BTEC Higher National Diploma (HND) in Computing

Cloud Computing (L5)

Instructor: Dr Kamran Ali

Submitted by

Student Name:

Date of Submission: 29/11/2023

Contents
Task 1: Design and Implementation of a Cloud Service for ABC.co.uk.............................3
Introduction and Problem Description..............................................................................3
Background of Cloud Computing Evolution.....................................................................3
Problem Statement.............................................................................................................3
Proposed Higher-Level Solution........................................................................................3
Rationale for the Solution....................................................................................................4
Appropriateness for ABC.co.uk.........................................................................................4
Architectural Design............................................................................................................4
Architectural Diagram Description....................................................................................4
Deployment Model...............................................................................................................5
Description of the Model....................................................................................................5
Rationale for Choosing Hybrid Cloud...............................................................................5
Service Model....................................................................................................................6
Critical Discussion on Data Migration...............................................................................6
Data Migration Challenges.................................................................................................6
Strategies for Effective Data Migration.............................................................................6
Task 2: Cloud computing solutions........................................................................................7
Solution 1: Configuring a cloud computing platform.......................................................7
Steps Followed.................................................................................................................10
Solution 2: Configuring a cloud computing platform.....................................................13
Implementation Procedure...............................................................................................13
Task 3: Analysis of Cloud Computing Platform.................................................................15
Common Problems of Cloud Computing Platforms.......................................................15
Security Issues in the Cloud Environment.......................................................................16
Overcoming Security Issues..............................................................................................17
Task 1: Design and Implementation of a Cloud Service for
ABC.co.uk

Introduction and Problem Description

Background of Cloud Computing Evolution

Early Stages: Cloud computing originated from the notion of utility computing and grid
computing, with the objective of delivering computing resources as per demand.
Development of Virtualization: The key to cloud evolution lies in the ability to enable the
coexistence of numerous virtual machines on a solitary physical server.
Public and Private Clouds: The differentiation between public and private clouds emerged as
a significant factor, presenting diverse degrees of authority, expandability, and safeguarding
measures.
Rise of Mobile Cloud Computing: Due to the widespread usage of smartphones and tablets,
cloud services have evolved to meet the demands of mobile platforms.
Current Trends: Cloud computing currently places significant emphasis on hybrid models,
edge computing, and the seamless integration of cutting-edge technologies such as AI and
IoT.

Problem Statement
ABC.co.uk currently has a robust and efficient cloud infrastructure in place, which greatly
enhances the productivity and effectiveness of its mobile workforce.
Workers need a robust and fortified platform to store, distribute, and retrieve documents
seamlessly across various devices.
The solution should facilitate smooth functionality across both desktop and mobile platforms,
while guaranteeing convenient accessibility to work-related data.

Proposed Higher-Level Solution

Develop and deploy a cutting-edge hybrid cloud solution that seamlessly combines the
advantages of a public cloud, ensuring enhanced accessibility, with the robust security
measures associated with a private cloud environment.
Incorporate a versatile cloud storage and file-sharing solution that guarantees seamless
integration across multiple platforms and operating systems.
Rationale for the Solution

Appropriateness for ABC.co.uk

Flexibility and Scalability: A hybrid cloud provides the remarkable capability to effortlessly
handle varying workloads and the unparalleled flexibility to foster innovation.
Enhanced Security: Private cloud components play a significant role in ensuring the utmost
security measures are in place to handle sensitive corporate data effectively.
Cost-Effectiveness: An ingenious hybrid approach optimizes cost savings by skillfully
utilizing public cloud services, all the while ensuring the utmost security and protection of
vital data within the confines of your organization.
Mobility: Facilitates mobile accessibility, in line with the organization's focus on mobility
and forthcoming integration strategies for VoIP.

Architectural Design

Architectural Diagram Description

Hybrid Cloud Setup
 Private Cloud: Hosts sensitive data and applications, managed internally.
 Public Cloud: Used for less sensitive operations, offering scalability and access from
anywhere.
 Cloud Storage and File Sharing:
Integrated within the cloud infrastructure, providing storage, backup, and file-sharing
capabilities.
 Cross-Platform Compatibility:
The system is compatible with various operating systems (Windows, macOS, Linux) and
mobile platforms (iOS, Android).
 Security Layer:
Includes firewalls, encryption, identity and access management, and regular security audits.
 Network Infrastructure:
Robust network setup ensuring high availability and performance for cloud services.
 VoIP Integration (Future Project):
Plan for integrating VoIP services for seamless communication within the cloud
infrastructure.
 Figure 1: Hybrid Cloud Network Architecture

Deployment Model

Description of the Model

ABC.co.uk has opted for a hybrid cloud deployment model. This innovative model
seamlessly integrates the features of private and public clouds, resulting in a highly adaptable
and optimized ecosystem. The private cloud is exclusively operated for ABC.co.uk,
providing heightened security and complete authority over confidential data and vital
applications. The public cloud, on the contrary, offers budget-friendly, expandable resources
conveniently accessible via the internet.

Rationale for Choosing Hybrid Cloud

 Security and Privacy: The private component guarantees that confidential information
is effectively handled within the organization's firewall. This is of utmost importance
for a company like ABC.co.uk, which manages confidential business data.
 Scalability and Flexibility: The public cloud component enables effortless scalability,
which is crucial for handling fluctuating workloads and accommodating expansion
without the requirement of substantial initial financial commitment in infrastructure.
 Cost-Effectiveness: Through the strategic utilization of public cloud resources for
non-critical applications, the organization can leverage the unparalleled cost-
efficiency offered by cloud computing, all the while ensuring unwavering control over
vital services and data.
 Hybrid clouds provide enhanced disaster recovery capabilities, guaranteeing
uninterrupted operations and seamless access to data, thereby bolstering business
continuity.
Service Model
Description of the Model
The adopted service model is a combination of Infrastructure as a Service (IaaS) and
Software as a Service (SaaS). IaaS offers the essential computational assets such as virtual
machines, storage, and networks in a flexible and readily available fashion. This model
provides ABC.co.uk with the versatility to deploy and oversee its applications on the cloud
infrastructure. SaaS, on the contrary, provides access to cloud-based software applications,
thereby minimizing the necessity for internal software upkeep.

Rationale for Choosing IaaS and SaaS

IaaS, known for its exceptional customization and control capabilities, empowers users to
have full command over their infrastructure. This is achieved without compromising the
advantages of cloud computing, such as its remarkable scalability and flexibility. This is
perfect for ABC.co.uk as it enables customization of the infrastructure to meet precise
business requirements.
SaaS applications provide enhanced efficiency and accessibility, which is of utmost
importance for ABC.co.uk's dynamic workforce that is always on the go. By streamlining
operations, it effectively obviates the necessity for installations and updates on individual
user devices.

Critical Discussion on Data Migration

Data Migration Challenges

Downtime and Service Interruption: The process of transitioning to the cloud may potentially
result in operational downtime, which should be mitigated to avoid any potential disruptions
to business operations.
Data Security and Integrity: Guaranteeing the utmost security and unwavering preservation of
data during its seamless transition is of utmost importance.
Compatibility Issues: Ensuring that existing data and applications may pose certain
challenges in terms of compatibility when transitioning to the new cloud environment.
Strategies for Effective Data Migration
 Phased Migration: By strategically implementing a phased approach, wherein data is
migrated in incremental stages, the potential risks associated with downtime and data
loss can be effectively mitigated.
 Enhancing Security Protocols: Implementing encryption protocols during the
transmission of data and verifying that the security measures of the cloud provider are
in accordance with the organization's established criteria.
 Pre-migration Assessment: Carrying out comprehensive evaluation to ensure
compatibility and optimize performance in the cloud environment prior to complete
migration.
In summary, the hybrid cloud deployment model, in conjunction with the IaaS and SaaS
service models, has been strategically selected by ABC.co.uk to fulfil its needs for security,
scalability, and accessibility. The data migration process, while presenting its fair share of
difficulties, can be efficiently handled through meticulous strategizing, gradual execution,
and rigorous adherence to security protocols.

Task 2: Cloud computing solutions

Solution 1: Configuring a cloud computing platform

In the first step, I created the VPC, the settings for the created VPC are as under:
HKalyar-VPC-1  172.16.0.0/16

In the second step, I created the 2 mentioned subnets at:

Subnet 1 172.16.0.0/24
Subnet 1 172.16.1.0/24

Subnet 1

Subnet 2
After Setting it I launched the instance from EC2 in AWS:

After pressing the Launch Instance, the instance was successfully launched:
Steps Followed

 Access the AWS Management Console by logging in at the following URL:

https://console.aws.amazon.com.
 Access the AWS VPC service by conducting a search for "VPC" within the search bar
of the AWS Management Console and subsequently opting for "VPC" from the
search outcomes.
 Navigate to the left-hand side navigation pane and select "Your VPCs". Proceed to
click on the option labelled "Create VPC".

To establish your Virtual Private Cloud (VPC), please furnish the ensuing particulars:
 Identification label: Assign a descriptive label to your Virtual Private Cloud (VPC),
such as "MyVPC".
 The IPv4 Classless Inter-Domain Routing (CIDR) block is a method used to allocate
and manage IP addresses in a more efficient and flexible manner. Please provide the
Classless Inter-Domain Routing (CIDR) block for your Virtual Private Cloud (VPC),
in the format of an IP address followed by a forward slash and a number indicating
the size of the network prefix (e.g., "172.16.0.0/16").
 Select the "Create" option in order to generate the Virtual Private Cloud.

 After the creation of the VPC, proceed to the "Subnets" segment located in the left-
hand navigation panel and select the option "Create subnet".

 Please furnish the requisite information to generate the initial subnet.

 Assign a descriptive label to your subnet, such as "Subnet1".

 Please choose the Virtual Private Cloud (VPC) that was generated in the fourth step.
 When creating a subnet, it is necessary to choose an availability zone in which it will
be located.
 Please input the CIDR block for the subnet in the IPv4 format, for instance,
"172.16.0.0/24".
 To initiate the creation of the initial subnet, please select the "Create" option.

 Subsequently, it is necessary to replicate the actions outlined in steps 6 through 8 in

order to generate a second subnet. The second subnet should possess the subsequent
specifications:

 Assign a descriptive label to your subnet, such as "Subnet2".

 Please choose the Virtual Private Cloud (VPC) that was created in the fourth step.
 It is recommended to opt for an alternative availability zone in contrast to the one that
has been previously selected for the initial subnet.
 Please input the Classless Inter-Domain Routing (CIDR) block for the subnet in the
IPv4 format, following the convention of indicating the network address and the
number of significant bits in the prefix, separated by a forward slash (e.g.,
 "172.16.1.0/24").
 After the creation of the subnets, navigate to the "EC2" service by conducting a search
for "EC2" in the search bar of the AWS Management Console and subsequently
opting for "EC2" from the outcomes.

 To initiate a new EC2 instance, please select the "Launch Instance" option.

 During the instance configuration process, it is necessary to select an Amazon

Machine Image (AMI) of one's preference, specify the instance type, configure the
instance details, add storage if deemed necessary, and adjust any other settings as
required.

 During the "Configure Security Group" phase, it is necessary to either establish a

novel security group or choose a pre-existing one. It is imperative to ensure that the
security group permits ingress traffic originating from the Internet. For instance, it is
recommended to authorise Secure Shell (SSH) access solely from the specific IP
address of the user.

 During the "Configure Instance" phase, it is recommended to select one of the subnets
that were created in either step 7 or 9 for the instance.

 Ultimately, it is recommended to thoroughly examine your instance configuration

prior to initiating the launch process of the EC2 instance. Once satisfied with the
configuration, proceed to click on the "Launch" button.

 Iterate through the procedures outlined in steps 11 to 15 to initiate an additional EC2

instance, opting for the alternative subnet that was generated in step 9.

 Upon completion of the aforementioned procedures, a Virtual Private Cloud (VPC)

will have been established, along with two subnetworks and a Virtual Machine (VM)
instance in each subnet, both of which will have internet connectivity.

I used the app.diagrams.io to draw the connections of my developed VPC:

Solution 2: Configuring a cloud computing platform.
The process of deploying a cloud platform utilizing an open-source tool and configuring it as
a basic database server encompasses multiple stages. In this guide, we'll explore the
utilization of OpenStack, a renowned open-source cloud computing platform, and MariaDB,
a highly prevalent open-source database, as prime illustrations.

Implementation Procedure
1. Choosing the Right Hardware and Operating System:
Begin by selecting appropriate hardware. For a small-scale implementation, a single machine
can suffice, but for larger deployments, multiple servers are recommended.
Install a Linux operating system, as OpenStack is typically deployed on Linux. Ubuntu
Server is a popular choice due to its extensive support and documentation.

2. Installing and Configuring OpenStack:

OpenStack has several components (like Nova for compute, Neutron for networking, Swift
for object storage, etc.), and it's crucial to decide which components are needed. For a basic
setup, focus on Nova, Neutron, and Keystone (for identity services).
Use the OpenStack installation guide for the specific Linux distribution. This typically
involves adding repositories, installing packages, and configuring networking.

3. Setting Up the Database Server (MariaDB):

MariaDB is a fork of MySQL and is used for storing OpenStack's internal data.
Install MariaDB and secure it by setting a root password and removing anonymous users.

4. Configuring OpenStack Components:

Configure each OpenStack component by editing their respective configuration files. This
involves setting up proper communication with the MariaDB database and configuring
authentication through Keystone.
 5. Creating a Virtual Network and Instances:
Use OpenStack to create a virtual network. This network will be used by the virtual instances
(servers).
Launch virtual instances using the OpenStack dashboard or command line. These instances
will host the database server applications.

6. Installing and Configuring the Database Server on Instances:

Install the database software (e.g., MariaDB) on the virtual instances.
Configure the databases, create users, and set up permissions.

7. Testing and Verification:

Test the setup by creating databases and tables, and performing basic database operations.
Ensure that the cloud platform and database server are communicating efficiently and
securely.

8. Ongoing Maintenance and Monitoring:

Regularly update and patch both OpenStack and MariaDB.
Monitor performance and security, and scale resources as needed.
Commands for Implementation
Task 3: Analysis of Cloud Computing Platform
Cloud computing has completely transformed the way businesses and individuals gain access
to and preserve data. Nevertheless, like all technological advancements, it presents a myriad
of obstacles. In this task, we shall investigate the frequently encountered challenges linked to
cloud computing platforms, delve into potential resolutions for these predicaments, and
deliberate on the prevailing security apprehensions in the cloud milieu alongside tactics to
surmount them.

Common Problems of Cloud Computing Platforms

 Downtime: Cloud services may encounter periods of unavailability for a variety of
reasons, such as excessive server usage, network complications, or routine
maintenance. This may potentially impede the accessibility of crucial data and
applications.
Solution: Utilizing a range of service providers and leveraging cloud management platforms
can effectively address and minimize this potential concern. Utilizing hybrid cloud strategies,
where essential data is additionally stored on-premises, can effectively guarantee
uninterrupted business operations.

 Limited Control and Flexibility: Users of cloud services often face limitations when
it comes to exercising control over the fundamental infrastructure. This could
potentially impact the customization and configuration of different services.

Solution: Opting for cloud services that offer advanced customization features and
heightened control capabilities. Leveraging open-source cloud platforms can also provide
heightened flexibility.

 Bandwidth Limits: Certain cloud providers may impose restrictions on bandwidth,

potentially leading to diminished data transfer velocities. This can have a detrimental
impact on operations, particularly for enterprises necessitating extensive-scale data
transfers.

Solution: When selecting cloud providers, it is crucial for businesses to opt for those that
provide flexible bandwidth options and possess a comprehensive understanding of the
bandwidth constraints and pricing framework prior to making any commitments.

 Data Loss and Recovery: The potential for data loss arising from technical
malfunctions, inadvertent mistakes, or malicious cyber intrusions is a substantial
apprehension within the realm of cloud computing.

Solution: Regular data backups along with robust disaster recovery as well as business
continuity plans are of utmost importance. Encrypting data both at rest and in transit is a
crucial step in fortifying security measures.

 Latency Issues: In certain use cases, particularly those demanding instantaneous

processing, latency may pose a challenge within cloud computing environments.

Solution: Leveraging the power of edge computing can effectively minimize latency by
efficiently handling data near its origin. Furthermore, opting for cloud providers that have
strategically located data centers near the user base can effectively reduce latency.

Security Issues in the Cloud Environment

 Data Breaches and Leakage: One of the most prominent concerns associated with
cloud computing is the potential for illicit entry into confidential information.

Solution: By implementing robust access control policies, conducting routine security audits,
and employing encryption techniques, the potential risks can be effectively mitigated.
Awareness and training programs for employees about security best practices are crucial.
  Identity Theft: Given the ever-expanding repository of personal information residing
in the cloud, the potential for identity theft is undeniably heightened.

Solution: Employing a comprehensive array of security measures such as multi-factor

authentication, robust identity management protocols, and vigilant monitoring for atypical
access patterns can effectively deter and thwart the insidious threat of identity theft.

 Insecure APIs and Interfaces: Cloud services are accessed through APIs, which may
potentially be susceptible to security breaches.

Solution: Employing APIs with robust security measures and conducting routine security
assessments of APIs can mitigate the potential risks.

 Account Hijacking: Account hijacking can be a consequence of engaging in activities

such as phishing, fraud, and exploiting software vulnerabilities.

Solution: The implementation of robust password protocols, consistent surveillance for

dubious behaviors, and the dissemination of knowledge regarding phishing and fraudulent
activities have proven to be efficacious strategies.

 Insider Threats: Individuals who possess the privilege of accessing the cloud
infrastructure, whether they are employees or partners, have the potential to present a
substantial security concern.

Solution: By implementing the concept of least privilege access, conducting regular audits,
and effectively segregating duties, organizations can significantly reduce the risks associated
with insider threats.

Overcoming Security Issues

 Comprehensive Security Strategy: Create an intricate security strategy that
encompasses various layers of security, including physical, network, application, as
well as data security layers.
  Continuous Monitoring and Compliance: Deploying cutting-edge continuous
monitoring solutions to promptly identify potential security vulnerabilities and
maintain adherence to industry regulations such as ISO 27001, GDPR, and other
relevant standards.

 Collusion with Cloud Providers: Engaging in secretive partnerships with cloud service
providers to gain insight into their security measures and guaranteeing their
compliance with the organization's security standards.

 Consistent Security Evaluations and Enhancements: Consistently performing security

evaluations and ensuring that systems are equipped with the most recent security
enhancements.

 Employee Training and Awareness: Fostering a heightened sense of awareness among

employees regarding security best practices and equipping them with the necessary
skills to discern and report potential security threats.

In conclusion, it is imperative to acknowledge that while cloud computing presents a

multitude of advantages, it is crucial to confront the inherent obstacles it poses, particularly in
the domain of security. Through a comprehensive comprehension of these obstacles and the
subsequent implementation of cunning resolutions, enterprises can exploit the boundless
capabilities of cloud computing, all the while safeguarding the confidentiality and
authenticity of their invaluable data and intricate systems.