Module -1

What is cloud computing?

Cloud computing is on-demand access, via the internet, to computing resources -

applications, servers (physical servers and virtual servers), data storage, development tools,
networking capabilities, and more—hosted at a remote data centre managed by a cloud
services provider (or CSP). The CSP makes these resources available for a monthly subscription
fee or bills them according to usage.

Compared to traditional on-premises IT, and depending on the cloud services you select,
cloud computing helps do the following:

 Lower IT costs: Cloud lets you offload some or most of the costs and effort of
purchasing, installing, configuring, and managing your own on-premises
infrastructure.

 Improve agility and time-to-value: With cloud, your organization can start using
enterprise applications in minutes, instead of waiting weeks or months for IT to
respond to a request, purchase and configure supporting hardware, and install
software. Cloud also lets you empower certain users—specifically developers and data
scientists—to help themselves to software and support infrastructure.

 Scale more easily and cost-effectively: Cloud provides elasticity—instead of

purchasing excess capacity that sits unused during slow periods, you can scale capacity
up and down in response to spikes and dips in traffic. You can also take advantage of
your cloud provider’s global network to spread your applications closer to users
around the world.

The term ‘cloud computing’ also refers to the technology that makes cloud work. This includes
some form of virtualized IT infrastructure—servers, operating system software, networking,
and other infrastructure that’s abstracted, using special software, so that it can be pooled and
divided irrespective of physical hardware boundaries. For example, a single hardware server
can be divided into multiple virtual servers.

Virtualization enables cloud providers to make maximum use of their data center resources.
Not surprisingly, many corporations have adopted the cloud delivery model for their on-
premises infrastructure so they can realize maximum utilization and cost savings vs.
traditional IT infrastructure and offer the same self-service and agility to their end-users.

Here are some important components of Cloud computing architecture:

1. Client Infrastructure:

Client Infrastructure is a front-end component that provides a GUI. It helps users to interact
with the Cloud.

2. Application:
The application can be any software or platform which a client wants to access.

3. Service:

The service component manages which type of service you can access according to the client’s
requirements.

Three Cloud computing services are:

Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)

4. Runtime Cloud:

Runtime cloud offers the execution and runtime environment to the virtual machines.

5. Storage:

Storage is another important Cloud computing architecture component. It provides a large

amount of storage capacity in the Cloud to store and manage data.

6. Infrastructure:

It offers services on the host level, network level, and application level. Cloud infrastructure
includes hardware and software components like servers, storage, network devices,
virtualization software, and various other storage resources that are needed to support the
cloud computing model.

7. Management:

This component manages components like application, service, runtime cloud, storage,
infrastructure, and other security matters in the backend. It also establishes coordination
between them.

8. Security:

Security in the backend refers to implementing different security mechanisms for secure
Cloud systems, resources, files, and infrastructure to the end-user.

9. Internet:

Internet connection acts as the bridge or medium between frontend and backend. It allows
you to establish the interaction and communication between the frontend and backend.
Cloud computing services

IaaS (Infrastructure-as-a-Service), PaaS (Platform-as-a-Service) and SaaS (Software-as-a-

Service) are the three most common models of cloud services, and it’s not uncommon for an
organization to use all three.

SaaS (Software-as-a-Service)

SaaS—also known as cloud-based software or cloud applications—is application software

that’s hosted in the cloud, and that users access via a web browser, a dedicated desktop
client, or an API that integrates with a desktop or mobile operating system. In most
cases, SaaS users pay a monthly or annual subscription fee; some may offer ‘pay-as-you-go’
pricing based on your actual usage.

In addition to the cost savings, time-to-value, and scalability benefits of cloud, SaaS offers the
following:

 Automatic upgrades: With SaaS, users take advantage of new features as soon as the
provider adds them, without having to orchestrate an on-premises upgrade.

 Protection from data loss: Because SaaS stores application data in the cloud with the
application, users don’t lose data if their device crashes or breaks.

SaaS is the primary delivery model for most commercial software today—there are hundreds
of thousands of SaaS solutions available, from the most focused industry and departmental
applications, to powerful enterprise software database and AI (artificial intelligence)
software.

PaaS (Platform-as-a-Service)

PaaS provides software developers with on-demand platform—hardware, complete software

stack, infrastructure, and even development tools—for running, developing, and managing
applications without the cost, complexity, and inflexibility of maintaining that platform on-
premises.

With PaaS, the cloud provider hosts everything—servers, networks, storage, operating
system software, middleware, databases—at their data center. Developers simply pick from
a menu to ‘spin up’ servers and environments they need to run, build, test, deploy, maintain,
update, and scale applications.

Today, PaaS is often built around containers, a virtualized compute model one step removed
from virtual servers. Containers virtualize the operating system, enabling developers to
package the application with only the operating system services it needs to run on any
platform, without modification and without need for middleware.
Red Hat OpenShift is a popular PaaS built around Docker containers and Kubernetes, an open
source container orchestration solution that automates deployment, scaling, load balancing,
and more for container-based applications.

IaaS (Infrastructure-as-a-Service)

IaaS provides on-demand access to fundamental computing resources—physical and virtual

servers, networking, and storage—over the internet on a pay-as-you-go
basis. IaaS enables end users to scale and shrink resources on an as-needed basis, reducing
the need for high, up-front capital expenditures or unnecessary on-premises or ‘owned’
infrastructure and for overbuying resources to accommodate periodic spikes in usage.

In contrast to SaaS and PaaS (and even newer PaaS computing models such as containers and
serverless), IaaS provides the users with the lowest-level control of computing resources in
the cloud.

IaaS was the most popular cloud computing model when it emerged in the early 2010s. While
it remains the cloud model for many types of workloads, use of SaaS and PaaS is growing at a
much faster rate.

Serverless computing

Serverless computing (also called simply serverless) is a cloud computing model that offloads
all the backend infrastructure management tasks–provisioning, scaling, scheduling,
patching—to the cloud provider, freeing developers to focus all their time and effort on the
code and business logic specific to their applications.

What's more, serverless runs application code on a per-request basis only and scales the
supporting infrastructure up and down automatically in response to the number of requests.
With serverless, customers pay only for the resources being used when the application is
running—they never pay for idle capacity.

FaaS, or Function-as-a-Service, is often confused with serverless computing when, in fact, it's
a subset of serverless. FaaS allows developers to execute portions of application code (called
functions) in response to specific events. Everything besides the code—physical
hardware, virtual machine operating system, and web server software management—is
provisioned automatically by the cloud service provider in real-time as the code executes and
is spun back down once the execution completes. Billing starts when execution starts and
stops when execution stops.
Types of cloud computing or Cloud Deployment Models

Public Cloud

Public cloud is a type of cloud computing in which a cloud service provider makes computing
resources—anything from SaaS applications, to individual virtual machines (VMs), to bare
metal computing hardware, to complete enterprise-grade infrastructures and development
platforms—available to users over the public internet. These resources might be accessible
for free, or access might be sold according to subscription-based or pay-per-usage pricing
models.

The public cloud provider owns, manages, and assumes all responsibility for the data centers,
hardware, and infrastructure on which its customers’ workloads run, and it typically provides
high-bandwidth network connectivity to ensure high performance and rapid access to
applications and data.

Public cloud is a multi-tenant environment—the cloud provider's data center infrastructure is

shared by all public cloud customers. In the leading public clouds—Amazon Web Services
(AWS), Google Cloud, IBM Cloud, Microsoft Azure, and Oracle Cloud—those customers can
number in the millions.

Many enterprises are moving portions of their computing infrastructure to the public cloud
because public cloud services are elastic and readily scalable, flexibly adjusting to meet
changing workload demands. Others are attracted by the promise of greater efficiency and
fewer wasted resources since customers pay only for what they use. Still others seek to
reduce spending on hardware and on-premises infrastructures.

Private cloud

Private cloud is a cloud environment in which all cloud infrastructure and computing
resources are dedicated to, and accessible by, one customer only. Private cloud combines
many of the benefits of cloud computing—including elasticity, scalability, and ease of service
delivery—with the access control, security, and resource customization of on-premises
infrastructure.

A private cloud is typically hosted on-premises in the customer's data center. But a private
cloud can also be hosted on an independent cloud provider’s infrastructure or built on rented
infrastructure housed in an offsite data center.

Many companies choose private cloud over public cloud because private cloud is an easier
way (or the only way) to meet their regulatory compliance requirements. Others choose
private cloud because their workloads deal with confidential documents, intellectual
property, personally identifiable information (PII), medical records, financial data, or other
sensitive data.

By building private cloud architecture according to cloud native principles, an organization

gives itself the flexibility to easily move workloads to public cloud or run them within a hybrid
cloud (see below) environment whenever they’re ready.

Hybrid cloud

Hybrid cloud is just what it sounds like—a combination of public and private cloud
environments. Specifically, and ideally, a hybrid cloud connects an organization's private
cloud services and public clouds into a single, flexible infrastructure for running the
organization’s applications and workloads.

The goal of hybrid cloud is to establish a mix of public and private cloud resources—and with
a level of orchestration between them—that gives an organization the flexibility to choose
the optimal cloud for each application or workload and to move workloads freely between
the two clouds as circumstances change. This enables the organization to meet its technical
and business objectives more effectively and cost-efficiently than it could with public or
private cloud alone.

Community Cloud
The community Deployment Model is somewhat similar to the Private cloud. In the private
cloud, only one user or organization owns the cloud server. In Community Cloud, several
companies with the same backgrounds share the cloud server. If all organizations or
companies have the same set of security protocols and performance requirements, and goals,
this multi-tenant architecture can help them save cost and boost efficiency. This model can
be used in the case of project development, implementation, and maintenance.

Advantages of Cloud Computing

Here are some of the key advantages of cloud computing:

 Cost Savings
 Reliability
 Strategic Edge
 Security
1. Cost Savings
There are both advantages and disadvantages of cloud computing when it comes to cutting
down expenses. The most obvious disadvantage is that the cost to implement cloud
services the first time can be quite costly. If you estimate beyond that initial cost, cloud
computing helps businesses and organizations cut several expenses in the long run.

Another important benefit is that most cloud computing services are pay-as-you-go - you only
have to pay for the features and data storage that you use.

2. Reliability

Most cloud service providers assure guaranteed assistance round the clock. When you opt for
cloud computing, all the service-related technicalities are taken care of by the cloud service
provider. In the case of a disaster, even if the host server fails, the data can easily be
transitioned to other available servers. The cloud service providers abide by the signed Service
Level Agreements (SLAs) to ensure timely assistance to your business needs.

3. Strategic Edge

With the rise in competition among businesses, you need to implement the latest
technologies and applications out there to catch up with the rest of the crowd. Installing and
maintaining new software can cost companies a huge deal of money. Through cloud
computing, you will have access to all the latest applications and infrastructure without
actually having to invest in software installations and maintenance.

4. Security

With the advancements in technology, every cloud service provider offers more advanced
security features to their clients with full backup and recovery. A The key to this is the
encryption of all data that is transmitted over networks and stored in databases. This is much
more efficient and reliable than a conventional in-house system, where a high percentage of
data thefts can occur. A study by RapidScale shows that 94 percent of businesses saw major
security improvements after switching to the cloud.
Additional Advantages

 On-demand self-service
 Multi-tenancy
 Resilient computing
 Fast and effective virtualization
 Low-cost software
 Advanced online security
 Always available
 Automatic scaling to suit demands
 Pay-per-use
 Web-based control & interfaces
 API access available

Disadvantages of Cloud Computing

Here we have listed some of the key disadvantages of cloud computing:

 Downtime
 Vendor Lock-In
 Limited Control and Flexibility
 Security

1. Downtime

Downtime can lead to lost customers, data failure, and lost revenue. So when it comes to the
advantages and disadvantages of cloud computing, downtime is at the top of the list for most
businesses.

Since cloud computing systems are all internet-based, there is no way to avoid downtime.
Moreover, if you are in a place with no connectivity, you will not be able to access the data,
software, or applications on the cloud.

No organization is immune to downtime. On 20th August 2020, Google suffered a mass

outage that lasted for over an hour. It became one of the most talked-about topics last year
and ultimately sent panic waves to several businesses around the world.

Here are some best practices you can follow to reduce downtime:
 Consider multi-region deployments to ensure business continuity
  Define a disaster recovery plan with the lowest recovery time and recovery point
objectives
 Design all your services with disaster recovery in mind

2. Vendor Lock-In

When we discuss the advantages and disadvantages of cloud computing, vendor lock-in is
another thing that tops the list. Although most cloud service providers assure that it is a
breeze to use the cloud and integrate your business needs with them, disengaging and moving
to the next vendor is still a huge problem. The applications that work fine with one platform
may not be compatible with another. The transition might pose a risk and the change could
be inflexible due to synchronization and support issues.

Here are some best practices you can follow for reducing dependency on one vendor:
 Implement a multi-cloud strategy
 When designing applications, build in flexibility to ensure portability in the future
 Under exactly what the cloud service vendors are selling to avoid lock-in

3. Limited Control and Flexibility

Since the cloud service providers own, manage and monitor the entire cloud infrastructure,
most companies have minimal control over their data. The end-user license agreement (EULA)
and management policies might differ among the service providers. The most common case
is that it hands over minimal control to the customer, and their access is limited to the
applications, tools, and data that is loaded on the server. The customer may not have access
to the key administrative services. The worst-case scenario is when they impose limits on
what customers can do with their deployments.

Here are some best practices you can follow for maintaining control and flexibility:

 Understand the responsibilities of the cloud provider in the contract to reduce the
chance of errors
 Understand the cloud service provider’s basic and advanced levels of support
 Understand the SLA of the cloud infrastructure and how it impacts your agreements
with your customers

4. Security
It is important to note that there are conflicting arguments when it comes to security in cloud
services. There are both advantages and disadvantages of cloud computing when it comes to
storing company data. The most obvious disadvantage is that data is vulnerable to cyber
attacks when stored in the cloud. However, a study by Gartner shows that by 2025, 99
percent of data breaches and cyberattacks will be due to the customer's mistakes and human
error.

Security Issues in Cloud Computing:

Data Loss
Data Loss is one of the issues faced in Cloud Computing. This is also known as Data Leakage.
As we know that our sensitive data is in the hands of Somebody else, and we don’t have full
control over our database. So, if the security of cloud service is to break by hackers, then it
may be possible that hackers will get access to our sensitive data or personal files.

Interference of Hackers and Insecure API’s

As we know, if we are talking about the cloud and its services it means we are talking about
the Internet. Also, we know that the easiest way to communicate with Cloud is using API. So
it is important to protect the Interface’s and API’s which are used by an external user. But also
in cloud computing, few services are available in the public domain which are the vulnerable
part of Cloud Computing because it may be possible that these services are accessed by some
third parties. So, it may be possible that with the help of these services hackers can easily
hack or harm our data.

User Account Hijacking

Account Hijacking is the most serious security issue in Cloud Computing. If somehow the
Account of User or an Organization is hijacked by a hacker then the hacker has full authority
to perform Unauthorized Activities.

Changing Service Provider

Vendor lock-In is also an important Security issue in Cloud Computing. Many organizations
will face different problems while shifting from one vendor to another. For example, An
Organization wants to shift from AWS Cloud to Google Cloud Services then they face various
problems like shifting of all data, also both cloud services have different techniques and
functions, so they also face problems regarding that. Also, it may be possible that the charges
of AWS are different from Google Cloud, etc.

Lack of Skill
While working, shifting to another service provider, need an extra feature, how to use a
feature, etc. are the main problems caused in IT Company who doesn’t have skilled
Employees. So it requires a skilled person to work with Cloud Computing.
Denial of Service (DoS) attack
This type of attack occurs when the system receives too much traffic. Mostly DoS attacks
occur in large organizations such as the banking sector, government sector, etc. When a DoS
attack occurs, data is lost. So, in order to recover data, it requires a great amount of money
as well as time to handle it.

What Are Cloud Security Services?

Cloud security services are a set of services designed to mitigate risk and improve compliance
of cloud environments. Since these environments can be quite complex, involving a wide
range of technologies and processes and, at the same time, exposed to a variety of threats,
they can’t be protected by a one-size-fits-all solution. Rather, most of these services tackle
specific areas. We’ll elaborate on that in a moment.

Technically speaking, these services are actually managed cloud-security services, meaning,
they’re managed and operated by third parties. Offloading security operations to a third party
has several benefits, including:

 Threats can be monitored, detected, and responded to by experts who actually

know what to do. This ensures threats are dealt with properly and completely.

 Managed cloud security services providers are usually also trained to help
organizations achieve regulatory compliance—an area that’s normally also outside
of an organization’s expertise.

 Your IT staff no longer have to handle cyber incidents and can focus instead on
supporting your core business operations.

What Are Some Types of Cloud Security Services?

Cloud environments can be quite complex, consisting of a mishmash of technologies and

processes. At the same time, they’re exposed to a wide range of threats. Hence, you normally
don’t find a one-size-fits-all cloud security service. Rather, most of these services tackle
specific areas. Some of the most common types of cloud security services include data loss
prevention (DLP), identity and access management (IAM), email security, web security, and
intrusion detection.

Data Loss Prevention

With so much data being uploaded to and generated by cloud services, and with so many
applications and devices accessing that data, the chance of data loss is enormous. DLP services
are built to detect the presence of sensitive data—credit card data, electronic Protected
Health Information (ePHI), social security numbers, etc.—and prevent them from falling into
the wrong hands.

Identity and Access Management

IAM services ensure that users adhere to the principle of least privilege, meaning they force
users to access cloud resources and perform actions that are permissible to their designated
role or function. For instance, an ordinary user shouldn’t be able to create instances or delete
snapshots. An IAM service can enforce that policy. By using an IAM service, administrators
can create permission policies and then associate them with a user or group of users.

Email Security

As the weakest link in the security chain, users are often the targets in cyberattacks. And
because practically all users use email, many of these attacks—such as phishing and Trojans—
are carried out through that medium. Some of these attacks may compromise your cloud
environment. For instance, a spear phishing attack may be aimed at acquiring cloud
administrator credentials. One way to mitigate these threats is by employing a capable email
security service that can detect phishing emails and malicious attachments.

Web Security

Increased usage of cloud services is an added burden to IT administrators, who now have to
deal with a much larger attack surface. Users access cloud services from different locations—
in their headquarters, at home, in branch offices, or just about anywhere. Web security
solutions, which sit between users (regardless of location) and the internet in typical
scenarios, provide administrators the means to secure these connections and protect them
against cyber threats.

Intrusion Detection

Intrusion-detection solutions monitor inbound and outbound traffic for suspicious activities
and detect potential threats. Usually, detection is done through pattern recognition
mechanisms that identify specific signatures and behaviours. Traditional intrusion detection
is usually applied to the network layer. However, we’re now seeing more solutions applying
this kind of protection to the host layer (i.e., to the virtual machines themselves). By detecting
threats before they can exploit vulnerabilities, businesses can prevent threat actors from
establishing a beachhead in the targeted system.

What about Security Information and Event Management?

A Security Information and Event Management (SIEM) solution collects log and event data
from various security tools and network devices (e.g., antivirus solutions, DLP software,
intrusion detection solutions, firewalls, routers, switches) in real-time, correlates all
aggregated data, and then generates alerts based on predefined rules. It’s one of the key tools
of threat detection and incident response teams, enabling them to respond quickly to threats.

Encryption

Encryption, which protects data by rendering it unreadable, is a highly sought security control,
not only because it preserves data confidentiality, but also because this functionality is one
of the basic requirements for compliance with data privacy/protection laws and regulations
such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card
Industry Data Security Standard (PCI DSS), and General Data Protection Regulation (GDPR).
What about Business Continuity and Disaster Recovery?

Despite the high availability (HA) capabilities of cloud environments, unforeseen events can
still disrupt business operations. A server instance may fail, ransomware may encrypt files in
your cloud storage, a distributed denial-of-service (DDoS) attack may render your services
unreachable, and so on. Business continuity and disaster recovery services can help ensure
you can continue doing business as usual or recover in the quickest possible time should an
unforeseen disruptive event occur.

Can Cloud Security Services Help with Network Security?

We all know that scalability is a key characteristic of the cloud. Internet as a Service (IaaS)
users can spin up a bunch of servers with ease. Auto-scaling takes that capability even further
by enabling organizations to deploy hundreds if not thousands of instances rapidly, again with
relative ease. But that scalability comes with a cost. It now means IT teams have a much larger
attack surface to secure, a responsibility that’s made even more challenging with the
increased adoption of more complex hybrid cloud infrastructures. Network security services
help businesses address vulnerabilities in user-to-cloud as well as intra-cloud and inter-cloud
data exchanges.

What Are Best Practices when Using Cloud Security Services?

With so many different cloud security services in the market today, it can be difficult to put
them together into an effective layer of defence. In the following subsections, we’ll share with
you some best practices that will help you make the most of using cloud security services.

Recognize Your Shared Security Responsibility Model

Before you embark on any cloud security program, it’s important to understand your role in
the shared security responsibility model. It defines what portions of the cloud environment
are your responsibility and which ones are for your cloud provider. Generally speaking, your
provider will oversee the security of the cloud, and you will be responsible for security in the
cloud.

Different cloud service offerings like Software as a Service (SaaS) and IaaS have different takes
on this model, so make sure you’re looking at the right one. Your provider should have this
information.

Clarify Concerns about Security Measures and Procedures in Place

While large cloud providers have several security controls in place, the presence of these
controls and the extent of their coverage may vary from one provider to another. Hence, it’s
important to know exactly which controls exist as well as the details pertinent to these
controls.

What’s their disaster recovery plan? Do they have information that maps their security
controls with specific regulatory requirements? What access control, encryption, and backup
mechanisms are readily available? What is the extent of their technical support? Do they have
24/7 support? These are some of the questions you should ask.
Utilize an Identity and Access Management Solution

The 2021 Cost of a Data Breach Report identified cloud misconfigurations as the third-most
common initial attack vectors. What’s alarming is that many of these misconfigurations aren’t
even intentional. One way to minimize this particular risk is to limit privileged access to only
those who absolutely need it. Better yet, limit the scope of administrative functions to specific
administrators. Conversely, you shouldn’t be granting absolute administrative rights to just
one person. All this can be achieved by using an IAM solution.

Train Employees to Recognize Threats

Since users are the weakest link in the security chain, something must be done to strengthen
that link. Otherwise, your cloud security initiatives will only go to waste. Now, since it’s their
lack of security awareness that’s likely exposing them to threats, education is the best
solution.

Ensure all your users undergo security awareness training, and keep them updated with the
latest threats, particularly those that target end users (e.g., phishing, spear phishing, and
other social engineering attacks). You can even incorporate it into your onboarding process
so that they can be equipped with the right mindset from day one.

Document and Apply Cloud Security Policies

To facilitate a smooth implementation of your cloud security program, document all relevant
policies, processes, and procedures. These will serve as guard rails for all members of your
organization to follow. However, those policies shouldn’t be left to gather dust. Leadership
must take it upon themselves to inspire employee buy-in and spearhead the implementation
of those security policies.

Automated In-Depth Defence Strategy

Current cyber threats operate mostly with a high degree of sophistication. Thus, for your
cloud security services to be effective against them, you need to incorporate them into an in-
depth defense strategy. This means a strategy that layers several security mechanisms that
can counter sophisticated threats should one defense fail.

For greater efficacy, those security solutions should be integrated, automated, and
orchestrated. This will eliminate manual and time-consuming processes, streamline security
operations, optimize threat monitoring, ensure faster detection and incident response, and
lower the total cost of ownership (TCO).

Outsource Your Cloud Service Security

Not all organizations have dedicated cybersecurity teams, let alone a full-fledged security
operations center (SOC), that can architect and implement a defense-in-depth strategy as well
as manage its cloud security solutions and take charge of threat monitoring, detection, and
response.

If you lack (or have no) in-house cybersecurity staff, the best option would be to outsource
cloud security services. Third parties such as managed security service providers (MSSPs) can
manage existing cloud security services and also offer cloud security services themselves. By
outsourcing your security responsibilities, you can focus more on your core business.

Parallels RAS: Virtualize Your Infrastructure, and Enhance Your Cloud Security

As businesses increase the adoption of remote and hybrid work environments, cloud-based
applications and desktops are taking center stage more often. This is giving rise to cloud-ready
VDI solutions such as Parallels® Remote Applications Server. There are several advantages of
using a VDI solution like Parallels RAS, especially from a cloud security standpoint.

Superior Encryption

Data-in-motion encryption is an essential security control in any cloud-based use case. That’s
because user sessions usually pass through the internet and, hence, are exposed to several
network-based threats such as man-in-the-middle attacks. Parallels RAS protects these
sessions with strong Transport Layer Security/Secure Sockets Layer (SSL/TLS) encryption and
uses cryptographic elements that comply with the Federal Information Processing Standard
(FIPS) 140-2 to provide enterprise-grade security and hide confidential information from
network eavesdroppers.

Monitoring Tools

Parallels RAS also provides monitoring tools that enable IT administrators to gain in-depth
visibility into user sessions. This allows them to monitor what users are doing on the network.
In addition, Parallels RAS also auto-baselines its VDI environment. You can use this to trigger
alert notifications should user activities deviate from the baseline, i.e., when abnormal
actions are detected.

Hardened Access with Multifactor Authentication

Since users access cloud-based VDI desktops and applications remotely from any device, it’s
important to make sure that the person logging in is really who that user claims to be. Parallels
RAS mitigates the risk of unauthorized logins by adding several multifactor authentication
(MFA) options, including Azure MFA, Duo, FortiAuthenticator, TekRADIUS, RADIUS, Deepnet,
Google Authenticator, or Gemalto (formerly SafeNet). With MFA, even if a threat actor
manages to acquire a legitimate user’s login password, that person will still be unable to log
in if the second factor fails to match what Parallels RAS expects.

Advanced Permissions Filtering

In addition to MFA, Parallels RAS further minimizes the chances of unauthorized access by
enabling administrators to create granular filtering rules for user access to a Parallels RAS
farm. Administrators can specify who can access a published resource based on several
criteria, including user, IP address, client device name, client device OS, media access control
(MAC) address, and gateway. Only users that can satisfy the specified criteria are granted
access.
Client Policies

One major advantage of delivering virtual applications and desktops from a centralized
location such as the cloud is that it simplifies endpoint device management and security.
Parallels RAS makes it much easier by allowing administrators to add users to a group, create
client policies, and then apply those policies to that group, thereby ensuring policy
enforcement.

Cloud Architecture Design Principles

 Operational Excellence is concerned with the operation and monitoring of systems in

order to deliver corporate value and enhance processes and procedures on a
continuous basis. It consists of
 managing and automating changes
 responding to events
 defining standards to successfully manage daily operations.
 Security – Focuses on protecting information and systems. It includes
confidentiality and integrity of data
 identifying and managing who can do what with privilege management
 protecting systems
 controls to detect security events
 Reliability – It focuses on the ability to prevent, and quickly recover from failures to
meet business and customer demand. It includes
 foundational elements around setup
 cross project requirements
 recovery planning
 how we handle change.
 Performance Efficiency – It focuses on using IT and computing resources efficiently. It
includes
 selecting the right resource types and sizes based on workload requirements
 monitoring performance
 making informed decisions to maintain efficiency as business needs evolve.
 Cost Optimization – It focuses on avoiding un-needed costs. It includes
 understanding and controlling where money is being spent,
 choosing the proper number of resource kinds and the most relevant resource
types
 Scaling to fulfil corporate needs without overspending by assessing spend over
time.

Core Principles

The AWS Architectural is guided by two key cloud architecture principles: elasticity and
scalability.

Elasticity

 Ability to employ resources in a flexible and effective manner

  Avoids the conventional anti-pattern of over-provisioning infrastructure resources in
order to meet capacity demands.
 Elasticity saves money by avoiding the costs of over-provisioned resources like
electricity, space, and maintenance.
 AWS operates on a pay-as-you-go/pay-for-what-you-use model.

Scalability

 Scalability without having to change the design.

 This is achieved in AWS by scaling out.
 Technology components are commodities that can be thrown away if they fail or added
to if they succeed.
 Maintain a unified approach to architecture and development.

Cloud security
Traditionally, security concerns have been the primary obstacle for organizations
considering cloud services, particularly public cloud services. In response to demand,
however, the security offered by cloud service providers is steadily outstripping on-
premises security solutions.

Maintaining cloud security demands different procedures and employee skillsets than in
legacy IT environments.

Some cloud security best practices include the following:

 Shared responsibility for security: Generally, the cloud provider is responsible for
securing cloud infrastructure and the customer is responsible for protecting its data
within the cloud—but it's also important to clearly define data ownership between
private and public third parties.

 Data encryption: Data should be encrypted while at rest, in transit, and in use.
Customers need to maintain full control over security keys and hardware security
module.

 User identity and access management: Customer and IT teams need full
understanding of and visibility into network, device, application, and data access.

 Collaborative management: Proper communication and clear, understandable

processes between IT, operations, and security teams will ensure seamless cloud
integrations that are secure and sustainable.

 Security and compliance monitoring: This begins with understanding all regulatory
compliance standards applicable to your industry and setting up active monitoring of
all connected systems and cloud-based services to maintain visibility of all data
exchanges between public, private, and hybrid cloud environments.