Virtualization Techniques

Learning
Objectives
• Analyze details of virtualization concept
• Understand different types of
virtualization techniques
• Explore interoperability standards
• Concept of VLAN,VSAN and VM
 Virtualization
technology
• A massively growing concept of
computing and IT
• A creation of new virtual version of
any product or service
• Example ??

Disk partition of one hard drive that we use in our

system
• Virtualization is separation of resources
and requests
• Example is virtual memory
• The combination of virtual infrastructure
offers a layers of abstraction between
computing, networking hardware, storage
and various applications that is running on it
 Virtual
Machine
• A closely detached software device that could
run its own operating systems and
application as if it is running on physical
computer.
• It contains its own virtual RAM, hard disk,
CPU and Network interface card.
 Guest Operating
System
• Operating System running in a
VM environment or on different physical
system.
 Hyperviso
r
• A hypervisor or virtual machine monitor
(VMM) is a software that creates and runs
virtual machines.
• A computer on which a hypervisor is running
one or more virtual machines is defined as a
Host machine.
• E.g. Oracle Virtual Box
 Hosted
Virtualization
• A virtualization method where
virtualization and partitioning services run
on top of an OS
• E.g. VMware Workstation.
Overview of x86
Architecture
 Before
Virtualization
a) There is one OS image per machine
b) Software and hardware are tightly
c) bound
Multiple applications that on
run machine usually create same
complexity
d) Resources
e) are not
Infrastructure is used optimallyflexible
neither
nor economically effective
 After
Virtualization
a) Provisioning of VMs can be done on
any system
b) OS and application work as a single unit
c) OSand applications are independent
of hardware
Types of
Virtualization
 CPU
Virtualization

Also called as x86

virtualization
x86 Privilege Level
Architecture
 The Challenges of x86 Hardware
Virtualization
• x86 operating systems are designed to run directly
on the Bare-metal hardware, so they naturally
assume that they fully own the computer hardware.
• Some instructions can’t effectively
sensitive
virtualized as they
be have different semantics
when they are not executed in Ring 0.
• The difficulty in trapping and translating these
sensitive and privileged instruction requests at
runtime was the challenge that originally made x86
architecture virtualization look impossible.
• Three alternative techniques now exist for
handling sensitive and privileged instructions
to virtualizes the CPU in x86 architecture.
a) Full virtualization using Binary Translation

b) Paravirtualization or OS-Enabled
virtualization

c) Hardware Assisted Virtualization

Full Virtualization using Binary
Translation
 Full Virtualization using Binary
Translation Contd.
• This approach translates kernel code to replace non
virtualizable instructions with new sequences of
instructions that have the intended effect on the
virtual hardware. Meanwhile, user level code is
directly executed on the processor for high
performance virtualization.
• Each virtual machine monitor provides each Virtual
Machine with all the services of the physical system,
including a BIOS, virtual devices
virtual virtualized memory
and
management.
Para virtualization or OS-Assisted
Virtualization
• Paravirtualization refers to communication between
the guest OS and the hypervisor to improve
performance and efficiency.
• Paravirtualization involve modifying the OS kernel to
replace non virtualizable instructions with hypercalls
that communicate directly with the virtualization layer
hypervisor. The hypervisor also provides hypercall
interfaces for other critical kernel operations such as
memory management, interrupt handling and time
keeping.
Hardware Assisted
Virtualization
• In this privileged and sensitive calls are set
to automatically trap to the
hypervisor,
need for removing the binary
either
paravirtualization. translation or store
guest
Virtual Machine Control state is
The d (VT-
in or
Virtual
Structures Machine Control Blocks x) (AMD-V).
Processors with Intel-VT and AMD-V
• In this privileged and sensitive calls are set to
automatically trap to the hypervisor,
removing the need for either binary
translation or paravirtualization.
Memory This associates allotment of
physical memory: and dynamical allotment among all
virtualization
VMs.
Device and I/O virtualization:

These include handling the routing of I/O requests between the shared
physical
hardware and virtual devices

Example: Virtual NICs

Network virtualization: When all the separate resources of a network are combined
and the condition that allows the network administrator to share them among all
network users.

Server virtualization:
Client or Desktop virtualization:
It is like a separation of
PC desktop environment from a physical machine
through the client server model of computing

There are 2 types:

i) Remote (server-hosted) : OS is hosted on a server in the data
center
ii) Local (Client-hosted): OS runs locally on the user’s PC hardware

Application Virtualization
It is the execution of running software from a remote server rather
than the user’s computer
Example: Dynamic link lib
 Virtualization
Products
Category of Virtualization products

i. Type I virtualization: directly runs on bare metal

hardware, there is no need of installing OS, Type I
hypervisor itself works like an OS
example: Vmware ESX and ESXi, Citrix Xen server

i. Type II virtualization: runs directly on OS or any

hosted OS
example: Oracle VM virtual box, KVM (kernel based
VM)
VmWare server: Company of making virtualization products

Benefits:
i. Extra servers
ii. Increase the CPU utilization
iii. Runs Linux, solaris, win, and applications on a
simple physical server
iv. Transfers VMs from one physical server to another
v. Captures the full state of a VM
vi. Gives the choice to access enterprise class
product software
Types of virtualization
(1) Server Virtualization (SerV)
• It is focused on partitioning a physical instance of an
operating system into a virtual instance or virtual machine.
True server virtualization products will let you virtualize any
x86 or x64 operating system, such as Windows, Linux, and
some forms of UNIX. There are two aspects of server
virtualization:

• Software Virtualization (SoftV)

• Hardware Virtualization (HardV)
 Contd.
•
.
Software Virtualization (SoftV) runs the virtualize operating
system on top of a software virtualization platform running
on an existing operating system. Ex. Type 2 Hypervisor like
Vmware Workstation or Virtual Box

• Hardware Virtualization (HardV) runs the virtualized

operating system on top of a software platform running
directly on top of the hardware without an existing
operating system.
• The engine used to run hardware virtualization is usually
referred to as a hypervisor (actually Native /Type 1
hypervisor). The purpose of this engine is to expose
hardware resources to the virtualized operating systems.
Ex.Oracle VM Server, Citrix XenServer
(2) Store Virtualization (StoreV)

• It is used to merge physical storage from multiple devices

so that they appear as one single storage pool.

• The storage in this pool can take several forms: direct

attached storage (DAS), network attached storage (NAS),
or storage area networks (SANs).

• Though storage virtualization is not a requirement for server

virtualization, one of the key strengths you will be able to
obtain from storage virtualization is the ability to rely on
thin provisioning or the assignation of a logical unit (LU) of
storage of a given size, but provisioning it only on an as-
needed basis.
(3) Network Virtualization (NetV)

• It lets you control available bandwidth by splitting it

into independent channels that can be assigned to
specific resources.

• For example, the simplest form of network virtualization is

the virtual local area network (VLAN), which creates a logical
segregation of a physical network.
(4) Management Virtualization (ManageV)

• It is focused on the technologies that manage the entire

datacenter, both physical and virtual, to present one
single unified infrastructure for the provision of services.

Two key layers are segregated at all times:

• Resource Pools (RP), which includes the collection of
hardware resources— host servers, racks, enclosures,
storage, and network hardware—that makes up the
datacenter infrastructure

• Virtual Services Offerings (VSO), or workloads that are

made up of the virtual machines—servers and/or desktops
—that are client-facing and offer services to end users
(5) Desktop Virtualization (DeskV)

• allows you to rely on virtual machines to provision

desktop systems.

• users access centralized desktops through a variety of thin

or unmanaged devices
(6) Presentation Virtualization (PresentV)

• Until recently called Terminal services

• provides only the presentation layer from a central location

to users

• The need for PresentV is diminishing because of the

introduction of technologies such as Application
Virtualization
(7) Application Virtualization (AppV)

• uses the same principles as software based SerV, but instead

of providing an engine to run an entire operating system,
AppV decouples productivity applications from the operating
system.

• Application virtualization layers replace part of the runtime

environment normally provided by the operating system.
The layer intercepts all file and Registry operations of
virtualized applications and transparently redirects them to
a virtualized location, often a single file
 Contd.
•
.
There are other key terms that make up the language
of virtualization in the datacenter. These include:
• Host server The physical server running virtual
machine workloads.
• Guest operation system A virtualized operating
system running as a workload on a host server.
• Resource Pool The collection of hardware resources,
including host servers that make up the datacenter
infrastructure.
• Virtual Service Offerings The virtual machines that are
client- facing and offer services to end users. They are also
often referred to as virtual workloads.
• Virtual Appliances (VAPs) Pre-packaged VSOs that run a
specific application or workload.
• Policy-based workloads VSOs that are powered up on an
 What Is a Virtual
•
Machine?
VMs are then made up of several different components:
• Configuration file A file that contains the settings
information—amount of RAM, number of processors,
number and type of network interface cards (NICs), number
and type of virtual disks—for the virtual machine.
• Each time you create a new virtual machine, you create a
virtual machine configuration file, that is, a file that tells
the virtualization software how to allocate physical
resources from the host to the virtual machine.
• Hard disk file(s)

• Files that contain any information which would normally

be contained within a physical hard disk.
• Each time you create a virtual machine, the virtualization
software will create a virtual hard disk, that is, a file that
acts like a typical sector-based disk.
• When you install the operating system on the virtual
machine, it will be contained in this file. Like a physical
system, each virtual machine can have several disk files.
 BENEFIT
• S
The first one is certainly at the deployment level. A virtual
machine can often be built and customized in less than 20
minutes. You can deliver a virtual machine that is ready to
work right away in considerably less time than with a
physical machine.
• Another benefit is virtual machine mobility. You can move
a VM from one host to another at any time.
• Virtual machines are just easy to use. Once it is built and
configured, you just start the machine and it is
immediately ready to deliver services to users.
• Virtual machines also support the concept of volatile
services. If a tester or developer needs a virtual machine to
perform a given series of tests, you can fire up a new VM,
provide it to them in minutes, and then, when they are
done with it, you simply delete it.
 Contd.
• VMs can be scaled out .or scaled up. To scale out, simply
create more VMs with the same services. To scale up,
shut down the VM and assign more resources, such as
RAM, processor cores, disks, and NICs to it.
• VMs are also ideal for disaster recovery, since all you need
to do is copy their files to another location, either within
your datacenter or to another site entirely.
 Concept of VLAN (Virtual LAN) and
Benefits
• Virtual LAN is a logical segmentation of local
area network (LAN) into different set of
broadcasting domains. Because the
segmentation is not physical it is called
virtual. Different Users in same location or in
different locations can use the same LAN.
 Advantage
•
s
High Performance:
Generally, switches and routers need
more processing time for
as the traffic
incoming trafficpassesbecause
through routers
latency increases and
the ,
performance
the decreases. If VLAN is used, then
networ
there is no need of extra routers sincek VLAN
creates broadcasting
domains.
• Virtual
workgroups:
In current scenario, most of the
communication within the organization
take
place in small workgroups (e.g. development
team , marketing team , accounting team)s to
manage broadcast and multi-cast
functionality within the workgroups, VLAN
can be used to enable communication.
• cost effective
The cost of routers can be reduced when
VLANs are used like broadcasting domains
• Easy administration
Traditional LAN has many access management
issues, including LAN cabling, new station
setup and addressing, and configuration of
hubs and routers. While using vLAN this
access management effort can be reduced
because user movement within vLAN requires
no reconfiguration of routers and hubs.
• Enhanced security
VLANis also used to set firewalls,
restrict access permission for outside
access, adding
an layer of security for
extra
detectio intrusion and controlling
n broadcasting
domain.
 Concept of SAN (Virtual SAN) and
Benefits
• When a Logical partition is created within a
physical storage area network (SAN), it is
called virtual storage area network (VSAN).
Virtualization technology enables division and
allocation of entire storage area network into
more logical SANs
 Benefits of
•
SAN
Enhanced application availability
• Higher application performance
• Centralized and consolidated storage
• Data transfer and vaulting to remote
sites
• Simplified centralized management
 VM
Migration
• It refers to the movement or transfer
between different physical machines without
any discontinuity
VM Consolidation &
Management
 Cloud Interoperability
• Standards
There a strong need for the development of
integrated
is interoperability authentication among
all provider.
• Several organizations such as the Cloud Computing
Interoperability Forum (CCIF) have been working on
solutions to address cloud interoperability challenges.
The Cloud Standards Customer Council (CSCC)
provides the opportunity to convert and synchronize
client needs and specified requirement into standards
of development cloud firms and also for cloud users.
It provides standard research materials and
documents.
 Categories of
Interoperability
When consumer wish to migrate from one cloud
Provider to another, interoperability falls
into these categories:

1.Data and Application Portability: It means by running

applications and data, consumers should be able to
migrate easily from one cloud provider to another
without any lock- in
issue.
2.Platform Portability: It means application development
environment or IDE should be capable enough to run over
anytype of cloud infrastructure.

3.Infrastructure Portability: It means virtual server or

machine images should have the freedom of portability.
They should be able to migrate from one cloud provider to
another.
 Open Standards for Solving Cloud
Interoperability Challenges
• Application
Solution
• Platform Solution
• Infrastructure
Solution
 Open Virtualization
Format
Characteristics:
1) Open standard
2) Portable VM packaging
3) Optimized for
distribution
4) Multiple VM support
3.VIRTUALIZATION
 3.1 Move to
Virtualization..
• Increased Performance and
Computing Capacity.
• Underutilized Hardware and
Software Resources.
• Lack of Space.
• Greening Initiatives.
• Rise of Administration
3.2 Characteristics of Virtualized
Environment

Gues Virtual Image Applications Application

s
t

Virtual Hardware Virtual Storage Virtual Networking

Virtualization
Layer Software Emulation

Hos Physical Hardware Physical Storage

Physical Networking
t
Virtualization Reference
 Characteristics of Virtualized
Environment Cont..
Increased Security
The ability to control the execution of a guest in a completely
transparent manner opens new possibilities for delivering a secure,
controlled execution environment.
The virtual machine represents an emulated environment in which
the guest is executed. All the operations of the guest are generally
performed against the virtual machine, which then translates and
applies them to the host.
This level of indirection allows the VMM to control and filter
the activity of guest, thus preventing the harmful operations from
being performed.
 Characteristics of
Virtualized
• Environment
Managed Execution Cont..
Virtualization of the execution environment
does not only allow increased security but a
wider range of features can be implemented.
In particular, sharing, aggregation,
emulation, and isolation are the most
relevant.
 Characteristics of
Virtualized
•
Environment
Managed Execution includes following:
– Sharing
Cont..
• Creating separate computing environment within
the same host.
• Underline host is fully utilized.
– Aggregation
• A group of separate hosts can be tied together
and represented as single virtual host.
– Emulation
• Controlling & Tuning the environment exposed to
guest.
– Isolation
• Complete separate environment for guests.
Managed
Execution
 Characteristics of Virtualized
Environment Cont..
●
Performance Tuning –
– control the performance of guest.
●
Virtual Machine Migration –
– move virtual image into another machine.
●
Portability –
– safely moved and executed on top of different
virtual machine.
– Availability of system is with you.
 3.3 Taxonomy of Virtualization
Techniques Cont..
• Virtualization is mainly used to emulate
execution environment, storage and
networks.
• Execution Environment classified into two :-
– Process-level – implemented on top of an
existing operating system.
– System-level – implemented directly on
hardware and do not or minimum requirement
of existing operating system
3.3 Taxonomy of Virtualization
Techniques Cont..
 Machine Reference
Model
●
It defines the interfaces between the
levels of abstractions, which hide
implementation details.
●
Virtualization techniques actually replace
one of the layers and intercept the calls
that are directed towards it.
 Machine Reference [Cont.
]

Model

●
Hardware is expressed in terms of the Instruction Set Architecture (ISA).
– ISA for processor, registers, memory and the interrupt management.
●
Application Binary Interface (ABI) separates the OS layer from the
application and libraries which are managed by the OS.
– System Calls defined
– Allows portabilities of applications and libraries across OS.
 Machine Reference Model
[Cont.]

●
API – it interfaces applications to
libraries and/or the underlying OS.
●
Layered simplifies the
development
approach and implementation
computing system. of
●
ISA has been divided two security
into classes:-
– Privileged Instructions
– Nonprivileged Instructions
 ISA: Security
Classes
●
Nonprivileged instructions
– That can be used without interfering with other
tasks because they do not access shared
resources. Ex. Arithmetic , floating & fixed point.
●
Privileged instructions
– That are executed under specific restrictions
and are mostly used for sensitive operations,
which expose (behavior-sensitive) or modify
(control-sensitive) the privileged state.
●
Behavior-sensitive – operate on the I/O
●
Control-sensitive – alter the state of
the CPU register.
 Privileged Hierarchy:
Security Ring
●
Ring-0 is in most privileged level
, used by the kernel.
●
Ring-1 & 2 used by the OS-level
services
●
and , R3 in the least privileged
level , used by the user.
●
Recent system support two
levels :-
– Ring 0 – supervisor
mode
– Ring 3 – user mode
 Hardware-level
virtualization
●
It is a virtualization that
technique
provides an abstract execution
environment in terms of computer
hardware on top of which a guest OS
can be run.
●
It is also called as system virtualization.
Hardware-level
virtualization
 Hyperviso
●
r above the supervisor
Hypervisor runs
mode.
●
It runs in supervisor mode.
●
It recreates a h/w environment.
●
It is a piece of s/w that enables us to run
one or more VMs on a physical
server(host).
●
Two major types of hypervisor
– Type -I
– Type-II
 Type-I
Hypervisor
●
It runs directly on top of the hardware.
●
Takes place of OS.
●
Directly interact with the ISA exposed by
the underlying hardware.

●
Also known as native virtual machine.
 Type-II
●
Hypervisor
It require the support of an
operating system to provide
virtualization services.
●
Programs managed by the
OS.
●
Emulate the ISA of virtual
h/w.
●
Also called hosted virtual
machine.
Virtual Machine Manager
Main Modules :-
(VMM)
●

Dispatcher
–

●
Entry Point of VMM
●
Reroutes the instructions issued by VM instance.
– Allocator
●
Deciding the system resources to be provided to the VM.
●
Invoked by dispatcher
– Interpreter
●
Consists of interpreter routines
●
Executed whenever a VM executes a privileged instruction.
●
Trap is triggered and the corresponding routine is
executed.
Virtual Machine Manager
(VMM)
 3)Hardware Virtualization
Techniques
• Hardware assisted
virtualization
• Full virtualization
• Para virtualization
• Partial virtualization
 Partial
virtualization
– Partial emulation of the underlying hardware
– Not allow complete isolation to guest OS.
– Address space virtualization is a common
feature of contemporary operating systems.
– Address space virtualization used in time-
sharing system.
 Operating system-level
virtualization
●
It offers the opportunity to create different and
separated execution environments for
applications that are managed concurrently.
●
No VMM or hypervisor
●
Virtualization is in single OS
●
OS kernel allows for multiple isolated user
space instances
●
Good for server consolidation.
●
Ex. Jails, OpenVZ etc.
 Programming language-level
virtualization
●
It is mostly used to achieve ease of deployment of application,
managed execution and portability across different platform
and OS.
●
It consists of a virtual machine executing the byte code of a
program, which is the result of the compilation process.
●
Produce a binary format representing the machine code for
an abstract architecture.
●
Example
– Java platform – Java virtual machine (JVM)
– .NET provides Common Language Infrastructure (CLI)
●
They are stack-based virtual machines
 Advantage of
programming/process-level
●
VM
Provide uniform execution environment
across different platforms.
●
This simplifies the development and
deployment efforts.
●
Allow more control over the
execution
of programs.
●
Security; by filtering the I/O
operations
 Application-level
●
Itvirtualization
is a technique allowing applications to
run in runtime environments that do not
natively support all the features
required by such applications.
●
In this, applications are not installed in
the
expected runtime environment.
●
This technique is most concerned with :-
– Partial file system
– Libraries
 Strategies for Implementation
Application-Level
●
Virtualization
Two techniques:-
– Interpretation -
●
In this every source instruction is interpreted by an
emulator for executing native ISA instructions,
●
Minimal start up cost but huge overhead.
– Binary translation -
●
In this every source insruction is converted to native
instructions with equivalent functions.
●
Block of instructions translated , cached and reused.
●
Large overhead cost , but over time it is subject to
better performance.
 Advantages of
Virtualization
• Eliminates the need for numerous dedicated
servers; ability for different domain names, file
• directories,
Offers email administration, IP addresses, logs
the
and analytics;
• Cost because many times server
installation provisioning
effective is available;
software
• If one virtual server has a software failure, the
other servers will not be affected;
• Reduces energy costs because only one device is running
instead of several;
• Offers a flexible IT infrastructure;
• Can quickly make changes with little downtime.
 Disadvantages of
• Virtualization
Resource hogging could occur if there are too many
virtual servers within a physical machine.
• As software updates and patches must be compatible
with everything running on the virtual machine, admin
may have reduced control over the physical
environment.
• Administration, backup and
requires
includingspecialized knowledge.recovery,
• If user experience is impacted, it can be difficult
to identify the root cause.
• Services offered by a dedicated server are
more accessible.
 4) OS Level
Virtualization
OS level virtualization offers the opportunity to
create different and separated execution
environments for applications that are managed
concurrently. It is from hardware
virtualization different —there is no
virtual machine manager or hypervisor,
and the virtualization is done within a
single operating system, where the OS kernel
allows for multiple isolated user space instances.
 5)Programming Level
Virtualization
Programming level virtualization
is mostly used for achieving
easeapplications,
of deployment managed of execution,
portability across different and
operating systems. platforms
It consists of a and
machine executin virtual
thebyte code of
program, g which is the result
a of
compilation the
process
.
 6) Application Level
Virtualization
Interpretation
Binary
Translation
 Virtualization and Cloud
Computing
VM

VM VM VM VM VM

Virtual Machine Manager

Server A Server B
(running (running
) Before )
Migration

VM VM VM

VM VM VM

Virtual Machine Manager

Server A Server B
(running (inactive
) )
After
Migration
 Advantages of
Virtualization
• Eliminates the need for numerous dedicated
servers; ability for different domain names, file
• directories,
Offers email administration, IP addresses, logs
the
and analytics;
• Cost because many times server
installation provisioning
effective is available;
software
• If one virtual server has a software failure, the
other servers will not be affected;
• Reduces energy costs because only one device is running
instead of several;
• Offers a flexible IT infrastructure;
• Can quickly make changes with little downtime.
 Disadvantages of
• Virtualization
Resource hogging could occur if there are too many
virtual servers within a physical machine.
• As software updates and patches must be compatible
with everything running on the virtual machine, admin
may have reduced control over the physical
environment.
• Administration, backup and
requires
includingspecialized knowledge.recovery,
• If user experience is impacted, it can be difficult
to identify the root cause.
• Services offered by a dedicated server are
more accessible.
VIRTUALIZATION & CLOUD
COMPUTING
Lecture # 20-21

CSE 423

Defining Cloud computing

Cloud Types
 Cloud
Computing
• Cloud computing refers to applications and services that run on a
distributed network using virtualized resources and accessed by
common Internet protocols and networking standards.

• It is distinguished by the notion that resources are virtual and limitless

and that details of the physical systems on which software runs are
abstracted from the user.
• Abstraction:
– Cloud computing abstracts the details of system implementation
from
users and developers.
– Applications run on physical systems that aren't specified,
– data is stored in locations that are unknown,
– administration of systems is outsourced to others, and access by
users is ubiquitous.
• Virtualization:
– Cloud computing virtualizes systems by pooling and sharing
resources.
– Systems and storage can be provisioned as needed from a
centralized infrastructure,
– costs are assessed on a metered basis,
– multi-tenancy is enabled,
– and resources are scalable with agility.
 Cloud
Types
• Deployment Model:
• Refers to location and management of the cloud’s infrastructure

• Service Model
• Consists of particular types of services that can be accessed on cloud
computing platform

• Some widely used model

• NIST Model
• The Cloud Cube
Model
National Institute of Standard and Technology (NIST Definition of Cloud
Computing)
 The Cloud Cube
•
Model
Business managers are requiring IT operations to
assess the risks and benefits this computing model
represents.
• The Jericho Forum, an international independent
group of information security leaders, have added
their input as to how to collaborate securely in the
clouds.
• The Clou Cub Model describes
Jericho d elements
multidimensional e of cloudthe
computing,
framing not only cloud use cases, but also how they
are deployed and used.
The Cloud Cube
Model
 The Cloud Cube
•
Model
The Jericho Forum has identified four criteria to
differentiate cloud formations from each other and
the manner of their provision. The Cloud Cube
Model effectively summarizes these four
dimensions:
• Internal/External
• Proprietary/Open
• Perimeterised/De-perimeterized Architectures
• Insourced/Outsourced
 The Cloud Cube
• Model
Physical
location
of the data: Internal (I) /
determines your organization's
(E) boundaries.
External

• Ownership: Proprietary (P) / Open (O) is a measure of not

only the technology ownership, but of interoperability, ease
of data transfer, and degree of vendor application lock-in.

• Security boundary: Perimeterised (Per) / De-perimiterised

(D-
p) is a measure of whether the operation is inside or outside
the security boundary or network firewall.
• Sourcing: or Outsourced means whether
service
Insourcedis provided bythe
the own staff of organizationor
the service provider(third party).
Deployment
Models
• Public Cloud
– Hosted , operated and managed by a third party system owned by
organization selling cloud services

• Private Cloud
– The private cloud infrastructure is operated for the exclusive use of an
organization. The cloud may be managed by that organization or a
third party. Private clouds may be either on- or off-premises.

• Hybrid Cloud
– A hybrid cloud combines multiple clouds (private, community of public)
where those clouds retain their unique identities, but are bound together
as a unit.

• Community Cloud
– A community cloud is one where the cloud has been organized to
serve a common function or purpose.
– It may be for one organization or for several organizations, but they share
common concerns such as their mission, policies, security, regulatory
compliance needs, and so on
Service
Models
• Infrastructure as a Service(IaaS)
– Deliver Infrastructure on Demand in the form of
virtual Hardware, Storage and Networking.
Virtual Hardware is utilised to provide compute on
demand in the form of virtual machine instances
– Eg.Amazon EC2,, Eucalyptus, GoGrid,
Rightspace Cloud

• Platform as a Service (PaaS)

– Deliver scalable and elastic runtime
environments
on demand that host the execution of
applications.
– Backed by core middleware platform for
creating abstract environment to deploy and
execute application

• Software as a service (SaaS)

– Provide application and services on demand eg
office automation, Photo Editing software,
facebook., Twitter accessible through browser on
demand
Cloud Companies/Service
Providers
 Benefits of Cloud
•Computing
Lower Computational Costs
• Improved Performance
• Reduced Software Costs
• Instant Software updates
• Unlimited storage capacity
• Increased Data Reliability
• Universal Document Access
• Latest version availability
• Easier Group Collaboration/
Sharing
• Device Independence
 Disadvantages of Cloud
•Computing
Requires constant Internet Connection
• Does not work well with low speed
connection
• Stored data might not be Secured
• Stored data can be lost
• Features might be limited
VIRTUALIZATION & CLOUD
COMPUTING
Lecture # 16-17

CSE 423

Introduction to Cloud Computing

 Cloud Computing in a
nutshell
• Analogy to electricity use

• Technologies such as cluster, grid, and now cloud computing, have all
aimed at allowing access to large amounts of computing power in a
fully virtualized manner, by aggregating resources and offering a single
system
view

• Utility computing describes a business model for on-demand delivery of

computing power; consumers pay providers based on usage.

• It denotes a model on which a computing infrastructure is viewed as a

“cloud,” from which businesses and individuals access applications
from anywhere in the world on demand
 Cloud Computing in a
nutshell
• BUYYA
• “Cloud is a parallel and distributed computing system consisting of
a collection of inter-connected and virtualized computers that are
dynamically provisioned and presented as one or more unified
computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and
consumers.”

• NIST
• a pay-per-use model for enabling available, convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g. networks, servers, storage, applications, services)
that can be rapidly provisioned and released with minimal
management effort or service provider interaction.”
 Cloud Computing in a
nutshell
• While there are countless other definitions, there seems to be
common characteristics between the most notable ones listed above,
which a cloud should have: (

(i) pay-per-use (no ongoing commitment, utility prices);

(ii) elastic capacity and the illusion of infinite resources;
(iii) self-service interface
(iv) resources that are abstracted or virtualised.
Roots of Cloud
Computing
 Roots of Cloud
Computing

(i)Mainframe to cloud
(ii) SOA, Web Services, Web 2.0 and
Mashups
(iii) Grid Computing
(iv)Utility Computing
(v)Hardware Virtualization
(vi)Virtual Appliance and
OVF
(vii) Autonomic Computing
 From Mainframe to
cloud
• Currently experiencing a switch in the IT world, from in-house
generated computing power into utility-supplied computing resources
delivered over the Internet as Web services

• Computing delivered as a utility can be defined as “on demand

delivery of infrastructure, applications, and business processes in a
security-rich, shared, scalability based computer environment over
the Internet for a fee”

• Advantage to both consumer and providers

• Earlier provided timeshared mainframes , declined due to advent of

fast
and inexpensive microprocessors
 SOA, Web Services, Web 2.0 and
Mashups
• Web services can glue together applications running on different
messaging product platforms, enabling information from one
application to be made available to others, and enabling internal
applications to be made available over the Internet.

• The purpose of a SOA is to address requirements of loosely

coupled, standards-based, and protocol-independent distributed
computing

• Services such user authentication, e-mail, payroll management,

and calendars are examples of building blocks that can be reused
and combined in a business solution in case a single, ready-made
system does not provide all those features
 Grid
Computing
• Grid computing is the collection of computer resources from
multiple locations to reach a common goal. The grid can be thought
of as a distributed system with non-interactive workloads that
involve a large number of files.

• A key aspect of the grid vision realization has been building standard
Web services-based protocols that allow distributed resources to be
“discovered, accessed, allocated, monitored, accounted for, and
billed for..

• Issues:
• QOS, Avaibility of resource with diverse software configuration
• Soln: virtualisation
 Utility
Computing
• Utility computing is a service provisioning model in which a service
provider makes computing resources and infrastructure management
available to the customer as needed, and charges them for specific
usage rather than a flat rate.

• In utility computing environments, users assign a “utility” value to

their jobs, where utility is a fixed or time-varying valuation that
captures various QoS constraints (deadline, importance, satisfaction).

• The service providers then attempt to maximize their own utility,

where said utility may directly correlate with their profit.
 Hardware
• Virtualisation
Hardware virtualization allows running multiple operating systems
and software stacks on a single physical platform

• 3 basic capabilities related to management of workload:

isolation, Consolidation and Migration
• A number of VMM platforms exist that are the basis of many utility
or cloud computing environments.

• VMWare ESXi :
• pioneer in virtualisation, bare metal hypervisor,
• provides advanced virtualization techniques of processor, memory,
and I/O. Especially, through memory ballooning and page sharing, it
can overcommit memory,

• Xen:
• open-source project
• It has pioneered the para-virtualization concept, on which the guest
operating system, by means of a specialized kernel, can interact with
the hypervisor, thus significantly improving performance
• KVM:

• kernel-based virtual machine (KVM) is a Linux virtualization subsystem

• Is has been part of the mainline Linux kernel since version 2.6.20,
thus being natively supported by several distributions.

• In addition, activities such as memory management and scheduling

are carried out by existing kernel

• KVM leverages hardware-assisted virtualization, which improves

performance and allows it to support unmodified guest
operating systems
Virtual Appliance and OVF(open virtual
format)
• An application combined with the environment needed to run it
(operating system, libraries, compilers, databases, application
containers,
and so forth) is referred to as a “virtual appliance.”
• A virtual appliance is a pre-integrated, self contained system that is
made by combining a software application (e.g., server software) with
just enough operating system for it to run optimally on industry
standard hardware or a virtual machine e.g., VMWare, VirtualBox

• In a multitude of hypervisors, where each one supports a different VM

image format and the formats are incompatible with one another, a
great deal of interoperability issues arises.

• For instance, Amazon has its Amazon machine image (AMI) format,
made popular on the Amazon EC2 public cloud. Other formats are used
by Citrix XenServer, several Linux distributions that ship with KVM,
 Autonomic
Computing

• The increasing complexity of computing systems has motivated research

on autonomic computing, which seeks to improve systems by
decreasing human involvement in their operation

• Autonomic, or self-managing, systems rely on monitoring probes and

gauges (sensors), on an adaptation engine (autonomic manager) for
computing optimizations based on monitoring data, and on effectors to
carry out changes on the system.
 Migration

• When and how to migrate one’s application into a cloud ?

• What part or component of the IT application to migrate into a cloud

and what not to migrate into a cloud ?

• What kind of customers really benefit from migrating their IT into

the cloud ?
The Seven-Step Model of Migration into a
Cloud
The Seven-Step Model of Migration into a
Cloud
The Seven-Step Model of Migration into a
Cloud
Step 1
• Cloud migration assessments comprise assessments to understand
the issues involved in the specific case of migration at the
application level or the code, the design, the architecture, or usage
levels.

• These assessments are about the cost of migration as well as about

the ROI that can be achieved in the case of production version.

Step 2
• isolating all systemic and environmental dependencies of the
enterprise application components within the captive data center

Step 3
• generating the mapping constructs between what shall possibly
remain in the local captive data center and what goes onto the
The Seven-Step Model of Migration into a
Cloud
Step 4
• substantial part of the enterprise application needs to be
rearchitected,
redesigned, and reimplemented on the cloud
Step 5
• We leverage the intrinsic features of the cloud computing service
to augment our enterprise application in its own small ways.
Step 6
• we validate and test the new form of the enterprise application with
an extensive test suite that comprises testing the components of the
enterprise application on the cloud as well
Step 7
• Test results could be positive or mixed.
• In the latter case, we iterate and optimize as appropriate. After
several such optimizing iterations, the migration is deemed
successful
The Seven-Step Model of Migration into a
Cloud
These are the unique characteristics of an ideal cloud computing model:

• Scalability: You have access to unlimited computer resources as needed.

• Elasticity: You have the ability to right-size resources as required.

• Low barrier to entry: You can gain access to systems for a small
investment.

• Utility: A pay-as-you-go model matches resources to need on an

ongoing basis. .
Companies become cloud computing providers for several reasons:

• Profit: The economies of scale can make this a profitable business.

• Optimization: The infrastructure already exists and isn't fully utilized.

- This is the case for Amazon Web Services.

• Strategic: A cloud computing platform extends the company's products

and
defends their franchise.
- This is the case for Microsoft's Windows Azure Platform.

• Extension: A branded cloud computing platform can extend

customer
relationships by offering additional service options.
This is the case with various IBM cloud services.
• Presence: Establish a presence in a market before a large competitor can
emerge.
- Google App Engine allows a developer to scale an application
immediately. For Google, its office applications can be rolled out quickly
and to large audiences.

• Platform: A cloud computing provider can become a hub master at the

center of many ISV's (Independent Software Vendor) offerings.

- The customer relationship management provider SalesForce.com has a

development platform called Force.com that is a PaaS offering.
 The law of
cloudonomics
1. Utility services cost less even though they cost more.
Utilities charge a premium for their services, but customers save
money
by not paying for services that they aren't using.

2. On-demand trumps forecasting.

The ability to provision and tear down resources (de-provision)
captures revenue and lowers costs.

3. The peak of the sum is never greater than the sum of the peaks.
A cloud can deploy less capacity because the peaks of individual
tenants in a shared system are averaged over time by the group of
tenants.

.
 The law of
cloudonomics
4. Aggregate demand is smoother than individual.
Multi-tenancy also tends to average the variability intrinsic in
individual demand. With a more predictable demand and less
variation, clouds can run at higher utilization rates than captive
systems. This allows cloud systems to operate at higher efficiencies
and lower costs.

5. Average unit costs are reduced by distributing fixed costs over more
units
of output.
Cloud vendors have a size that allows them to purchase resources
at significantly reduced prices.

6. Superiority in numbers is the most important factor in the result of

a combat (Clausewitz).
Weinman argues that a large cloud's size has the ability to repel
 The law of
cloudonomics
7. Space-time is a continuum (Einstein/Minkowski).
The ability of a task to be accomplished in the cloud using parallel
processing allows real-time business to respond quicker to
business conditions and accelerates decision making providing a
measurable advantage.

8. Dispersion is the inverse square of latency.

Cutting latency in half requires four times the number of nodes
in a
system.

9. Don't put all your eggs in one basket.

Large cloud providers with geographically dispersed sites worldwide
therefore achieve reliability rates that are hard for private systems
to achieve.
 The law of
cloudonomics
10. An object at rest tends to stay at rest (Newton).

Private datacenters tend to be located in places where the company or

unit was founded or acquired. Cloud providers can site their
datacenters in what are called “greenfield sites.”

A greenfield siteis one that is environmentally friendly: locations that

are on a network backbone, have cheap access to power and cooling,
where land is inexpensive, and the environmental impact is low.
 Laws of Behavioral
•
Cloudonomics
1. People are risk averse and loss averse.
• 2. People have a flat-rate bias.
• 3. People have the need to control
their environment and remain
autonomous.
• 4. People fear change.
• 5. People value what they own more
than what they are given.
• 6. People favor the status quo and
• 7. People discount future risk and
favor instant gratification.
• 8. People favor things that are free.
• 9. People have the need for status.
• 10. People are incapacitated by
choice.
 Measuring cloud computing
•
costs
The cost of a cloud computing deployment
is roughly estimated to be
CostCLOUD=Σ(UnitCostCLOUD X(Revenue–CostCLOUD))
• where the unit cost is usually defined as the
cost of a machine instance per hour.
• To compare your cost benefit with a private
cloud, you will have to compare the value
that you determined in the previous
equation with the same calculation:
• CostDATACENTER= Σ(Unit CostDATACENTERx (Revenue
–(CostDATACENTER /Utilization))
• The CostDATACENTER consists of the summation of
the cost of each of the individual systems with all
the associated resources, as follows:
• CostDATACENTER = nΣ(UnitCost x (Revenue –
1
DATACENTER
(CostDATACENTER/Utilization))SYSTEMn

where the sum includes terms for System 1,

System 2, System 3, and so on.
• The costs associated with the cloud model are calculated rather
differently. Each resource has its own specific cost and many
resources can be provisioned independently of one another. In
theory, therefore,
• the CostCLOUD is better represented by the equation:
CostCLOUD = nΣ(UnitCost x (Revenue – Cost ))
1 Σ(UnitCost
+ x (Revenue– CLOUD))
n

1 Σ(UnitCostCLOU x(Revenue –
Cost CLOUD)) + +
n
CLOUD STORAGE_UNITn

Cost D NETWORK_UNITn …
 Defining Licensing
Models
When you purchase shrink-wrapped software, you are
using that software based on a licensing agreement
called a EULA or End User License Agreement. The
EULA may specify that the software meets the
following criteria:
• It is yours to own.
• It can be installed on a single or multiple machines.
• It allows for one or more connections.
• It has whatever limit the ISV(independent software vendor)
has placed on its software.
In most instances, the purchase price of the software is
directly tied to the EULA.
 Chapter 3: Understanding
Cloud Architecture
• IN THIS CHAPTER
• Using the cloud computing stack to
describe different models
• Understanding how platforms and
virtual appliances are used
• Learning how cloud communications
work
• Discovering the new world of the cloud
client
• One property that differentiates cloud computing is
referred to as composability, which is the ability to
build applications from component parts.
A platform is a cloud computing service that is both
hardware and software. Platforms are used to create
more complex software. Virtual appliances are an
important example of a platform, and they are
becoming a very important standard cloud computing
deployment object.
Cloud computing requires some standard protocols with which different layers of
hardware, software,and clients can communicate with one another. Many of these
protocols are standard Internet protocols.

Cloud computing relies on a set of protocols needed to manage interprocess

communications that have been developed over the years. The most commonly used
set of protocols uses XML as the messaging format, the Simple Object Access
Protocol (SOAP) protocol as the object model, and a set of discovery and description
protocols based on the Web Services Description Language (WSDL) to manage
transactions.

Some completely new clients are under development that are specifically meant to
connect to the cloud. These clients have as their focus cloud applications and
services, and are often hardened and more securely connected. Two examples
presented are Jolicloud and Google Chrome OS. They represent a new client model
that is likely to have considerable impact.
 Exploring the Cloud Computing
Stack
• Composability
• Infrastructure
• Platforms
• Virtual Appliances
• Communication
Protocols
• Applications
 Composabilit
y
• A composable component must be:
• Modular: It is a self-contained and
independent unit that is cooperative,
reusable, and replaceable.
• Stateless: A transaction is executed without
regard to other transactions or requests.
• The essence of a service oriented design is that services are constructed
from a set of modules using standard communications and service
interfaces.

• An example of a set of widely used standards describes the services

themselves in terms of the Web Services Description Language (WSDL),
data exchange between services using some form of XML, and the
communications between the services using the SOAP protocol.
 Infrastructure
Most large Infrastructure as a Service (IaaS) providers rely on virtual machine
technology to deliver servers that can run applications.

Virtual servers described in terms of a machine image or instance have

characteristics that often can be described in terms of real servers delivering a
certain number of microprocessor (CPU) cycles, memory access, and network
bandwidth to customers.

Virtual machines are containers that are assigned specific resources. The software
that runs in the virtual machines is what defines the utility of the cloud
computing system.
Arch dig illustrates the Portion
of cloud computing stack that
is designated as the server
 Platform
s
• Platform in the cloud is a software layer that
is used to create higher levels of service.
• Salesforce.com's Force.com Platform
• Windows Azure Platform
• Google Apps and the Google AppEngine
A virtual appliance is software that installs as middleware onto a virtual
machine.
 Virtual
•
Appliances
Virtual appliances are software installed on virtual servers—application
modules that are meant to run a particular machine instance or image
type.
• A virtual appliance is a platform instance. Therefore, virtual appliances
occupy the middle of the cloud computing stack
Understanding Services
and Applications by
Type
 Type
s
• Infrastructure as a Service
(IaaS)
• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructur as a Service allows
e creation for the virtual
of networks. computingsystems
or represents a hosted
• Software as a Service
application that is universally available over
the Internet, usually through a browser.
• Software as a Service, the user interacts
directly with the hosted software.
• SaaS may be seen to be an alternative model
to that of shrink-wrapped software and may
replace much of the boxed software that we
buy today.
• Platform as a Service is a cloud computing
infrastructure that creates a development
environment upon which applications may be
build.

• PaaS provides a model that can be used to

or augment complex applications such
create
Customer Relation Management as
Enterprise
(CRM) Resource Planning (ERP) systems. or

• PaaS offers the benefits of cloud computing and

is often componentized and based on a service-
oriented architecture model.
• Identity as a Service (IDaaS)
• Identityas a Service provides
authentication and authorization services
networks.
on distributed
• Infrastructur and supporting protocols for
e IDaaS.
• Other service types such as Compliance as a
Service (CaaS), provisioning, monitoring,
communications.
 Infrastructure as a Service
• (IaaS)
Infrastructure as a Service (IaaS) is a cloud
computing service model in which hardware is
virtualized in the cloud.
• In this particular model, the service vendor owns
the equipment: servers, storage, network
infrastructure.
• The developer creates virtual hardware on which
to develop applications and services.
• Essentially, an IaaS vendor has created a
hardware utility service where the user
provisions virtual resources as required.
• The fundamental unit of virtualized client in
an IaaS deployment is called a workload.
• A workload simulates the ability of a certain
type of real or physical server to do an
amount of work.
• The work done can be measured by the
number of Transactions Per Minute (TPM) or
a similar metric against a certain type of
system.
• Throughput
• attributes such as
• Disk I/Os measured in Input/Output
Per Second IOPS
• the amount of RAM consumed under load
in MB
• Network throughput and latency
• In a hosted application environment, a client's
application runs on a dedicated server inside a
server rack or perhaps as a standalone server in
a room full of servers.
• In cloud computing, a provisioned server called
an instance is reserved by a customer, and the
necessary amount of computing resources
needed to achieve that type of physical server is
allocated to the client's needs.
Pods, aggregation and
silos
 Platform as a Service
Platform as a Service model describes a
(PaaS)
software environment in which a developer

can create customized solutions the

within
context of the development tools that the
platform provides.
• Platforms be based on specific types
can of
frameworks or other
development languages,
constructs. application
 • Paa offering provide the tools and
S
environment s applications development
another
to application. deploy on vendor's
• Often PaaS tool is a fully integrated
environment
a i.e all the tools and services are part of the PaaS
development
service.
• In a PaaS model, customers may interact with the software to
enter and retrieve data, perform actions, get results, and to
the degree that the vendor allows it, customize the platform
involved.
• The customer takes no responsibility for maintaining the
hardware, the software or the development of the
applications and is responsible only for his interaction with the
platform.
• The one example that is most quoted as a PaaS offering is
Google's App Engine platform.
• Google Maps, Google Earth, Gmail, and the
myriad of other PaaS offerings as conforming
to the PaaS service model, although these
applications themselves are offered to
customers under what is more aptly
described as the Software as a Service (SaaS)
model.
 Software as a Service
(SaaS)
• SaaS provides the complete infrastructure,
software, and solution stack as the service
offering.
• A good way to think about SaaS is that it is
the cloud-based equivalent of shrink-
wrapped software.
• Software as a Service (SaaS) may be
described as software that is deployed on a
hosted service and can be accessed globally
over the Internet, most often in a browser.
• With the exception of the user interaction
with the software, all other aspects of the
service are abstracted away.
• SaaS software for end-users are Google Gmail
and Calendar, QuickBooks online, Zoho Office
Suite, and others that are equally well known.
• SaaS applications come in all shapes and
sizes, and include custom software such as
• billing and invoicing systems
• Customer Relationship Management
(CRM) applications
• Help Desk applications
• Human Resource (HR) solutions
• Sabael aoverS
The software is avali

c hnI aetrrnaetcgltoebaryll itshtroiucghsa browser on demand.

t he
• The typical license is subscription-based or usage-based and is billed on a
recurring basis.
• The software and the service are monitored and maintained by the vendor,
regardless of where all the different software components are running.
• There may be executable client-side code, but the user isn't
responsible for
maintaining that code or its interaction with the service.
• Reduced distribution and maintenance costs and minimal end-user system costs
generally make SaaS applications cheaper to use than their shrink-wrapped
versions.
• Such applications feature automated upgrades, updates, and patch management
and much faster rollout of changes.
• SaaS applications often have a much lower barrier to entry than their locally
installed competitors, a known recurring cost, and they scale on demand (a
 Identity as a Service
(IDaaS)
• An identity service is one that stores the
information associated with a digital entity in
a form that can be queried and managed for
use in electronic transactions.
• Identity services have as their core functions:
a data store, a query engine, and a policy
engine that maintains data integrity.
• The Name Service can run on a
network,
Domain but isprivate
at the heart of the Internet as a
service that provides identity authorization and
• lookup.
The servers that run the various
domains
name (.COM, .ORG, .EDU, .MIL, and so on) are
Internet
IDaaS servers.
• DNS establishes the identity of a domain as belonging
to a set of assigned addresses, associated with an
owner and that owner's information, and so forth. If
the identification is the assigned IP number, the other
properties are its metadata.
 What is an
identity?
• An identity is a set of characteristics or traits
that make something recognizable or known.
• In computer network systems, it is one's
digital identity that most concerns us.
• A digital identity is those attributes and
metadata of an object along with a set of
relationships with other objects that makes
an object identifiable.
An identity can belong to a person
and may include the following:
• Things you are: Biological characteristics such as age, gender,
appearance, and so forth

• Things you know: Biography, personal data such as social security

numbers, PINs, where you went to school, and so on

• Things you have: A pattern of blood vessels in your eye, your

fingerprints, a bank account you can access, a security key you
were given, objects and possessions, and more

• Things you relate to: Your family and friends, a software license,
beliefs and values, activities and endeavors, personal selections
and choices, habits and practices, an iGoogle account, and more
 Networked Identity Service
Classes
• To validate Web sites, transactions,
transaction participants, clients, and network
services—various forms of identity services—
have been deployed on networks.
• Ticket or token providing services, certificate
servers, and other trust mechanisms all
provide identity services that can be pushed
out of private networks and into the cloud.
 Identity as a Service (IDaaS) may
include any of the following:
• Authentication services (identity verification)
• Directory services
• Federated identity
• Identity governance
• Identity and profile management
• Policies, roles, and enforcement
• Provisioning (external policy administration)
• Registration
• Risk and event monitoring, including audits
• Single sign-on services (pass-through
authentication)
 Identity System Codes of
• Conduct
User control for consent: Users control their identity and must consent
to the use of their information.
• Minimal Disclosure: The minimal amount of information should be
disclosed for an intended use.
• Justifiable access: Only parties who have a justified use of the
information contained in a digital identity and have a trusted identity
relationship with the owner of the information may be given access to
that information.
• Directional Exposure: An ID system must support bidirectional
identification for a public entity so that it is discoverable and a
unidirectional identifier for private entities, thus protecting the private
ID.
• Interoperability: A cloud computing ID system must interoperate
with other identity services from other identity providers.
• Unambiguous human identification: An IDaaS application must provide
an unambiguous mechanism for allowing a human to interact with a
system while protecting that user against an identity attack.
• Consistency of Service: An IDaaS service must be simple to use,
consistent across all its uses, and able to operate in different contexts
using different technologies.
 Compliance as a Service
(CaaS)
• The laws of the country of a request's origin
may not match the laws of the country where
the request is processed, and it's possible
that neither location's laws match the laws
of the country where the service is provided.
• A Compliance as a Service application would need to serve
as a trusted third party, because this is a man-in-the-
middle type of service.

• CaaS may need to be architected as its own layer of a SOA

architecture in order to be trusted.

• A would need to be able to manage

relationships,
CaaS understand security policies and procedures,
cloud
know how to handle information and administer privacy,
be aware of geography, provide an incidence response,
archive, and allow for the system to be queried, all to a
level that can be captured in a Service Level Agreement.