Malout Institute of

Management and information

Technology
Department of Computer science and
Engineering

LAB MANUAL

Cloud Computing
(BTCS 604-18)

Submitted to: Submitted by:

Er:Gurpreet Singh Piyush Goyal

Assistant Professor CSE-6th Sem
i
Department of IT 425 (2106217)
AIM 1 : INTRODUCTION TO CLOUD COMPUTING.........................................................................................1
Advantages of cloud computing.............................................................................................................................3
Types of Cloud Computing.....................................................................................................................................3
Types of Cloud Services.........................................................................................................................................4
AIM 2: INSTALLING LINUX INSIDE WINDOWS USING VMWARE..................................................................7
AIM 3: INTRODUCTION TO CLOUDSIM........................................................................................................ 12
The core features of CloudSim:................................................................................................................ 12
Is Cloudsim suitable for my research work?............................................................................................. 12
Does Cloudsim setup require a High computing system?........................................................................13
How to download Cloudsim?.................................................................................................................... 13
How to install Cloudsim?.......................................................................................................................... 14
How does cloudsim work?........................................................................................................................ 14
How to run my first cloudsim simulation scenario?...................................................................................15
AIM 4 : IMPLEMENT CLOUDSIM AND CREATE DATA CENTER AND BROKERS......................................16
AIM 5 : EXPLORE CLOUDANALYST.............................................................................................................. 21
AIM 6 :- TO STUDY CLOUD SECURITY MANAGEMENT..............................................................................26
What is cloud security management?....................................................................................................... 26
Why is security management in the cloud important?..............................................................................27
What are the challenges of cloud security management?........................................................................28
Implementing cloud security management............................................................................................... 29
AIM 7 :-TO STUDY AND IMPLEMENTATION OF IDENTITY MANAGEMENT................................................31
Identity and Access Management............................................................................................................. 31
AIM 8 :-CASE STUDY - AMAZON WEB SERVICES/MICROSOFT AZURE/GOOGLE CLOUD SERVICES..34

ii
Aim 1 : Introduction to Cloud Computing.

Cloud Computing is the delivery of computing services such as servers, storage,

databases, networking, software, analytics, intelligence, and more, over the Cloud
(Internet).

Cloud Computing provides an alternative to the on-premises datacentre. With an on-

premises datacentre, we have to manage everything, such as purchasing and
installing hardware, virtualization, installing the operating system, and any other
required applications, setting up the network, configuring the firewall, and setting up
storage for data. After doing all the set-up, we become responsible for maintaining it
through its entire lifecycle.

But if we choose Cloud Computing, a cloud vendor is responsible for the hardware
purchase and maintenance. They also provide a wide variety of software and
platform as a service. We can take any required services on rent. The cloud
computing services will be charged based on usage.

1
The cloud environment provides an easily accessible online portal that makes handy
for the user to manage the compute, storage, network, and application resources.
Some cloud service providers are in the following figure.

2
Advantages of cloud computing
o Cost: It reduces the huge capital costs of buying hardware and software.

o Speed: Resources can be accessed in minutes, typically within a few clicks.

o Scalability: We can increase or decrease the requirement of resources according to

the business requirements.
o Productivity: While using cloud computing, we put less operational effort. We do not
need to apply patching, as well as no need to maintain hardware and software. So, in
this way, the IT team can be more productive and focus on achieving business goals.
o Reliability: Backup and recovery of data are less expensive and very fast for
business continuity.
o Security: Many cloud vendors offer a broad set of policies, technologies, and
controls that strengthen our data security.

Types of Cloud Computing

o Public Cloud: The cloud resources that are owned and operated by a third-party
cloud service provider are termed as public clouds. It delivers computing resources
such as servers, software, and storage over the internet
o Private Cloud: The cloud computing resources that are exclusively used inside a
single business or organization are termed as a private cloud. A private cloud may

3
 physically be located on the company’s on-site datacentre or hosted by a third-party
service provider.
o Hybrid Cloud: It is the combination of public and private clouds, which is bounded
together by technology that allows data applications to be shared between them.
Hybrid cloud provides flexibility and more deployment options to the business.

Types of Cloud Services

1. Infrastructure as a Service (IaaS): In IaaS, we can rent IT infrastructures like

servers and virtual machines (VMs), storage, networks, operating systems from a
cloud service vendor. We can create VM running Windows or Linux and install
anything we want on it. Using IaaS, we don’t need to care about the hardware or
virtualization software, but other than that, we do have to manage everything else.
Using IaaS, we get maximum flexibility, but still, we need to put more effort into
maintenance.
2. Platform as a Service (PaaS): This service provides an on-demand environment for
developing, testing, delivering, and managing software applications. The developer is
responsible for the application, and the PaaS vendor provides the ability to deploy
and run it. Using PaaS, the flexibility gets reduce, but the management of the
environment is taken care of by the cloud vendors.
3. Software as a Service (SaaS): It provides a centrally hosted and managed software
services to the end-users. It delivers software over the internet, on-demand, and
typically on a subscription basis. E.g., Microsoft One Drive, Dropbox, WordPress,

4
 Office 365, and Amazon Kindle. SaaS is used to minimize the operational cost to the
maximum extent.

Implementation of cloud services :

5
Dropbox

6
Aim 2: Installing Linux inside Windows using
VMWare.

Requirements

Good internet connection to download software and Linux ISO. (You can also
use some other computer with an internet connection to download these
files.)
Windows system with at least 20 GB of free space. A 25GB+ Free space is
good for installing the latest version of Ubuntu.
Windows system with 8 GB of RAM. (It can work with less RAM as well, but
your system will start to lag while using Linux in the virtual machine.)
Make sure to enable virtualization in the BIOS

Step 1: Download and install VMWare

Step 2: Install Linux using VMWare

7
You have installed VMWare and you have downloaded the ISO for Linux. You
are now set to install Linux in VMware.
Now, start VMWare and click on Create New Virtual Machine.

Select Linux type and ubuntu 64 type

Give the virtual machine a name and press Next.

8
Installing Ubuntu in VMWare

9
Next, you need to set your Keyboard Layout, which by default is set to English US.

Once done with your settings, you can press the Install Now button. This will ask you to
provide a time zone.

10
Pressing Continue will ask you to provide user credentials like name, password etc. Provide them all
and press Continue.

11
Aim 3: Introduction to Cloudsim.
CloudSim is a simulation toolkit that supports the modelling and simulation of the
core functionality of the cloud, like job/task queue, processing of events, creation of
cloud entities(datacenter, datacenter brokers, etc.), communication between different
entities, implementation of broker policies, etc. This toolkit allows to:

 Test application services in a repeatable and controllable environment.

 Tune the system bottlenecks before deploying apps in an actual cloud.
 Experiment with different workload mix and resource performance
scenarios on simulated infrastructure for developing and testing
adaptive application provisioning techniques
The core features of CloudSim:

 The Support of modeling and simulation of large-scale computing

environments as federated cloud data centers, and virtualized server
hosts, with customizable policies for provisioning host resources to
virtual machines and energy-aware computational resources
 It is a self-contained platform for modeling cloud service brokers,
provisioning, and allocation policies.
 It supports the simulation of network connections among simulated
system elements.
 Support for simulation of federated cloud environment, that inter-
networks resources from both private and public domains.
 Availability of a virtualization engine that aids in the creation and
management of multiple independent and co-hosted virtual services on
a data center node.
 Flexibility to switch between the space-shared and time-shared
allocation of processing cores to virtualized services.
Is Cloudsim suitable for my research work?

This simulation toolkit is an API that allows a developer to run any server hardware
model as a software simulation, to analyze its behavior for real-world workloads.

12
Therefore it is clear that it allows a researcher to simulate the Infrastructure as a
Service(IaaS) layer.

This includes software models of data centers, hosts, storage, virtual machines,
Cloud datacenter brokers, allocation & scheduling policies for the virtual machines as
well as tasks, power management policies including migrations and consolidation of
the virtual machines over different hosts, defining the workload attributes for its
execution simulation over the cloud systems, etc.

It is not applicable/suitable where you are looking to analyze any service related to
Platform as a Service(PaaS) or Software as a Service(SaaS) for example real-time
applications, security algorithms, platform implementations, etc

Does Cloudsim setup require a High computing system?

No, not at all. The cloudsim is a software simulation toolkit and is developed using
Java programming language, Therefore, any computer system with a dual-core
processor, 2 GB RAM, and 1 GB storage is good enough to simulate the cloud-
based systems using the cloudsim as this is required to support the JRE working.

Also, the hardware requirements may differ on the basis of which IDE you are using
for JAVA development.

How to download Cloudsim?

By default, the project page displays the source code(based on the maven build tool)
of the current release, which is currently released version 5.0(beta) and the page
displays the basic information about the project along with the publication details.

Every version except 6.0 and 5.0(still under development) contains 4 asset files.

The example description for each asset file is as follows:

 cloudsim-4.0.tar.gz: This file contains the compiled JAR file that can
be directly used in the custom simulation implementation where there

13
 is no need to change the source code of the cloudsim simulation
engine. This version is Linux-specific.
 Source code(tar.gz): This file contains a similar structure as
mentioned above, but it is specific to Linux
How to install Cloudsim?

Cloudsim setup is very easy, and I encourage you to start with version 3.0.3.

For this, you may follow the following link: cloudsim-setup-using-eclipse/.

This link describes in detail all the steps required to configure the Cloudsim 3.0.3
version successfully and can help you to also understand the core architecture of
this cloudsim simulation tool.

The cloudsim 3.0.3 version is best to start with that once you understand the basic
working and architecture then you can move to the latest version.

How does cloudsim work?

As it is already mentioned that the cloudsim allows modeling and simulate the cloud
system components, therefore to support its function different set of classes has
been developed by its developers:

 To simulate the regions and datacenters the class named

“Datacenter.java” is available in org.cloudbus.cloudsim package.
 To simulate the workloads for the cloud, the class named
“Cloudlet.java” is available in org.cloudbus.cloudsim package.
 To simulate the load balancing and policy-related implementation the
classes named “DatacenterBroker.java”, “CloudletScheduler.java”,
“VmAllocationPolicy.java”, etc are available under
org.cloudbus.cloudsim package.
 Now because all the different simulated hardware models are required
to communicate with each other to share the simulation work updates
this cloudsim has implemented a discrete event simulation engine that

14
 keeps track of all the task assignments among the different simulated
cloud components.
How to run my first cloudsim simulation scenario?

Once you have completed your installation/setup and understand the basic workings
of the cloudsim, the next step is to implement your custom scenario.

Any simulation will go through the following steps:

 Initialize the CloudSim with the current clock time and this will also
initialize the core CloudInformationService entity.
 Create Datacenter(s) as Datacenters are the resource providers in
CloudSim. We need to list one of them to run a CloudSim simulation.
 Create a Broker to simulate the user workload scheduling as well as
virtual machine allocation and placements.
 Create one/more virtual machines and submit them to the broker for
further submitting it to the respective DataCenters for placement and
execution management during the simulation run.
 Create one/more Cloudlets and submit the Cloudlet list to the broker for
further task scheduling on the active virtual machines for its processing
during the simulation run.
 Starts the simulation, this will initiate all the entities and components
created above and put them into execution for supporting various
simulation operations.
 Stop the simulation, concludes the simulation, and flush all the entities
& components before the exit of a simulation run.
 Print results when the simulation is over, where you will be able to
display which cloudlet executed on which virtual machine along with
how much time it spent in execution, its start time as well as its finish
time.

15
Aim 4 : Implement Cloudsim and Create data center and
brokers.

let us see how to implement cloudsim and how to create a datacenter and run a
cloudlet with a broker and virtual machines .

16
Output:

17
A example showing how to create a datacenter with one host and run two

cloudlets on it. The cloudlets run in VMs with the same MIPS requirements.

The cloudlets will take the same time t complete the execution.

18
 A simple example showing how to createtwo datacenters with one host each and
run cloudlets of two users on them.

19
Output:

20
Aim 5 : Explore Cloudanalyst.

1. Interface of cloud analyst

2.configure simulation : add user base

21
3. configure simulation: change the region of user base

4. Configure simulation: Add Data Center Configuration

22
5. Configure Simulation: change the region of data centers .

6. Configure Simulation: Add Data Centers and change their region

23
7. Configure Simulation: Choose service Broker Policy ( like: closest data center) &
add more user base

8. Simulation Complete: Here Connection is build.

24
9. Overall Response Time Summary :-

25
Aim 6 :- To study cloud security management.

Organizations of all sizes have adopted cloud strategies to varying degrees. While
beneficial in many ways, the cloud also has its risks, which organizations should fully
assess before placing assets there. In this comprehensive guide, complete with links
to more information, we lay out the challenges in securing the cloud environment as
well as how to develop best practices for managing cloud security.

What is cloud security management?

Cloud security management is not a single concept or product. It is actually a
complementary combination of strategies, tools and practices that are intended to
help a business host workloads and data in a cloud efficiently and cost-effectively --
yet limit the threats and vulnerabilities that are often present in complex public
networks as well as shared cloud resources and services. Cloud security is a
multifaceted endeavour that involves numerous efforts, including the following:

 Authentication and authorization. This is comprehensive user management

based on cloud services, such as identity and access management (IAM), to
ensure that any cloud users or devices are authorized to access workloads and
data.
 Data security. Use encryption to guard valuable business data against theft,
loss, or other unauthorized access.
 Suitable cloud architectures. Compose cloud architectures and connect
security services that are appropriate and properly configured for each workload
being hosted.
 Proper application configuration. Beyond the proper configuration of cloud
resources and services, each workload hosted in the cloud will also possess
varied configuration options that must be set and maintained properly.
 Monitoring and reporting. Cloud security requires comprehensive tooling to
guard against malicious activity, maintain data integrity, and produce real-time
alerts and ongoing reporting in response to detected security issues.

26
Why is security management in the cloud
important?
Far too often, organizations place their trust in cloud providers to ensure a secure
environment. Unfortunately, that approach has numerous problems -- namely, that
cloud providers don't always know the risk associated with a customer's systems and
data. They don't have visibility into other components in the customer's ecosystem
and the security requirements of those components. Failing to take ownership of
cloud security is a serious downfall that could lead organizations to suffer data loss,
system breaches and devastating attacks.

The irony here is that many organizations approach cloud computing thinking that
the business can offload the problems and responsibilities of everyday computing.
While this is true to an extent with issues such as facilities maintenance and capital
expenditure mitigation, it's not true with issues such as data compliance and security.
A business bears responsibility for the security and compliant use of its data in the
cloud -- just as a taxpayer bears responsibility for the accuracy and completeness of
their tax returns, even when those documents are prepared by someone else.

The Cloud Security Alliance (CSA) shared the most common cloud security
challenges to give organizations a sense of the massive attack surface cloud
computing presents. In addition to the potential for data breaches and lack of
visibility, the following are some of the most egregious problems the alliance found

 Misconfigurations and inadequate change controls.

 Lack of cloud security architecture and strategy.
 Insufficient identity, credential, access and key management.
 Account hijacking.
 Insecure interfaces and APIs.
 Abuse and nefarious use of cloud services.
The fallout from cloud attacks is often exponential, and the blast radius of attacks
continues to expand. For example, "an attack on a single user's credentials reaches
far beyond the targeted victim, often affecting the entire organization and its
customers," wrote Dave Shackleford, principal consultant at Voodoo Security. Recent
27
attacks also illustrate an immaturity of organizations' ability to defend their cloud
environments, he added.

The type of cloud environment an organization selects must be well considered

because private, public and hybrid options each have pros and cons. For instance, a
public cloud strategy can lighten the load on an organization's IT team since they
don't have to manage systems in-house. A public cloud provider might not be as
particular as the organization about security, however, which could leave gaps in the
organization's protection.

With a private cloud environment, an organization might gain more control over
security, but cloud costs and complexity will likely rise as a result. And while a hybrid
approach -- part public, part private -- might seem like the perfect compromise, it
presents challenges, too, including policy enforcement across environments.

What are the challenges of cloud security

management?
Cloud security faces an ever-growing array of challenges. Businesses that use the
cloud (or are considering cloud deployment targets) should take the time to seriously
consider many of the most important security challenges, including the following:

28
 Shared responsibility. Clouds operate on a shared responsibility model, but
there are often misunderstandings about responsibilities and definitions that lead
to critical gaps in security management. It's important to understand the shared
responsibility model clearly and work with providers to ensure that each side
meets its obligations.
 Limited visibility. If you can't see it, you can't manage it: It's an old axiom that
perfectly suits cloud security efforts. A business must be able to see where all of
their applications and data are located in the cloud, and this can be problematic
with such decentralized control over different business teams and divisions that
might use the cloud. There must be a means of discovering, tracking, and
reporting on the assets present in the cloud.
 Compliance challenges. A business is obligated to know what assets it has
available, where those assets are located, and how they're being used. When a
cloud provider obscures this information (or a user does not bother to access this
information), the business could experience a costly breach in regulatory
compliance. It's important to understand the tools and visibility offered by a
provider and to understand how that information can meet compliance
requirements.
 Limited control. Businesses do not own the cloud infrastructure. While a user
can assert considerable control over some security issues like user authorization
and authentication, users typically do not assert control over the underlying cloud
infrastructure as they would within a local data center. This can lead to security
concerns in how data is accessed and shared.
 Cloud differences. Every cloud is different. As businesses explore hybrid and
multi-cloud environments, there are bound to be differences in tools, services,
configurations and capabilities that might cause an inconsistent or incomplete
security posture for the business. This is another case where consultations with
the providers can be extremely beneficial for business users.

Implementing cloud security management

There is no single means of implementing and managing cloud security. The
approaches are as varied as the tools and the business that use them. However,
there are several guiding principles that can be applied to implementation:

29
 Understand the business drivers and goals. This is another way of "starting
with the end in mind." Cloud security -- and its proper management -- are there
for a purpose, which is to serve the business and facilitate business interests.
Any implementation of cloud security management should be in response to
business needs. For example, compliance might be a primary security goal for a
highly regulated business.
 Create security principles and practices. Consider how the business should
approach cloud security, such as accessing and protecting data. Chances are
that cloud security and security management will vary from traditional data center
security, so think ahead and evaluate how cloud security processes should best
work for the business.
 Select and implement tools. There are plenty of tools, platforms and services
available to help implement and manage cloud security. One size does not fit all,
and each product offering has unique strengths and tradeoffs. However, knowing
the business goals and intended practices makes the job of finding and validating
cloud security management tools considerably easier. This could still require
some adjustments to principles and practices, but the underlying ideas should be
consistent.
 Encrypt data and monitor. Data should ideally be encrypted at rest and in flight.
User and workload access should adopt zero-trust and other highly restricted
postures. Monitor network traffic and watch for intrusion. Scan for malicious
activity, such as unauthorized data access. Oversee end users and devices.
 Report. Use the alerting and reporting features of the cloud security
management system to deliver timely security reports to cloud workload
stakeholders and business leaders. Recognize the threats (e.g., an unpatched
operating system) and take proactive action to mitigate those risks on an ongoing
basis.
 Reevaluate. Threats and business needs are always changing, and so should
cloud security. As cloud security evolves, the cloud security management effort
should also change in order to address new and emerging threats. This is often a
team effort that involves business, technology and legal leadership from across
the business.

30
Aim 7 :-To study and implementation of identity
management.

Identity and Access Management

In a recent study by Verizon, 63% of the confirmed data breaches are due to either
weak, stolen, or default passwords used. There is a saying in the cybersecurity world
that goes like this “No matter how good your chain is it’s only as strong as your
weakest link.” and exactly hackers use the weakest links in the organization to
infiltrate. They usually use phishing attacks to infiltrate an organization and if they get
at least one person to fall for it, it’s a serious turn of events from thereon. They use
the stolen credentials to plant back doors, install malware or exfiltrate confidential
data, all of which will cause serious losses for an organization.

How Identity and Access Management Works?

AWS(Amazon Web Services) will allows you to maintain the fine-grained
permissions to the AWS account and the services provided Amazon cloud. You can
manage the permissions to the individual users or you can manage the permissions
to certain users as group and roles will helps you to manage the permissions to the
resources.

What Is Identity and Access Management(IAM)?

Identity and Access Management (IAM) is a combination of policies and technologies
that allows organizations to identify users and provide the right form of access as
and when required. There has been a burst in the market with new applications, and
the requirement for an organization to use these applications has increased
drastically. The services and resources you want to access can be specified in IAM.
IAM doesn’t provide any replica or backup. IAM can be used for many purposes
such as, if one want’s to control access of individual and group access for your AWS
resources. With IAM policies, managing permissions to your workforce and systems
to ensure least-privilege permissions becomes easier. The AWS IAM is a global
service.

31
Components of Identity and Access Management (IAM)
1. Users
2. Roles
3. Groups
4. Policies

With these new applications being created over the cloud, mobile and on-premise
can hold sensitive and regulated information. It’s no longer acceptable and feasible
to just create an Identity server and provide access based on the requests. In current
times an organization should be able to track the flow of information and provide
least privileged access as and when required, obviously with a large workforce and
new applications being added every day it becomes quite difficult to do the same. So
organizations specifically concentrate on managing identity and its access with the
help of a few IAM tools. It’s quite obvious that it is very difficult for a single tool to
manage everything but there are multiple IAM tools in the market that help the
organizations with any of the few services given below.

IAM Identities Classified As

 IAM Users
 IAM Groups
 IAM Roles

IAM Policies
IAM Policies can manage access for AWS by attaching them to the IAM Identities or
resources IAM policies defines permissions of AWS identities and AWS resources
when a user or any resource makes a request to AWS will validate these policies and
confirms whether the request to be allowed or to be denied. AWS policies are stored
in the form of Jason format the number of policies to be attached to particular IAM
identities depends upon no.of permissions required for one IAM identity. IAM identity
can have multiple policies attached to them.

32
 Figure – Services under IAM

IAM Features
1. Shared Access to your Account: A team working on a project can easily
share resources with the help of the shared access feature.
2. Free of cost: IAM feature of the AWS account is free to use & charges are
added only when you access other Amazon web services using IAM users.
3. Have Centralized control over your AWS account: Any new creation of
users, groups, or any form of cancellation that takes place in the AWS account
is controlled by you, and you have control over what & how data can be
accessed by the user.
4. Grant permission to the user: As the root account holds administrative
rights, the user will be granted permission to access certain services by IAM.

33
Aim 8 :-Case Study - Amazon Web Services/Microsoft
Azure/Google cloud services.

Parameter AWS Azure Google Cloud

Platform

App Testing It uses It uses DevTest It uses Cloud

device farm labs Test labs.

API Management Amazon API Azure API gateway Cloud

gateway endpoints.

Kubernetes EKS Kubernetes Kubernetes

Management service engine

Git Repositories AWS source Azure source Cloud source

repositories repositories repositories.

Data warehouse Redshift SQL warehouse Big Query

Object Storage S3 Block Blobs and Google cloud

files storage.

Relational DB RDS Relational DBs Google Cloud

SQL

Block Storage EBS Page Blobs Persistent

disks

Marketplace AWS Azure G suite

File Storage EFS Azure Files ZFS and Avere

Media Services Amazon Azure media Cloud video

Elastic services intelligence
transcoder API

Virtual network VPC VNet Subnet

Pricing Per hour Per minute Per minute

Maximum 128 128 96

processors in VM

34
Maximum 3904 3800 1433
memory in VM
(GiB)

Catching ElasticCache RedisCache CloudCDN

Load Balancing Elastic Load Load Balancer Cloud Load

Configuration Balancing Application Balancing
Gateway

Global Content CloudFront Content Delivery Cloud

Delivery Network Interconnect
Networks

35