Cloud computing architecture:

Cloud computing architecture consists of many loosely coupled cloud components.

The architecture is mainly divides the cloud architecture into two parts:
1) Front End
2) Back End
Each end is connected to others through a network, generally to the Internet.

View of cloud computing architecture

Front End
 The front end is the side of computer user or client.
 It involves the interfaces and the applications that are necessary to access the Cloud Computing
system.
Back End
 The back end is the cloud section of the system.
 It involves all the resources which are necessary to give Cloud computing services.
 It includes huge data storage, virtual machines, security mechanism, services, deployment models,
servers etc.
 To give built-in security mechanism, traffic control and protocols is the responsibility of the back
end.

Cloud infrastructure consists of servers, storage devices, network, cloud management

software, deployment software, and platform virtualization.
Hypervisor
Hypervisor is a firmware or low-level program that acts as a Virtual Machine Manager. It
allows to share the single physical instance of cloud resources between several tenants.

Management Software
It helps to maintain and configure the infrastructure.

Deployment Software
It helps to deploy and integrate the application on the cloud.

Network
It is the key component of cloud infrastructure. It allows to connect cloud services over the
Internet. It is also possible to deliver network as a utility over the Internet, which means, the
customer can customize the network route and protocol.

Server
The server helps to compute the resource sharing and offers other services such as resource
allocation and de-allocation, monitoring the resources, providing security etc.

Storage
Cloud keeps multiple replicas of storage. If one of the storage resources fails, then it can be
extracted from another one, which makes cloud computing more reliable.

Infrastructural Constraints
Fundamental constraints that cloud infrastructure should implement are shown in the following
diagram:
Transparency
Virtualization is the key to share resources in cloud environment. But it is not possible to satisfy
the demand with single resource or server. Therefore, there must be transparency in resources,
load balancing and application, so that we can scale them on demand.

Scalability
Scaling up an application delivery solution is not that easy as scaling up an application because
it involves configuration overhead or even re-architecting the network. So, application delivery
solution is need to be scalable which will require the virtual infrastructure such that resource
can be provisioned and de-provisioned easily.

Intelligent Monitoring
To achieve transparency and scalability, application solution delivery will need to be capable of
intelligent monitoring.

Security
The mega data center in the cloud should be securely architected. Also the control node, an
entry point in mega data center, also needs to be secure.

Service models:
Cloud computing is based on Service model.

Categories of service model

The service models are categorized into three basic models:

1) Software-as-a-Service (SaaS)
2) Platform-as-a-Service (PaaS)
3) Infrastructure-as-a-Service (IaaS)
 1) Software-as-a-Service (SaaS)

 SaaS is known as 'On-Demand Software'.

 It is a software distribution model. In this model, the applications are hosted by a cloud service
provider and publicized to the customers over internet.
 In SaaS, associated data and software are hosted centrally on the cloud server.
 User can access SaaS by using a thin client through a web browser.
 CRM, Office Suite, Email, games, etc. are the software applications which are provided as a service
through Internet.
 The companies like Google, Microsoft provide their applications as a service to the end users.
Advantages of SaaS
 SaaS is easy to buy because the pricing of SaaS is based on monthly or annual fee and it allows the
organizations to access business functionalities at a small cost, which is less than licensed
applications.
 SaaS needed less hardware, because the software is hosted remotely, hence organizations do not
need to invest in additional hardware.
 Less maintenance cost is required for SaaS and do not require special software or hardware
versions.
Disadvantages of SaaS
 SaaS applications are totally dependent on Internet connection. They are not usable without Internet
connection.
 It is difficult to switch amongst the SaaS vendors.

2) Platform-as-a-Service (PaaS)

 PaaS is a programming platform for developers. This platform is generated for the programmers to
create, test, run and manage the applications.
 A developer can easily write the application and deploy it directly into PaaS layer.
 PaaS gives the runtime environment for application development and deployment tools.
 Google Apps Engine(GAE), Windows Azure, SalesForce.com are the examples of PaaS.
Advantages of PaaS
 PaaS is easier to develop. Developer can concentrate on the development and innovation without
worrying about the infrastructure.
 In PaaS, developer only requires a PC and an Internet connection to start building applications.
Disadvantages of PaaS
 One developer can write the applications as per the platform provided by PaaS vendor hence the
moving the application to another PaaS vendor is a problem.

3) Infrastructure-as-a-Service (IaaS)

 IaaS is a way to deliver a cloud computing infrastructure like server, storage, network and operating
system.
 The customers can access these resources over cloud computing platform i.e Internet as an on-
demand service.
 In IaaS, you buy complete resources rather than purchasing server, software, datacenter space or
network equipment.
 IaaS was earlier called as Hardware as a Service(HaaS). It is a Cloud computing platform based
model.
 HaaS differs from IaaS in the way that users have the bare hardware on which they can deploy their
own infrastructure using most appropriate software.
Advantages of IaaS
 In IaaS, user can dynamically choose a CPU, memory storage configuration according to need.
 Users can easily access the vast computing power available on IaaS Cloud platform.
Disadvantages of IaaS
 IaaS cloud computing platform model is dependent on availability of Internet and virtualization
services.

How Cloud Computing works:

The cloud has to be divided into different layers. These layers are the front-end and back-end layers.
Front-end layer is that part of the cloud which users can interact with. For example, when we log in
to our Gmail account, we see the UI (user interface) where everything works on event-driven buttons
and graphics. Similarly, a software also runs in the front end of the cloud. Again, the back-end
comprises of hardware as well as software that delivers the back-end data from the database to the
front end.

Cloud uses a network layer to connect different devices to provide access to resources that are
residing in the centralized data center of the cloud. Cloud technology users can use the data center
through the company's network or internet facilities. This technology provides various advantages; as
users can access the cloud from anywhere at any time, but the network bandwidth should have to be
more. This technology not only facilitates desktop and laptop users but the mobile users can also
access their business systems based on their demand.

As we already know that cloud computing is fast and efficient, applications running on the cloud take
advantages of flexibility and computing power, i.e., the speed of processing a task. Many computers
of a single organization work together along with their application on the cloud as if all the
 applications were running on a single machine. This flexibility of accessing the cloud resources
allows users to use much or little of the resource based on the demand.

In the Cloud computing system architecture, there is another mechanism of shifting the workload.
Local machines don't have to perform massive lifting operations when it comes to run applications.
Cloud technology can handle those heavy loaded tasks automatically easily and efficiently. This
brings down the hardware & software demands. The only thing that the users have to think is the
cloud computing interface software of the system, which works merely as a web-browser in the front
end of the user. The cloud's network takes care of the rest along with the back-end.

The back-end is connected through a virtual network or internet. Other than that, there are few more
components such as Middleware, cloud resources, etc. that includes the cloud computing
architecture. The backend is used by service providers that include various servers, computers,
virtual machines & data storage facilities that are combined to form the cloud technology. Its
dedicated server handles each application in the system. The front end includes the cloud computing
system or network that is used for accessing the cloud computing system. The cloud computing
systems' interface varies from cloud to cloud.
The back-end has two principal responsibilities:

1. Provides traffic control mechanisms, security postures & governing the protocols
2. To employ those internet protocols that are connected to the networked computer for
communication
One central server is used to manage the entire cloud system architecture. The server is solely
responsible for handling the smoothness of traffic without disruption. Middleware is a particular type
of software that is used to perform processes & also connects networked computers. Depending on
the demand of client/user, the storage is provided by the cloud technology's service provider.

Deployment models in cloud computing:

Types of Cloud

The types of access of cloud are defined in Deployment model.

Cloud can be accessed in following four ways:

i) Public cloud
ii) Private cloud
iii) Hybrid cloud
iv) Community cloud

i) Public cloud

 In the public cloud, systems and services are accessible to the general public. For example, Google,
IBM, Microsoft etc.
 Public cloud is open to all. Hence, it may be less secure.
 This cloud is suitable for information which is not sensitive.
 Advantages of Public cloud:
 Public cloud is less expensive than the private cloud or hybrid cloud because it shares same
resources with many customers.
 It is easy to combine public cloud with private cloud so it gives the flexible approach to the
customer.
 It is reliable because it provides large number of resources from various locations and if any
resource fails, another is employed.

ii) Private cloud

 In the private cloud, systems and services are accessible within an organization.
 This cloud is operated only in a particular organization. It is managed internally or by third party.

Advantages of Private cloud:

 Private cloud is highly secured because resources are shared from distinct pool of resources.
 As compared to the Public cloud, Private cloud has more control on its resources and hardware
because it accessed only in the boundary of an organization.
Disadvantages of Private Cloud:
 Private cloud is very difficult to deploy globally and it can be accessed locally only.
 Private cloud's cost is more than that of Public cloud.

iii) Hybrid cloud

 Hybrid cloud is a mixture of public and private cloud.

 In hybrid cloud, critical activities are conducted using Private cloud and the non-critical activities
are conducted using Public cloud.

Advantages of hybrid cloud model:

 It is scalable because it gives the features of both public and private cloud.
 It gives secure resources because of Private cloud and scalable resources because of Public cloud.
 The cost of the Hybrid cloud is less as compared to Private cloud.
Disadvantages of hybrid Cloud:
 In hybrid cloud, networking becomes complicated because both Private and Public cloud are
available.

iv) Community cloud

 Community cloud enables the system and services which are accessible by group of organizations.
 It shares the infrastructure between several organizations from a specific community.
 It is managed internally and operated by several organizations or by the third party or combination
of them.

Advantages of Community Cloud model:

 In Community cloud, cost is low as compared to Private cloud.
 Community cloud gives an infrastructure to share cloud resources and capabilities between several
organizations.
 This cloud is more secure than the Public cloud but less secured than the Private cloud.

As cloud technology is providing users with so many benefits, these benefits must have to be
categorized based on users requirement. Cloud deployment model represents the exact category of
cloud environment based on proprietorship, size, and access and also describes the nature and
purpose of the cloud. Most organizations implement cloud infrastructure to minimize capital
expenditure & regulate operating costs.

The NIST model:

The National Institute of Standards and Technology (NIST) is an agency under the scope of US
Department of Commerce which is responsible for expounding & defining standards in Science and
Technology. The Computer Security Division of NISD has provided a formal definition of Cloud
computing. The US government is a major consumer of computer technology and also one of the
major cloud computing network users. According to the NIST working definition of cloud,
deployment model is one of the two categories of model illustrated by NIST. The NIST model
doesn't require cloud technology to use virtualization to share resources. Cloud support multi-
tenancy; multi-tenancy is the concept of sharing of resources among two or more clients. The latest
NIST model of cloud computing requires virtualization and utilizes the concept of multi-tenancy.

As the cloud computing us approaching towards a set of interacting components, such as Service-
oriented Architecture, users can expect the future versions of the NIST model may include more
features also.

UNIT IV: Service Management in Cloud Computing

The delivery of dynamic, cloud-based infrastructure, platform and application services

doesn't occur in a vacuum. In addition to best practices for effective administration of
all the elements associated with cloud service delivery, cloud service
management and cloud monitoring tools enable providers to keep up with the
continually shifting capacity demands of a highly elastic environment.

SLA( Service level agreement):

A service level agreement (SLA) is a contract between a service provider (either internal or
external) and the end user that defines the level of service expected from the service
provider. SLAs are output-based in that their purpose is specifically to define what the
customer will receive. SLAs do not define how the service itself is provided or delivered.
The SLA an Internet Service Provider (ISP) will provide its customers is a basic example of
an SLA from an external service provider. The metrics that define levels of service for an
ISP should aim to guarantee:

 A description of the service being provided– maintenance of areas such as network

connectivity, domain name servers, dynamic host configuration protocol servers
  Reliability – when the service is available (percentage uptime) and the limits outages
can be expected to stay within
 Responsiveness – the punctuality of services to be performed in response to requests
and scheduled service dates
 Procedure for reporting problems – who can be contacted, how problems will be
reported, procedure for escalation, and what other steps are taken to resolve the
problem efficiently
 Monitoring and reporting service level – who will monitor performance, what data
will be collected and how often as well as how much access the customer is given to
performance statistics
 Consequences for not meeting service obligations – may include credit or
reimbursement to customers, or enabling the customer to terminate the relationship.
 Escape clauses or constraints – circumstances under which the level of service
promised does not apply. An example could be an exemption from meeting uptime
requirements in circumstance that floods, fires or other hazardous situations damage
the ISP’s equipment.

Billing and Accounting:

Cloud-based services and applications are setting new paradigms for business process management
improvement. With its alluring promises of “faster time to market” and “self-service provisioning,”
cloud brings in the importance of “automation” in all its processes.

From managing cloud sales to billing the customers, every step needs to be automated. One of such
important processes which needs automation is cloud services accounting management.

Cloud computing involves a large number of subscribers. As a result of which it has heterogeneous
data, coming from multiple systems. Hence, cloud billing and accounting automation in such a
case needs to be a highly efficient process so that it can deliver a convergent system to the end user,
allowing him to have a unified view of the services that he consumes.

In sync with billing, every activity performed by the end user, while using a particular service needs
to be represented in the accounting system. Here, by automating the cloud services’ accounting,
service providers will:

 Allow customers to set up and perform upgradation or renewal of services themselves through a
client user interface.
 Get a clear visibility into each customer’s account history with a system which can provide him
information as and when required.

Traditional vs Cloud

Traditional Computing. If you own the server, you have incurred some capital expenditure
(e.g. cost of the server, hiring admins, and physical rent etc.)--capexand recurrent operational
expenditure (e.g. power and cooling, admin wages, software and hardware upgrades)--opex. This
cost is almost constant regardless of whether the server is fully utilized or not. Otherwise, if you
use the traditional web hosting infrastructure that predates the cloud era, well, though you may
have eliminated the capex, there are still other issues.

 You are storing your files and data with other users with often conflicting objectives.
The lack of isolation exposes you to the risk of security and poor performance.
 You also probably pay a fixed charges regardless of how much of your bandwidth or
storage portion you actually use.
 The way you subscribed to storage is not 'automatic', i.e. if you need more storage you
have to inform the administrator and then you wait for them to upgrade your
subscription etc. Even if it seems like automatic, in almost all cases, there is some
human sysadmins doing the dirty work at the back-end
Cloud Computing[1] . The cloud changes the story in many ways.

 You don't have to own the remote server. You can simply rent one off the shelf. The
take here is that you have not only eliminated the capex, but you have also greatly
minimized the opex as well.
 What's more? You don't have to care about sharing your remote server or storage with
others. Thanks to virtualization technology, you are very well isolated. The risk of
security, privacy violations and performance violation is greatly minimized.
 And again, it is 'pay as you go or use'. You can rent a 3GB/1CPU server for less than
a dollar! Cloud resources are disposable!
 The icing on the cake is that you can initiate, modify and terminate your cloud
subscription in an on-demand manner! The cloud is highly autonomous, powered by
highly intelligent systems that allows end users to create, modify and terminate cloud
servers with relative ease without any human intervention.
 Lastly, you are not limited to just storage. In the cloud, you can rent just about
anything, from a large cluster of servers, block storage (or disk arrays), operating
systems, software development platforms, and to your favorite application software,
etc. There are over a dozen cloud providers over the Internet.
 UNIT V: CLOUD SECURITY

 Security in cloud computing is an important concern.

 Data in the cloud is necessary to be stored in encrypted form. It restricts the client from accessing
the shared data directly. For this purpose proxy and brokerage services are necessary to employ.
 Encryption helps to protect transferred data as well as the data stored in the cloud. Encryption also
helps to protect data from any unauthorized access, but it does not prevent data loss.

Planning of security
In security planning, before deploying a particular resource to cloud there is a need to analyze
different aspects of the resources which are as follow:
 Select resource which requires to move to the cloud and examine its sensitivity risk.
 The cloud service models i.e IaaS, PaaS and SaaS are necessary to be considered for security at
different level of services.
 The cloud types, i.e public, private, community, hybrid also need to be considered.
 The risk in a cloud deployment generally depends on the types of cloud and service models.

Security Boundaries

 A specific service model defines the boundary among the responsibilities of customer and service
provider.
 The boundaries between each service model are defined by Cloud Security Alliance (CSA) stack
model.
Following diagram shows the cloud security alliance (CSA) stack model.
 Key things in above model:

 IaaS is the basic level of service. PaaS and SaaS are next levels of services.
 IaaS gives the infrastructure, PaaS gives platform development environment and SaaS gives
operating environment.
 IaaS has the minimum level of integrated functionalities and integrated security while the SaaS has
the highest.
 The security boundaries are described in this model. At the security boundary, cloud service
provider responsibilities end and the customer's responsibilities start.
 The security mechanism below the security boundary is necessary to construct into the system and
should be maintained by the customer.

Data security in cloud

Data security in cloud is an important concern because all the data is transferred using Internet.

Following are the mechanisms for data protection.

I) Access Control
ii) Auditing
iii) Authentication
iv) Authorization
 Isolated Access to Data
 Data stored in cloud can be retrieved from anywhere, hence it should have a mechanism to isolate
data and protect it from clients direct access.
 To isolate storage in the cloud, Brokered Cloud Storage Access is an approach.
Following two services are generated in this approach:

 A broker with complete access to storage, but no access to client.

 A proxy with no access to storage, but access to client and broker both.

Working of Brokered Cloud Access System

Following are the steps to access the data:

 The client data request goes to the external service interface of the proxy.
 The proxy forwards the request to the broker.
 The broker request the data from cloud storage system.
 The cloud storage system returns the data to the broker.
 In next step, broker returns the data to the proxy.
 At the last proxy sends the data to the client.

Authentication In Cloud Computing

 Cloud service providers request customers to store their account information in the cloud,
cloud service providers have the access to these information. This presents a privacy
issue to the customer’s privacy information.

 Many SLAs have specified the privacy of the sensitive information, however, it is
difficult for customers to make sure the proper rules are enforced. There is a lack
 of transparency in the cloud that allows the customers to monitor their own privacy
information.

 When a customer decide to use multiple cloud service, the customer will have to store
his/her password in multiple cloud, the more cloud service the customer is subscript to,
the more copy of the user’s information will be. This is a security issue for the customers
and the cloud service providers.

 The multiple copies of account will lead to multiple authentication processes. For every
cloud service, the customer needs to exchange his/her authentication information.
This redundant actions may lead to an exploit of the authentication mechanism.

 Cloud service providers use different authentication technologies for authenticating users,
this may have less impact on SaaS than PaaS and IaaS, but it is present a challenge to the
customers.