Experiment: 1

Aim : Study of Cloud Computing & Architecture.

Objective: In this module is to provide students an overview of the Cloud Computing

and Architecture and different types of Cloud Computing.

Scope: Cloud Computing & Architecture Types of Cloud Computing.

Theory: Cloud computing refers to applications and services that run on a distributed network
using virtualized resources and accessed by common Internet protocols and networking
standards.

Abstraction: Physical system unknown, data location unknown, administration is outsourced.

Virtualization: resources are shared. System and storage can be provisioned as needed
from a centralized infrastructure, costs are on metered basis, and resources are scalable.

Implementation Models:

Deployment Models: Private, Public, Community, Hybrid.

Service Models: Infrastructure as a Service, Platform as a Service, Software as a Service.

Characteristics of Cloud Computing: On-demand self-service, Broad network access, Resource

Cloud Computing CCL 801

 pooling, Rapid elasticity, Measured service

Advantages of Cloud Computing: Lower costs, Ease of utilization, Quality of Service,

Reliability, Outsourced IT management, Simplified maintenance and upgrade, Low Barrier to
Entry

Disadvantages of Cloud Computing: Security and Privacy, Dependency / Vendor Lock-in,

Loss of Control & Transparency, Reliability and Vulnerability, Government Interference

Cloud Computing CCL 801

 Experiment: 2
Aim: Virtualization in Cloud.

Objective: In this module we will learn, Virtualization Basics, Objectives of Virtualization,

and Benefits of Virtualization in cloud.

Scope: Creating and running virtual machines on open source OS.

Technology: KVM, VMware.

Description: In computing, virtualization means to create a virtual version of a device or

resource, such as a server, storage device, network or even an operating system where the
framework divides the resource into one or more execution environments. Even something as
simple as partitioning a hard drive is considered virtualization because you take one drive and
partition it to create two separate hard drives. Devices, applications and human users are able
to interact with the virtual resource as if it were a real single logical resource. The term
virtualization has become somewhat of a buzzword, and as a result the term is now associated
with a number of computing technologies including the following:
 Storage virtualization: the amalgamation of multiple network storage devices into what
appears to be a single storage unit.
 Server virtualization: the partitioning a physical server into smaller virtual servers.
 Operating system-level virtualization: a type of server virtualization technology which
works at the operating system (kernel) layer.
 Network virtualization: using network resources through a logical segmentation of a single
physical network.
 Application virtualization
Installation of KVM
1. Run the following command to install KVM
#sudo apt-get install qemu-kvm libvirt-bin bridge-utils virt-manager
2. Add your username to libvert using
#sudo adduser `id-un` libvirtd
3. Open Virtual Machine Manager and Create Virtual Machine Using
#virt-manager

Cloud Computing CCL 801

 Installation of Vmware Player
1. Download VMware Player for Linux from
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0
2. Create executable bundle file using the following command
#sudo chmod a+x Vmware-Player-12.5.2-4638234.x86_64.bundle
3. Install VMware Player using
#sudo ./VMware-Player-12.5.2-4638234.x86_64.bundle

4. Open VMware Player and Create a new Virtual Machine

Cloud Computing CCL 801

 Experiment: 3
Aim: Case study on Amazon EC2.

Objective: To learn about Amazon EC2.

Description:

Amazon Elastic Compute Cloud is a central part of Amazon.com's cloud computing platform,
Amazon Web Services. EC2 allows users to rent virtual computers on which to run their own
computer applications. Amazon Web Services (AWS), a subsidiary of Amazon.com,offers a
suite of cloud computing services that make up an on-demand computing platform. These
services operate from 16 geographical regions across the world. They include Amazon Elastic
Compute Cloud, also known as "EC2", and Amazon Simple Storage Service, also known as
"S3". As of 2016 AWS has more than 70 services, spanning a wide range, including compute,
storage, networking, database, analytics, application services, deployment, management,
mobile, developer tools and tools for the Internet of things. Amazon markets AWS as a
service to provide large computing capacity quicker and cheaper than a client company
building an actual physical server farm.

List of products
Compute
Networking
Content delivery
Storage and content
delivery Database
Deployment
Management
Application
services Analytics

Refer the following Internet Resources for this Lab Experiment:

1. https://en.wikipedia.org/wiki/Amazon_Web_Services

2. https://aws.amazon.com/

Cloud Computing CCL 801

 Experiment: 4
Study and implementation of Infrastructure as a Service .
Aim :

In this module we will learn Infrastructure as a Service and implement it by using

Objective:
OpenStack.
Scope: Installing OpenStack and use it as Infrastructure as a Service.
Description: OpenStack is a free and open-source software platform for cloud computing,
mostly deployed as an infrastructure-as-a-service (IaaS).The software platform
consists of interrelated components that control hardware pools of processing,
storage, and networking resources throughout a data center. Users either manage it
through a web-based dashboard, through command-line tools, or through a
RESTful API. OpenStack.org released it under the terms of the Apache License.
Steps:

Installation of Openstack using devstack

1. sudo apt-get update
2. sudo apt-get install git
3. git clone https://git.openstack.org/openstack-dev/devstack.git
4. cd devstack
5. cp samples/local.conf local.conf
6. Set passwords in the configuration
life vi local.conf
ADMIN_PASSWORD=123456
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWO
RD
SERVICE_PASSWORD=$ADMIN_PASSW
ORD
SERVICE_TOKEN=$ADMIN_PASSWORD
7. Edit the stackrc file for downloading the
packages vi stackrc
Edit the line GIT_BASE change git://git.openstack.org to http://git.openstack.org
8. Install Openstack using
./stack.sh
Note the Horizon dashboard URL
By default admin and demo account would be created in Openstack note the password
for the same.
Using the horizon URL openstack cloud can be accessed from anywhere on the network
connected to the machine on which it is installed.
Cloud Computing CCL 801
 Experiment: 5
Aim: Implementation of identity management.

Objective: An introduction about identity management in cloud and simulate it by using

OpenStack.
Scope: installing and using identity management feature of OpenStack
Steps:
1. Install the OpenStack Identity Service on the controller node, together
with python-keystoneclient (which is a dependency):

# apt-get install keystone

2. The Identity Service uses a database to store information. Specify the location of
the database in the configuration file. In this guide, we use a MySQL database
on the controller node with the username keystone. Replace KEYSTONE_DBPASS
with a suitable password for the database user.

Edit /etc/keystone/keystone.conf and change the [database] section:

...

[database]

# The SQLAlchemy connection string used to connect to the database

connection =
mysql://keystone:KEYSTONE_DBPASS@controller/keystone

...

3. By default, the Ubuntu packages create a SQLite database. Delete

the keystone.db file created in the /var/lib/keystone/ directory so that it
does not get used by mistake:

# rm /var/lib/keystone/keystone.db

4. Use the password that you set previously to log in as root. Create
a keystone database user:

$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';

Cloud Computing CCL 801

 mysql> exit

5. Create the database tables for the Identity Service:

# su -s /bin/sh -c "keystone-manage db_sync" keystone

6. Define an authorization token to use as a shared secret between the Identity

7. Service and other OpenStack services. Use openssl to generate a random token
and store it in the configuration file:

# openssl rand -hex 10

Edit /etc/keystone/keystone.conf and change the [DEFAULT]

section, replacing ADMIN_TOKEN with the results of the command:

[DEFAULT]

# A "shared secret" between keystone and other openstack services

admin_token = ADMIN_TOKEN

...

8. Configure the log directory. Edit the /etc/keystone/keystone.conf file

and update the [DEFAULT] section:

[DEFAULT]

...

log_dir = /var/log/keystone

9. Restart the Identity Service:

# service keystone restart

10. By default, the Identity Service stores expired tokens in the database indefinitely.
While potentially useful for auditing in production environments, the accumulation
of expired tokens will considerably increase database size and may decrease
service performance, particularly in test environments with limited resources. We
recommend configuring a periodic task using cron to purge expired tokens
hourly.
a. Run the following command to purge expired tokens every hour and log
the output to /var/log/keystone/keystone-tokenflush.log:
b. # (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush
>/var/log/keystone/keystone-tokenflush.log 2>&1' >>
/var/spool/cron/crontabs/keystone
Cloud Computing CCL 801
 Experiment: 6
Aim: Study and installation of Storage as a Service.

Objective: We will be able to understand the concept of SaaS , and how it is implemented
using ownCloud which gives universal access to files through a web interface.

Scope: Do installation and understanding features of ownCloud as a SaaS.

Description:

OwnCloud (stylized ownCloud) is a suite of client-server software for creating file hosting
services and using them. OwnCloud is functionally very similar to the widely used Dropbox,
with the primary functional difference being that OwnCloud is free and open-source, and
thereby allowing anyone to install and operate it without charge on a private server, with no
limits on storage space (except for disk capacity or account quota) or the number of
connected clients.

Steps :

1. Right-click https://download.owncloud.com/download/community/setup-owncloud.php and

save the file to your computer

2. Upload setup-owncloud.php to your web space

3. Point your web browser to setup-owncloud.php on your webspace

4. Follow the instructions and configure ownCloud

5. Login to your newly created ownCloud instance!

Cloud Computing CCL 801

 Experiment: 7
Aim: User Management in Cloud.

Objective: To understand how to create, manage user and group of users accounts.
Scope: Installing and using Administrative features of ownCloud
Description: User Management

On the User management page of your ownCloud Web UI you can:

 Create new users
 View all of your users in a single scrolling window
 Filter users by group
 See what groups they belong to
 Edit their full names and passwords
 See their data storage locations
 View and set quotas
 Create and edit their email addresses
 Send an automatic email notification to new users
 Delete them with a single click
The default view displays basic information about your users.

The user administration page displays all users in a table format.

The Group filters on the left sidebar lets you quickly filter users by their group memberships,
and create new groups.

Cloud Computing CCL 801

 Click the gear icon on the lower left sidebar to set a default storage quota, and to display
additional fields: Show storage location, Show last log in, Show user backend, Send email to
new users, and Show email address.

User accounts have the following properties:

Login Name (Username)

The unique ID of an ownCloud user, and it cannot be changed.

Full Name

The user’s display name that appears on file shares, the ownCloud Web interface, and emails.
Admins and users may change the Full Name anytime. If the Full Name is not set it defaults
to the login name.

Password

The admin sets the new user’s first password. Both the user and the admin can change the
user’s password at anytime.

Groups

You may create groups, and assign group memberships to users. By default new users are
not assigned to any groups.

Group Admin

Group admins are granted administrative privileges on specific groups, and can add and
Cloud Computing CCL 801
 remove users from their groups.

Quota

The maximum disk space assigned to each user. Any user that exceeds the quota cannot
upload or sync data. You have the the option to include external storage in user quotas.

Creating a New User

To create a user account:

• Enter the new user’s Login Name and their initial Password

• Optionally, assign Groups memberships

• Click the Create button

Login names may contain letters (a-z, A-Z), numbers (0-9), dashes (-), underscores (_),
periods (.) and at signs (@). After creating the user, you may fill in their Full Name if it is
different than the login name, or leave it for the user to complete.

If you have checked Send email to new user in the control panel on the lower left sidebar, you
may also enter the new user’s email address, and ownCloud will automatically send them a
notification with their new login information. You may edit this email using the email
template editor on your Admin page (see Email Configuration).

Reset a User’s Password

You cannot recover a user’s password, but you can set a new one:

• Hover your cursor over the user’s Password field

• Click on the pencil icon

• Enter the user’s new password in the password field, and remember to provide the user with
their password

If you have encryption enabled, there are special considerations for user password resets.
Please see Encryption Configuration.

Renaming a User

Each ownCloud user has two names: a unique Login Name used for authentication, and a Full
Name, which is their display name. You can edit the display name of a user, but you cannot
Cloud Computing CCL 801
 change the login name of any user.

To set or change a user’s display name:

 Hover your cursor over the user’s Full Name field

 Click on the Pencil icon

 Enter the user’s new display name

Granting Administrator Privileges to a User

ownCloud has two types of administrators: Super Administrators and Group Administrators.
Group administrators have the rights to create, edit and delete users in their assigned groups.
Group administrators cannot access system settings, or add or modify users in the groups that
they are not Group Administrators for. Use the dropdown menus in the Group Admin column
to assign group admin privileges.

Super Administrators have full rights on your ownCloud server, and can access and modify all
settings. To assign the Super Administrators role to a user, simply add them to the admin group.

Managing Groups

You can assign new users to groups when you create them, and create new groups when you
create new users. You may also use the Add Group button at the top of the left pane to create
new groups. New group members will immediately have access to file shares that belong to
their new groups.

Setting Storage Quotas

Click the gear on the lower left pane to set a default storage quota. This is automatically
applied to new users. You may assign a different quota to any user by selecting from the
Quota dropdown, selecting either a preset value or entering a custom value. When you create
custom quotas, use the normal abbreviations for your storage values such as 500 MB, 5 GB, 5

Cloud Computing CCL 801

 TB, and so on.

You now have a configurable option in config.php that controls whether external storage is
counted against user’s quotas. This is still experimental, and may not work as expected. The
default is to not count external storage as part of user storage quotas. If you prefer to include
it, then change the default false to true.:

'quota_include_external_storage' => false,

Metadata (such as thumbnails, temporary files, and encryption keys) takes up about 10% of
disk space, but is not counted against user quotas. Users can check their used and available
space on their Personal pages. Only files that originate with users count against their quotas,
and not files shared with them that originate from other users. For example, if you upload
files to a different user’s share, those files count against your quota. If you re-share a file that
another user shared with you, that file does not count against your quota, but the originating
user’s.

Encrypted files are a little larger than unencrypted files; the unencrypted size is calculated
against the user’s quota.

Deleted files that are still in the trash bin do not count against quotas. The trash bin is set at
50% of quota. Deleted file aging is set at 30 days. When deleted files exceed 50% of quota
then the oldest files are removed until the total is below 50%.

When version control is enabled, the older file versions are not counted against quotas.

When a user creates a public share via URL, and allows uploads, any uploaded files count
against that user’s quota.

Deleting users

Deleting a user is easy: hover your cursor over their name on the Users page until a
trashcanicon appears at the far right. Click the trashcan, and they’re gone. You’ll see an undo
button at the top of the page, which remains until you refresh the page. When the undo button
is gone you cannot recover the deleted user.

All of the files owned by the user are deleted as well, including all files they have shared. If
you need to preserve the user’s files and shares, you must first download them from your
ownCloud Files page, which compresses them into a zip file, or use a sync client to copy
them to your local computer.

Cloud Computing CCL 801

 Experiment 8

Aim : Write a program for web feed

Objective: This lab is to understand the concept of form and control validation
Scope: Write a program for web feed
Description: Web feed

A web feed (or news feed) is a data format used for providing users with frequently
updated content. Content distributors syndicate a web feed, thereby allowing users to
subscribe to it. Making a collection of web feeds accessible in one spot is known as
aggregation, which is performed by an aggregator. A web feed is also sometimes referred to
as a syndicated feed. A typical scenario of web feed use is: a content provider publishes a
feed link on their site which end users can register with an aggregator program (also called a
feed reader or a news reader) running on their own machines; doing this is usually as simple
as dragging the link from the web browser to the aggregator. When instructed, the aggregator
asks all the servers in its feed list if they have new content; if so, the aggregator either makes
a note of the new content or downloads it. Aggregators can be scheduled to check for new
content periodically. Web feeds are an example of pull technology, although they may appear
to push content to the user. The kinds of content delivered by a web feed are typically HTML
(webpage content) or links to webpages and other kinds of digital media. Often when
websites provide web feeds to notify users of content updates, they only include summaries
in the web feed rather than the full content itself. Web feeds are operated by many news
websites, weblogs, schools, and podcasters.
Benefits

Web feeds have some advantages compared to receiving frequently published content via an
email:

Users do not disclose their email address when subscribing to a feed and so are not increasing
their exposure to threats associated with email: spam, viruses, phishing, and identity theft.
Users do not have to send an unsubscribe request to stop receiving news. They simply
remove the feed from their aggregator.
The feed items are automatically sorted in that each feed URL has its own sets of entries
(unlike an email box where messages must be sorted by user-defined rules and pattern
matching).

Cloud Computing CCL 801

 Program

<?php
$Fname = $_POST["Fname"];
$Lname = $_POST["Lname"];
$gender = $_POST["gender"];
$food = $_POST["food"];
$quote = $_POST["quote"];
$education = $_POST["education"];
$TofD = $_POST["TofD"];
if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
?>
<html>
<head>
<title>Personal INFO</title>
</head>
<body>
<form method="post" action="<?php echo $PHP_SELF;?>">
First Name:<input type="text" size="12" maxlength="12" name="Fname"><br />
Last Name:<input type="text" size="12" maxlength="36" name="Lname"><br />
Gender:<br />
Male:<input type="radio" value="Male" name="gender"><br />
Female:<input type="radio" value="Female" name="gender"><br />
Please choose type of residence:<br />
Steak:<input type="checkbox" value="Steak" name="food[]"><br />
Pizza:<input type="checkbox" value="Pizza" name="food[]"><br />
Chicken:<input type="checkbox" value="Chicken" name="food[]"><br />
<textarea rows="5" cols="20" name="quote" wrap="physical">Enter your favorite
quote!</textarea><br />
Select a Level of Education:<br />
<select name="education">
<option value="Jr.High">Jr.High</option>
<option value="HighSchool">HighSchool</option>
<option value="College">College</option></select><br />
Select your favorite time of day:<br />
<select name="TofD" size="3">
<option value="Morning">Morning</option>
<option value="Day">Day</option>
<option value="Night">Night</option></select><br />
<input type="submit" value="submit" name="submit">
</form>
<?
} else {
echo "Hello, ".$Fname." ".$Lname.".<br />";
echo "You are ".$gender.", and you like ";
Cloud Computing CCL 801
 foreach ($food as $f) {
echo $f."<br />";
}
echo "<i>".$quote."</i><br />";
echo "You're favorite time is ".$TofD.", and you passed ".$education."!<br />";
}
?>

Output

Cloud Computing CCL 801

 Experiment 9

Aim : To Study and implementation of Single-Sign-On.

Objective: is to understand the concept of access control in cloud and single sign on(SSO), use
SSO and advantages of it, and also students should able to implement it.
Scope: Installing and using JOSSO
Description: Single sign on
Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name
and password in order to access multiple applications. The process authenticates the user for all
the applications they have been given rights to and eliminates further prompts when they switch
applications.
Traditional install
Prerequisites
Make sure you have Java Runtime Environment (JRE) 8 or newer installed before executing the
self-extracting installer. The Java Runtime Environment can be downloaded from:
http://www.java.com/getjava
The first step is to download the JOSSO distribution.
To download the latest JOSSO Community Edition release, go to:
https://sourceforge.net/projects/josso/files/latest/download?source=files
To request a trial version of the JOSSO Enterprise Edition, use this link:
http://www.atricore.com/get-started . Follow the instructions to enable your JOSSO Enterprise
Edition installation.
Install and Launch
After downloading the self-extracting installer, run it and start JOSSO by running the "atricore"
command located within the "bin" directory.
Now you're ready to run the Atricore Console. In order to launch it, hit the following URL:
http://jossoserver:8081/atricore-console . You should be able to access the server directly from
your local system (localhost) as follows (for the default port 8081): http://localhost:8081/atricore-
console
Next, sign in using the default credentials: 'admin' as the username and 'atricore' as the password.
The reference documentation for JOSSO can be found at this location:
Cloud Computing CCL 801
 http://docs.atricore.com/josso2/2.4/josso-reference-guide/html/en-US/JOSSO_Reference.html

Lets demonstrate and verify its functionality step by step.

Step 1: Create an forms authentication application "Main Application", representing our company
site.

uultimately the SSO works on claims based authentication irrespective of what authentication you
use in your application. My MainApp (SSOBase1) has a MainLogin page and a MainApppage.
Step 2: Create a second Forms application which can represent a Vendor or Client application.

Step 3: In order to accommodate forms authentication we need to have a database to maintain

credentials. So create a DB supporting infrastructure for your application. In real time scenarios,
you will have different databases for both the applications. But for simplicity i created a single
database but maintained this isolation in application. Lets see how.
Database:

Cloud Computing CCL 801

 Main App DBML:

Client App DBML:

Cloud Computing CCL 801

 Now observe the dbml files care fully. Main app deals nothing with Client1 application DB
tables and viseversa. So we are maintaining complete isolation between DB infrastructure of
Main app and client apps.

Main app / STS DB will have following information:

User credentials for Main application.

List of Client / Vendor apps serving our Main Application.
Which user and their accessibility to Client / Vendor application.
Client App DB will have following Information:

Client Application credentials.

Mapping between STS Security Token or Claim and the Client application credentials.
Step 4: Now implement respective Forms authentication so that no unauthenticated users can
enter individual apps.

Main app:

Client App 1:

Cloud Computing CCL 801

 Look at the Urls carefully. You can see the applications are redirecting Unauthenticated user
to respective Login pages for authentication.

Step 5: Now coming to user switching between cross domain applications. SSO uses a
authentication provider typically called as STS (Secure Token System).

Cloud Computing CCL 801

 Experiment 10
Aim : Mini project.

Objective: To create own cloud using different features which are learned in previous
practices.

Scope: Creating a cloud like social site for Institute.

Theory:

Problem Definition and scope of project

Requirement Specification and conceptual system design

Implementation of mini project using HTML, CSS, JavaScript and PHP.

Mini Project Presentation.

PVPP-DM-COMP-FF-7 Revision 00 9/3/17

Cloud Computing CCL 801