GROUP ASSIGNMENT

TECHNOLOGY PARK MALAYSIA

CT097-3-3-CSVC
CLOUD INSFRASTRUCTURE AND SERVICES
NP3F1801IT
HAND OUT DATE: 7 February 2018
HAND IN DATE: 17 May 2018
WEIGHTAGE: 50%

Aditya Lal Amatya (NP000013)

Ashish Ghimire (NP000023)
Prabin Adhikary (NP000047)

INSTRUCTIONS TO CANDIDATES
1. Submit your assignment to the administration counter.
2. Students are advised to underpin their answers with the use of references (sites
using the Harvard Name System of Referencing)
3. Late submission will be awarded zero (0) unless Extenuating Circumstances (EC)
are upheld
4. Cases of plagiarism will be penalized
5. The assignment should be bound in an appropriate style (Comb Bound or Stapled)
6. Where the assignment should be submitted in both hardcopy and softcopy, the
softcopy of the written assignment and source code (where appropriate) should be
on a CD in an envelope/ CD cover and attached to the hardcopy.
7. You must obtain 50% overall to pass this module.
8. Table of Contents
9. Executive Summary.............................................................................................................1
10. General Assumptions...........................................................................................................2
11. 1................................................................................................................... Physical Architecture
.............................................................................................................................................3
12. 1.1............................................................................................................................... Introduction
3
13. 1.2........................................................................................................... Available Infrastructure
3
14. 1.2.1 Compute System........................................................................................................3
15. 1.2.2 Storage System..........................................................................................................6
16. 1.2.3 Network System.........................................................................................................6
17. 1.3................................................................................... Hardware and Software Requirements
7
18. 1.3.1 Hardware and Software Requirement for Compute System......................................7
19. 1.3.2 Hardware and Software Requirement for Storage System........................................8
20. 1.3.3 Hardware and Software Requirement for Network System......................................8
21. 1.4........................................................................ Suggested Network Communication Models
8
22. 1.5............................................................................................... Network Design and Topology
9
23. 2................................................................................................................................ Virtualization
...........................................................................................................................................10
24. 2.1............................................ Compute Virtualization Techniques, Methods and Resources
10
25. 2.2............................................... Storage Virtualization Techniques, Methods and Resources
10
26. 2.3............................................. Network Virtualization Techniques, Methods and Resources
12
27. 3........................................................................................................................... Cloud Migration
...........................................................................................................................................13
28. 3.1............................................................................................................................... Introduction
13
29. 3.1.1 Public Cloud............................................................................................................14
30. 3.1.2 Private Cloud...........................................................................................................14
31. 3.1.3 Hybrid Cloud...........................................................................................................14
32. 3.2...................................................................................... Proposed Cloud Deployment Model
15
33. 3.2.1. Justification and Advantages...................................................................................15
34. 3.2.2. Limitations...............................................................................................................15
35. 3.3............................................................................................... Proposed Cloud Service Model
16
36. 3.3.1. Justification and Advantages...................................................................................18
37. 3.3.2. Limitations...............................................................................................................18
38. 3.4....................................................................................... Proposed Cloud-based Architecture
18
39. 4........................................................................................................................ Security Solutions
...........................................................................................................................................20
40. 4.1............................................................................................................................... Introduction
20
41. 4.2................................................................................. Security Concern/Threats and Solution
21
42. 4.2.1. Security Threat 1......................................................................................................21
43. 4.2.2. Security Threat 2......................................................................................................23
44. 4.2.3. Security Threat 3......................................................................................................23
45. 4.3......................................................................................................... Proposed Security Model
24
46. 5................................................................................................................ Cost Benefits Analysis
...........................................................................................................................................26
47. 5.1.................................................................... Total Cost of Physical and Virtual Layer Setup
26
48. 5.2........................................................................................ Total Cost of using Cloud Services
26
49. 5.3............................................................................................. Total Cost for security solutions
27
50. 5.4.................................................................................................... Return on Investment (ROI)
27
51. 6.................................................................................................................................... Conclusion
...........................................................................................................................................28
52. References............................................................................................................................I
53. Appendix............................................................................................................................III
54. Appendix I: Marking Scheme............................................................................................III
55. Appendix II: Gantt chart....................................................................................................IV
56. Appendix III: Workload Matrix..........................................................................................V
57.
List of Figures
Figure 1: Tower Compute System...................................................................................................4
Figure 2: Rack-Mounted Compute System.....................................................................................5
Figure 3: Blade Compute System....................................................................................................5
Figure 4: Suggested Network Communication Models...................................................................8
Figure 5: Network Design...............................................................................................................9
Figure 6: Multi data center Architecture.......................................................................................19
 Executive Summary
The project is a research for the migration of all services currently being dissipated by "Amoria
Bond" to the cloud in order to reduce strain in its data transactions. For this very purpose, various
deployment models were studied for its feasibility to understand the context of what the
company needs. During the feasibility study, the first and basic would be the study of physical
architecture that mentions all the necessary hardware requirements for Cloud implementations. It
includes hardware that will be responsible for storage, computation, networking etc. From
various available services and communication models, best suited ones are suggested for the
company "Amoria Bond". Similarly network design and topology is also suggested within the
research. Along with the specifications regarding virtualization techniques, methods and
resources which include computational, storage, and networking. The migration of the services
currently being provided by "Amoria Bond" has been included within the report that specifically
depicts some of the deployment model and service models. Among the various available service
models best suited and the most effective ones are also mentioned. Architecture for the cloud
based service has been included within the report. Using cloud services is beneficial from
different point of view but it also has some short comings. One of the many is security problems.
Since the data in the cloud is vulnerable it is necessary to protect those data using available data
security solutions. Some of the basic threat and the methods to overcome has also been provided
with a proposed security model for the cloud service deployment. In the end, the cost of
implementing cloud service has been analyzed and summarized for "Amoria Bond".

1
 General Assumptions
The implementation of It platforms in the cloud will be beneficial for the office's new
connections. The different departments of the office would be using cloud services and as a result
of that they will have the ability to access files and data from the cloud. The new design
implementations will benefit the organization from all perspectives by reducing the strain in their
data transactions. Some of the hardware devices that will be used in the cloud deployment will
be all the basic computing devices such as hard disk, motherboard, RAM, processor, NICs
(Network Interface Card), VPN, disk management system, and other devices. Also, Operating
system will be an essential component in the deployment of the service. RAID configuration will
be used for the data storage in Cloud's Storage Are Network (SAN) which will ensure a high
level of data resilience and an efficient read/write speed. Also, security will be used for the
connections including different firewall systems.

2
1. Physical Architecture
1.1. Introduction
Physical layer or architecture is the foundation layer of the cloud infrastructure. Physical layer
specifies the physical entities that operate at this layer such as compute systems, networking
devices, and storage devices. This layer also specifies the entities such as operating environment,
protocols, tools, and processes that enable the physical entities of this layer to perform their
functions and serve other layers of the cloud infrastructure. A key function of this layer is to
execute the request generated from the virtualization layer or control layer. Examples of requests
from the layers include storing data on the storage devices, performing communication among
compute systems, executing programs on a compute system, creating backup copy of data, or
executing security policy to block an unauthorized activity.

1.2. Available Infrastructure

Physical compute systems host the applications that a provider offers as services to consumers
and also execute the software used by the provider to manage the cloud infrastructure and deliver
services. A cloud provider also offers compute systems to consumers for hosting their
applications in the cloud. Storage systems store business data and the data generated or
processed by the applications deployed on the compute systems. Storage capacity may be offered
along with a compute system or separately (for example, in case of cloud-based backup).
Networks connect compute systems with each other and with storage systems. A network, such
as a local area network (LAN), connects physical compute systems to each other, which enables
the applications running on the compute systems to exchange information. A storage network
connects compute systems to storage systems, which enables the applications to access data from
the storage systems. If a cloud provider uses physical computing resources from multiple cloud
data centers to provide services, networks connect the distributed computing resources enabling
the data centers to work as a single large data center. Networks also connect multiple clouds to
one another—as in case of the hybrid cloud model—to enable them to share cloud resources and
services.

3
1.2.1 Compute System
A compute system typically comprises the following key physical hardware components
assembled inside an enclosure:

 Processor
 Random-Access Memory (RAM)
 Read-Only Memory (ROM)
 Motherboard
 Chipset
Besides these key components, a compute system may also have components such as a
secondary/persistent storage in the form of a disk drive or a solid state drive, a GPU card, NICs,
and a power supply unit.

Types of Compute System

The compute systems used in building data centers and cloud infrastructure are typically
classified into three categories:

 Tower Compute System

Figure 1: Tower Compute System

A tower compute system, also known as a tower server, is a compute system built in an upright
enclosure called a “tower”, which is similar to a desktop cabinet. Tower servers have a robust
build, and have integrated power supply and cooling. They typically have individual monitors,
keyboards, and mice. Tower servers occupy significant floor space and require complex cabling
when deployed in a data center. They are also bulky and a group of tower servers generates
considerable noise from their cooling units. Tower servers are typically used in smaller

4
environments. Deploying a large number of tower servers in large environments may involve
substantial expenditure.

 Rack-Mounted Compute System

Figure 2: Rack-Mounted Compute System

Typically, a console with a video screen, keyboard, and mouse is mounted on a rack to enable
administrators to manage the servers in the rack. A keyboard, video, and mouse (KVM) switch
connects the servers in the rack to the console and enables the servers to be controlled from the
console. An administrator can switch between servers using keyboard commands, mouse
commands, or touchscreen selection. Some concerns with rack servers are that they are
cumbersome to work with, and they generate a lot of heat because of which more cooling is
required, which in turn increases power costs.

 Blade Compute System

Figure 3: Blade Compute System

A blade compute system, also known as a blade server, is an electronic circuit board containing
only core processing components, such as processor(s), memory, integrated network controllers,
storage drive, and essential I/O cards and ports. Each blade server is a self-contained compute
system and is typically dedicated to a single application. A blade server is housed in a slot inside

5
a blade enclosure (or chassis), which holds multiple blades and provides integrated power
supply, cooling, networking, and management functions. The blade enclosure enables
interconnection of the blades through a high speed bus and also provides connectivity to external
storage systems.

1.2.2 Storage System

Data created by individuals, businesses, and applications need to be persistently stored so that it
can be retrieved when required for processing or analysis. A storage system is the repository for
saving and retrieving electronic data and is integral to any cloud infrastructure. A storage system
has devices, called storage devices (or storage) that enable the persistent storage and the retrieval
of data. Storage capacity is typically offered to consumers along with compute systems. Apart
from providing storage along with compute systems, a provider may also offer storage capacity
as a service (Storage as a Service), which enables consumers to store their data on the provider’s
storage systems in the cloud. This enables the consumers to leverage cloud storage resources for
purposes such as data backup and long-term data retention.

There are Several Storage Devices, some of them are:

 Magnetic Disk Drive

 Solid-State Drive (SSD)
 Magnetic Tape
 Optical Disk Drive

1.2.3 Network System

A network establishes communication paths between the devices in an IT infrastructure. Devices
that are networked together are typically called “nodes”. A network enables information
exchange and resource sharing among a large number of nodes spread across geographic regions
and over long distances. A network may also be connected to other networks to enable data
transfer between nodes.

 Compute-to-compute Communication
Compute-to-compute communication typically uses protocols based on the Internet
Protocol (IP). Each physical compute system (running an OS or a hypervisor) is
connected to the network through one or more physical network cards, such as a

6
 network interface controller (NIC). Physical switches and routers are the commonly-
used interconnecting devices. A switch enables different compute systems in the
network to communicate with each other. A router enables different networks to
communicate with each other. The commonly-used network cables are copper cables
and optical fiber cables.

 Compute-to-storage Communication
A network of compute systems and storage systems is called a storage area network
(SAN). A SAN enables the compute systems to access and share storage systems.
Sharing improves the utilization of the storage systems. Using a SAN facilitates
centralizing storage management, which in turn simplifies and potentially
standardizes the management effort. SANs are classified based on protocols they
support. Common SAN deployments types are Fiber Channel SAN (FC SAN),
Internet Protocol SAN (IP SAN), and Fiber Channel over Ethernet SAN (FCoE
SAN).

 Inter-cloud Communication
The cloud tenets of rapid elasticity, resource pooling, and broad network create a
sense of availability of limitless resources in a cloud infrastructure that can be
accessed from any location over a network. However a single cloud does not have an
infinite number of resources. A cloud that does not have adequate resources to satisfy
service requests from clients, may be able to fulfill the requests if it is able to access
the resources from another cloud.

1.3. Hardware and Software Requirements

For any system, Hardware and Software Requirement are really important for that system to
operate.

1.3.1 Hardware and Software Requirement for Compute System

Hardware Requirement:

 Motherboards
 Central Processing Unit
 Graphics Processor Unit
 Memory (RAM)

7
 Software Requirement

 Operating System
 Drivers for CPU and GPU

1.3.2 Hardware and Software Requirement for Storage System

Hardware Requirement:

 Storage Device (SSD, Hard-Drives, etc)

Software Requirement:

 Any software for running the storage device in RAID configuration (Disk
Management Software)
1.3.3 Hardware and Software Requirement for Network System
Hardware Requirement:

 Network Interface Card

 Modems
 Routers
Software Requirement:

 Drivers for NIC, Modems and Routers

 VPN Software for VPN Service Providers

1.4. Suggested Network Communication Models

Figure 4: Suggested Network Communication Models

8
The above diagram is current scenario of the company where there is strain to the connection of
the Manchester head office. In order to load balance virtual LAN is created. That is why, on
every connection form each branch they will be connected their virtual LAN and resources are
also virtualized.

1.5. Network Design and Topology

Figure 5: Network Design

The above diagram describes the overall network architecture of Amoria-Band whereby the main
branch contains the network components including routers switches, server, and PCs.
implemented network topology is Star-Bus topology. This network topology is also called tree
because all network devices and computers are connected to centralized switch with cables
shaped as a star. Star bus topology is often used in local area network. In star bus topology
problems of the network can be easily identified however, if the headquarter experience some
problems with the network, other branches would be affected too.

9
2. Virtualization
Virtualization is the "creation of a virtual (rather than actual) version of something, such as a
server, a desktop, a storage device, an operating system or network resources".

In other words, Virtualization is a technique, which allows sharing a single physical instance of a
resource or an application among multiple customers and organizations. It does by assigning a
logical name to a physical storage and providing a pointer to that physical resource when
demanded. [Jav]

2.1. Compute Virtualization Techniques, Methods and Resources

Compute virtualization can be defined as a technique of separating the physical hardware from
the operating systems. The benefit of this mechanism is to run multiple OSs on a single physical
machine. The same concept can be implemented in the case of a clustered environment or pool of
machines.

Compute Virtualization is mainly used for testing the applications on different platforms of OS.
For the implementation of compute virtualization, the actual physical machine has to be divided
into several virtual machines. The main object that keeps all these virtual machines together and
makes them easier to manage is the hypervisor. Also known as the monitor of the virtual
machines, a hypervisor is nothing but a software layer which intercepts the calls of the operating
system and divides the labor to the available hardware resources. Thus, hypervisors allocate a
certain amount of virtual CPU and RAM to the virtual machines. [Kau16]

Compute virtualization is a simplification of traditional architecture to reduce the number of

physical devices. This enables us to run multiple operating systems on a single machine. The
same concept can be implemented on a pool of machines. It also helps in reducing the
maintenance costs as it splits the physical server into many smaller servers. These servers can be
run on different computers. This will increase the efficiency of IT services and software

2.2. Storage Virtualization Techniques, Methods and Resources

The concept of virtualization has been around for some time. Virtualization is really just the
abstraction of an actual entity or construct into logical representations of those entities or
constructs. Most of the time, the term “virtualization” is tied to server virtualization — a

10
technology made popular by VMware, Microsoft, Xen, etc. However, while server virtualization
is the hot trend in enterprise IT, storage virtualization is making significant strides in
functionality; people just do not realize it yet. The storage virtualization software built into the
array operating environment has the ability to pool and abstract the physical storage devices and
present it as a logical storage.

The storage virtualization software installed on an independent compute system is the

fundamental component for deploying software defined storage environment. The software has
the ability to pool and abstract the existing physical storage devices and present it as an open
storage platform. With the help of control software (discussed in ‘Control Layer’ module), the
storage virtualization software can perform tasks such as virtual volume creation apart from
creating virtual arrays. This software provides a single control point to the entire storage
infrastructure, enabling automated and policy-based management.

Storage virtualization involves abstracting the physical data storage process to more logical
constructs inside of the storage device. Let’s take a quick look at how storage virtualization is
taking shape:

 Traditional storage: Single disk

A data consumer issues read/write requests. The disk controller either reads or writes to
specific locations on disk.

 RAID: Multiple disk

This is one of the most widely used implementations for storage virtualization. While it
may not seem like it, the data storage environment is indeed virtualized.

Multiple disks are aggregated into a storage structure to increase storage, increase
resiliency, or both.

A data consumer issues read/write requests. The storage controller determines which
storage devices contain the data, compute the entire request from multiple devices
(potentially), and return it to the consumer. The data is no longer on a single device.
11
  LUN: Multiple logical storage devices

This takes RAID to the next level.

A group of disks are placed into an array structure. The disks are aggregated in some
fashion (typically in RAID levels). However, a subset of the allocated capacity is divided
and presented to a data consumer as a LUN. The LUN is a logical storage device for a
consumer.

 Storage pooling: Spanning multiple drive array types

Multiple tiers of storage are created based on storage device profile (capacity and
performance), typically a RAID group or other physical storage enclosures.

The storage device creates a higher-level structure, called a pool, of which the various
performance tiers are members. The pool structure is presented to the data consumer at
the LUN level. The storage controller stores metadata about which data blocks reside in
which tier, and their location inside the tier.

[Tin18]

2.3. Network Virtualization Techniques, Methods and Resources

Network virtualization is the process of combining hardware and software network resources
and functionality into a single virtual network. This offers access to routing features and data
streams which can provide newer, service-aware, resilient solutions; newer security services that
are native within network elements; support for subscriber-aware policy control for peer-to-peer
traffic management; and application-aware, real-time session control for converged voice and
video applications with guaranteed bandwidth on-demand. [Gar18] It can also be defined as an
abstract physical network resources to create virtual resources. The virtual resources are:

 Virtual LAN/ Virtual SAN

 Virtual Switch

12
Network virtualization software can be:

 Built into the operating environment of a network device

 Installed on an independent computing system
 Hypervisor’s capability

The following are the advantages of network virtualization:

i. Lower number of physical devices: Lower cost, less space consumption, lower
power/cooling requirements
ii. Multiple (virtualized) devices with separate roles and simpler configurations:
 Possibility to keep “known good” scalable, stable and secure designs (e.g. 3-tier
model)
 Limits security concerns
 Less risk of unexpected software behavior because of unusual or too complicated
configuration
iii. Easier to manage
[Pet10]

3. Cloud Migration
3.1. Introduction
Cloud Computing refers to the use of network of remote servers that are hosted over the Internet,
and there are many cloud deployment and service models that can be implemented by various
organization according to their requirements and usage. Deployment to the cloud is incredibly
beneficial for security as well as reliability concerns. Use of several different cloud environments
can prove to be more fruitful for different teams, based on size budget and specific needs of an
organization.

Cloud computing is known as the delivery of computing services over the internet through the
use of various server platforms. The growth of technologies has been rapid and haphazard in the
current years. Companies have implemented cloud deployment services in order to make their
services efficient and widely available to all of their clients around the world. Thus, development
of cloud computing is crucial for companies such as "Amoria Bond". The company has gone
through various phases in their IT infrastructure being multiple upgrades and server rollouts.
Since there is too much strain on Manchester connections and the existing infrastructure has

13
offered a little in terms of office survivability, resilience or redundancy. Thus, a better strategy to
the changing cloud was needed in order to remove the strain they're currently facing. The
company is facing a need to migrate all their data, application and other business elements to the
cloud concerning the factors mentioned above which is important for the company. Some of the
cloud computing resources which are widely popular are public cloud, private cloud and hybrid
cloud.

3.1.1 Public Cloud

Public cloud is hosted on the premise of the service provider. The service provider than provides
cloud services to all of its customers. This deployment is generally adopted by many small to
mid-sized organizations for their non-core and some of their core functions.

Public clouds are owned and operated by a third-party cloud service provider, which deliver their
computing resources like servers and storage over the Internet. Microsoft Azure is an example of
a public cloud. With a public cloud, all hardware, software and other supporting infrastructure is
owned and managed by the cloud provider. You access these services and manage your account
using a web browser.

3.1.2 Private Cloud

In this system, the cloud infrastructure is set up on the premise for the exclusive use of an
organization and its customers. In terms of cost efficiency, this deployment model doesn’t bring
many benefits. However, many large enterprises choose it because of the security it offers.

A private cloud refers to cloud computing resources used exclusively by a single business or
organization. A private cloud can be physically located on the company’s on-site datacenter.
Some companies also pay third-party service providers to host their private cloud. A private
cloud is one in which the services and infrastructure are maintained on a private network.

3.1.3 Hybrid Cloud

Hybrid cloud is a combination of two or more models, private cloud, public cloud or community
cloud. Though these models maintain their separate entities they are amalgamated through a
standard technology that enables the portability of data and applications.

Hybrid clouds combine public and private clouds, bound together by technology that allows data
and applications to be shared between them. By allowing data and applications to move between

14
private and public clouds, hybrid cloud gives businesses greater flexibility and more deployment
options.

3.2. Proposed Cloud Deployment Model

3.2.1. Justification and Advantages
All three models seem feasible for the need of Amoria Bond but the best suited deployment
model is Hybrid cloud. Hybrid cloud identifies four areas of concern that has been mentioned by
the company. It enhances the quality of service offered to the clients and also saves money.
Hybrid cloud computing also provides greater security and privacy and also offers more control
over the system. It has greater reliability when it comes to performance with greater accessibility
and enhanced organizational agility and flexibility. In this model companies to maximize their
efficiency and deliver better performance to clients [Con18]for all these reasons the Hybrid cloud
computing is better suited for Amboria Bond.

3.2.2. Limitations
Hybrid cloud computing can be beneficial for a lot of reasons and addresses many issues faced
by the company but there are many limitations to its usage. Some limitations which are explained
by Erica Tran in her article[Eri18] which are mentioned as follows:

 Cost
Cost plays a major role in planning to execute a hybrid cloud strategy. While the public
cloud can offer an attractive option for its flexibility and relatively low cost to operate,
building a private enterprise cloud requires significant expenditure and can become
expensive very quickly with all the physical hardware necessary. At the same time, heavy
use of public cloud resources can rack up unexpectedly high usage bills that may not
have been planned for. During the outlining of budget for hybrid cloud project the main
necessity is to factor in all of these difficult to plan for costs.
 IT Expertise
It takes tools and skills to effectively operate a hybrid cloud solution and not everyone
has these kinds of skills. If the organization has recently decided to make a move to the
cloud, it might be necessary to look for outside talent that has the necessary skillset to
accomplish it.
 Security

15
 Security is at the forefront of everyone’s mind these days when they think of the cloud.
While we’ve already seen that cloud computing is not inherently any less secure than
traditional computing, and in fact faces fewer attacks, there are still considerations to take
into account when building out a hybrid cloud. The proper precautions must be taken to
ensure data is properly protected and that control is maintained by the right people.
Additionally, depending on the industry, there may be certain regulatory requirements
that prohibit data from being stored off-site, which would prevent the use of a public
cloud entirely.
 Data and application integration
Data and application integration serves as a second challenge to take into account while
building a hybrid cloud. Applications and data exist in a symbiotic relationship, with each
one being useless without the other. Oftentimes they’re chained together. So, when
considering where to store each of them, it’s essential to ask whether the infrastructure
they’re placed on matters. For example, if an application lives in a private cloud and its
data lives in an on-prem data center, is the application built in order to access the data
remotely? Technologies like copy data virtualization can decouple data from
infrastructure and make this problem less of a headache.
 Compatibility
Compatibility across infrastructure can prove itself to be a major issue when building a
hybrid cloud. With dual levels of infrastructure, a private cloud that the company
controls, and a public one that the company doesn’t, the chances are that they will be
running different stacks.
 Networking
Networking is another factor to consider in hybrid integration and there are a number of
questions one must ask while designing the network around it. For instance, will very
active applications be living in the cloud? It’s necessary to consider the bandwidth usage
that this could take up on the network, and whether or not it could cause problems in
bottlenecking other applications.

3.3. Proposed Cloud Service Model

Cloud Service Model falls into three different broad categories infrastructure as a service (IaaS),
platform as a service (PaaS) and software as a service (SaaS). These are sometimes called the
cloud computing stack, because they build on top of one another. Knowing what they are and

16
how they are different makes it easier to accomplish the business goals. Microsoft has described
these services which are as follows:

Infrastructure-as-a-service (IaaS)

The most basic category of cloud computing services. With IaaS, you rent IT infrastructure—
servers and virtual machines (VMs), storage, networks, operating systems—from a cloud
provider on a pay-as-you-go basis.

Platform as a service (PaaS)

Platform-as-a-service (PaaS) refers to cloud computing services that supply an on-demand

environment for developing, testing, delivering and managing software applications. PaaS is
designed to make it easier for developers to quickly create web or mobile apps, without worrying
about setting up or managing the underlying infrastructure of servers, storage, network and
databases needed for development.

Software as a service (SaaS)

SaaS is a software service provided over the internet and requires no prior installation. These
services can be availed from any part of the world at a minimal per month fee. Software-as-a-
service (SaaS) is a method for delivering software applications over the Internet, on demand and
typically on a subscription basis. With SaaS, cloud providers host and manage the software
application and underlying infrastructure and handle any maintenance, like software upgrades

17
and security patching. Users connect to the application over the Internet, usually with a web
browser on their phone, tablet or PC.

Iaas service module seems best suited for "Amoria Bond".

3.3.1. Justification and Advantages
Infrastructure as a Service includes services such as servers, private networks, disk drives, long
term storage solutions, email servers, domain name servers etc. IaaS on demand allows
organizations to make use of operating systems and associated software without having to pay
for hefty license fees. Infrastructure as a service (IaaS) is a cloud computing offering in which a
vendor provides users access to computing resources such as servers, storage and networking.
Organizations use their own platforms and applications within a service provider’s infrastructure.
Infrastructure is scalable depending on processing and storage needs as well as instead of
purchasing hardware outright, users pay for IaaS on demand. As data is on the cloud, there can
be no single point of failure and also it saves enterprises the costs of buying and maintaining
their own hardware. It enables the virtualization of administrative tasks, freeing up time for other
work.[Jav18]

3.3.2. Limitations
There are limitations to IaaS according to [AIA15] which are mentioned as follows:

 Most expensive, since the customer is now leasing a tangible resource, the provider can
charge for every Cycle, bit of RAM or disk space used.
 Customer responsible for backups.
 Unlike with SaaS or PaaS, customer is responsible for all aspects of VM Management.
 Still no control over which server or the physical (geographical) location of the VM.

3.4. Proposed Cloud-based Architecture

From the holistic perspective, any solution that enables an organization to respond in a flexible
manner to IT demands is a win. Avoiding big upfront capital expenses for in-house IT
infrastructure will appeal to the CFO. Being able to quickly spin up IT resources as they’re
needed will appeal to the CTO and VP of Operations.

According to 451 Research, by 2019, 69% of companies will operate in hybrid cloud
environments, and 60% of workloads will be running in some form of hosted cloud service (up
from 45% in 2017) which indicates the benefits of the hybrid cloud appeal to a broad range of
18
companies. If an organization approaches the hybrid cloud with sufficient planning and a
structured approach, a hybrid cloud can deliver on-demand flexibility, empower legacy systems
and applications with new capabilities becoming catalyst for digital transformation[Rod18]

Each datacenter in a cloud is designed to be an isolated segment inside the same geographical
cloud. So, if a power failure occurs in one datacenter, the other datacenters will be unaffected.
For example, within a cloud/region there may be several resource pools called availability zones
and datacenters. The benefit of using multiple datacenters is to protect the entire site/application
from being negatively affected by some type of network/power failure, lack of available
resources, or service outage that's specific to a particular datacenter.[RIG18]

Figure 6: Multi data center Architecture

19
4. Security Solutions
4.1. Introduction
Security in a layman’s term can be defined as being free from danger or threats. Security is a
major concern in any kind of company no matter how small or how large it is. In this day and age
every company uses different IT solutions. Similarly, Amoria Bond also has different IT
solutions deployed in their company. All the data are saved digitally and can be accessed from
any of their branches. Since all the data are saved digitally and are online the security is a major
concern for them. If the security is not strong there can be theft of data and the company can face
huge losses. Thus, cyber security is a major concern in the organization.

The traditional boundaries that formed the basis for securing business assets have, by necessity,
become increasingly porous, due to this new, routinely wireless and ubiquitous “always-on”
connectivity. Hence, a major challenge for businesses today is determining how to embrace
disruptive technologies and trends such as “everything connected,” cloud, mobile, and social
computing, while at the same time managing the inherent risks of conducting business in
cyberspace creates. This is especially true, as the reliance of information technology to enable
business also increases the touch-points of the business that can be exploited by cyber criminals.
(Anon., 2018)

The role of cyber security in an organization is vital for the protection of its data and for ensuring
that its services and projects will keep running without obstacles nor delays. Modern
organizations depend almost exclusively on computer systems for storing data, contacting
customers and performing various tasks such as research, marketing and strategic planning. The
financial success of an organization, as well as the successful implementation of its goals will
depend on the health of its computer systems. It is vital that the systems remain free from
intrusions from third parties who may attempt to gain unauthorized access. Failure to ensure
secure systems may lead to loss of data, loss of competitive information (such as patents or
original work), loss of employees/customers private data to complete loss of public trust in the
integrity of the organization. An example of a company that went bankrupt as a result of a hack,
was the Dutch company DigiNotar in 2011. DigiNotar was in the business of issuing and selling
certificates but a security breach allowed hackers to issue fraudulent certificates and gain access

20
to hundreds of thousands email accounts. This company never recovered from this hack and lost
the trust of its customers. It bankrupted as a result. (Kontini, 2018)

4.2. Security Concern/Threats and Solution

The rapid growth in the field of cloud computing also increases severe security concerns.
Security has remained a constant issue for Open Systems and internet. This includes cloud
security as well. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud
computing is surrounded by many security issues like securing data and examining the utilization
of cloud by the cloud computing vendors. The wide acceptance of the internet has raised security
risks along with the uncountable benefits. This is also the case with cloud computing. The boom
in cloud computing has brought lots of security challenges for the consumers and service
providers. The consumers want to know if their data and information is secure or not. The
service providers are always facing security issues. [Far11]

There are many security issues in cloud computing. Some of them are as follows:

 Data leakage
 Data loss
 Account hijacking
 Insecure APIs
 Malicious insiders
 Denial of service
 Abuse of cloud services
 Shared technology vulnerabilities
 Insufficient due diligence
 Loss of governance and compliance
The main threat that Amoria Bond faces in cloud computing are as follows:

4.2.1. Security Threat 1

Data Leakage: Data Leakage is one of the major security threat to an organization. Since all the
data are online data leakage can cause serious trouble to the organization. Since data regarding
customers, staffs and different financial transaction are stored in the database a leakage of a
single data is hazardous. Each and every data stored online is very crucial to the organization.
Unauthorized access of confidential data can be caused by different factors. Some of these
factors are:

21
  Exploiting poor application design
 Exploiting poor segregation of network traffic
 Exploiting poor encryption implementation
 Through a malicious insider
These can lead to unauthorized person accessing the data of the organization. These can make the
unauthorized person access the data as a consumer or a legitimate user and leak the data of the
organization.

There are different steps the organization can take to ensure the leakage of data. A main step the
organization can do to ensure the leakage of data are:

 Data Encryption
Data encryption translates data into another form, or code, so that only people with access
to a secret key (formally called a decryption key) or password can read it. Encrypted data
is commonly referred to as ciphertext, while unencrypted data is called plaintext.
Currently, encryption is one of the most popular and effective data security methods used
by organizations. Two main types of data encryption exist - asymmetric encryption, also
known as public-key encryption, and symmetric encryption. The purpose of data
encryption is to protect digital data confidentiality as it is stored on computer systems and
transmitted using the internet or other computer networks. The outdated data encryption
standard (DES) has been replaced by modern encryption algorithms that play a critical
role in the security of IT systems and communications. These algorithms provide
confidentiality and drive key security initiatives including authentication, integrity, and
non-repudiation. Authentication allows for the verification of a message’s origin, and
integrity provides proof that a message’s contents have not changed since it was sent.
Additionally, non-repudiation ensures that a message sender cannot deny sending the
message[Nat18]
 Lock down the network
Being able to lock down your network needs to be be a primary focus of prevention
efforts. With the rise of mobile technology, data leakage also is experiencing an uptick.
While many employees are aware of the steps that must be taken to safeguard sensitive
data, some simply do not recognize their practices as unsafe. This can be mitigated by
frequent tutorials and practice testing of good practices.

22
4.2.2. Security Threat 2
Account Hijacking: Account Hijacking occurs when an attacker gains access to the consumer’s
accounts. This can be caused due to various reasons. The different reasons that can cause the
account to be hijacked are:

 Phishing
 Installing keystroke-logging malware
 Man in the middle
Account hijacking causes the user to lose their valuable information to the attacker. This can
cause major problems for the consumer.

The step that can be taken to prevent the account to be hijacked is:

 Multi-function authentication
Multifactor authentication is a security system that requires more than one method of
authentication from independent categories of credentials to verify the user’s identity for
a login or other transaction. Multifactor authentication combines two or more
independent credentials: what the user knows (password), what the user has (security
token) and what the user is (biometric verification). The goal of MFA is to create a
layered defense and make it more difficult for an unauthorized person to access a target
such as a physical location, computing device, network or database. If one factor is
compromised or broken, the attacker still has at least one more barrier to breach before
successfully breaking into the target.[Rou18]
 Other measures that can be taken are IPsec, IDPS and firewall.

4.2.3. Security Threat 3

Abuse and Nefarious Use of Cloud Computing: IaaS providers offer their customers the
illusion of unlimited compute, network, and storage capacity — often coupled with a
‘frictionless’ registration process where anyone with a valid credit card can register and
immediately begin using cloud services. Some providers even offer free limited trial periods. By
abusing the relative anonymity behind these registration and usage models, spammers, malicious
code authors, and other criminals have been able to conduct their activities with relative
impunity. PaaS providers have traditionally suffered most from this kind of attacks; however,
recent evidence shows that hackers have begun to target IaaS vendors as well. Future areas of

23
concern include password and key cracking, DDOS, launching dynamic attack points, hosting
malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving
farms.

Impact: Criminals continue to leverage new technologies to improve their reach, avoid detection,
and improve the effectiveness of their activities. Cloud Computing providers are actively being
targeted, partially because their relatively weak registration systems facilitate anonymity, and
providers’ fraud detection capabilities are limited.
Solutions:

 Stricter initial registration and validation processes.

 Enhanced credit card fraud monitoring and coordination.
 Comprehensive introspection of customer network traffic.
 Monitoring public blacklists for one’s own network blocks.
[All10]

4.3. Proposed Security Model

The proposed security system we are going to use for the system is Cryptography. We can define
cryptography as an encryption technique to secure data that will be used or stored in the cloud. It
allows users to conveniently and securely access shared cloud services, as any data that is hosted
by cloud providers is protected with encryption. Cryptography in the cloud protects sensitive
data without delaying information exchange.

Cloud computing gives clients a virtual computing infrastructure on which they can store data
and run applications. But, cloud computing has introduced security challenges because cloud
operators store and handle client data outside of the reach of clients’ existing security measures.

Most cloud computing infrastructures do not provide security against untrusted cloud operators,
which poses a challenge for companies and organizations that need to store sensitive,
confidential information such as medical records, financial records, or high-impact business data.
As cloud computing continues to grow in popularity, there are many cloud computing companies
and researchers who are pursuing cloud cryptography projects in order to address the business
demands and challenges relating to cloud security and data protection.

24
There are various approaches to extending cryptography to cloud data. Many companies choose
to encrypt data prior to uploading it to the cloud altogether. This approach is beneficial because
data is encrypted before it leaves the company’s environment, and data can only be decrypted by
authorized parties that have access to the appropriate decryption keys. Other cloud services are
capable of encrypting data upon receipt, ensuring that any data they are storing or transmitting is
protected by encryption by default. Some cloud services may not offer encryption capabilities,
but at the very least should use encrypted connections such as HTTPS or SSL to ensure that data
is secured in transit[Nat181]

So, Amoria Bond will be using cryptography as the security model. Furthermore, for proper
security of data the company will encrypt the data before uploading it to the Cloud storage. This
will ensure that the data are only accessed by the authorized people. The cloud service used will
also have HTTPS security implemented on them.

25
5. Cost Benefits Analysis
5.1. Total Cost of Physical and Virtual Layer Setup
Total estimated cost for Physical and Virtual Layer Setup
Device Price

High end Motherboards £1650

Central Processing Unit £2200

Graphical Processing Unit £13,000

Memory Stick 2x16GB £1600

SSD for OS Setup £5000

Storage (HDD) £5000

NIC Cards £1500

Modems and Switches £4700

Router £4800

Total £39,450

5.2. Total Cost of using Cloud Services

Total cost of using cloud services
The total cost that can be estimated for using the cloud services is calculated in the table below:
Data Stored
Data stored On-Premises: 20% 20 TB 200 TB 400 TB
Data stored in Cloud: 80% 80 TB 800 TB 1,600 TB
On-premises cost range Monthly Cost
Low — $12/TB/Month $240 $2,400 $4,800
High — $20/TB/Month $400 $4,000 $8,000
Public cloud cost range Monthly Cost
Low — $5/TB/Month (B2) $400 $4,000 $8,000
High — $20/TB/Month $1,600 $16,000 $32,000
Hybrid cloud cost range Monthly Cost
Low $640 $6,400 $12,800
High $2,000 $20,000 $40,000

26
5.3. Total Cost for security solutions
For the Security Solution, we propose Kaspersky Cloud Solution which costs about £150-200.
For long term, will costs about £5,000.

5.4. Return on Investment (ROI)

By analyzing the cost of implementations for the cloud services the total cost for physical and
virtual layer setup is £39,450, the cost for Hybrid cloud service is £40,000 and for security
solution is £ 5,000. Adding all the cost we get a total of £ 84,450. As the total budget amount
provided for “Amoria Bond” is £120,000. We get a return of £ 35,550 from the total budget
which is a surplus for the company.

Using the basic formula for ROI we have,

ROI= Net Profit / total investment * 100

So, we get

35,550/120,000 * 100 = 29.625 %

So, the company will be able to implement cloud services with a 29.625% surplus in their budget
which can be used in other resources to improve their services.

27
6. Conclusion
"Amoria Bond" is a multinational recruitment and executive search engines firm, provides
specialist and personalized recruitment services to a number of impressive private sector clients.
The company is expanding fast and is listed in the Recruiter FAST 50 list as a result of their
rapid expansion. The company went through a number of phases with their IT infrastructure due
to their impressive growth. Due to this growth there is too much strain placed the Manchester
connections, and the existing infrastructure offered a little in terms of office survivability,
resilience, or redundancy. Taking these problems as a concern the company will be deploying its
services from the cloud to reduce the strain in its data communication for which a solution has
been proposed and analyzed within the report. Some of the concerns that the report has addressed
are resilience, redundancy, security, backup, connectivity and scalability. Various cloud
deployment model has been studied and the best suited as per the requirements of "Amoria
Bond" is proposed after thorough study and general analysis. The report specifically denotes
some of the major problems that are to be addressed in order to implement cloud services. The
implementation of the new proposed cloud services will definitely help "Amoria Bond" expand
their services and reach a wider audience through the use of cloud storage.

28
References
Alliance, C. S., 2010. Top Threats to Cloud Computing V1.0, s.l.: s.n.
Anon., 2015. AIA. [Online]
Available at: http://aiasecurity.com/2015/09/10/advantages-and-disadvantages-of-saaspaas-and-
iaas/
[Accessed 10 May 2018].
Anon., 2018. Convergence. [Online]
Available at: https://convergenceservices.in/blog/corporate-blog/436-public-private-and-hybrid-
cloud-computing-advantages-and-disadvantages.html
[Accessed 12 May 2018].
Anon., 2018. Monster Cloud. [Online]
Available at: https://monstercloud.com/blog/2017/03/25/importance-of-cybersecurity/
[Accessed 5 May 2018].
Anon., 2018. RIGHTSCALE Docs. [Online]
Available at: https://docs.rightscale.com/cm/designers_guide/cm-cloud-computing-system-
architecture-diagrams.html
[Accessed 11 May 2018].
Anon., n.d. Tintri. [Online]
Available at: https://www.tintri.com/blog/2012/01/storage-virtualization-overview
[Accessed 15 May 2018].
Barabas, J., 2018. IBM. [Online]
Available at: https://www.ibm.com/cloud/learn/iaas-paas-saas
[Accessed 10 May 2018].
Bauer, R., 2018. BACKBLAZE. [Online]
Available at: https://www.backblaze.com/blog/confused-about-the-hybrid-cloud-youre-not-alone/
[Accessed 11 May 2018].
Farhan Bashir Shaikh, S. H., 2011. Security threats in cloud computing. Internet Technology and
Secured Transactions (ICITST), 2011 International Conference.
Gartner, I., 2018. Gartner.. [Online]
Available at: https://www.gartner.com/it-glossary/network-virtualization/
[Accessed 10 May 2018].
Grygárek, P., 2010. Network Virtualization, s.l.: Advanced Computer Networks Technologies.
Java Point, n.d. Virtualization in Cloud Computing. [Online]
Available at: https://www.javatpoint.com/virtualization-in-cloud-computing

1
Kontini, A., 2018. Ankontini. [Online]
Available at: https://ankontini.com/what-is-the-role-of-cyber-security-in-an-organization/
[Accessed 7 May 2018].
Lahiri, K., 2017. Help Net Security. [Online]
Available at: https://www.helpnetsecurity.com/2017/02/13/prevent-data-leaks/
[Accessed 10 May 2018].
Lord, N., 2018. Digital Guardian. [Online]
Available at: https://digitalguardian.com/blog/what-data-encryption
[Accessed 8 May 2018].
Lord, N., 2018. Digital Guardian. [Online]
Available at: https://digitalguardian.com/blog/cryptography-cloud-securing-cloud-data-
encryption
[Accessed 10 May 2018].
LP, H. P. E. D., 2018. Hewlett Packard Enterprise. [Online]
Available at: https://www.hpe.com/emea_europe/en/what-is/cloud-infrastructure.html
[Accessed 10 May 2018].
Pal, K., 2016. An Intro to Compute Virtualization. [Online]
Available at: https://www.techopedia.com/2/31919/trends/an-intro-to-compute-virtualization
Rouse, M., 2018. Tech Target. [Online]
Available at: https://searchunifiedcommunications.techtarget.com/essentialguide/Take-
advantage-of-embedded-communications-with-CPaaS
[Accessed 8 May 2018].
Tran, E., 2018. actifio. [Online]
Available at: https://www.actifio.com/company/blog/post/pros-cons-for-building-a-hybrid-cloud-
for-your-enterprise/#sthash.bo0LYtOT.dpbs
[Accessed 12 May 2018].

2
Appendix
Appendix I: Marking Scheme

Student’s Name Ashish Ghimire Prabin Aditya Lal

(NP000023) Adhikary Amatya
(NP000047) (NP000013)

Group Components (A)

Overall Design & Structure

(10)

Current Trends & Best

Practices (10)

Executive Summary (5)

Coherence & Integration (5)

Total Marks (30)

Individual Components (B)

Technical Accuracy (15)

Critical Analysis &

Justification (20)

Research & Completeness

(15)

Referencing & Original Work

(10)

Presentation (10)

Total Marks (70)

3
Appendix II: Gantt chart

4
5
Appendix III: Workload Matrix
S. N Name Individual Work Work Done Signature
Done Percentage

1. Ashish Ghimire  Cloud Migration 33.33%

(NP000023)  Storage
virtualization
techniques, methods
and resources
 Total cost of using
cloud services
2. Prabin Adhikary  Physical 33.33%
(NP000047) Architecture
 Compute
virtualization
technique, methods
and resources
 Total Cost of
physical and virtual
layer setup
3. Aditya Lal  Security Solutions 33.33%
Amatya  Network
(NP000013) virtualization
technique, methods
and resources.
 Total cost for
security solution

Word Count: 7111 words