Acknowledgement

During the project completion process, we ventured through a lot of problems, difficulties, and
obstacles are in our way to the completion of the project.
With the help of many guidelines and other sources inside and outside of Asia Pacific University,
we are able to troubleshoot and overcome all the problems by finding correct solutions for
progression of the project.
We would like to thank our Cloud Infrastructure and services module leader, for his high constant
spirit of teaching and guiding us with his knowledge on this assignment. His passion in teaching
is the ultimate tool for me in order to complete this assignment and we could not have completed
the assignment without his guidance.
At last, we would like to express my gratitude to our university for providing me with various
resources and facilities provided exclusively for the students of APU
 Executive Summary

According to the requirement of the syllabus for Bsc.IT 5Th semester. It has given us an opportunity
to utilize our knowledge that we acquired in curriculum in a real time environment to enhance our
technical Skills. This is the report for suggestion and the analysis of the Amoria Bond Company
which is a multinational recruitment and executive search services firm, provides specialist and
personalized recruitment services to a number of impressive private sector clients. We team
members have analyzed and chose many ideas and techniques which can help to reduce the
problems and give the best output for the company. The main responsibilities of team member are
to do research on company background, and then give the suggestion for the network
communication, network design, virtualization techniques, migrating the clouds and security
solutions with the cost analysis.

For this research report, we have done vast research on Amoria Bond Company provided by the
case study sheet.
Table of Contents
1 General Assumptions...........................................................................................................1
2 Physical Architecture (Parishrama Bhusal) ..........................................................................2
2.1 Background...................................................................................................................2
2.2 Available Infrastructure.................................................................................................2
2.2.1 File server ..............................................................................................................2
2.2.2 Terminal Servers ....................................................................................................2
2.2.3 Exchange Server ....................................................................................................3
2.3 Required Hardware and Software ..................................................................................4
2.3.1 Hardware ...............................................................................................................4
2.3.2 Software ................................................................................................................4
2.3.3 Types of compute system .......................................................................................5
2.3.4 Storage...................................................................................................................9
2.3.5 Mirroring ............................................................................................................. 10
2.3.6 Parity ................................................................................................................... 11
2.3.7 Network ............................................................................................................... 12
2.4 Suggested Network Communication model ................................................................. 13
2.5 Network Design and Topology.................................................................................... 14
.............................................................................................................................................. 14
3 Migration (Aayush Sharma ) ............................................................................................. 15
3.1 Proposed Cloud Deployment Model ............................................................................ 15
3.1.1 Justification.......................................................................................................... 15
3.1.2 Advantages .......................................................................................................... 16
3.1.3 Limitation ............................................................................................................ 16
3.2 Cloud Service Model .................................................................................................. 17
3.2.1 Justification.......................................................................................................... 17
3.3 Proposed Cloud-based Architecture ............................................................................ 20
3.3.1 Front End ............................................................................................................. 20
3.3.2 Back End ............................................................................................................. 20
4 Security Solution (Bijaya Subedi) ...................................................................................... 21
4.1 Introduction and background ....................................................................................... 21
4.1.1 Data loss - Security threat 0ne .............................................................................. 22
4.1.2 Hijacked Interface/Insecure API-Security threat two ............................................ 23
4.1.3 Data Breaches: Security threat three ..................................................................... 24
4.2 Proposed Security Model ............................................................................................ 25
4.2.1 Cryptography Model ............................................................................................ 25
5 Virtualization .................................................................................................................... 26
5.1 Compute virtualization techniques, methods and resources ......................................... 26
5.2 Storage Virtualization ................................................................................................. 27
5.2.1 Techniques ........................................................................................................... 27
5.2.2 Methods ............................................................................................................... 30
5.2.3 Resources............................................................................................................. 31
5.3 Network Virtualization................................................................................................ 32
6 Cost Analysis .................................................................................................................... 34
6.1.1 Total Cost of physical and virtual layer setup ....................................................... 34
6.2 Total Cost of using cloud services ............................................................................... 35
6.3 ......................................................................................................................................... 35
6.4 Total Cost for security solutions .................................................................................. 36
7 Conclusion ........................................................................................................................ 37
8 References ......................................................................................................................... 38

List of Figures
Figure 1:Tower Compute System ................................................................................................6
Figure 2:Rack-Mounted Compute System ...................................................................................7
Figure 3: Blade Compute System ................................................................................................8
Figure 4: Striping ........................................................................................................................9
Figure 5: Mirroring ................................................................................................................... 10
Figure 6:Parity .......................................................................................................................... 11
Figure 7:Inter-Cloud Communication ........................................................................................ 13
Figure 8: Design Topology ........................................................................................................ 14
Figure 9: Cloud-based Architecture ........................................................................................... 20
Figure 10: Security threat process overview .............................................................................. 21
Figure 11: Different security threats .......................................................................................... 22
Figure 12: two factor authenticattion ......................................................................................... 24
Figure 13: Cryptography model ................................................................................................. 25
Figure 14: Compute Virtualization ............................................................................................ 26
Figure 15: Storage Virtualization.............................................................................................. 27
Figure 16: Network Virtualization ............................................................................................. 32

List of Tables
Table 1: Total cost of physical and virtual layer setup ............................................................... 34
Table 2:Total Cost of using cloud services ................................................................................ 35
Table 3:Total cost for security solutions .................................................................................... 36
1 General Assumptions

There are many strains placed upon the Manchester connections and the existing infrastructure
offered little in terms of office survivability, resilience, or redundancy. At this point the company
engaged you to provide a solution. After a detailed discussion with the business, including the
management team, and the users, there are four areas of concern that are of key importance for the
company which are:

 Resilience, Redundancy, and Availability


 Security, Backup, and Disaster Recovery Planning

 Connectivity and Bandwidth

 Scalability, including Hardware & Software Upgrades

With this plans and the ideas, it will make sure that,

 A result of hosting the IT platform in the Cloud, users at all offices would now connect to
the cloud platform via their own office’s connections.

 The new design should benefit from the current technologies with all necessary hardware
and software should be addressed.

 A RAID configuration is used for the data storage in Cloud’s Storage Area Network (SAN),
ensuring a high level of data resilience and an efficient read/write speed.

 Security for the connections and the applications must be in place.

1
2 Physical Architecture (Parishrama Bhusal)
2.1 Background
Amoria Bond, a multinational recruitment and executive search services firm, provides specialist
and personalized recruitment services to a number of impressive private sector clients. The
company went through a number of phases with their IT infrastructure. Following multiple
upgrades and server rollouts, the infrastructure includes File Servers, Terminal Servers, an
Exchange Server, and a Database Server. Applications used are office suite, generic day-to-day
office applications, and their recruitment database

2.2 Available Infrastructure

2.2.1 File server

A file server is a server that is responsible for the access to files. It acts as a central file storage
location that can be accessed by multiple systems. File servers are commonly found in enterprise
settings, such as company networks, but they are also used in schools, small organizations, and
even home networks. A file server may be a dedicated system. Or it may simply be a computer
that hosts shared files. Dedicated file servers are typically used for enterprise applications, since
they provide faster data access and offer more storage capacity than non-dedicated systems. In
home networks, personal computers are often used as file servers.
(Productions, 2011)

2.2.2 Terminal Servers

Terminal servers are the server or the network device which enables the connection between
multiple client systems to connect to a LAN without using a modem or a network interface. A
terminal server provides multiple benefits. First, terminal servers provide end users with access to
company resources from anywhere and from any device. Second, they facilitate a single point of
maintenance and allow you to monitor the infrastructure from a central dashboard. Third,
applications are installed once and regularly updated on the server, so there is no need to install or
update a program on each machine in the network.
(Bianco, 2019)

2
2.2.3 Exchange Server

Microsoft Exchange Server 2010 enables small and medium-sized companies to achieve greater
reliability and improved performance by simplifying administration tasks such as calendaring,
creating distribution lists, sending email messages, automatically performing voicemail
transcriptions, providing messaging delivery reports, and archiving mail boxes.
(Design, n.d.)

3
Required Hardware and Software
2.2.4 Hardware
Recommended Operating Systems

 Windows: 7/8/8.1/10 or higher


 MAC: OS X v10.7 or higher

 Linux: Ubuntu

Hardware Requirements

 Processor: Minimum 1 GHz; Recommended 2GHz or more


 Ethernet connection (LAN) OR a wireless adapter (Wi-Fi)

 Hard Drive: Minimum 32 GB; Recommended 64 GB or more

 Memory (RAM): Minimum 1 GB; Recommended 4 GB or above

2.2.5 Software
Cloud Management Software
HP Cloud Service Automation

HP Cloud Service Automation is the industry’s most comprehensive, unified cloud management
platform for managing enterprise-grade application and infrastructure cloud services. Increase
agility, reduce cost and risk, and improve time-to-market of application services with a self-service
portal and management platform for multiple cloud environments. It does have following benefits
or features:

 Reduce service deployment time from months to minutes- Increase server utilization by up
to 80%, and reduce TCO by up to 30%

 Broker and manage on-demand application and infrastructure services- Secure
environment with multi-tenancy and role-based access

 Manage multiple cloud environments across private, public, and hybrid cloud

(Hewlett-Packard Development Company, n.d.)

4
Virtualization Software

VMware Workstation Pro

VMware Workstation Pro is one of the virtualization software which has been into the market for
more than 20 years, it is often looked upon as the industry standard when it comes to virtual
machine applications. Here are some features of VMware workstation pro:

 High-Performance 3D Graphics

 High Resolution Display Support

 Helpful Snapshots

 Cross Compatibility

 Monster Virtual Machines

 Restricted Access to Virtual Machines

 Shared Virtual Machines

It is compatible with the following host platforms:

 Most 64-bit Linux distributions


 Windows 7 and above (64-bit only)

 Windows Server 2008 R2 and above 
(Orgera, n.d.)

2.2.6 Types of compute system

There are three types of Compute systems and they are:
 Tower compute system

 Rack-mounted compute system

 Blade compute system

5
Tower Compute System

A tower compute system is a computer that is built in an upright cabinet that stands alone and that is
designed to function as a server. The cupboard is known as a tower, and multiple tower servers can
work simultaneously for different tasks and processes. Tower servers are popular owing to the
scalability and reliability features since unlimited servers can be added to the existing network largely
because of the independent nature of the individual tower servers. (Inc, n.d.)

Figure 1:Tower Compute System

6
Rack-mounted Compute System

A rack mounted computer system, also called a rack-mounted server, is a computer dedicated to
use as a server and designed to be fixed in a framework called a rack. The rack contains multiple
mounting slots called bays, each designed to clamp a hardware unit secured in place with screws.
A rack server has a low-profile attachment, in contrast to a tower server, which is built into an
upright, standalone cabinet. A single rack can cover multiple servers stacked one above the other,
combining network resources and minimizing the required floor space. The rack server
configuration also simplifies cabling among network components. In an equipment rack filled with
servers, a special cooling system is required to prevent excessive heat accumulation that would
otherwise occur when many power-dissipating components are limited in a small space. (Rouse,
n.d.)

Figure 2:Rack-Mounted Compute System

7
Blade Compute System

A blade compute system is a server chassis housing multiple thin, modular electronic circuit
boards, known as server blades. Each blade is a server in its own right, often dedicated to a single
application. The blades are literally servers on a card, containing processors, memory, integrated
network controllers, an optional Fiber Channel host bus adaptor (HBA) and other input/output (IO)
ports. The blades are interconnected via a high speed bus and is modularly designed to increase
the compute system density and scalability.

(Rouse, 2008)

Figure 3: Blade Compute System

8
2.2.7 Storage

Storage system is the repository for saving and retrieving electronic data. A storage system has
devices, called storage devices (or storage) that enable the persistent storage and the retrieval of
data. Storage capacity is typically offered to consumers along with compute systems. Apart from
providing storage along with compute systems, a provider may also offer storage capacity as a
service (Storage as a Service), which enables consumers to store their data on the provider’s
storage systems in the cloud. This enables the consumers to leverage cloud storage resources for
purposes such as data backup and long-term data retention.

RAID (Redundant Array of Independent Disks)

RAID is a storage technology in which data is written in blocks across multiple disk drives that are
combined into a logical unit called a RAID group. It helps to improve the data storage system’s
performance by serving I/O from multiple drives simultaneously and provides the data protection
against drive failures. It mainly uses three key techniques which are Striping, Mirroring and Parity.

Striping

Striping is a technique to spread data across multiple drives in order to use the drives in parallel
and increase performance as compared to the use of a single drive. Each drive in a RAID group
has a predefined number of contiguously addressable blocks called a “strip”. A set of aligned strips
that span across all the drives within the RAID group is called a “stripe”. All strips in a stripe have
the same number of blocks. Although striped RAID provides improved read-write performance, it
does not provide any data protection in case of disk failure.

Figure 4: Striping

9
2.2.8 Mirroring

Mirroring is a technique in which the same type of data is stored at the same time on two different
drives, resulting in two duplicates of the data. This is called a “mirrored pair”. Even if one drives fails,
the data is still complete on the surviving drive and the RAID controller continues to service data
requests using the persisting drive of the mirrored pair. When the failed disk is replaced with a new
disk, the controller duplicates the data from the surviving disk of the mirrored pair to the new disk.
This activity is transparent to the host. In addition to providing data redundancy, mirroring enables fast
recovery from disk failure. Since mirroring involves duplication of data, the amount of storage capacity
needed is twice the amount of data being stored. This increases costs because of which mirroring is
typically preferred for mission-critical applications that cannot afford the risk of any data loss.
Mirroring improves read performance because read requests can be serviced by both disks. However,
compared to a single disk and striping, write performance is slightly lower in mirroring because each
write request manifests as two writes on the disk drives.

Figure 5: Mirroring

10
2.2.9 Parity

Parity is a value derived by performing a mathematical process on individual strips of data and
stored on a slice of a RAID group. It enables the restoration of missing data in case of a drive
failure. Parity is a redundancy technique that guarantees information protection without
maintaining a full set of duplicate data. The RAID controller calculates the parity using techniques
such as “bitwise exclusive and the information can be stored on separate, dedicated disk drives or
distributed across the drives in a RAID group. Compared to mirroring, parity implementation
significantly reduces the cost associated with data protection. However, a constraint of parity
execution is that parity is recalculated every time there is a change in data, which may affect the
performance of the RAID array.

Figure 6:Parity

11
2.2.10 Network

A network establishes communication tracks between the devices in an IT infrastructure. A

network allows information exchange and resource sharing between a large numbers of nodes
spread across physical regions and over long distances. A network may also be connected to other
networks to allow data transmission between nodes. There are different types of network
communications which are:

 Compute-to-compute communication: Interconnecting physical compute systems enables

compute-to-compute communication, it typically uses IP-based protocols.

 Compute-to-storage communication: A network that interconnects storage systems with
compute systems, enabling the compute system to access and share the storage systems.

 Inter-Cloud Communication: The cloud tenets of rapid elasticity, resource pooling, and
broad network create a sense of availability of limitless resources in a cloud infrastructure
that can be accessed from any location over a network.

12
2.3 Suggested Network Communication model
There are different network communication models but for the multinational company or
organization like Amoria Bond it will be great if we use the Inter-Cloud Communication model.

Figure 7:Inter-Cloud Communication

As the company has multiple offices including Manchester as the Head Office, London,
Amsterdam, Cologne and Singapore the resources can be accessed from any location over a
network. There may be several combinations of inter-cloud connectivity as depicted in the figure
on the slide. Inter-cloud connectivity enables clouds to balance workloads by accessing and using
computing resources, such as processing power and storage resources from other cloud
infrastructures. The cloud provider has to ensure network connectivity of the cloud infrastructure
over a WAN to the other clouds for resource access and workload distribution.

13
2.4 Network Design and Topology

Figure 8: Design Topology

Following figure describes the geographical locations of the network. Each of the Amoria
Company’s locations will be connected to a VPN via internet. A VPN service is purchased from a
local VPN service provider. There are several reasons to use a VPN. VPN makes it easier to add
more sites and it is cheaper and secure. The employees will have the ability to connect to the
internal Amoria network remotely, so they can access their computers at work while they are at
home. The other advantage is additional branch offices could be added to the network easily. A
microwave link between the branches is set upped. Video conferencing capabilities among the
regional branches and voice calling among the branches is established. The Global Headquarters
is connected to the local head office via a global VPN.

The Cisco networking devices are mostly used inside the network for routing and switching.
Because they are best and trustworthy in the field. They provide warranties, a good support, and
an affordable price and also those devices are durable.
(Anjitha, n.d.)

14
3 Migration (Aayush Sharma )
Cloud migration is the process of partially or completely deploying an organization's digital assets,
services, IT resources or applications to the cloud. The migrated assets are then accessible behind
the cloud's firewall. Cloud migration is also known as business process outsourcing, which may
entail migrating a total organizational infrastructure, where computing, storage, software and
platform services are transferred to the cloud for access.

3.1 Proposed Cloud Deployment Model

The proposed cloud deployment model is Hybrid cloud deployment model. Hybrid cloud
deployment model is a combination of two or more models, private cloud, public cloud or
community cloud.

3.1.1 Justification
Adopting a hybrid cloud strategy maximizes technology for enterprise business growth, because
IT can leverage existing cloud expertise and economies in conjunction with legacy investments.
With a combined on- and off-premises approach to cloud services, the organization can control
costs, increase security, and improve performance. As much as 30–40 percent of traditional IT
spending can shift to emerging technology initiatives that drive new revenue. A hybrid cloud can
also replace uncoordinated and shadow efforts. IT and the company will have a common business
ground to share engineering, management, and workload optimization across every enterprise
cloud.

15
3.1.2 Advantages
The advantage of using hybrid cloud deployment model is:

 On-premises, private infrastructure that’s directly accessible.


 It is not being pushed through the public internet which greatly reduces access time and
latency in comparison to public cloud services.

 It has ability to have on-premises computational infrastructure which can support the
average workload for the business, while retaining the ability to leverage the public cloud
for failover circumstances in which the workload exceeds the computational power of the
private cloud component.

 Building out the private end of a hybrid cloud also allows for flexibility in server designs.

3.1.3 Limitation
The limitations of hybrid cloud are:

Cost

While the public cloud can offer an attractive option for its flexibility and relatively low cost to
operate, building a private enterprise cloud requires significant expenditure and can become
expensive very quickly with all the physical hardware necessary.

Security

Cloud computing is not inherently any less secure than traditional computing, and in fact faces
fewer attacks. The proper precautions must be taken to ensure that the data is properly protected
and control is maintained by the right people. Additionally, depending on the industry, there may
be certain regulatory requirements that prohibit data from being stored off-site, which would
prevent the use of a public cloud entirely.

Data and application integration

Applications and data exist in a symbiotic relationship, with each one being useless without the
other. Oftentimes they’re chained together. So when considering where to store each of them, it’s
essential to ask whether the infrastructure they’re placed on matters. Technologies like copy data
virtualization can decouple data from infrastructure and make this problem less of a headache.

16
Compatibility

Compatibility across infrastructure can prove itself to be a major issue when building a hybrid
cloud. With dual levels of infrastructure, a private cloud the company controls and a public one
that it doesn’t, the chances are that they will be running different stacks.

Networking

Will very active applications be living in the cloud? It’s necessary to consider the bandwidth usage
they could take up on the network and whether or not it could cause problems in bottlenecking
other applications. (rwireless, 2016)

3.2 Cloud Service Model

Infrastructure as a Service (IaaS) is the next step down from Platform as a Service (PaaS) and two
steps down from Software as a Service (SaaS) in the Cloud Computing Stack. Instead of ready-
made applications or services, development tools, databases, etc., IaaS provides the underlying
operating systems, security, networking, and servers for developing such applications, services,
and for deploying development tools, databases, etc.

3.2.1 Justification

Like other cloud offerings, IaaS takes advantage of the elasticity and flexibility of the cloud to deliver
infrastructure, with tangible benefits for enterprises. IaaS will allow us to choose when, how, and what
computing resources to consume and to scale up or down as demands change, drastically reducing time
to market. Since the IaaS vendor is responsible for configuring and maintaining the infrastructure,
Amoria don’t have to worry about infrastructure upgrades and can focus on rolling out applications
instead. Moreover, by outsourcing the task of building and maintaining infrastructure to a service
provider, Amoria can reduce capital expenditures on hardware and software. With a pay-as-you-go
pricing model, Amoria can only pay for the resources they use in a given period. The reduction of IT
costs by migrating to virtualized servers and the enhancement of business agility through the use of
on-demand computing resources are perhaps the most common reasons for adopting IaaS as a long-
term strategy, short-term needs also make good IaaS use cases. For instance, IaaS can be leveraged in
seasonal marketing campaigns and promotions to deploy web applications on a short-term basis
without paying upfront costs to

17
Increase computing capacity. When the promotion ends, IaaS resources can be back scaled down.
(mulesoft, n.d.)

Infrastructure as a Service (IaaS) Advantages

 The organization is responsible for the versioning/upgrades of software developed.


 The maintenance and upgrades of tools, database systems, etc. and the underlying
infrastructure is your responsibility or the responsibility of the organization (this is also a
disadvantage).

 Various pricing models may allow paying only for what we use. This, for example, can
allow the organization to use sophisticated development software that they could not afford
if it was installed on an internal, dedicated server.

 Some IaaS Providers provide development options for multiple platforms: mobile,
browser, and so on. If Amoria want to develop software that can be accessed from multiple
platforms, this might be an easy way to make that happen.

 If the organization have events such as high seasonal sales activity, then the elasticity of
the Cloud with IaaS might provide an opportunity.

 The IaaS Cloud Provider provide better security. Better security may come in part because
it is critical for the IaaS Cloud Provider and is part of their main business

 Amoria doesn’t need to manage the introduction of new releases of the development or
underlying software. This is handled by the IaaS Cloud Provider.

 Amoria doesn’t need to manage the underlying data center as it is handled by the IaaS

Cloud Provider.

 There is no need to manage backups as it is handled by the IaaS Cloud Provider.

 If the IaaS Cloud Provider supports failover should the software or the data center become
unavailable, that failover is a concern of the IaaS Cloud Provider and we do not need to
plan for it.

18
Infrastructure as a Service (IaaS) Disadvantages

 The organization is responsible for the versioning/upgrades of software developed.


 The maintenance and upgrades of tools, database systems, etc. and the underlying
infrastructure is your responsibility or the responsibility of the organization (this is also an
advantage).

 When it is mandatory that the underlying hardware be of a specific type or the underlying
software be modified to support the deployed application.

 There may be legal reasons that preclude the use of off-premise or out-of-country data
storage.

 Security features of the IaaS Cloud Provider may not be always adequate for the need of
company. 

(Barry, 2019)

19
3.3 Proposed Cloud-based Architecture
When talking about a cloud computing system, it's helpful to divide it into two sections: the front
end and the back end. They connect to each other through a network, usually the Internet. The
front end is the side the computer user, or client, sees. The back end is the "cloud" section of the
system. (mibawa, n.d.)

Figure 9: Cloud-based Architecture

3.3.1 Front End

The front end includes the client's computer (or computer network) and the application required to
access the cloud computing system. Not all cloud computing systems have the same user interface.
Services like Web-based e-mail programs leverage existing Web browsers like Internet Explorer or
Firefox. Other systems have unique applications that provide network access to clients.

3.3.2 Back End

On the back end of the system are the various computers, servers and data storage systems that
create the "cloud" of computing services. In theory, a cloud computing system could include
practically any computer program you can imagine, from data processing to video games. Usually,
each application will have its own dedicated server.

20
4 Security Solution (Bijaya Subedi)
Whenever deploying a cloud services, it is very important to set up a correct security system. As we
know, cloud service has a lot of security threat possibility. While providing the cloud services, one
should always be careful about security. Security threat simple procedure is shown below:

Figure 10: Security threat process overview

4.1 Introduction and background

For better security, you can have encrypted a data you store in a cloud. There is a range of cloud storage
security options, including Single Sign-On (SSO), Multi-Factor Authentication (MFA) and more. We
know that, storing all the data on one server is very risky. Even if we don't use cloud storage as our
primary storage system, it can still function as a place to store second copies of files in case you ever
need a back-up. Implementing cloud services, reduces the risk of data loss.

21
 Figure 11: Different security threats

4.1.1 Data loss - Security threat 0ne

Data loss in one of the main security concern while implementing cloud service model.

Concern

While providing cloud services, providers should always be aware of data loss. Data stored in the
cloud can be lost for reasons other than malicious attacks. There is always the chance of accidental
deletion of data by the cloud service provider, or a chance of physical catastrophe like fire or
earthquake, can lead to the permanent loss of customer data. This is a big risk and threat concern
for security-threat while providing cloud services.

Solution

For the solution of this concern, the provider or cloud consumer must take adequate measures to
back up data. Secondary device. Data replica, on multiple platform. Such that if data on one data
center get loss, there would always be the chances of data backup. Service provider can control
the uploading and downloading of documents by using platforms like G Suite, Office 365, Google
Drive, OneDrive, and Dropbox e.tc. Servicer provider can set various data loss protection policies
from the Cloud Codes console, by using the predefined templates or simply by adding one of their
own. Using these policies, an organization can audit, monitor and control any unauthorized data
activity happening in the organization. (External attack, Virus)
(Violino, 2019)
(Adams, 2017) (Ma, 2015) (Morrow, 2018)

22
4.1.2 Hijacked Interface/Insecure API-Security threat two
Concern
While implementing cloud service, Amoria Bond recruiting company needs to expose a set of
software user interfaces (UIs) or APIs that customers use to manage and interact with cloud
services. Provisioning, management, and monitoring of Amoria Bond would be all performed with
these interfaces. The chance of getting hacked increases when companies grant third parties access
to the APIs. The vulnerability of an API occurs when the communication takes place between
applications. Threat actors are always looking for vulnerabilities in management APIs. If
discovered, these vulnerabilities can be turned into successful attacks, and company cloud assets
may be compromised.

Solution

The best way to protect yourself from API hacks is to implement threat modeling applications and
systems into the development lifecycle. It's also recommended that you perform thorough code
reviews to ensure that there aren't any gaps in your security.

APIs uses an access token for user authentication; it’s obtained through an external mechanism
such as OAuth or during sign up. API token can be a better solution, token passes on a request to
the API and then gets validated for further processing. Some of the other solutions are:

 Design and develop APIs following security best practices


 Perform security review of APIs

 Access to APIs must be restricted to authorized users

 Design and develop APIs following security best practices

 Perform security review of APIs

 Access to APIs must be restricted to authorized users (Ma, 2015)

(Adams, 2017)

23
4.1.3 Data Breaches: Security threat three
Concern

Cloud data storage and cloud computing have forced cyber-criminals to invent new ways to
circumvent security technology so they can administer their new methods of attack. A data breach
can lead to the exposure of sensitive customer information, intellectual & important properties, as
well as sensitive trade secrets, all of which can lead to serious consequences. It's possible for a
user on one virtual machine to listen for activity that signals brings on the arrival of an encryption
key on another virtual machine on the same host. As we know, database is the company’s lifeblood
and incredibly valuable to them, but also to their competitors. Organization sensitive internal data
falls into the hands of their competitors.

Solution

The most efficient method of preventing data breaches is to use encryption and multi-factor
authentication. If sensitive or regulated data is put in the cloud and a breach occurs, the company
needs to disclose the breach and send notifications to potential victims.

 Other basic points for solution for the data breaches are:

 Implement an API based cloud access security brokers to Avoid Data Breach

 Standardized security and policy enforcement regardless of the source network or end user
device.

 Data encryption in both in-rest and in-transit

(Adams, 2017)

(Ma, 2015)

Figure 12: two factor authenticattion

24
4.2 Proposed Security Model
For the solution of above mentioned threat, Amoria Bond should choose a correct security model
among all the available security models for cloud infrastructures. For the company, Amoria Bond
follows cryptography security model. Brief description of cryptography is given below:

4.2.1 Cryptography Model

Cryptography model is an advanced version of the tunnel model with an extra features and
functions, cryptographic operation on data elements. The tunneling in the cryptography model
provides the interface between the Data Processing Service and Cloud Storage Service. Whenever
the data is accessed by Data Processing Service on cloud, user does request from the Cloud Storage
Service. Then then after users request data goes through the tunnel and finally, the cryptography
service is applied on the tunnel.

In this way the data that are retrieved from Cloud Storage Service will firstly go to Cryptographic
Service, and afterward the data will be transformed into cipher text via the technique of data
encryption by using private or public encryption keys. And finally the data will be transferred to
cloud user via Data Processing Service. Similarly, for the API protection, token will be passed on
a request to the API and then gets validated for further processing. By the above explained process,
only a valid user can access the data by decrypting the data and API with the particular key for
data encryption and particular token for API protection. This tunnel hides the cryptographic
operations from the Data Processing Service and Cloud Storage Service. By used following this
model of cloud security, both the risk of data breaches and data loss will be red. Hence,
Cryptographic operations will offer advanced data protection for data access.
(Ashish Kumar Gaur, 2015)

Figure 13: Cryptography model

25
5 Virtualization
5.1 Compute virtualization techniques, methods and resources
Compute virtualization can be defined as a technique of separating the physical hardware from the
operating systems. The benefit of this mechanism is to run multiple OSs on a single physical
machine. The same concept can be implemented in the case of a clustered environment or pool of
machines.

For the implementation of compute virtualization, the actual physical machine has to be divided
into several virtual machines. The main object that keeps all these virtual machines together and
makes them easier to manage is the hypervisor. Also known as the monitor of the virtual machines,
a hypervisor is nothing but a software layer which intercepts the calls of the operating system and
divides the labor to the available hardware resources. Thus, hypervisors allocate a certain amount
of virtual CPU and RAM to the virtual machines. These are mainly of two types: Hypervisors of
the first type run directly on the hardware resources of the server, such as Microsoft’s Hyper-V,
Citrix XenServer and VMware ESX, while those of the second type run on the existing OS.
VMware Workstation and SWSoft’s Parallels Desktop are examples of the second type. (Pal,
2016)

Figure 14: Compute Virtualization

26
5.2 Storage Virtualization
Storage virtualization is the process of presenting a logical view of the physical storage resources
to a host. This logical storage appears and behaves as physical storage directly connected to the
host. Throughout the evolution of storage technology, some form of storage virtualization has been
implemented. Some examples of storage virtualization are host-based volume management, LUN
creation, tape storage virtualization, and disk addressing. The key benefits of storage virtualization
include increased storage utilization, adding or deleting storage without affecting an application’s
availability, and non-disruptive data migration (access to files and storage while migrations are in
progress).

Figure 15: Storage Virtualization

5.2.1 Techniques
Traditional storage: Single disk

A data consumer issues read/write requests. The disk controller either reads or writes to specific
locations on disk.

27
RAID: Multiple disk

 This is one of the most widely used implementations for storage virtualization. While it
may not seem like it, the data storage environment is indeed virtualized.

 Multiple disks are aggregated into a storage structure to increase storage, increase
resiliency, or both.

 A data consumer issues read/write requests. The storage controller determines which
storage devices contain the data, compute the entire request from multiple devices
(potentially), and return it to the consumer. The data is no longer on a single device.

LUN: Multiple logical storage devices

This takes RAID to the next level.

A group of disks are placed into an array structure. The disks are aggregated in some fashion
(typically in RAID levels). However, a subset of the allocated capacity is divided and presented to
a data consumer as a LUN. The LUN is a logical storage device for a consumer.

Storage pooling: Spanning multiple drive array types

 Multiple tiers of storage are created based on storage device profile (capacity and
performance), typically a RAID group or other physical storage enclosures.

 The storage device creates a higher-level structure, called a pool, of which the various
performance tiers are members. The pool structure is presented to the data consumer at the
LUN level.

 The storage controller stores metadata about which data blocks reside in which tier, and
their location inside the tier.

Data migration: Moving data around

 Building on top of storage pools, storage controllers (via metadata) are able to determine
the data access patterns for individual blocks of data.

 Frequently used data is moved to the highest performing tier of disk while less frequently
accessed data is moved to the lower performing tier of disk.

28
  This migration occurs without the knowledge of the data consumer. The consumer sees the
storage as a LUN and does not know (or care) about what happens as long as the data is
available.

Deduplication: Sharing common data

 Many data structures share the same data patterns. Microsoft Word files share the same
framework across all files, regardless of content. Microsoft Windows servers all have
common files. Conceptually, deduplication addresses the idea of “Why store multiple
copies of the same data over and over again?”

 Based on the type of algorithm, the storage device processes existing data to determine if
any duplicate data exists.

 In the event of duplicate data, the storage controller creates pointers to the common data.
Common blocks are replaced by a pointer, and the overall storage footprint is reduced.

 Thin provisioning: Not allocating storage at creation time

 This functionality operates under the theory that space may be allocated but never fully
used, resulting in unused space that cannot be used by anyone else.

 The storage controller receives a request to allocate space for a data consumer. The
controller creates the basic framework that represents a LUN. However, internal to the
storage device, the space is not allocated. Rather, the LUN is basically authorized to
consume a specific amount of disk space.

 As the disk consumer continues to use storage space, the LUN grows on the storage
controller until the LUN size is completely allocated. Until the LUN is fully utilized, the
unused space can be used for other purposes.

 This may result in over-allocation of storage, though, and needs monitoring. (HILL, 2012)

29
5.2.2 Methods
 Block-Level – This method of storage virtualization includes the abstraction or separation
of logical storage from physical storage to grand access without considering the physical
storage or heterogeneous structure. This separation offers greater flexibility in managing
the storage for end users. This type of system replaces controllers and takes over at the disk
level while initializing virtualization before the file system exists.

 File Level – This method can be adopted to tackle the Network Attached Storage (NAS)
challenges by eliminating the dependencies among the data accessed at the file level and
the exact location of the physical file storage. This can also provide opportunities to
optimize storage use and server consolidation to perform non-disruptive file migrations.

The three main methods to virtualize storage include network-based, host-based, and array-based
virtualization techniques.

 Host-Based Storage Virtualization – While the host operating system should have an
installed driver to intercept and redirect IO requests, additional software running on the
host, as a privileged task or process are required to implement host based storage
virtualization. Volumes or LUN's presented to the host system are handled by a traditional
physical device driver. However, a software layer or the volume manager residing above
the disk device driver intercepts the I/O requests, and supply the meta-data lookup with I/O
mapping.

 Network-Based Storage Virtualization – With network-based storage, a fiber channel
switch is placed between the host and the storage that virtualizes and redirects all IO
requests. Even though the Operating System is not a factor influencing network-based
storage, the switch and storage arrays must be compatible with each other.

 Array-Based Storage Virtualization - A single master array handles all the IO requests
for all arrays in the system in this type of virtualization that allows flawless centralized
management and data migration. 

30
5.2.3 Resources
There are three key steps involved in making resources available to consumers. They are:

 Deploying virtualization software on storage device


 Creating resource pools on storage

 Creating virtual resources on LUNs

The virtualization software preforms the abstraction of the physical resources and are deployed on
compute system, network devices, and storage devices. The key functions of a virtualization
software are to create resource pools and create virtual resources.

A resource pool is an aggregation of computing resources, such as processing power, memory,

storage, and network bandwidth, which provides an aggregated view of these resources to the
control layer. Virtualization software in collaboration with the control software pools the
resources. Storage virtualization software pools capacity of multiple storage devices to appear as
a single large storage capacity. Similarly, by using compute virtualization software, the processing
power and memory capacity of the pooled physical compute system can be viewed as an
aggregation of the power of all processors (in megahertz) and all memory (in megabyte).
Virtualization software in collaboration with control layer creates virtual resources. These virtual
resources are created by allocating physical resources from the resource pool. These virtual
resources share pooled physical resources. Examples of virtual resources include virtual machines,
LUNs, and virtual networks.
(CIOReview, n.d.)

31
5.3 Network Virtualization
Network Virtualization is a method of combining the available resources in a network by splitting
up the available bandwidth into different channels, each being separate and distinguished. They
can be either assigned to a particular server or device or stay unassigned completely all in real
time. Network virtualization disguises the true complexity of the network by separating them into
different parts that are easy to manage, much like how the segmented hard drive makes it easier to
manage files. (EUGENE, 2018)

Figure 16: Network Virtualization

Above shown figure is of network virtualization. Network Virtualization can also be defined as a
maintained physical network resources in order to create virtual resources. Network virtualization
software can be built into the operating environment of a network device, Hypervisor’s capability
and such system can be installed on an independent computing system

The virtual resources for network virtualization are:

 Virtual Switch

 Virtual LAN/ Virtual SAN

32
The following are the advantages of network virtualization

I. Less number of resources are required such as: less cost, less space consumption, lower
power/cooling requirements, less demand, less effort, less time.

II. Speeding Up the Time to Application Delivery

III. Improved Recovery Times Following a Hardware Failure or Disaster

IV. Multiple (virtualized) devices with separate roles and simpler configurations:

 Possibility to keep “known good” scalable, stable and secure designs (e.g. 3-tier model)

 Limits security concerns

 Less risk of unexpected software behavior because of unusual or too complicated
configuration

V. Easier to manage

(Grygarek, 2010)

33
6 Cost Analysis
6.1.1 Total Cost of physical and virtual layer setup

Setups Cost (In Dollar)

Rack: StarTech.com 42U Adjustable Depth $295.00

Open Frame 4 Post Server Rack Cabinet
Shielded CAT Cables $14561.33

CISCO ASA Firewall $11913.81

Wi-Fi Routers $2118.01

MCU Orion 7500 $514.35

VPN Services $73.54

Microwave Antennas $277.99

Data Storage Devices $5883.36(Estimated)

Total $29,754.03

Table 1: Total cost of physical and virtual layer setup

34
6.2 Total Cost of using cloud services
Service Price Estimation Per Unit

Service Charge IaaS $1412.6 $0.48

(Computing Power)

Service Charge IaaS $286 $0.14

(Storage Capacity GB)

Implementation, $5600 $112

Integration, configuration
and migration
Maintenance and $2688 $95
Modification
System Failure $600 Loss Per Period
$50

Table 2:Total Cost of using cloud services

6.3

35
6.4 Total Cost for security solutions
Equipment Price Estimation per duration

Secure Socket Layer (SSL) 1 year

US$390.00

AVG Antivirus US$49.99 1 year

AVG Internet Security US$69.99 1 year

Certificate operation(Azure) US $0.03/10000 operations

Cloud fare protection US $200 1 month

Account key rotation US $1.00 1 year

Hardware security module US $1.00 per key

protected keys
Malware bytes for teams US $900 1 year

Total Cost US$1611.01 1-year package

Table 3:Total cost for security solutions

Cost-Benefit Analysis (CBA) estimates and totals up the equivalent money value of the benefits
and costs to the community of projects to establish whether they are worthwhile. These projects
may be dams and highways or can be training programs and health care systems. (Watkins, n.d.)

36
7 Conclusion
Therefore the solution for the strain placed upon the Manchester connections, and the existing
infrastructure offered little in terms of office survivability, resilience, or redundancy was given
above by providing the solution above. After a detailed discussion with the business, including the
management team, and the users, we have made solution by identifying four areas of concern that
are of key importance for the company i.e. Resilience, Redundancy, and Availability, Security,
Backup, and Disaster Recovery Planning, Connectivity and Bandwidth, Scalability, including
Hardware & Software Upgrades and so on.

37
8 References
Adams, C., 2017. panoply. [Online]
Available at: https://blog.panoply.io/top-cloud-security-threats-risks-and-concerns
[Accessed 13 07 2019].
Anjitha, G., n.d. Academia. [Online]
Available at: https://www.academia.edu/7070921/Network_Design_for_a_Company
[Accessed 10 07 2019].
Ashish Kumar Gaur, P. R. V. S., 2015. International Jorrnal of Computer Application. [Online]
Available at: https://www.ijcaonline.org/archives/volume133/number13/23848-2016908125
[Accessed 15 17 2019].
Barry, D. K., 2019. service-architectur. [Online]
Available at: https://www.service-architecture.com/articles/cloud-
computing/infrastructure_as_a_service_iaas.html
[Accessed 07 2019].
Bianco, S., 2019. Parallels. [Online]
Available at: https://www.parallels.com/blogs/ras/what-is-a-terminal-server/
[Accessed 11 07 2019].
CIOReview, n.d. CIOReview. [Online]
Available at: https://virtualization.cioreview.com/news/implementing-storage-virtualization-for-
efficient-data-management-nid-18073-cid-86.html
[Accessed 15 07 2019].
Design, M., n.d. its. [Online]
Available at: http://www.its-it-services.co.uk/what-is-exchange-server.aspx
[Accessed 10 07 2019].
EUGENE, 2018. sam solutions. [Online]
Available at: https://www.sam-solutions.com/blog/virtualization-techniques-in-cloud-computing/
[Accessed 07 2019].
Grygarek, 2010. Advanced Computer Networks Technoligy. In: Network Virtualization. s.l.:s.n.
Hewlett-Packard Development Company, L., n.d. SelectHub. [Online]
Available at: https://selecthub.com/managed-cloud-services/hp-cloud-service-
automation/?from_category=16
[Accessed 10 07 2019].
HILL, B., 2012. Tintri. [Online]
Available at: https://www.tintri.com/blog/2012/01/storage-virtualization-overview
[Accessed 07 2019].
Inc, T., n.d. Techopedia Inc. [Online]
Available at: https://www.techopedia.com/definition/15318/tower-server
[Accessed 07 2019].
Ma, J., 2015. imperva. [Online]
Available at: https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
[Accessed 12 07 2019].
mibawa, n.d. mibawa. [Online]
Available at: http://etame.mibawa.co/cloud-architecture/
[Accessed 10 07 2019].
mibawa, n.d. mibawa. [Online]
Available at: http://etame.mibawa.co/cloud-architecture/
[Accessed 10 07 2017].
Morrow, T., 2018. 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud, Pittsburgh:
Carnegie Mellon University.
38
mulesoft, n.d. mulesoft. [Online]
Available at: https://www.mulesoft.com/resources/cloudhub/iaas-infrastructure-as-a-service
[Accessed 12 07 2019].
Orgera, S., n.d. Lifewire. [Online]
Available at: https://www.lifewire.com/best-virtual-machine-software-4147437
[Accessed 13 07 2019].
Pal, K., 2016. techopedia. [Online]
Available at: https://www.techopedia.com/2/31919/trends/an-intro-to-compute-virtualization
[Accessed 14 07 2019].
Productions, S., 2011. Tech Terms. [Online]
Available at: https://techterms.com/definition/file_server
[Accessed 07 2019].
Rouse, M., 2008. TechTarget. [Online]
Available at: https://searchdatacenter.techtarget.com/definition/blade-server
[Accessed 15 07 2019].
Rouse, M., n.d. TechTarget. [Online]
Available at: https://searchdatacenter.techtarget.com/definition/blade-server
[Accessed 15 07 2019].
rwireless, 2016. rcrwireles. [Online]
Available at: https://www.rcrwireless.com/20160922/big-data-analytics/hybrid-cloud-iot-tag31-
tag99
[Accessed 15 07 2019].
Violino, B., 2019. The dirty dozen: 12 top cloud security threats. CSO.
Watkins, T., n.d. applet-magic.com. [Online]
Available at: http://www.applet-magic.com/cbapod.htm
[Accessed 07 2019].

39
Workload Matrix
Names Work Percentage Signature

Parishrama Bhusal 34%

Aayush Sharma 33%

Bijaya Subedi 33%

40
Marking Scheme

Student’s Name Parishrama Bhusal Bijaya Subedi Aayush Sharma

Group Components (A)

Overall design & structure (10)

Current trends & best practices(10)

Executive summary (5)

Coherence & integration (5)

Total Marks (30)

Individual Components (B)

Technical accuracy (15)

Critical analysis & justification(20)

Research & completeness (15)

Referencing & original work (10)

Presentation (10)

Total Marks (70)

Parishrama Bijaya Subedi Aayush Sharma

Bhusal (NP000101) (NP000099)
(NP000108)

Group Components (A)

Individual Components (B)

Overall Marks (A + B)

41