UNIVERSITY INSTITUTE OF ENGINEERING

COMPUTER SCIENCE ENGINEERING

Bachelor of Engineering (Computer Science & Engineering)
Subject Name: Cloud Computing & Distributed Systems
Subject Code: 21CST-378/21ITT-378

DISCOVER . LEARN . EMPOWER

 Cloud Computing & Distributed Systems
Course Outcomes
CO1: Understanding of various paradigm of cloud computing
and distributed systems.
CO2: Articulate the basic concepts, key technologies,
strength and limitation of cloud computing and possible
applications.
CO3: Appraise the architecture and infrastructure of cloud
computing including SaaS, PaaS, IaaS, UCaaS/FaaS public
cloud, private cloud and hybrid cloud.
CO4: Interpret various data, scalability, security and cloud
services to acquire efficient database for cloud storage.
CO5: Develop the appropriate cloud computing solutions
and recommendations according to the application used.
2
Cloud Computing &
Distributed Systems

Contents
1. Data security in cloud
2. Cloud Security Services:
Confidentiality, Integrity
and Availability
3. Secure Cloud Software
requirements
4. Secure Cloud Software
testing
5. Cloud Analytics

3
Cloud Computing & Distributed Systems

UNIT 3
CLOUD SECURITY SERVICES

CHAPTER 5
DATA AND CLOUD SECURITY

4
Secure Cloud Software Testing (CO-4)

5
Cloud Testing is one type of software testing in which the software applications are tested by using cloud
computing services. Cloud testing intends to test the software based on functional and non-functional
requirements using cloud computing services that ensure faster availability, scalability, and flexibility that
saves time and cost for software testing.

6
Types of Cloud Testing
There are three types of cloud testing:

1. Cloud-Based Application Tests over Cloud: These types of tests help determine the quality of
cloud-based applications concerning different types of clouds.

2. Online-Based Application Tests on a Cloud: Online application supervisors/vendors perform

these tests to check the functions and performance of their cloud-based services. This testing
takes place with the help of Functional Testing. Online applications are connected with a legacy
system and the connection quality between the application and the legacy system is tested.

3. SaaS or Cloud Oriented Testing: These tests are performed by SaaS or Cloud vendors. The
objective of these tests is to evaluate the quality of individual service functions that are offered in
SaaS or cloud programs.

7
8
Cloud Testing Environment
There are three main cloud testing environments:

1. Public or Private environment: The applications deployed inside these

cloud environments are tested and validated in terms of quality.

2. Hybrid environment: The applications deployed in this cloud environment

are tested and validated in terms of quality.

3. Cloud-based environment: The applications deployed on Saas, and Paas

models are tested and validated in terms of quality.

9
10
Testing Performed within the Cloud
Testing in a cloud should not solely make sure that the functional necessities are met, but a robust
emphasis needs to be set on non-functional testing also. Let’s explore the various types of testing that
are performed.

1. Functional Testing: Functional Testing should be performed to make sure that the offering provides
the services that the user is paying for. Functional tests ensure that the business needs are being met.

a. System Verification Testing: This testing ensures that the various modules work properly with one
another.

b. Interoperability Testing: Any application must have the flexibility to work without any problems not
only on different platforms, and it should conjointly work seamlessly when moving from one cloud
infrastructure to a different one.

c. Acceptance Testing: Here the cloud-based resolution is handed over to the users to make sure it
meets their expectations.

11
 2. Non-Functional Testing: Non-functional tests primarily specialize in web application-based tests ensuring
that they meet the required needs.

1. Performance Testing: In this testing, the response time to any user request must be verified to ensure that everything is
intact even when there are loads of requests to be satisfied. Network latency is additionally one of the crucial factors to
evaluate performance. Also, workload balancing must be done once there’s a reduction in load, by decommissioning
resources.
2. Stress testing: This testing helps to determine the ability of cloud applications to function under peak workloads while
staying effective and stable.
3. Load testing: This testing helps to measure the cloud application’s response concerning user traffic loads.
4. Latency testing: In this testing the latency time between action and responses within an application with respect to a user
request.
5. Availability Testing: This testing determines the cloud must available all the time round the clock. As there might be any
mission-critical activities that can happen, the administrator i.e., cloud vendor should ensure that there’s no adverse impact
on the customers.
6. Multi-Tenancy Testing: In this cloud testing, multiple users use a cloud offering as a demo. Testing is performed to confirm
that there’s adequate security and access control of the data when multiple users are working in a single instance.
7. Scalability Testing: This testing is performed to make sure that the offerings provided can scale up or scale down as per the
customer’s need.
8. Browser Performance testing: In this testing performance of a cloud-based application i.e., the applications deployed over
the cloud is tested across different web browsers.
9. Security Testing: As Cloud provides everything at any time, it is very important that all user-sensitive data must be secured
and has no unauthorized access to maintain users’ privacy.
10. Disaster Recovery Testing: In availability testing, the cloud has to be available at all times, if there are any types of failures
occur like network outages, breakdown due to high load, system failure, etc. this testing ensures how fast the failure 12 can be
captured and if any data loss occurs during this period.
13
Tools for Functional Testing in Cloud
There are many tools used for testing performance, load, stress testing in or of cloud. Some of these testing tools are
mentioned below:
1. AppPerfect: AppPerfect is a software development company located in Sunnyvale, CA. It markets supports and
develops a set of testing and monitoring products that are used to analyze, test, and monitor web and windows-
based applications.
2. Jmeter: Apache JMeter is an open-source, Java-based application software designed to load testing tools to
analyze and monitor the performance of the services and web applications.
3. SOASTA CloudTest: SOASTA cloud test is a cross-platform test management tool with a user-friendly design.
4. LoadStorm: It is a tool to manage and monitor the performance of the entire cloud infrastructure and produces a
real-time graph for performance analysis.

Tools for Security Testing in Cloud

The following are the tools for security testing in the cloud:
1. Nessus: Nessus is a remote security scanning tool that scans the system and raises an alert if any vulnerability is
discovered that hackers could use to get unauthorized access to sensitive data.
2. Wireshark: Wireshark is an open-source packet analyzer used for network troubleshooting and monitoring,
software, and communications protocols development.
3. Nmap: Nmap is a network scanner that is used to discover hosts and services on a network by sending packets and
analyzing the response.
14
Benefits Of Cloud Testing

The following are some of the benefits of cloud testing:

1. Availability of Required testing environment: In cloud testing, testing teams can easily
replicate the customer’s environment for effective testing of the cloud without investing in the
additional hardware and software resources for testing. These resources can be accessed from
any device with a network connection.
2. Less expensive: Cloud testing is more cost-efficient than traditional methods of testing, as
there is no need of investing in additional hardware and software resources. Customers, as well
as the testing team, only pay for what they use.
3. Faster testing: Cloud testing is faster than the traditional method of testing as most of the
management tasks like physical infrastructure management for testing are removed.
4. Scalability: The cloud computing resources can be increased and decreased whenever
required, based on testing demands.
5. Customization: Cloud testing can be customized as per the usage, cost and time based on the
variety of users and user’s environment.
6. Disaster recovery: Disaster recovery is easily possible as the data backup is taken at the cloud
vendors as well as at the user’s end also. 15
Challenges in Cloud Testing
The following are some challenges faced in cloud testing:

1. Privacy and Data Security: As cloud computing provides services on-demand to all users, data privacy
and security becomes a primary concern. Cloud applications are multi-tenant, so the risk of unauthorized
data access remains unsolved.
2. Environment Configuration: Different applications require specific infrastructures like server, storage,
etc. for deployment and testing, it becomes difficult to manage the environment for cloud testing and
leads to issues.
3. Use of Multiple-Cloud models: As there are multiple cloud models like public, private and hybrid,
based on customer requirements the applications are deployed. It becomes challenging to manage them
which can lead to complications, security, and synchronization issues.
4. Data migration: Migration of data from one cloud service provider to another becomes a challenging
task as that may have different database schema that can require lots of time to understand.
5. Upgradation in Cloud: The biggest challenge of cloud testing is to do up-gradation in the cloud and
ensure it does not impact the existing users and data. And the cloud providers give a very short notice
period to existing customers about upgrades.
6. Testing of all components: While performing cloud testing requires to test all the components related
to an application must be tested like server, storage, network, and also validate them in all layers.
16
Cloud Testing vs Conventional Testing

17
 Summary
Cloud security services are a critical component in ensuring the confidentiality, integrity, and availability of data
and applications hosted in cloud environments. These services encompass a range of measures designed to
protect against various cyber threats and vulnerabilities. Identity and Access Management (IAM) services play a
pivotal role in managing user access and permissions, preventing unauthorized entry into cloud systems.
Encryption services ensure the confidentiality of data in transit and at rest, safeguarding sensitive information
from unauthorized access. Security Information and Event Management (SIEM) services provide real-time
monitoring and analysis of security events, helping to detect and respond to potential security incidents
promptly. Cloud providers often offer Distributed Denial of Service (DDoS) protection services to mitigate the
impact of malicious attacks on cloud-hosted applications. Regular security assessments, audits, and compliance
services help organizations maintain adherence to regulatory requirements and industry standards. Additionally,
cloud security services may include threat intelligence, firewall management, and incident response capabilities
to enhance overall resilience against evolving cybersecurity threats. As organizations increasingly migrate to the
cloud, the adoption of robust cloud security services becomes imperative to build a secure and trusted cloud
environment.

18
QUIZ
1. What is the primary goal of cloud security?
a. Data replication b. Data confidentiality, integrity, and availability
c. High-speed data transfer d. Server virtualization
2. Which cloud security service is responsible for managing user access and permissions?
a. SIEM b. DDoS protection
c. IAM d. Encryption
3. What does DDoS stand for in the context of cloud security?
a. Data Distribution over Systems b. Distributed Denial of Service
c. Digital Data Optimization Service d. Dynamic Database on Servers
4. Which cloud security measure is used to ensure the confidentiality of data?
a. IAM b. SIEM c. Encryption d. DDoS protection
5. What does SIEM stand for in cloud security?
a. Secure Internet Exchange Management b. Security Information and Event Management
c. Systematic Incident and Event Monitoring d. Service Integration and Event Management
6. Which cloud security service provides real-time monitoring and analysis of security events?
a. IAM b. Encryption c. SIEM d. DDoS protection
7. What is the purpose of IAM in cloud security?
a. Ensuring data availability b. Managing user access and permissions
c. Encrypting data in transit d. Protecting against DDoS attacks

19
 REFERENCES
TEXT BOOKS
1. Cloud Computing: A Practical Approach by Toby Velte, Anthony Velte, Robert C. Elsenpeter, McGraw Hill Professional, 22 Oct 2009
2. Buyya, Rajkumar, James Broberg, and Andrzej M. Goscinski, eds. Cloud computing: Principles and paradigms. Vol. 87. John Wiley & Sons, 2010.
3. Miller, Michael. Cloud computing: Web-based applications that change the way you work and collaborate online. Que publishing, 2008.
4. Hurwitz, Judith S., et al. Cloud computing for dummies. John Wiley & Sons, 2010.
5. Kris Jamsa. Cloud Computing: SaaS, PaaS, IaaS, Virtualization, Business Models, Mobile, Security and more, Jones &Bartlet Learning Company LC, 20012
REFRENCE BOOKS
1. G. Pfister. In Search of Clusters. Prentice Hall PTR, NJ, 2nd Edition, NJ, 1998.
2. Cloud Computing: Implementation, Management, and Security, by John Rittinghouse and James F.Ransome, CRC Press Taylor and Francis Group
3. Joshy Joseph and Craig Fellenstein, Grid Computing, Person Edition, (2004).
4. Maozhen Li, Mark Baker, “The Grid Core Technologies”, John Wiley & Sons (2005).
5. Cloud Computing: A Practical Approach for Learning and Implementation Paperback – 1 January 2014 by Srinivasan, Pearson Education
Video Links
https://www.youtube.com/watch?v=A3FPxuKlnkU&list=PLFW6lRTa1g82dte3YD_7-GoZXcBiK6K9G
Web Links
1. https://www.geeksforgeeks.org/what-is-a-distributed-system/
2. https://www.geeksforgeeks.org/difference-between-cloud-computing-and-distributed-computing/
3. https://www.ibm.com/topics/distributed-cloud
4. https://www.geeksforgeeks.org/cloud-computing/
5. https://learn.rumie.org/jR/bytes/learn-the-basics-of-cloud-computing-in-3-minutes/?
utm_source=bing&utm_medium=cpc&utm_campaign=RumieLearn-Bytes%20%28non-NA%29&utm_term=cloud%20computing&utm_content=TS 20
%20-%20Computing%20In%20Cloud%20Computing
THANK YOU