Cloud Computing – Second Internals

Important Questions – Answers

Explain Security Risks Posed by Shared Images and Management OS (10 Marks,
CO4)
Shared images can inadvertently contain sensitive information like access credentials, SSH
keys, or browsing history. Attackers can use these to gain unauthorized access. Management
OSes, especially those used in virtualization platforms like Xen, are particularly vulnerable
due to their broad privileges over virtual machines. Many attacks target the control plane
(Dom0), posing risks to data integrity and platform security.

Explain Operating System Security and Virtual Machine Security (8 Marks, CO4)
Operating system security involves managing user privileges, process isolation, and secure
kernel modules. In a cloud environment, virtual machine security adds another layer,
isolating workloads using hypervisors. While hypervisors are smaller and easier to secure,
they still rely on a trusted Management OS. Common practices include encryption, secure
boot, and patch management to reduce vulnerabilities.

Explain Cloud Service Models at Different Service Levels (7 Marks, CO3)

Cloud service models include:
- Infrastructure as a Service (IaaS): Offers raw computing resources like storage and virtual
machines (e.g., Amazon EC2).
- Platform as a Service (PaaS): Provides a platform to develop and deploy applications (e.g.,
Google App Engine).
- Software as a Service (SaaS): Delivers complete software applications over the internet
(e.g., Salesforce).
Each model offers varying levels of control, flexibility, and user responsibility.

Define Trust. Explain the Security of Database Services (10 Marks, CO4)
Trust in cloud computing refers to a user's confidence that their data and applications are
secure and handled correctly by the provider.
Database Security involves access control, encryption, and secure APIs. Services like AWS
provide mechanisms like KMS (Key Management Service) and fine-grained IAM roles to
safeguard stored data. Contracts should specify data ownership, liability, and geographic
storage to build trust.

Explain Reputation-Guided Protection for Datacentre (8 Marks, CO4)

Reputation systems aggregate user feedback and behavior to evaluate trustworthiness. In
cloud environments, such systems can detect malicious users, prevent denial-of-service
attacks, and limit access for suspicious accounts. Distributed or centralized models are used,
and they're essential for data center protection in a multi-tenant cloud.
Explain the Challenges in Cloud Architecture Development (7 Marks, CO3)
Challenges include:
- Interoperability: Lack of standards between cloud providers.
- Security and Privacy: Especially in multi-tenant environments.
- Data Lock-in: Difficulty in migrating data between providers.
- Resource Management: Elastic scaling and dynamic provisioning.
Solutions include standardized APIs (like OVF), trust overlays, and adaptive monitoring.

Explain the Various System Issues for Running a Parallel Program in Either
Parallel or Distributed Manner (13 Marks, CO5)
Key issues include:
- Partitioning: Dividing data and computation.
- Mapping: Assigning tasks to processing nodes.
- Synchronization: Coordinating task execution to avoid race conditions.
- Communication: Exchanging data between tasks.
- Scheduling: Efficient use of limited computing resources.
These aspects must be handled efficiently for optimal system performance and scalability.

Explain Programming the Google App Engine and Amazon AWS (12 Marks, CO5)
Google App Engine (GAE) provides a PaaS model supporting Python, Java, and Go with
integrated services like user authentication, data storage, and scalable app deployment.
Amazon AWS offers IaaS and PaaS services like EC2 for compute, S3 for storage, and EBS for
block storage. Developers interact via REST APIs, SDKs, and CLI tools, configuring services
to scale dynamically based on user demand.

Explain Emerging Cloud Software Environments (13 Marks, CO5)

Emerging environments include:
- Hadoop and MapReduce: For distributed data processing.
- Dryad, Twister, and Pig Latin: For scalable data analysis.
- Eucalyptus, OpenNebula, and Nimbus: Open-source IaaS tools.
These environments support advanced cloud functionalities like iterative processing,
workflow integration, and big data analytics.

Explain the Dataflow in Running a MapReduce Job at Various Task Trackers

Using Hadoop Library (12 Marks, CO5)
A MapReduce job follows this flow:
- Input data is split and processed by Map tasks on TaskTrackers.
- Intermediate results are shuffled and sorted.
- Reduce tasks aggregate data and produce final output.
Hadoop ensures fault tolerance by re-running failed tasks. TaskTrackers communicate with
a central JobTracker, which manages task assignment and job coordination.