. Your operating system like Windows or
Linux actually sees a hard disk drive. So, it sees a drive on which you can create a volume,
and then you can partition that volume and format them.
• For example, If a system has 1000 GB of volume, then we can partition it into 800 GB
and 200 GB for local C and local D drives respectively.
• Remember with a block-based storage system, your computer would see a drive, and
then you can create volumes and partitions.
• In this, you are actually connecting through a Network Interface Card (NIC). You are
going over a network, and then you can access the network-attached storage server (NAS).
NAS devices are file-based storage systems.
• This storage server is another computing device that has another disk in it. It is already
created a file system so that it’s already formatted its partitions, and it will share its file
systems over the network. Here, you can actually map the drive to its network location.
• In this, like the previous one, there is no need to partition and format the volume by
the user. It’s already done in file-based storage systems. So, the operating system sees a file
system that is mapped to a local drive letter.
• In this, a user uploads objects using a web browser and uploads an object to a container
i.e., Object Storage Container. This uses the HTTP Protocols with the rest of the APIs (for
example: GET, PUT, POST, SELECT, DELETE).
• For example, when you connect to any website, you need to download some images,
text, or anything that the website contains. For that, it is a code HTTP GET request. If you
want to review any product then you can use PUT and POST requests.
• Also, there is no hierarchy of objects in the container. Every file is on the same level
in an Object-Based storage system.
HYPERVISOR
Hypervisor is a firmware or low-level program that acts as a Virtual Machine
Manager. It allows to share the single physical instance of cloud resources between several
tenants.
MANAGEMENT SOFTWARE
Management Software helps to maintain and configure the infrastructure.
DEPLOYMENT SOFTWARE
Deployment software helps to deploy and integrate the application on the cloud.
NETWORK
Network is the key component of cloud infrastructure. It allows to connect cloud
services over the Internet. It is also possible to deliver network as a utility over the Internet,
i.e., the consumer can customize the network route and protocol.
SERVER
Server helps to compute the resource sharing and offer other services such as resource
allocation and deallocation, monitoring resources, security, etc.
STORAGE
Cloud uses distributed file system for storage purpose. If one of the storage resource
fails, then it can be extracted from another one which makes cloud computing more reliable.
Infrastructural Constraints: Fundamental constraints that cloud
infrastructure should implement are shown in the following diagram:
TRANSPARENCY
Since virtualization is the key to share resources in cloud environment. But it is not possible
to satisfy the demand with single resource or server. Therefore, there must be transparency
in resources, load balancing and application, so that we can scale them on demand.
SCALABILITY
Scaling up an application delivery solution is not that easy as scaling up an application
because it involves configuration overhead or even re-architecting the network. So,
application delivery solution is need to be scalable which will require the virtual
infrastructure such that resource can be provisioned and de-provisioned easily.
INTELLIGENT MONITORING
To achieve transparency and scalability, application solution delivery will need to be
capable of intelligent monitoring.
SECURITY
The mega data center in the cloud should be securely architected. Also, the control node, a
entry point in mega data center also needs to be secure.
Cloud Deployment Models
and Services
I- What is a Cloud Deployment Model?
Cloud Deployment Model functions as a virtual computing environment with a
deployment architecture that varies depending on the amount of data you want to store and
who has access to the infrastructure.
1- Public Cloud
The public cloud makes it possible for anybody to access systems and services. The public
cloud may be less secure as it is open to everyone. The public cloud is one in which cloud
infrastructure services are provided over the internet to the general people or major industry
groups. The infrastructure in this cloud model is owned by the entity that delivers the cloud
services, not by the consumer. It is a type of cloud hosting that allows customers and users to
easily access systems and services. This form of cloud computing is an excellent example of
cloud hosting, in which service providers supply services to a variety of customers. In this
arrangement, storage backup and retrieval services are given for free, as a subscription, or on
a per-user basis. For example, Google App Engine etc.
Public Cloud
• Less secure: Public cloud is less secure as resources are public so there is no
guarantee of high-level security.
• Low customization: It is accessed by many public so it can’t be customized
according to personal requirements.
2- Private Cloud
The private cloud deployment model is the exact opposite of the public cloud deployment
model. It’s a one-on-one environment for a single user (customer). There is no need to share
your hardware with anyone else. The distinction between private and public clouds is in how
you handle all of the hardware. It is also called the “internal cloud” & it refers to the ability
to access systems and services within a given border or organization. The cloud platform is
implemented in a cloud-based secure environment that is protected by powerful firewalls and
under the supervision of an organization’s IT department. The private cloud gives greater
flexibility of control over cloud resources.
Private Cloud
• Better Control: You are the sole owner of the property. You gain complete
command over service integration, IT operations, policies, and user behavior.
• Data Security and Privacy: It’s suitable for storing corporate information to
which only authorized staff have access. By segmenting resources within the same
infrastructure, improved access and security can be achieved.
• Supports Legacy Systems: This approach is designed to work with legacy
systems that are unable to access the public cloud.
• Customization: Unlike a public cloud deployment, a private cloud allows a
company to tailor its solution to meet its specific needs.
Disadvantages of the Private Cloud Model
• Less scalable: Private clouds are scaled within a certain range as there is less
number of clients.
• Costly: Private clouds are more costly as they provide personalized facilities.
3- Hybrid Cloud
By bridging the public and private worlds with a layer of proprietary software, hybrid
cloud computing gives the best of both worlds. With a hybrid solution, you may host the app
in a safe environment while taking advantage of the public cloud’s cost savings.
Organizations can move data and applications between different clouds using a combination
of two or more cloud deployment methods, depending on their needs.
Hybrid Cloud
• Flexibility and control: Businesses with more flexibility can design personalized
solutions that meet their particular needs.
• Cost: Because public clouds provide scalability, you’ll only be responsible for
paying for the extra capacity if you require it.
• Security: Because data is properly separated, the chances of data theft by attackers
are considerably reduced.
Disadvantages of the Hybrid Cloud Model
4- Community Cloud
It allows systems and services to be accessible by a group of organizations. It is a
distributed system that is created by integrating the services of different clouds to address the
specific needs of a community, industry, or business. The infrastructure of the community
could be shared between the organization which has shared concerns or tasks. It is generally
managed by a third party or by the combination of one or more organizations in the
community.
Community Cloud
Advantages of the Community Cloud Model
5- Multi-Cloud
We’re talking about employing multiple cloud providers at the same time under this
paradigm, as the name implies. It’s similar to the hybrid cloud deployment approach, which
combines public and private cloud resources. Instead of merging private and public clouds,
multi-cloud uses many public clouds. Although public cloud providers provide numerous
tools to improve the reliability of their services, mishaps still occur. It’s quite rare that two
distinct clouds would have an incident at the same moment. As a result, multi-cloud
deployment improves the high availability of your services even more.
Multi-Cloud
Advantages of the Multi-Cloud Model
• You can mix and match the best features of each cloud provider’s services to suit
the demands of your apps, workloads, and business by choosing different cloud
providers.
• Reduced Latency: To reduce latency and improve user experience, you can
choose cloud regions and zones that are close to your clients.
• High availability of service: It’s quite rare that two distinct clouds would have
an incident at the same moment. So, the multi-cloud deployment improves the high
availability of your services.
• Complex: The combination of many clouds makes the system complex and
bottlenecks may occur.
• Security issue: Due to the complex structure, there may be loopholes to which a
hacker can take advantage hence, makes the data insecure.
• Cost: Cost is an important factor for the cloud deployment model as it tells how
much amount you want to pay for these things.
• Scalability: Scalability tells about the current activity status and how much we
can scale it.
• Easy to use: It tells how much your resources are trained and how easily can you
manage these models.
• Compliance: Compliance tells about the laws and regulations which impact the
implementation of the model.
• Privacy: Privacy tells about what data you gather for the model.
Each model has some advantages and some disadvantages, and the selection of the
best is only done on the basis of your requirement. If your requirement changes, you can
switch to any other model.
IV- Overall Analysis of Cloud Deployment Models
The overall Analysis of these models with respect to different factors is described below.
Scalability
and High High Fixed High
Flexibility
Data
Low High High High
Security
Data
Low High High High
Privacy
Models of Cloud Computing
Services
Cloud Computing helps in rendering several services according to roles, companies, etc.
Cloud computing models are explained below.
Characteristics
Here are the characteristics of IaaS service model:
• Virtual machines with pre-installed software.
• Virtual machines with pre-installed Operating Systems such as Windows, Linux, and
Solaris.
• On-demand availability of resources.
• Allows to store copies of particular data in different locations.
• The computing resources can be easily scaled up and down.
Platform as a Service (PaaS) is a type of cloud computing that helps developers to build
applications and services over the Internet by providing them with a platform.
PaaS helps in maintaining control over their business applications.
Advantages of PaaS
• PaaS is simple and very much convenient for the user as it can be accessed via a
web browser.
• PaaS has the capabilities to efficiently manage the lifecycle.
Disadvantages of PaaS
• PaaS has limited control over infrastructure as they have less control over the
environment and are not able to make some customizations.
• PaaS has a high dependence on the provider.
Characteristics
Here are the characteristics of PaaS service model:
• PaaS offers browser-based development environment. It allows the developer to
create database and edit the application code either via Application Programming Interface
or point-and-click tools.
• PaaS provides built-in security, scalability, and web service interfaces.
• PaaS provides built-in tools for defining workflow and approval processes and
defining business rules.
• It is easy to integrate with other applications on the same platform.
• PaaS also provides web services interfaces that allow us to connect the applications
outside the platform.
Software as a Service (SaaS) is a type of cloud computing model that is the work of
delivering services and applications over the Internet. The SaaS applications are called Web-
Based Software or Hosted Software.
SaaS has around 60 percent of cloud solutions and due to this, it is mostly preferred by
companies.
Advantages of SaaS
• SaaS can access app data from anywhere on the Internet.
• SaaS provides easy access to features and services.
Disadvantages of SaaS
• SaaS solutions have limited customization, which means they have some
restrictions within the platform.
• SaaS has little control over the data of the user.
• SaaS are generally cloud-based, they require a stable internet connection for
proper working.
Characteristics
• The Software are maintained by the vendor rather than where they are running.
• The license to the software may be subscription based or usage based. And it is
billed on recurring basis.
• SaaS applications are cost effective since they do not require any maintenance at
end user side.
• SaaS offers share data model. Therefore, multiple users can share single instance of
infrastructure. It is not required to hard code the functionality for individual users.
Virtualization in Cloud
Computing and Types
Virtualization is a technique how to separate a service from the underlying physical
delivery of that service. It is the process of creating a virtual version of something like
computer hardware. It was initially developed during the mainframe era. It involves using
specialized software to create a virtual or software-created version of a computing resource
rather than the actual version of the same resource. With the help of Virtualization, multiple
operating systems and applications can run on the same machine and its same hardware at the
same time, increasing the utilization and flexibility of hardware.
In other words, one of the main cost-effective, hardware-reducing, and energy-saving
techniques used by cloud providers is Virtualization. Virtualization allows sharing of a single
physical instance of a resource or an application among multiple customers and organizations
at one time. It does this by assigning a logical name to physical storage and providing a pointer
to that physical resource on demand. The term virtualization is often synonymous with
hardware virtualization, which plays a fundamental role in efficiently delivering
Infrastructure-as-a-Service (IaaS) solutions for cloud computing. Moreover, virtualization
technologies provide a virtual environment for not only executing applications but also for
storage, memory, and networking .
• Host Machine: The machine on which the virtual machine is going to be built is
known as Host Machine.
• Guest Machine: The virtual machine is referred to as a Guest Machine
Benefits of Virtualization
• More flexible and efficient allocation of resources.
• Enhance development productivity.
• It lowers the cost of IT infrastructure.
• Remote access and rapid scalability.
• High availability and disaster recovery.
• Pay peruse of the IT infrastructure on demand.
• Enables running multiple operating systems.
Drawback of Virtualization
• High Initial Investment: Clouds have a very high initial investment, but it is also
true that it will help in reducing the cost of companies.
• Learning New Infrastructure: As the companies shifted from Servers to Cloud, it
requires highly skilled staff who have skills to work with the cloud easily, and for
this, you have to hire new staff or provide training to current staff.
• Risk of Data: Hosting data on third-party resources can lead to putting the data at
risk, it has the chance of getting attacked by any hacker or cracker very easily.
Basically, there are two types of Hypervisors which are described below:
The hypervisor is a firmware or low-level program that acts as a Virtual Machine Manager.
There are two types of hypervisors:
A hypervisor has a simple user interface that needs some storage space. It exists as a thin
layer of software and to establish a virtualization management layer, it does hardware
management function. For the provisioning of virtual machines, device drivers and support
software are optimized while many standard operating system functions are not implemented.
Essentially, to enhance performance overhead inherent to the coordination which allows
multiple VMs to interact with the same hardware platform this type of virtualization system
is used.
Cloud Security
Cloud security is the set of strategies and practices for protecting data and applications
that are hosted in the cloud. Like cyber security, cloud security is a very broad area, and it is
never possible to prevent every variety of attack. However, a well-designed cloud security
strategy vastly reduces the risk of cyber-attacks.
Even with these risks, cloud computing is often more secure than on-premise
computing. Most cloud providers have more resources for keeping data secure than individual
businesses do, which let’s cloud providers keep infrastructure up to date and patch
vulnerabilities as soon as possible. A single business, on the other hand, may not have enough
resources to perform these tasks consistently.
Note: Cloud security is not the same thing as Security-as-a-Service (SECaaS or SaaS),
which refers to security products hosted in the cloud.
Most cloud security risks fit into one of these general categories:
The goal of a cloud security strategy is to reduce the threat posed by these risks as much
as possible by protecting data, managing user authentication and access, and staying
operational in the face of an attack.
Data can be encrypted both at rest (when it is stored) or in transit (while it is sent from
one place to another). Cloud data should be encrypted both at rest and in transit so that
attackers cannot intercept and read it. Encrypting data in transit should address both data
traveling between a cloud and a user, and data traveling from one cloud to another, as in a
multi-cloud or hybrid cloud environment. Additionally, data should be encrypted when it is
stored in a database or via a cloud storage service.
Identity and access management (IAM): Identity and access management (IAM)
products track who a user is and what they are allowed to do, and they authorize users and
deny access to unauthorized users as necessary. IAM is extremely important in cloud
computing because a user's identity and access privileges determine whether they can access
data, not the user's device or location.
IAM helps reduce the threats of unauthorized users gaining access to internal assets
and authorized users exceeding their privileges. The right IAM solution will help mitigate
several kinds of attacks, including account takeover attacks and insider threats (when a user
or employee abuses their access in order to expose data).
IAM may include several different services, or it may be a single service that combines
all of the following capabilities:
▪ Single sign-on (SSO) services help authenticate user identities for multiple
applications, so that users only have to sign in once to access all their cloud services
▪ Multi-factor authentication (MFA) services strengthen the user authentication
process
▪ Access control services allow and restrict user access
Firewall: A cloud firewall provides a layer of protection around cloud assets by blocking
malicious web traffic. Unlike traditional firewalls, which are hosted on-premise and defend
the network perimeter, cloud firewalls are hosted in the cloud and form a virtual security
barrier around cloud infrastructure.
Cloud firewalls block DDoS attacks, malicious bot activity, and vulnerability
exploits. This reduces the chances of a cyber-attack crippling an organization's cloud
infrastructure.
Implementing the above technologies (plus any additional cloud security products) is
not enough, on its own, to protect cloud data. In addition to standard cyber security best
practices, organizations that use the cloud should follow these cloud security practices:
☞ Proper configuration of security settings for cloud servers: When a company does
not set up their security settings properly, it can result in a data breach. Misconfigured cloud
servers can expose data directly to the wider Internet. Configuring cloud security settings
properly requires team members who are experts in working with each cloud, and may also
require close collaboration with the cloud vendor.
☞ Consistent security policies across all clouds and data centers: Security measures
have to apply across a company's entire infrastructure, including public clouds, private clouds,
and on-premises infrastructure. If one aspect of a company's cloud infrastructure — say, their
public cloud service for big data processing — is not protected by encryption and strong user
authentication, attackers are more likely to find and target the weak link.
☞ Backup plans: As with any other type of security, there must be a plan for when things
go wrong. To prevent data from getting lost or tampered with, data should be backed up in
another cloud or on-premise. There should also be a failover plan in place so that business
processes are not interrupted if one cloud service fails. One of the advantages of multi -cloud
and hybrid cloud deployments is that different clouds can be used as backup — for instance,
data storage in the cloud can back up an on-premise database.
☞ User and employee education: A large percentage of data breaches occur because a
user was victimized by a phishing attack, unknowingly installed malware, used an outdated
and vulnerable device, or practiced poor password hygiene (reusing the same password,
writing their password down in a visible location, etc.). By educating their internal employees
about security, businesses that operate in the cloud can reduce the risk of these occurrences.
(The Cloudflare Learning Center is a good resource for security education.)
• Always employ right tools and resources to perform any function in the cloud.
• Things should be done at right time and at right cost.
• Selecting an appropriate resource is mandatory for operation management.
• The process should be standardized and automated to manage repetitive tasks.
• Using efficient process will eliminate the waste of efforts and redundancy.
• One should maintain the quality of service to avoid re-work later.