Module 3

Cloud Infrastructure Mechanisms

1
Contents
• Network perimeter
• Virtual server
• Cloud storage device
• Cloud usage monitor.
• Resource replication.
• Ready-Made Environment

2
Cloud Infrastructure Mechanisms
Cloud infrastructure mechanisms are the fundamental building block of
cloud computing environment. It need the following components.
Logical Network perimeter– Techniques to implement networks in cloud.
Virtual server -- Techniques to implement machines in cloud.
Cloud storage device -- Techniques to implement storage in cloud.
Cloud storage monitor -- Techniques to implement monitor usage of
cloud resource.
Resource replication-- Techniques to implement replicate/duplicate
resources in cloud such as networks, machines ,software's etc.
Ready-made environment -- Techniques to provide ready made platform
solution to do something.
3
 3.1 Logical Network Perimeter
• Logical network perimeter is a isolation of a network
environment from the rest of a communication network
• The logical network perimeter establishes the virtual network
boundary that can include and isolate group of related Cloud
based IT resources that may be physically distributed.
• This can be implemented to
• Isolate IT resources in a cloud from non-authorized users.
• Isolate IT resources in a cloud from non-users
• Isolate IT resources in a cloud from cloud consumers .
• Control the bandwidth that is available to isolated IT
resources.
4
Contin..
Logical network perimeters are established via network devices that
supply and control the connectivity of data center and its IT resources
are virtualized that include
Virtual Firewall – It is a protection software that provides the
network traffic filtering and monitoring for virtual machines in a
virtualized environment.
Virtual Network – This is IT resource that isolates the network
environment within the data center infrastructure.
Ex: VPN,VLAN
VPAN restricts the browsing history to public.
Facilitates encryption.
5
• Virtual firewall (top) and virtual network. (bottom)
6
Two logical network perimeters surround the cloud
consumer and cloud provider environments.
• In which one logical network
perimeter contains a cloud
consumer’s on-premise environment,
while another contains a cloud
provider’s cloud-based environment.
• These perimeters are connected
through a VPN that protects
communications, since the VPN is
typically implemented by point-to-
point encryption of the data packets
sent between the communicating
endpoints.
7
DTGov Logical network perimeter

The virtual firewalls are allocated to and

controlled by a single cloud consumer in order
to regulate its virtual IT resource traffic. These IT
resources are connected through a virtual
network that is isolated from other cloud
consumers. The virtual firewall and the isolated
virtual network jointly form the cloud
consumer’s logical network perimeter.

Figure - Logical network

layout is established through
a set of logical network
perimeters using various
firewalls and virtual
8
networks.
3.2 Virtual Server
• A virtual server is a form of virtualization software that emulates the
physical server.
• Which are used by cloud providers to share the same physical server
with multiple cloud consumers with individual virtual server
instances.

9
The first physical server hosts two virtual
10
servers, while the second physical server hosts
• As a commodity mechanism ,the virtual server represents the most
foundational building block of cloud environments
• Virtual server(IT resource) can be used to host
 numerous IT resources(eg:CPU,Storage,Memory)
 cloud based solutions(such as JAVA platform)
 cloud computing mechanisms (service agent program
that monitors the cloud)

11
Virtual server that hosts a cloud service
being accessed by Cloud Service
Consumer B, while Cloud Service
Consumer A accesses the virtual server
directly to perform an administration
task.

A virtual server hosts an active cloud service and is

further accessed by a cloud consumer for
administrative purposes.
12
DTGov Virtual server
Several virtual servers running over physical servers, all of which are
jointly controlled by a central VIM.

13
• In order to enable the on-demand creation of virtual servers, DTGOV
provides cloud consumers with a set of template virtual servers that
are made available through pre-made VM images.
• These VM images are files that represent the virtual disk images used
by the hypervisor to boot the virtual server. DTGOV enables the
template virtual servers to have various initial configuration options
that differ, based on operating system, drivers, and management
tools being used. Some template virtual servers also have additional,
pre-installed application server software.
• The following virtual server packages are offered to DTGOV’s cloud
consumers. Each package has different pre-defined performance
configurations and limitations:

14
• Small Virtual Server Instance – 1 virtual processor core, 4 GB of virtual
RAM, 20 GB of storage space in the root file system.
• Medium Virtual Server Instance – 2 virtual processor cores, 8 GB of
virtual RAM, 20 GB of storage space in the root file system.
• Large Virtual Server Instance – 8 virtual processor cores, 16 GB of
virtual RAM, 20 GB of storage space in the root file system
• Memory Large Virtual Server Instance – 8 virtual processor cores, 64
GB of virtual RAM, 20 GB of storage space in the root file system
• Processor Large Virtual Server Instance – 32 virtual processor cores,
16 GB of virtual RAM, 20 GB of storage space in the root file system
• Ultra-Large Virtual Server Instance – 128 virtual processor cores, 512
GB of virtual RAM, 40 GB of storage space in the root file system

15
• Additional storage capacity can be added to a virtual server by attaching a
virtual disk from a cloud storage device.
• All of the template virtual machine images are stored on a common cloud
storage device that is accessible only through the cloud consumers’
management tools that are used to control the deployed IT resources.
• Once a new virtual server needs to be instantiated, the cloud consumer
can choose the most suitable virtual server template from the list of
available configurations. A copy of the virtual machine image is made and
allocated to the cloud consumer, who can then assume the administrative
responsibilities.
• The allocated VM image is updated whenever the cloud consumer
customizes the virtual server.
• After the cloud consumer initiates the virtual server, the allocated VM
image and its associated performance profile is passed to the VIM, which
creates the virtual server instance from the appropriate physical server.
16
 DTGov uses the process which is shown in figure for
the creation and management of virtual servers that
have different initial software configurations and
performance characteristics.

The cloud consumer uses the self-service portal to select

a template virtual server for creation (1).

A copy of the corresponding VM image is created in a

cloud consumer-controlled cloud storage device (2).

The cloud consumer initiates the virtual server using the

usage and administration portal (3),

which interacts with the VIM to create the virtual server

instance via the underlying hardware (4).

The cloud consumer is able to use and customize the

virtual server via other features on the usage and
administration portal (5)
17
3.3 Cloud Storage Device
• The cloud storage device mechanism represents storage devices that
are designed specifically for cloud-based provisioning.
• Storage devices can be virtualized.
• Cloud storage devices are commonly able to provide fixed-increment
capacity allocation in support of the pay-per-use mechanism.
• They can be accessed remotely via cloud storage services.
• The primary concern related to cloud storage is security, integrity, and
confidentiality of data.
• Legal and regulatory implications.
• WAN’s provide data with network latency and reliability.
18
Logical storage=7 TB

19
Cloud storage levels
• Cloud storage device mechanisms provide common logical units of data
storage, such as:
• Files – Collections of data are grouped into files that are located in folders.
(Amazon EFS, Google Cloud Filestore, or Azure Files, )
• Blocks – The lowest level of storage and the closest to the hardware, a
block is the smallest unit of data that is still individually accessible.
(Amazon EBS, Google Cloud Persistent Disk, or Azure
Managed Disks,)
• Datasets – Sets of data are organized into a table-based, delimited, or
record format.
• Objects – Data and its associated metadata are organized as Web-based
resources.( Ex:S3 using web url) Amazon S3, Google Cloud
Storage, or Azure Blob
20
Figure: Different cloud service consumers utilize different technologies
to interface with virtualized cloud storage devices.
21
Network Storage Interfaces
• Legacy network storage falls under the category of network storge interface.
• It include storage devices with industry standard protocols such as SCSI for
storage blocks, server message blocks(SMB), common file system (CIFS),
network file system(NFS) for file and network storage.
• In file storage system each data stores in a separate file with different file
size and formats organized in to folders and subfolders.
• When cloud storage device mechanism is based on this type interface its
data searching and extraction is suboptimal.
• Block storage allows data to be stored in a fixed format(Data Blocks) that
can be accessed and the storage format is closest to hardware.
• Using logical unit number or virtual volume block-level storage is better
than file-level storage.
22
Object Storage Interfaces
• Various types of data can be stored as web resources. This is referred
as object storage.
• Cloud Storage Device mechanisms that implement this interface can
typically be accessed via REST or Web service-based cloud services
using HTTP as the prime protocol.
• The Storage Networking Industry Association’s Cloud Data
Management Interface (SNIA’s CDMI) supports the use of object
storage interfaces.

23
 Database Storage Interfaces
• Cloud storage device mechanisms based on database storage interfaces typically support a query
language in addition to basic storage operations.
• There are two types
Relational data storage- A cloud storage device mechanism implemented using relational data
storage could be based on any number of commercially available database products, such as IBM
DB2, Oracle Database, Microsoft SQL Server, and MySQL.
Challenges with the mechanism is scaling and performance.
Scaling a relational cloud storage device vertically can be more complex and cost-ineffective than
horizontal scaling.
Non relational data storage –
Non-relational storage (also commonly referred to as NoSQL storage). NoSQL database
doesn't use tables for storing data. NoSQL databases, house data within one data
structure, such as JSON document.
Since this non-relational database design does not require a schema, it offers
rapid scalability to manage large and typically unstructured data sets.
• Non-relational storage can be more horizontally scalable than relational storage.
24
 CASE STUDY: DTGOV provides cloud consumers access to a cloud storage device based on an object
storage interface.
The object-based cloud storage device has an underlying
storage system with variable storage capacity, which is directly
controlled by a software component that also exposes the
interface. This software enables the creation of isolated cloud
storage devices that are allocated to cloud consumers. The
storage system uses a security credential management system
to administer user-based access control to the device’s data
objects .
The cloud consumer interacts with the usage and
administration portal to create a cloud storage device and
define access control policies (1). The usage and
administration portal interact with the cloud storage
software to create the cloud storage device instance and
apply the required access policy to its data objects (2). Each
data object is assigned to a cloud storage device and all of
the data objects are stored in the same virtual storage
volume. The cloud consumer uses the proprietary cloud
storage device UI to interact directly with the data objects
(3).
25
The creation of the cloud consumers’ block-based cloud storage
devices is managed by the virtualization platform, which instantiates
the LUN’s implementation of the virtual storage.

A logical unit number (LUN) is a unique identifier for

designating an individual or collection of physical or
virtual storage devices that execute input/output (I/O)
commands with a host computer, as defined by the
Small System Computer Interface (SCSI) standard.

The cloud consumer uses the usage and administration portal

to create and assign a cloud storage device to an existing virtual
server (1). The usage and administration portal interacts with
the VIM software (2a), which creates and configures the
appropriate LUN (2b). Each cloud storage device uses a
separate LUN controlled by the virtualization platform. The
cloud consumer remotely logs into the virtual server directly
(3a) to access the cloud storage device (3b).
26
3.4 Cloud Usage Monitor
The cloud usage monitor mechanism is a lightweight and autonomous software
program responsible for collecting and processing IT resource usage data.
It resource such as virtual server status(CPU ,memory, storage),
networks(bandwidth, latency ,throughput) are the examples of usage data .
The monitor collects these data and stores in it a separate log-database for
post-processing and reporting purposes.

Depending on the type of usage metrics there are 3 agent based

implementation formats
• Monitoring agent
• Resource agent
• Polling agent.

27
Monitoring agent
• A monitoring agent is an intermediary, event driven program that exists as a service agent and
reside along existing communication paths to transparently monitor and analyse the dataflows.
• This type of cloud usage monitor is used to measure the network traffic and message metrics.

A cloud service consumer sends a request message to a cloud service (1).

The monitoring agent intercepts the message to collect relevant usage data (2)
before allowing it to continue to the cloud service (3a).
The monitoring agent stores the collected usage data in a log database (3b).
The cloud service replies with a response message (4)
that is sent back to the cloud service consumer without being intercepted
by the monitoring agent (5).

28
Resource agent
• A resource agent is a processing module that collects usage data by having event-driven
interactions with specialized resource software.
• This module is used to monitor usage metrics based on pre-defined, observable events at the
resource software level, such as initiating, suspending, resuming, and vertical scaling.

The resource agent is actively monitoring a virtual server and

detects an increase in usage (1).
The resource agent receives a notification from the underlying
resource management program that the virtual server is being
scaled up and stores the collected usage data in a log database,
as per its monitoring metrics (2)

29
Polling Agent
• A polling agent is a processing module that collects cloud service usage data by polling IT
resources. This type of cloud service monitor is commonly used to periodically monitor IT
resource status, such as uptime and downtime.
A polling agent monitors the status of a cloud service hosted by a virtual server by sending periodic
polling request messages and receiving polling response messages that report usage status “A” after
a number of polling cycles, until it receives a usage status of “B” (1), upon which the polling agent
records the new usage status in the log database (2).

30
Case study:
DTGOV implements a resource agent that relies on the resource usage events
generated by the VIM platform to calculate the virtual server usage data.
The resource agent is designed with logic and metrics that are based on the
following rules:
1. Each resource usage event that is generated by the VIM software can
contain the following data:
• Event Type (EV_TYPE) – Generated by the VIM platform, there are five types
of events:
VM Starting (creation at the hypervisor)
VM Started (completion of the boot procedure)
VM Stopping (shutting down)
VM Stopped (termination at the hypervisor)
VM Scaled (change of performance parameters)
31
Contin..
• VM Type (VM_TYPE) – This represents a type of virtual server, as
dictated by its performance parameters. A predefined list of possible
virtual server configurations provides the parameters that are
described by the metadata whenever a VM starts or scales.
• Unique VM Identifier (VM_ID) – This identifier is provided by the VIM
platform.
• Unique Cloud Consumer Identifier (CS_ID) – Another identifier
provided by the VIM platform to represent the cloud consumer.
• Event Timestamp (EV_T) – An identification of an event occurrence
that is expressed in date-time format, with the time zone of the data
center and referenced to UTC as defined in RFC 3339 (as per the ISO
8601 profile)
32
Contin..
2. Usage measurements are recorded for every virtual server that a
cloud consumer creates.
3. Usage measurements are recorded for a measurement period whose
length is defined by two timestamps called tstart and tend. The start of
the measurement period defaults to the beginning of the calendar
month (tstart = 2012-12-01T00:00:00-08:00) and finishes at the end of
the calendar month (tend = 2012-12-31T23:59:59-08:00). Customized
measurement periods are also supported.
4. Usage measurements are recorded at each minute of usage. The
virtual server usage measurement period starts when the virtual server
is created at the hypervisor and stops at its termination
33
Contin..
5. Virtual servers can be started, scaled, and stopped multiple times during
the measurement period. The time interval between each occurrence i (i = 1,
2, 3,...) of these pairs of successive events that are declared for a virtual
server is called a usage cycle that is known as Tcycle_i:
• VM_Starting, VM_Stopping – VM size is unchanged at the end of the cycle
• VM_Starting, VM_Scaled – VM size has changed at the end of the cycle
• VM_Scaled, VM_Scaled – VM size has changed while scaling, at the end of
the cycle
• VM_Scaled, VM_Stopping – VM size has changed at the end of the cycle

34
Contin ..
6. The total usage, Utotal, for each virtual server during the
measurement period is calculated using the following resource usage
event log database equations:
• For each VM_TYPE and VM_ID in the log

• As per the total usage time that is measured for each VM_TYPE, the
vector of usage for each VM_ID is Utotal: Utotal = {type 1,
Utotal_VM_type_1, type 2, Utotal_VM_type_2, ...}

35
• The cloud consumer (CS_ID = CS1) requests the creation of a
virtual server (VM_ID = VM1) of configuration size type 1
(VM_TYPE = type1) (1)
• The VIM creates the virtual server (2a).
• The VIM’s event-driven API generates a resource usage event
with timestamp = t1, which the cloud usage monitor software
agent captures and records in the resource usage event log
database (2b).
• Virtual server usage increases and reaches the auto-scaling
threshold (3).
• The VIM scales up Virtual Server VM1 (4a)
• from configuration type 1 to type 2 (VM_TYPE = type2). The VIM’s
event-driven API generates a resource usage event with
timestamp = t2, which is captured and recorded at the resource
usage event log database by the cloud usage monitor software
agent (4b).
• The cloud consumer shuts down the virtual server (5)
• The VIM stops Virtual Server VM1 (6a)
• and its event driven API generates a resource usage event with
timestamp = t3, which the cloud usage monitor software agent
captures and records at the log database (6b).
• The usage and administration portal accesses the log database
and calculates the total usage (Utotal) for Virtual Server Utotal
VM1 (7) 36
7.5 Resource Replication
• Virtualization technology is used to
implement the resource replication
mechanism to replicate cloud-based IT
resources.
• The hypervisor replicates several
instances of a virtual server, using a
stored virtual server image.
• Such replication is independently of the
location where the resource needs to be
replicated.
• Such replication technique makes
resource available at any place.
• In case of resource failure, the resource
can be replicated anywhere.
37
Case study:
DTGOV establishes a set of high-availability
virtual servers that can be automatically
relocated to physical servers running in
different data centers in response to
severe failure conditions.

A high availability virtual server is running in Data

Center A. VIM instances, in Data Center A and
Data Center B, are executing the coordination
function that allows detection of failure
conditions. Storage of VM images is replicated
between data centers, as a consequence of the
high availability configuration.

38
The virtual server becomes
unavailable in Data Center A. VIM in
Data Center B detects the failure
condition and starts to reallocate the
high availability server from Data
Center A into Data Center B.

39
A new instance of the virtual
server is created in Data Center
B and the service becomes
available.

40
3.6 Ready-Made Environment
• The ready-made environment mechanism is a defining component of
the PaaS cloud delivery model that represents a predefined, cloud-
based platform comprised of a set of already installed IT resources,
ready to be used and customized by a cloud consumer.

41
Case study:Development and deployment
environment for ATN’s Part Number Catalog
application.
The developer uses the provided SDK to develop the Part
Number Catalog Web application (1).
The application software is deployed on a Web platform that
was established by two ready-made environments called the
front-end instance (2a)
and the back-end instance (2b).
The application is made available for usage and one end-user
accesses its front-end instance (3).
The software running in the front-end instance invokes a long-
running task at the back-end instance that corresponds to the
processing required by the end-user (4).
The application software deployed at both the front-end and
back-end instances is backed by a cloud storage device that
provides persistent storage of the application data (5)

42