Professional Documents
Culture Documents
Cloud Computing
Cloud Computing
During the project completion process, we ventured through a lot of problems, difficulties, and
obstacles are in our way to the completion of the project.
With the help of many guidelines and other sources inside and outside of Asia Pacific University,
we are able to troubleshoot and overcome all the problems by finding correct solutions for
progression of the project.
We would like to thank our Cloud Infrastructure and services module leader, for his high constant
spirit of teaching and guiding us with his knowledge on this assignment. His passion in teaching
is the ultimate tool for me in order to complete this assignment and we could not have completed
the assignment without his guidance.
At last, we would like to express my gratitude to our university for providing me with various
resources and facilities provided exclusively for the students of APU
Executive Summary
According to the requirement of the syllabus for Bsc.IT 5Th semester. It has given us an opportunity
to utilize our knowledge that we acquired in curriculum in a real time environment to enhance our
technical Skills. This is the report for suggestion and the analysis of the Amoria Bond Company
which is a multinational recruitment and executive search services firm, provides specialist and
personalized recruitment services to a number of impressive private sector clients. We team
members have analyzed and chose many ideas and techniques which can help to reduce the
problems and give the best output for the company. The main responsibilities of team member are
to do research on company background, and then give the suggestion for the network
communication, network design, virtualization techniques, migrating the clouds and security
solutions with the cost analysis.
For this research report, we have done vast research on Amoria Bond Company provided by the
case study sheet.
Table of Contents
1 General Assumptions...........................................................................................................1
2 Physical Architecture (Parishrama Bhusal) ..........................................................................2
2.1 Background...................................................................................................................2
2.2 Available Infrastructure.................................................................................................2
2.2.1 File server ..............................................................................................................2
2.2.2 Terminal Servers ....................................................................................................2
2.2.3 Exchange Server ....................................................................................................3
2.3 Required Hardware and Software ..................................................................................4
2.3.1 Hardware ...............................................................................................................4
2.3.2 Software ................................................................................................................4
2.3.3 Types of compute system .......................................................................................5
2.3.4 Storage...................................................................................................................9
2.3.5 Mirroring ............................................................................................................. 10
2.3.6 Parity ................................................................................................................... 11
2.3.7 Network ............................................................................................................... 12
2.4 Suggested Network Communication model ................................................................. 13
2.5 Network Design and Topology.................................................................................... 14
.............................................................................................................................................. 14
3 Migration (Aayush Sharma ) ............................................................................................. 15
3.1 Proposed Cloud Deployment Model ............................................................................ 15
3.1.1 Justification.......................................................................................................... 15
3.1.2 Advantages .......................................................................................................... 16
3.1.3 Limitation ............................................................................................................ 16
3.2 Cloud Service Model .................................................................................................. 17
3.2.1 Justification.......................................................................................................... 17
3.3 Proposed Cloud-based Architecture ............................................................................ 20
3.3.1 Front End ............................................................................................................. 20
3.3.2 Back End ............................................................................................................. 20
4 Security Solution (Bijaya Subedi) ...................................................................................... 21
4.1 Introduction and background ....................................................................................... 21
4.1.1 Data loss - Security threat 0ne .............................................................................. 22
4.1.2 Hijacked Interface/Insecure API-Security threat two ............................................ 23
4.1.3 Data Breaches: Security threat three ..................................................................... 24
4.2 Proposed Security Model ............................................................................................ 25
4.2.1 Cryptography Model ............................................................................................ 25
5 Virtualization .................................................................................................................... 26
5.1 Compute virtualization techniques, methods and resources ......................................... 26
5.2 Storage Virtualization ................................................................................................. 27
5.2.1 Techniques ........................................................................................................... 27
5.2.2 Methods ............................................................................................................... 30
5.2.3 Resources............................................................................................................. 31
5.3 Network Virtualization................................................................................................ 32
6 Cost Analysis .................................................................................................................... 34
6.1.1 Total Cost of physical and virtual layer setup ....................................................... 34
6.2 Total Cost of using cloud services ............................................................................... 35
6.3 ......................................................................................................................................... 35
6.4 Total Cost for security solutions .................................................................................. 36
7 Conclusion ........................................................................................................................ 37
8 References ......................................................................................................................... 38
List of Figures
Figure 1:Tower Compute System ................................................................................................6
Figure 2:Rack-Mounted Compute System ...................................................................................7
Figure 3: Blade Compute System ................................................................................................8
Figure 4: Striping ........................................................................................................................9
Figure 5: Mirroring ................................................................................................................... 10
Figure 6:Parity .......................................................................................................................... 11
Figure 7:Inter-Cloud Communication ........................................................................................ 13
Figure 8: Design Topology ........................................................................................................ 14
Figure 9: Cloud-based Architecture ........................................................................................... 20
Figure 10: Security threat process overview .............................................................................. 21
Figure 11: Different security threats .......................................................................................... 22
Figure 12: two factor authenticattion ......................................................................................... 24
Figure 13: Cryptography model ................................................................................................. 25
Figure 14: Compute Virtualization ............................................................................................ 26
Figure 15: Storage Virtualization.............................................................................................. 27
Figure 16: Network Virtualization ............................................................................................. 32
List of Tables
Table 1: Total cost of physical and virtual layer setup ............................................................... 34
Table 2:Total Cost of using cloud services ................................................................................ 35
Table 3:Total cost for security solutions .................................................................................... 36
1 General Assumptions
There are many strains placed upon the Manchester connections and the existing infrastructure
offered little in terms of office survivability, resilience, or redundancy. At this point the company
engaged you to provide a solution. After a detailed discussion with the business, including the
management team, and the users, there are four areas of concern that are of key importance for the
company which are:
With this plans and the ideas, it will make sure that,
A result of hosting the IT platform in the Cloud, users at all offices would now connect to
the cloud platform via their own office’s connections.
The new design should benefit from the current technologies with all necessary hardware
and software should be addressed.
A RAID configuration is used for the data storage in Cloud’s Storage Area Network (SAN),
ensuring a high level of data resilience and an efficient read/write speed.
Security for the connections and the applications must be in place.
1
2 Physical Architecture (Parishrama Bhusal)
2.1 Background
Amoria Bond, a multinational recruitment and executive search services firm, provides specialist
and personalized recruitment services to a number of impressive private sector clients. The
company went through a number of phases with their IT infrastructure. Following multiple
upgrades and server rollouts, the infrastructure includes File Servers, Terminal Servers, an
Exchange Server, and a Database Server. Applications used are office suite, generic day-to-day
office applications, and their recruitment database
A file server is a server that is responsible for the access to files. It acts as a central file storage
location that can be accessed by multiple systems. File servers are commonly found in enterprise
settings, such as company networks, but they are also used in schools, small organizations, and
even home networks. A file server may be a dedicated system. Or it may simply be a computer
that hosts shared files. Dedicated file servers are typically used for enterprise applications, since
they provide faster data access and offer more storage capacity than non-dedicated systems. In
home networks, personal computers are often used as file servers.
(Productions, 2011)
Terminal servers are the server or the network device which enables the connection between
multiple client systems to connect to a LAN without using a modem or a network interface. A
terminal server provides multiple benefits. First, terminal servers provide end users with access to
company resources from anywhere and from any device. Second, they facilitate a single point of
maintenance and allow you to monitor the infrastructure from a central dashboard. Third,
applications are installed once and regularly updated on the server, so there is no need to install or
update a program on each machine in the network.
(Bianco, 2019)
2
2.2.3 Exchange Server
Microsoft Exchange Server 2010 enables small and medium-sized companies to achieve greater
reliability and improved performance by simplifying administration tasks such as calendaring,
creating distribution lists, sending email messages, automatically performing voicemail
transcriptions, providing messaging delivery reports, and archiving mail boxes.
(Design, n.d.)
3
Required Hardware and Software
2.2.4 Hardware
Recommended Operating Systems
Hardware Requirements
2.2.5 Software
Cloud Management Software
HP Cloud Service Automation
HP Cloud Service Automation is the industry’s most comprehensive, unified cloud management
platform for managing enterprise-grade application and infrastructure cloud services. Increase
agility, reduce cost and risk, and improve time-to-market of application services with a self-service
portal and management platform for multiple cloud environments. It does have following benefits
or features:
Reduce service deployment time from months to minutes- Increase server utilization by up
to 80%, and reduce TCO by up to 30%
Broker and manage on-demand application and infrastructure services- Secure
environment with multi-tenancy and role-based access
Manage multiple cloud environments across private, public, and hybrid cloud
4
Virtualization Software
VMware Workstation Pro is one of the virtualization software which has been into the market for
more than 20 years, it is often looked upon as the industry standard when it comes to virtual
machine applications. Here are some features of VMware workstation pro:
High-Performance 3D Graphics
High Resolution Display Support
Helpful Snapshots
Cross Compatibility
Monster Virtual Machines
Restricted Access to Virtual Machines
Shared Virtual Machines
5
Tower Compute System
A tower compute system is a computer that is built in an upright cabinet that stands alone and that is
designed to function as a server. The cupboard is known as a tower, and multiple tower servers can
work simultaneously for different tasks and processes. Tower servers are popular owing to the
scalability and reliability features since unlimited servers can be added to the existing network largely
because of the independent nature of the individual tower servers. (Inc, n.d.)
6
Rack-mounted Compute System
A rack mounted computer system, also called a rack-mounted server, is a computer dedicated to
use as a server and designed to be fixed in a framework called a rack. The rack contains multiple
mounting slots called bays, each designed to clamp a hardware unit secured in place with screws.
A rack server has a low-profile attachment, in contrast to a tower server, which is built into an
upright, standalone cabinet. A single rack can cover multiple servers stacked one above the other,
combining network resources and minimizing the required floor space. The rack server
configuration also simplifies cabling among network components. In an equipment rack filled with
servers, a special cooling system is required to prevent excessive heat accumulation that would
otherwise occur when many power-dissipating components are limited in a small space. (Rouse,
n.d.)
7
Blade Compute System
A blade compute system is a server chassis housing multiple thin, modular electronic circuit
boards, known as server blades. Each blade is a server in its own right, often dedicated to a single
application. The blades are literally servers on a card, containing processors, memory, integrated
network controllers, an optional Fiber Channel host bus adaptor (HBA) and other input/output (IO)
ports. The blades are interconnected via a high speed bus and is modularly designed to increase
the compute system density and scalability.
(Rouse, 2008)
8
2.2.7 Storage
Storage system is the repository for saving and retrieving electronic data. A storage system has
devices, called storage devices (or storage) that enable the persistent storage and the retrieval of
data. Storage capacity is typically offered to consumers along with compute systems. Apart from
providing storage along with compute systems, a provider may also offer storage capacity as a
service (Storage as a Service), which enables consumers to store their data on the provider’s
storage systems in the cloud. This enables the consumers to leverage cloud storage resources for
purposes such as data backup and long-term data retention.
RAID is a storage technology in which data is written in blocks across multiple disk drives that are
combined into a logical unit called a RAID group. It helps to improve the data storage system’s
performance by serving I/O from multiple drives simultaneously and provides the data protection
against drive failures. It mainly uses three key techniques which are Striping, Mirroring and Parity.
Striping
Striping is a technique to spread data across multiple drives in order to use the drives in parallel
and increase performance as compared to the use of a single drive. Each drive in a RAID group
has a predefined number of contiguously addressable blocks called a “strip”. A set of aligned strips
that span across all the drives within the RAID group is called a “stripe”. All strips in a stripe have
the same number of blocks. Although striped RAID provides improved read-write performance, it
does not provide any data protection in case of disk failure.
Figure 4: Striping
9
2.2.8 Mirroring
Mirroring is a technique in which the same type of data is stored at the same time on two different
drives, resulting in two duplicates of the data. This is called a “mirrored pair”. Even if one drives fails,
the data is still complete on the surviving drive and the RAID controller continues to service data
requests using the persisting drive of the mirrored pair. When the failed disk is replaced with a new
disk, the controller duplicates the data from the surviving disk of the mirrored pair to the new disk.
This activity is transparent to the host. In addition to providing data redundancy, mirroring enables fast
recovery from disk failure. Since mirroring involves duplication of data, the amount of storage capacity
needed is twice the amount of data being stored. This increases costs because of which mirroring is
typically preferred for mission-critical applications that cannot afford the risk of any data loss.
Mirroring improves read performance because read requests can be serviced by both disks. However,
compared to a single disk and striping, write performance is slightly lower in mirroring because each
write request manifests as two writes on the disk drives.
Figure 5: Mirroring
10
2.2.9 Parity
Parity is a value derived by performing a mathematical process on individual strips of data and
stored on a slice of a RAID group. It enables the restoration of missing data in case of a drive
failure. Parity is a redundancy technique that guarantees information protection without
maintaining a full set of duplicate data. The RAID controller calculates the parity using techniques
such as “bitwise exclusive and the information can be stored on separate, dedicated disk drives or
distributed across the drives in a RAID group. Compared to mirroring, parity implementation
significantly reduces the cost associated with data protection. However, a constraint of parity
execution is that parity is recalculated every time there is a change in data, which may affect the
performance of the RAID array.
Figure 6:Parity
11
2.2.10 Network
12
2.3 Suggested Network Communication model
There are different network communication models but for the multinational company or
organization like Amoria Bond it will be great if we use the Inter-Cloud Communication model.
As the company has multiple offices including Manchester as the Head Office, London,
Amsterdam, Cologne and Singapore the resources can be accessed from any location over a
network. There may be several combinations of inter-cloud connectivity as depicted in the figure
on the slide. Inter-cloud connectivity enables clouds to balance workloads by accessing and using
computing resources, such as processing power and storage resources from other cloud
infrastructures. The cloud provider has to ensure network connectivity of the cloud infrastructure
over a WAN to the other clouds for resource access and workload distribution.
13
2.4 Network Design and Topology
Following figure describes the geographical locations of the network. Each of the Amoria
Company’s locations will be connected to a VPN via internet. A VPN service is purchased from a
local VPN service provider. There are several reasons to use a VPN. VPN makes it easier to add
more sites and it is cheaper and secure. The employees will have the ability to connect to the
internal Amoria network remotely, so they can access their computers at work while they are at
home. The other advantage is additional branch offices could be added to the network easily. A
microwave link between the branches is set upped. Video conferencing capabilities among the
regional branches and voice calling among the branches is established. The Global Headquarters
is connected to the local head office via a global VPN.
The Cisco networking devices are mostly used inside the network for routing and switching.
Because they are best and trustworthy in the field. They provide warranties, a good support, and
an affordable price and also those devices are durable.
(Anjitha, n.d.)
14
3 Migration (Aayush Sharma )
Cloud migration is the process of partially or completely deploying an organization's digital assets,
services, IT resources or applications to the cloud. The migrated assets are then accessible behind
the cloud's firewall. Cloud migration is also known as business process outsourcing, which may
entail migrating a total organizational infrastructure, where computing, storage, software and
platform services are transferred to the cloud for access.
3.1.1 Justification
Adopting a hybrid cloud strategy maximizes technology for enterprise business growth, because
IT can leverage existing cloud expertise and economies in conjunction with legacy investments.
With a combined on- and off-premises approach to cloud services, the organization can control
costs, increase security, and improve performance. As much as 30–40 percent of traditional IT
spending can shift to emerging technology initiatives that drive new revenue. A hybrid cloud can
also replace uncoordinated and shadow efforts. IT and the company will have a common business
ground to share engineering, management, and workload optimization across every enterprise
cloud.
15
3.1.2 Advantages
The advantage of using hybrid cloud deployment model is:
3.1.3 Limitation
The limitations of hybrid cloud are:
Cost
While the public cloud can offer an attractive option for its flexibility and relatively low cost to
operate, building a private enterprise cloud requires significant expenditure and can become
expensive very quickly with all the physical hardware necessary.
Security
Cloud computing is not inherently any less secure than traditional computing, and in fact faces
fewer attacks. The proper precautions must be taken to ensure that the data is properly protected
and control is maintained by the right people. Additionally, depending on the industry, there may
be certain regulatory requirements that prohibit data from being stored off-site, which would
prevent the use of a public cloud entirely.
Applications and data exist in a symbiotic relationship, with each one being useless without the
other. Oftentimes they’re chained together. So when considering where to store each of them, it’s
essential to ask whether the infrastructure they’re placed on matters. Technologies like copy data
virtualization can decouple data from infrastructure and make this problem less of a headache.
16
Compatibility
Compatibility across infrastructure can prove itself to be a major issue when building a hybrid
cloud. With dual levels of infrastructure, a private cloud the company controls and a public one
that it doesn’t, the chances are that they will be running different stacks.
Networking
Will very active applications be living in the cloud? It’s necessary to consider the bandwidth usage
they could take up on the network and whether or not it could cause problems in bottlenecking
other applications. (rwireless, 2016)
3.2.1 Justification
Like other cloud offerings, IaaS takes advantage of the elasticity and flexibility of the cloud to deliver
infrastructure, with tangible benefits for enterprises. IaaS will allow us to choose when, how, and what
computing resources to consume and to scale up or down as demands change, drastically reducing time
to market. Since the IaaS vendor is responsible for configuring and maintaining the infrastructure,
Amoria don’t have to worry about infrastructure upgrades and can focus on rolling out applications
instead. Moreover, by outsourcing the task of building and maintaining infrastructure to a service
provider, Amoria can reduce capital expenditures on hardware and software. With a pay-as-you-go
pricing model, Amoria can only pay for the resources they use in a given period. The reduction of IT
costs by migrating to virtualized servers and the enhancement of business agility through the use of
on-demand computing resources are perhaps the most common reasons for adopting IaaS as a long-
term strategy, short-term needs also make good IaaS use cases. For instance, IaaS can be leveraged in
seasonal marketing campaigns and promotions to deploy web applications on a short-term basis
without paying upfront costs to
17
Increase computing capacity. When the promotion ends, IaaS resources can be back scaled down.
(mulesoft, n.d.)
18
Infrastructure as a Service (IaaS) Disadvantages
19
3.3 Proposed Cloud-based Architecture
When talking about a cloud computing system, it's helpful to divide it into two sections: the front
end and the back end. They connect to each other through a network, usually the Internet. The
front end is the side the computer user, or client, sees. The back end is the "cloud" section of the
system. (mibawa, n.d.)
The front end includes the client's computer (or computer network) and the application required to
access the cloud computing system. Not all cloud computing systems have the same user interface.
Services like Web-based e-mail programs leverage existing Web browsers like Internet Explorer or
Firefox. Other systems have unique applications that provide network access to clients.
On the back end of the system are the various computers, servers and data storage systems that
create the "cloud" of computing services. In theory, a cloud computing system could include
practically any computer program you can imagine, from data processing to video games. Usually,
each application will have its own dedicated server.
20
4 Security Solution (Bijaya Subedi)
Whenever deploying a cloud services, it is very important to set up a correct security system. As we
know, cloud service has a lot of security threat possibility. While providing the cloud services, one
should always be careful about security. Security threat simple procedure is shown below:
21
Figure 11: Different security threats
Concern
While providing cloud services, providers should always be aware of data loss. Data stored in the
cloud can be lost for reasons other than malicious attacks. There is always the chance of accidental
deletion of data by the cloud service provider, or a chance of physical catastrophe like fire or
earthquake, can lead to the permanent loss of customer data. This is a big risk and threat concern
for security-threat while providing cloud services.
Solution
For the solution of this concern, the provider or cloud consumer must take adequate measures to
back up data. Secondary device. Data replica, on multiple platform. Such that if data on one data
center get loss, there would always be the chances of data backup. Service provider can control
the uploading and downloading of documents by using platforms like G Suite, Office 365, Google
Drive, OneDrive, and Dropbox e.tc. Servicer provider can set various data loss protection policies
from the Cloud Codes console, by using the predefined templates or simply by adding one of their
own. Using these policies, an organization can audit, monitor and control any unauthorized data
activity happening in the organization. (External attack, Virus)
(Violino, 2019)
(Adams, 2017) (Ma, 2015) (Morrow, 2018)
22
4.1.2 Hijacked Interface/Insecure API-Security threat two
Concern
While implementing cloud service, Amoria Bond recruiting company needs to expose a set of
software user interfaces (UIs) or APIs that customers use to manage and interact with cloud
services. Provisioning, management, and monitoring of Amoria Bond would be all performed with
these interfaces. The chance of getting hacked increases when companies grant third parties access
to the APIs. The vulnerability of an API occurs when the communication takes place between
applications. Threat actors are always looking for vulnerabilities in management APIs. If
discovered, these vulnerabilities can be turned into successful attacks, and company cloud assets
may be compromised.
Solution
The best way to protect yourself from API hacks is to implement threat modeling applications and
systems into the development lifecycle. It's also recommended that you perform thorough code
reviews to ensure that there aren't any gaps in your security.
APIs uses an access token for user authentication; it’s obtained through an external mechanism
such as OAuth or during sign up. API token can be a better solution, token passes on a request to
the API and then gets validated for further processing. Some of the other solutions are:
(Adams, 2017)
23
4.1.3 Data Breaches: Security threat three
Concern
Cloud data storage and cloud computing have forced cyber-criminals to invent new ways to
circumvent security technology so they can administer their new methods of attack. A data breach
can lead to the exposure of sensitive customer information, intellectual & important properties, as
well as sensitive trade secrets, all of which can lead to serious consequences. It's possible for a
user on one virtual machine to listen for activity that signals brings on the arrival of an encryption
key on another virtual machine on the same host. As we know, database is the company’s lifeblood
and incredibly valuable to them, but also to their competitors. Organization sensitive internal data
falls into the hands of their competitors.
Solution
The most efficient method of preventing data breaches is to use encryption and multi-factor
authentication. If sensitive or regulated data is put in the cloud and a breach occurs, the company
needs to disclose the breach and send notifications to potential victims.
Other basic points for solution for the data breaches are:
Implement an API based cloud access security brokers to Avoid Data Breach
Standardized security and policy enforcement regardless of the source network or end user
device.
Data encryption in both in-rest and in-transit
(Adams, 2017)
(Ma, 2015)
24
4.2 Proposed Security Model
For the solution of above mentioned threat, Amoria Bond should choose a correct security model
among all the available security models for cloud infrastructures. For the company, Amoria Bond
follows cryptography security model. Brief description of cryptography is given below:
In this way the data that are retrieved from Cloud Storage Service will firstly go to Cryptographic
Service, and afterward the data will be transformed into cipher text via the technique of data
encryption by using private or public encryption keys. And finally the data will be transferred to
cloud user via Data Processing Service. Similarly, for the API protection, token will be passed on
a request to the API and then gets validated for further processing. By the above explained process,
only a valid user can access the data by decrypting the data and API with the particular key for
data encryption and particular token for API protection. This tunnel hides the cryptographic
operations from the Data Processing Service and Cloud Storage Service. By used following this
model of cloud security, both the risk of data breaches and data loss will be red. Hence,
Cryptographic operations will offer advanced data protection for data access.
(Ashish Kumar Gaur, 2015)
25
5 Virtualization
5.1 Compute virtualization techniques, methods and resources
Compute virtualization can be defined as a technique of separating the physical hardware from the
operating systems. The benefit of this mechanism is to run multiple OSs on a single physical
machine. The same concept can be implemented in the case of a clustered environment or pool of
machines.
For the implementation of compute virtualization, the actual physical machine has to be divided
into several virtual machines. The main object that keeps all these virtual machines together and
makes them easier to manage is the hypervisor. Also known as the monitor of the virtual machines,
a hypervisor is nothing but a software layer which intercepts the calls of the operating system and
divides the labor to the available hardware resources. Thus, hypervisors allocate a certain amount
of virtual CPU and RAM to the virtual machines. These are mainly of two types: Hypervisors of
the first type run directly on the hardware resources of the server, such as Microsoft’s Hyper-V,
Citrix XenServer and VMware ESX, while those of the second type run on the existing OS.
VMware Workstation and SWSoft’s Parallels Desktop are examples of the second type. (Pal,
2016)
26
5.2 Storage Virtualization
Storage virtualization is the process of presenting a logical view of the physical storage resources
to a host. This logical storage appears and behaves as physical storage directly connected to the
host. Throughout the evolution of storage technology, some form of storage virtualization has been
implemented. Some examples of storage virtualization are host-based volume management, LUN
creation, tape storage virtualization, and disk addressing. The key benefits of storage virtualization
include increased storage utilization, adding or deleting storage without affecting an application’s
availability, and non-disruptive data migration (access to files and storage while migrations are in
progress).
5.2.1 Techniques
Traditional storage: Single disk
A data consumer issues read/write requests. The disk controller either reads or writes to specific
locations on disk.
27
RAID: Multiple disk
This is one of the most widely used implementations for storage virtualization. While it
may not seem like it, the data storage environment is indeed virtualized.
Multiple disks are aggregated into a storage structure to increase storage, increase
resiliency, or both.
A data consumer issues read/write requests. The storage controller determines which
storage devices contain the data, compute the entire request from multiple devices
(potentially), and return it to the consumer. The data is no longer on a single device.
A group of disks are placed into an array structure. The disks are aggregated in some fashion
(typically in RAID levels). However, a subset of the allocated capacity is divided and presented to
a data consumer as a LUN. The LUN is a logical storage device for a consumer.
Multiple tiers of storage are created based on storage device profile (capacity and
performance), typically a RAID group or other physical storage enclosures.
The storage device creates a higher-level structure, called a pool, of which the various
performance tiers are members. The pool structure is presented to the data consumer at the
LUN level.
The storage controller stores metadata about which data blocks reside in which tier, and
their location inside the tier.
Building on top of storage pools, storage controllers (via metadata) are able to determine
the data access patterns for individual blocks of data.
Frequently used data is moved to the highest performing tier of disk while less frequently
accessed data is moved to the lower performing tier of disk.
28
This migration occurs without the knowledge of the data consumer. The consumer sees the
storage as a LUN and does not know (or care) about what happens as long as the data is
available.
Many data structures share the same data patterns. Microsoft Word files share the same
framework across all files, regardless of content. Microsoft Windows servers all have
common files. Conceptually, deduplication addresses the idea of “Why store multiple
copies of the same data over and over again?”
Based on the type of algorithm, the storage device processes existing data to determine if
any duplicate data exists.
In the event of duplicate data, the storage controller creates pointers to the common data.
Common blocks are replaced by a pointer, and the overall storage footprint is reduced.
Thin provisioning: Not allocating storage at creation time
This functionality operates under the theory that space may be allocated but never fully
used, resulting in unused space that cannot be used by anyone else.
The storage controller receives a request to allocate space for a data consumer. The
controller creates the basic framework that represents a LUN. However, internal to the
storage device, the space is not allocated. Rather, the LUN is basically authorized to
consume a specific amount of disk space.
As the disk consumer continues to use storage space, the LUN grows on the storage
controller until the LUN size is completely allocated. Until the LUN is fully utilized, the
unused space can be used for other purposes.
This may result in over-allocation of storage, though, and needs monitoring. (HILL, 2012)
29
5.2.2 Methods
Block-Level – This method of storage virtualization includes the abstraction or separation
of logical storage from physical storage to grand access without considering the physical
storage or heterogeneous structure. This separation offers greater flexibility in managing
the storage for end users. This type of system replaces controllers and takes over at the disk
level while initializing virtualization before the file system exists.
File Level – This method can be adopted to tackle the Network Attached Storage (NAS)
challenges by eliminating the dependencies among the data accessed at the file level and
the exact location of the physical file storage. This can also provide opportunities to
optimize storage use and server consolidation to perform non-disruptive file migrations.
The three main methods to virtualize storage include network-based, host-based, and array-based
virtualization techniques.
Host-Based Storage Virtualization – While the host operating system should have an
installed driver to intercept and redirect IO requests, additional software running on the
host, as a privileged task or process are required to implement host based storage
virtualization. Volumes or LUN's presented to the host system are handled by a traditional
physical device driver. However, a software layer or the volume manager residing above
the disk device driver intercepts the I/O requests, and supply the meta-data lookup with I/O
mapping.
Network-Based Storage Virtualization – With network-based storage, a fiber channel
switch is placed between the host and the storage that virtualizes and redirects all IO
requests. Even though the Operating System is not a factor influencing network-based
storage, the switch and storage arrays must be compatible with each other.
Array-Based Storage Virtualization - A single master array handles all the IO requests
for all arrays in the system in this type of virtualization that allows flawless centralized
management and data migration.
30
5.2.3 Resources
There are three key steps involved in making resources available to consumers. They are:
The virtualization software preforms the abstraction of the physical resources and are deployed on
compute system, network devices, and storage devices. The key functions of a virtualization
software are to create resource pools and create virtual resources.
31
5.3 Network Virtualization
Network Virtualization is a method of combining the available resources in a network by splitting
up the available bandwidth into different channels, each being separate and distinguished. They
can be either assigned to a particular server or device or stay unassigned completely all in real
time. Network virtualization disguises the true complexity of the network by separating them into
different parts that are easy to manage, much like how the segmented hard drive makes it easier to
manage files. (EUGENE, 2018)
Above shown figure is of network virtualization. Network Virtualization can also be defined as a
maintained physical network resources in order to create virtual resources. Network virtualization
software can be built into the operating environment of a network device, Hypervisor’s capability
and such system can be installed on an independent computing system
Virtual Switch
Virtual LAN/ Virtual SAN
32
The following are the advantages of network virtualization
I. Less number of resources are required such as: less cost, less space consumption, lower
power/cooling requirements, less demand, less effort, less time.
IV. Multiple (virtualized) devices with separate roles and simpler configurations:
Possibility to keep “known good” scalable, stable and secure designs (e.g. 3-tier model)
Limits security concerns
Less risk of unexpected software behavior because of unusual or too complicated
configuration
V. Easier to manage
(Grygarek, 2010)
33
6 Cost Analysis
6.1.1 Total Cost of physical and virtual layer setup
Total $29,754.03
34
6.2 Total Cost of using cloud services
Service Price Estimation Per Unit
6.3
35
6.4 Total Cost for security solutions
Equipment Price Estimation per duration
Cost-Benefit Analysis (CBA) estimates and totals up the equivalent money value of the benefits
and costs to the community of projects to establish whether they are worthwhile. These projects
may be dams and highways or can be training programs and health care systems. (Watkins, n.d.)
36
7 Conclusion
Therefore the solution for the strain placed upon the Manchester connections, and the existing
infrastructure offered little in terms of office survivability, resilience, or redundancy was given
above by providing the solution above. After a detailed discussion with the business, including the
management team, and the users, we have made solution by identifying four areas of concern that
are of key importance for the company i.e. Resilience, Redundancy, and Availability, Security,
Backup, and Disaster Recovery Planning, Connectivity and Bandwidth, Scalability, including
Hardware & Software Upgrades and so on.
37
8 References
Adams, C., 2017. panoply. [Online]
Available at: https://blog.panoply.io/top-cloud-security-threats-risks-and-concerns
[Accessed 13 07 2019].
Anjitha, G., n.d. Academia. [Online]
Available at: https://www.academia.edu/7070921/Network_Design_for_a_Company
[Accessed 10 07 2019].
Ashish Kumar Gaur, P. R. V. S., 2015. International Jorrnal of Computer Application. [Online]
Available at: https://www.ijcaonline.org/archives/volume133/number13/23848-2016908125
[Accessed 15 17 2019].
Barry, D. K., 2019. service-architectur. [Online]
Available at: https://www.service-architecture.com/articles/cloud-
computing/infrastructure_as_a_service_iaas.html
[Accessed 07 2019].
Bianco, S., 2019. Parallels. [Online]
Available at: https://www.parallels.com/blogs/ras/what-is-a-terminal-server/
[Accessed 11 07 2019].
CIOReview, n.d. CIOReview. [Online]
Available at: https://virtualization.cioreview.com/news/implementing-storage-virtualization-for-
efficient-data-management-nid-18073-cid-86.html
[Accessed 15 07 2019].
Design, M., n.d. its. [Online]
Available at: http://www.its-it-services.co.uk/what-is-exchange-server.aspx
[Accessed 10 07 2019].
EUGENE, 2018. sam solutions. [Online]
Available at: https://www.sam-solutions.com/blog/virtualization-techniques-in-cloud-computing/
[Accessed 07 2019].
Grygarek, 2010. Advanced Computer Networks Technoligy. In: Network Virtualization. s.l.:s.n.
Hewlett-Packard Development Company, L., n.d. SelectHub. [Online]
Available at: https://selecthub.com/managed-cloud-services/hp-cloud-service-
automation/?from_category=16
[Accessed 10 07 2019].
HILL, B., 2012. Tintri. [Online]
Available at: https://www.tintri.com/blog/2012/01/storage-virtualization-overview
[Accessed 07 2019].
Inc, T., n.d. Techopedia Inc. [Online]
Available at: https://www.techopedia.com/definition/15318/tower-server
[Accessed 07 2019].
Ma, J., 2015. imperva. [Online]
Available at: https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
[Accessed 12 07 2019].
mibawa, n.d. mibawa. [Online]
Available at: http://etame.mibawa.co/cloud-architecture/
[Accessed 10 07 2019].
mibawa, n.d. mibawa. [Online]
Available at: http://etame.mibawa.co/cloud-architecture/
[Accessed 10 07 2017].
Morrow, T., 2018. 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud, Pittsburgh:
Carnegie Mellon University.
38
mulesoft, n.d. mulesoft. [Online]
Available at: https://www.mulesoft.com/resources/cloudhub/iaas-infrastructure-as-a-service
[Accessed 12 07 2019].
Orgera, S., n.d. Lifewire. [Online]
Available at: https://www.lifewire.com/best-virtual-machine-software-4147437
[Accessed 13 07 2019].
Pal, K., 2016. techopedia. [Online]
Available at: https://www.techopedia.com/2/31919/trends/an-intro-to-compute-virtualization
[Accessed 14 07 2019].
Productions, S., 2011. Tech Terms. [Online]
Available at: https://techterms.com/definition/file_server
[Accessed 07 2019].
Rouse, M., 2008. TechTarget. [Online]
Available at: https://searchdatacenter.techtarget.com/definition/blade-server
[Accessed 15 07 2019].
Rouse, M., n.d. TechTarget. [Online]
Available at: https://searchdatacenter.techtarget.com/definition/blade-server
[Accessed 15 07 2019].
rwireless, 2016. rcrwireles. [Online]
Available at: https://www.rcrwireless.com/20160922/big-data-analytics/hybrid-cloud-iot-tag31-
tag99
[Accessed 15 07 2019].
Violino, B., 2019. The dirty dozen: 12 top cloud security threats. CSO.
Watkins, T., n.d. applet-magic.com. [Online]
Available at: http://www.applet-magic.com/cbapod.htm
[Accessed 07 2019].
39
Workload Matrix
Names Work Percentage Signature
40
Marking Scheme
Presentation (10)
Overall Marks (A + B)
41