1 of 72

CLOUD COMPUTING

Course Code

21CS72

CIE Marks

50

Teaching Hours/Week (L:T:P: S)

2:0:0:0

SEE Marks

50

Total Hours of Pedagogy

24

Total Marks

100

Credits

02

Exam Hours

03

Course Learning Objectives:�CLO 1. Introduce the rationale behind the cloud computing revolution and the business drivers�CLO 2. Introduce various models of cloud computing�CLO 3. Introduction on how to design cloud native applications, the necessary tools and the design tradeoffs.�CLO 4. Realize the importance of Cloud Virtualization, Abstraction`s and Enabling Technologies and cloud security

2 of 72

Module-1

Introduction:�Introduction ,Cloud Computing at a Glance, Historical Developments, Building Cloud Computing Environments, Amazon Web Services (AWS), Google AppEngine, Microsoft Azure, Hadoop, Force.com�and Salesforce.com, Manjrasoft Aneka

Cloud computing a new emerging model of computing

Services as commodities delivered as other utility services

Based on the concept of dynamic provisioning

Allows renting infrastructure, runtime environments, and services on a pay per-use basis.

No up-front commitments required

Ubiquitous storage and compute power on demand

Scalable runtime environment

IT services are traded as utilities in an open market, without technological and legal barriers. �

����

3 of 72

Global Cloud Market

4 of 72

Cloud computing refers to both the applications delivered as services over the Internet and the hardware and system software in the datacenters that provide those services

Cloud Computing overview

5 of 72

6 of 72

NIST: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud computing is helping enterprises, governments, public and private institutions, and research organizations

  • Enterprises delegate work to cloud-based systems
  • Small enterprises / Start-up need not commit cost
  • Required computing available for system developers
  • End user can access all resources 24 X 7

Characteristics and benefits

  • No up-front commitments�• On-demand access�• Nice pricing�• Simplified application acceleration and scalability�• Efficient resource allocation�• Energy efficiency�• Seamless creation and use of third-party services

7 of 72

8 of 72

Cloud Deployment Models

9 of 72

To Cloud service providers

1. Amazon Web Services (AWS)

2. Microsoft Azure

3. Google Cloud Platform (GCP)

4. Alibaba Cloud

5. Oracle Cloud

6. IBM Cloud (Kyndryl)

7. Tencent Cloud

8. OVHcloud

9. DigitalOcean

10. Linode (owned by Akamai)

10 of 72

The Cloud Computing Reference Model

11 of 72

Computing paradigm evolution

12 of 72

It encompasses a collection of solutions allowing the abstraction of entities of computing, such as hardware, runtime environments, storage, and networking

Virtualization is essentially a technology �They simulate the interface

Most Common form hardware virtualization �Coexistence of different software stacks on top of the same hardware

Stack contains virtual machines

Process virtual machines creates virtual runtime environment

Virtualization

Web 2.0 / 3.0

Brings interactivity and flexibility into Web pages � Applications are extremely dynamic

Automated updates

Light weight programming, scripting and deployment model

Real time experience for users

13 of 72

Service-oriented computing

Concept of services as the main building blocks of application an

system development

SOC supports development of rapid, low-cost, flexible, interoperable,

and evolvable applications and systems

Service is supposed to be loosely coupled, reusable, programming

language independent, and location transparent

Embodies important concept of QoS and SaaS

Utility-oriented computing Defines a service-provisioning model for compute services �Resources such as storage, compute power, applications, and infrastructure are packaged and provisioned on pay per use basis

Services at low cost are offered based on required utility

Leverages external services for performing a specific task within a software system � � �

14 of 72

Building cloud computing environments

Cloud computing environments encompasses 1. Development of applications and systems that leverage cloud solutions

2. Creation of frameworks, platforms, and infrastructures delivering cloud services

Application development must satisfy the constraint of scalability on demand

Web 2.0 has become platform for developing rich and complex applications

Mostly sensible to inappropriate sizing of infrastructure and service deployment,

Supported by complex back end activities

Dynamic user experience used for continuous up-gradation

Batch processing based Resource intensive application

Application development Utilizes Cloud facilities

  1. Renting compute power, storage, and networking
  2. Complete scalable, dynamic runtime environment
  3. Desktop like real time environment

15 of 72

Infrastructure and system development

  1. Base technologies are Distributed computing, Virtualization, Service oriented architecture and web 2.0
  2. Distributed computing offers foundation framework
  3. New nodes and services are provisioned on demand
  4. IaaS provides dynamic allocation of resources
  5. PaaS provides runtime , computing environment
  6. All services are enabled through web 2.0 interface
  7. All bundle also referred as XaaS –Everything as a service
  8. Offers on demand scaling of resources replicating the required component
  9. Service oriented architecture manages the computing entities as a service

16 of 72

Computing platforms and technologies

Amazon web services (AWS)

  1. AWS is a comprehensive cloud IaaS services ranging from virtual compute, storage, and networking to complete computing stacks
  2. Customized Elastic Compute Cloud (EC2) and Simple Storage Service (S3)
  3. Variety of virtual hardware configurations, including GPU and cluster instances
  4. Web portal for accessing AWS services along with web API for programming environment
  5. Networking support, caching systems, DNS, database (relational and not) support, and others.

Google AppEngine

  1. Scalable runtime environment mostly devoted to executing Web applications
  2. App engine supports secure, dynamic, scalable run time environment along with services
  3. AppEngine software development kit (SDK) supports replicates run time environment and helps in test and profile applications
  4. The languages currently supported are Python, Java, and Go

17 of 72

Microsoft Azure

  1. cloud operating system and a platform for developing applications
  2. scalable runtime environment for Web applications and distributed applications in general.
  3. Roles identify the distribution unit
  4. Web role is designed to host a Web application
  5. Worker role is a more generic container of applications
  6. Virtual machine role provides a virtual environment
  7. Support for storage (relational data and blobs), networking, caching, content delivery, and others.

Hadoop

  1. Hadoop is an implementation of Map Reduce
  2. Two fundamental operations for data processing: map and�reduce Map: Transform and synthesize data Reduce: Aggregates data
  3. Apache hadoop is sponsored by Yahoo which manages largest cluster of Hadoop

�������� �

18 of 72

Force.com and Salesforce.com

  1. Force.com is a cloud computing platform for developing social enterprise applications
  2. SalesForce.com, a Software-as-a-Service solution for customer relationship�management on top of force.com
  3. Forse.com supports building enterprise applications as ready to use blocks
  4. The platform provides complete support for developing applications, from the design of the data layout to the definition of business rules and workflows and the definition of the user interface

Manjrasoft Aneka

1. Platform for rapid creation of scalable applications and their

deployment on various types of clouds in a seamless and elastic manner

2. It supports a collection of programming abstractions for developing applications and a distributed runtime environment

3. Developers can choose different abstractions to design their application: tasks, distributed threads, and map-reduce

4. Service manages scheduling, execution, accounting, billing, storage, and quality of service

5. Great flexibility and simplifies the integration of new features ���������

19 of 72

Module-2

Virtualization: Introduction, Characteristics of Virtualized, Environments Taxonomy of Virtualization Techniques, Execution Virtualization, Other Types of Virtualization, Virtualization and Cloud Computing, Pros and Cons of Virtualization, Technology Examples

Virtualization allows the creation of a secure, customizable,�and isolated execution environment for running applications, even if they are untrusted, without affecting other users applications.

Virtualization technologies provide a virtual environment for not only executing applications but also for storage, memory, and networking.

virtualization is often synonymous with hardware virtualization

20 of 72

Virtualization technologies

  1. Increased performance and computing capacity.
  2. Underutilized hardware and software resources
  3. Lack of space
  4. Greening initiatives
  5. Rise of administrative costs
  6. Resource Sharing
  7. Required computing environment
  8. Secured environment
  9. Simulation of environment
  10. Real time experience
  11. Cost effective management

( Web based virtual environment )��

21 of 72

  1. virtual machine is a special piece of software which emulates the operation of a physical machine
  2. virtual machine remains completely independent
  3. uses its own software-based components (the CPU, motherboard, video adapter, network interface, memory and hard disks)
  4. system the virtual machine is installed on is called the host OS
  5. virtual machine itself is referred to as the guest OS
  6. The hypervisor is known as virtual machine manager brings interface between Guest and Host

Leading hypervisor products

Vmware, Microsoft Hyper-V,

Oracle VM VirtualBox,

Parallels Desktop 

QEMU ( Quick Emulator),

Xen 

Possible Issues

Slower usability

Higher risks of a downtime

Problems with data sharing

Data loss issues

Software malfunction, Virtual disk corruption, File system damage

Migration failure, Deleted files, Problems with snapshots

22 of 72

Characteristics of virtualized environments

Three major components are : guest, host, and virtualization layer

Virtualization reference Model

23 of 72

Increased security

  1. virtual machine manager controls and filters the activity of the guest
  2. Resources shared are controlled by host system
  3. Ability to create a virtual computer with customized virtual hardware on top of the new operating system
  4. File system is completely independent of guest OS

Managed execution Model �� �

Performance tuning: Easier to control the performance of the guest by finely tuning the properties of the resources exposed through the virtual environment

24 of 72

Portability

Portability allows having your own system always with you and ready to use as long as the required virtual machine manager is available

Taxonomy of virtualization techniques ( ref model)

25 of 72

ISA- Instruction Set Architecture

ABI- Application Binary

API-Application Programming Interface

Privileged / Non-Privileged

Supervisor mode / Karnel Mode / Master Mode

User mode/User Space

hypervisor runs above the supervisor mode

26 of 72

#include <linux/init.h>�#include <linux/module.h>�#include <linux/kernel.h>

//Example of Kernel Programming�static int __init hello_init(void)�{�printk(KERN_INFO "Hello, world!\n");�return 0; }�static void __exit hello_exit(void)�{�printk(KERN_INFO "Goodbye, world!\n");� }��module_init(hello_init);�module_exit(hello_exit);�MODULE_LICENSE("GPL");�MODULE_AUTHOR(“GNDEC");�MODULE_DESCRIPTION("A simple example Linux module.");�MODULE_VERSION("0.01");

}

27 of 72

28 of 72

Hardware-level virtualization

Provides an abstract execution environment in terms of computer hardware

Hardware-level virtualization is also called system virtualization

Provides ISA to virtual machines

Hypervisor, or virtual machine manager (VMM) Fundamental for any virtualization

VMM creates virtual hardware environment for guest machine

Type I hypervisors run directly on top of the hardware.

Type -1 interacts directly with the ISA

Also called as native virtual machine

Type II hypervisors require the support of an operating system to provide virtualization services.

Type II programs are managed by OS

Called as a hosted virtual machine

29 of 72

30 of 72

Native and Hosted VMM

31 of 72

VMM Reference Model

dispatcher constitutes the entry point of the monitor

Reroutes the instructions issued by the virtual machine

Allocator is responsible for deciding the system resources to be provided to the VM �Allocator is invoked by the dispatcher

Interpreter module consists of interpreter routines.

32 of 72

The design and architecture of a virtual machine manager, together with the underlying hardware design of the host machine, determine the full realization of hardware virtualization

The criteria that need to be met by a virtual machine manager to efficiently support virtualization were established by Goldberg and Popek

  • Equivalence. A guest running under the control of a virtual machine manager should exhibit the same behavior as when it is executed directly on the physical host.

�• Resource control. The virtual machine manager should be in complete control of virtualized resources.

Efficiency. A statistically dominant fraction of the machine instructions should be executed without intervention from the virtual machine manager.

��� ��

33 of 72

A virtualizable computer (left) and a non-virtualizable computer (right)

THEOREM 3.1:For any conventional third-generation computer, a VMM may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions.

THEOREM 3.2:A conventional third-generation computer is recursively virtualizable if:�• It is virtualizable and • A VMM without any timing dependencies can be constructed for it.

THEOREM 3.3: A hybrid VMM may be constructed for any conventional third-generation machine in which the set of user-sensitive instructions is a subset of the set of privileged instructions

34 of 72

Hardware virtualization techniques

Hardware-assisted virtualization: This term refers to a scenario in which the hardware provides architectural support for building a virtual machine manager able to run a guest operating system in complete isolation.

Full virtualization: Full virtualization refers to the ability to run a program, most likely an operating system, directly on top of a virtual machine and without any modification, as though it were run on the raw hardware

This provides a complete emulation of the entire underlying hardware

Enhanced security, ease of emulation of different architectures, and coexistence of different systems on the same platform

key challenge is the interception of privileged instructions

implementation of full virtualization is done with combination of hardware and software potentially harmful instructions are not allowed to be executed�directly on the host.

Para virtualization.: This is a not-transparent virtualization solution that allows implementing thin VMM

Acts as a software interface to the virtual machine that is slightly modified from the host

Aim is to provide capability to demand the execution of performance-critical operations directly on the host

Partial virtualization: Provides a partial emulation of the underlying hardware

Not all the features of the OS can be supported ����

����

35 of 72

Operating system-level virtualization : Create different and separated execution environments for applications that are managed concurrently.

No VMM is present and virtualization is done within a single operating system

OS kernel allows for multiple isolated user space instances

kernel is also responsible for sharing the system resources

Programming language-level virtualization

( Process virtualization) (high-level virtual machines )

Programming language-level virtualization is mostly used to achieve ease of deployment of applications, Manage execution and portability

Such VM executes byte code generated after compilation

Maps underlying instructions to programming instructions

JIT (Just in Time ) uses this method

JVM and .NET which supports CLI are leading examples

Programs compiled into byte code can be executed on any operating system

Java and CLI are stack-based VM The model is based on execution stack

Do not provide direct access to the memory

Filters I/O applications and supports sandboxing

��

���

36 of 72

Application-level virtualization

A technique allowing applications to be run in runtime environments that do not natively support all the features required by such applications

Concerned with partial file systems, libraries, and operating system component emulation

Emulation is performed by a thin layer—a program or an operating system component

Can run binaries compiled for different architecture

Two Methods

Interpretation: Each source instruction is interpreted executing native

ISA instructions

Poor performance: big over head, low cost implementation

Binary translation : In this every source instruction is converted to native

Instructions with equivalent functions . A block of instructions are

translated, cached and reused

Performance improves over period, has initial setup cost��

��

37 of 72

Other types of virtualization

Storage virtualization �Network Virtualization

Desktop virtualization

Application Server Virtualization

Virtualization and cloud computing

Virtualization offers configurable computing environments

Cloud services needs appropriate customizable, secured ,isolated and independently manageable environment

IaaS needs H/W virtualization

PaaS needs programing level virtualization

Cloud services must be sandboxed and customized

Virtualization can support compute on demand

Efficient computing systems by means of consolidation (Aggregation)

Virtual machine migration and live migration

Virtual storage allows aggregated storage capacity

Ability to recreate complete computing stack

38 of 72

39 of 72

Pros and cons of virtualization

Advantages

Disadvantages

Managed execution and isolation

performance decrease

  • Maintaining the status of virtual processors

• Support of privileged instructions

• Support of paging within VM

• Console functions

secure and controllable

Sub optimal use of host

Default hardware support

Few feature of host OS are inaccessible

Portability

implications for security

unexpected form of phishing

reducing the costs of maintenance

Modified versions of the runtime environment

more efficient use of resources

Few resources are not configurable or supported

40 of 72

Technology examples

Xen: para-virtualization

Features:

  1. Supports Desktop, Server, Cloud Platform ( Xen Cloud Platform XCP) virtualization
  2. Popular para-virtualization, allows modification to guest OS to execute few privileged instructions
  3. Xen-hypervisor manages xen virtualization
  4. Hypervisor works in highest privileged mode and controls guest OS access to host OS / resources
  5. Guest OS are executed within domains as VM
  6. A special control software executes in Domain0 and controls the access to underlying resources
  7. The software executing in domain 0 runs HTTP server
  8. This HTTP server configures, creates VM instance and terminates VM

41 of 72

Ring 0 Runs Hypervisor

Ring 1 Domain 0 Management Control

Domain U all Guest OS are run

Hypervisor controls execution of Kernel instructions

Unchanged ABI are executed under hypervisor

42 of 72

VMWare – Full Virtualization:

  1. Vmware represents all resources of the host system as an abstraction to Guest OS unlike Xen no modification required
  2. Type-1 for desktop and Type 2 for server virtualization
  3. Direct execution of non-sensitive instruction and Binary translation of sensitive instruction allows direct execution on top of x86 system
  4. Uses hardware assisted virtualization assistance
  5. X86 does not support theorem 1 of virtualization, hence binary translation is done and a trigger / trap is executed
  6. The trap generates equivalent instruction for execution in native architecture
  7. Has the advantage of access resources but adds additional execution burden
  8. CPU, Memory are virtualized MMU is mapped to v-MMU and translation look-aside buffer (TLB) is maintained for at v-MMU
  9. V-MMU maps virtual pages to physical pages via TLB
  10. Network controller, USB, disk, mouse and keyboard are supported
  11. Virtualization solutions: Desktop (end-user), Server and Infrastructure for cloud based solutions

43 of 72

44 of 72

Desktop-end user solution

  1. Vmware for Winx system, VmFusion for MAC OS
  2. Supports running Guest OS on top of host
  3. Creates an isolated environment and allows physical resources to be shared, including GUI of host OS
  4. Supports full hardware virtualization
  5. VM Driver is installed on OS
  6. The VM driver supports installation of VM Hypervisor
  7. The driver allows I/O instructions to be executed under VMM
  8. Vmware employs hosted VMM architecture
  9. Hosted VMM executed other instructions in Guest OS environment and uses binary translation for privileged environment
  10. VMM takes control of MMU and CPU and in synchronization with Host OS executes instructions
  11. Virtual machine images are saved in a collection of files on the host file system
  12. Other Popular desktop VMware Player, VMware ACE, and VMware ThinApp ��

45 of 72

46 of 72

Vmware Player: Tiny version to play Linux and Windows OS

Vmware Ace – Creates secured customized environment for corporate end user

Vmware ThinAPP-Solution for virtual application development environment

Vmware Server

VMware GSX server

47 of 72

VMware GSX server :

1.Has similar architecture as desktop, but provides end user management support and scripting support

2. Serve the virtualization of Web servers

3. The daemon process Serverd control and manages server application

4. Applications are connected to VM by VM driver installed on host system

5. User request are managed through webserver interfaced with serverd to VMM

VMware ESX Server/ Enhanced VMware ESXi Server

  1. Both user hypervisor approach
  2. Can be installed on server to manage VM
  3. Except hypervisor kernel they have similar architecture
  4. ESX embeds modified linux OS to provide access to hypervisor though console
  5. ESXi user thin OS to provide user control remote management
  6. VM kernel: POSIX compliant OS for process, thread, files, I/O Stack and scheduling resource
  7. Vmkernel API called user world API
  8. API are utilized by agents to communicate to VM

48 of 72

CIM-Common Information Model �CIMP-Common Information Model protocol DCUI -Direct Client User Interface provides BIOS like support for user management

49 of 72

Infrastructure virtualization and cloud computing solutions

  1. Vmware supports set of products to support cloud frame work
  2. ESX and ESXi constitute the building blocks of the solution
  3. Pool of virtualized server as collection are managed by Vmwarevsphere
  4. Supports virtual compute, storage, memory, network, virtual file system
  5. Application service such as VM migration, storage migration, data recovery, security zone
  6. Vsphere Vcenter supports centralized management for remote data center management
  7. vCloud supports complete on demand dynamic compute
  8. Web based user interface allows the end user to select provisioning service
  9. VMware vFabric a set utility for scalable web application in virtual environment
  10. Vfabric provides scalable data management, scalable execution with java web applications
  11. Zimbra solution for office management, messaging and collaboration as SaaS

50 of 72

Microsoft Hyper-v

  1. Provides IaaS framework
  2. Supports concurrent execution of guest OS
  3. Uses Partitioning to support independent environment
  4. Hyper-v controls Host OS with special privileges as instance of VM
  5. Host OS runs in parent partition ( root partition) and has direct acess to h/w
  6. Root partition hosts virtualization stack, hosts all drivers and creates child partitions
  7. Child partition host guest OS and cannot acess H/W, however they can interact with H/W through root and hypervisor
  8. Hypervisor directly manages all underlying hardware
  9. Hypervisor runs in ring 1
  10. Hypervisor needs support of corresponding hardware for enabling supervisory instruction execution
  11. Hypervisor components: Hypercalls interface, Memory service routines (MSRs), Advanced programmable interrupt controller (APIC), Scheduler, Address manager, Partition manager ���

51 of 72

52 of 72

Hypercalls interface: Entry point for partitions for execution of sensitive instructions. Implements para virtualization. This interface is used by drivers in the partitioned operating system to contact the hypervisor. The parent partition use this to create child partitions.

Memory service routines (MSRs): Is a set of functionalities to control the memory and its access from partitions. Leverages hardware-assisted virtualization. Hypervisor uses the Input/Output Memory Management Unit (I/O MMU or IOMMU) to fast-track access to devices from partitions by translating virtual memory addresses

Advanced programmable interrupt controller (APIC): Is an interrupt controller.

Virtual processor equipped with synthetic interrupt controller (SynIC), an extension of local APIC. Hypersvisor controls the transfer of physical interrupts to SynIC

Scheduler: Schedules virtual processor on physical processor, Scheduling follows parent processor rules

Address manager: Manages virtual network address

Partition manager: Manages creating, finalizing, destructing, enumerating partitions through hypercall API

53 of 72

Module 3: Cloud Computing Architecture

Introduction, Cloud Reference Model, Types of Clouds, Economics of the Cloud, Open Challenges

“Cloud computing is a utility-oriented and Internet-centric way of delivering IT services on demand. These services cover the entire computing stack: from the hardware infrastructure packaged as a set of virtual machines to software services such as development platforms and distributed applications”.

The cloud reference model

All referenced model follow a layered architecture

Collection of resources are employed to support required power of computing

Physical infrastructure is managed by the core middleware

Middleware provides required run time environment and efficient utilization of resources

At the bottom of the stack virtualization technologies are used

Hypervisors manage the pool of resources and expose the distributed infrastructure as a collection of virtual machine

54 of 72

55 of 72

56 of 72

Infrastructure- and hardware-as-a-service

IaaS/HaaS are more popular services of Cloud

They deliver customizable hardware resources on demand

They offer single server to entire range of service

Virtualization is base of all services

Hardware virtualization offer workload partitioning, application isolation, sandboxing, and hardware tuning

It is more secured, minimum maintenance cost, reduces capital cost and customizable as per user needs

Three important layers are physical infrastructure, the software management infrastructure, and the user interface

User interface provides access to the services exposed by the software management infrastructure

Web 2.0 technologies: Web services, RESTful APIs, and mash-ups �Allows developing full-featured management consoles completely hosted in a browser or a Web page

Web services and RESTful APIs allow programs to interact with the service without human intervention

57 of 72

58 of 72

Infrastructure Management Software / Layer

Core role is played by Scheduler, it interacts with other component

Pricing and billing : Usage charges

Monitoring : Trail and analysis of VM performance

Reservation : Keeps VM instance data history and provisioning

QoS/SLA management : If supported maintains SLA repository and QoS requirements

VM repository : Repository of different VM offered by service provider

VM pool manager : Keeps track of all live instances

Provisioning: Interacts with scheduler to support on demand provisioning from external requests

The bottom layer is composed of the physical infrastructure, on top of which the management layer operates.

Infrastructure solution: Massive data center, cluster of computing resources, pool of virtual resources supported by external service provider, distributed environment��

� �

��

59 of 72

Platform as a service

PaaS: Supports development and deployment platform for running applications

These are constituent middleware based on which applications are developed

60 of 72

Middleware manage the application

This layer is independent of under laying infrastructure

They manage deployment of application

They help in configuring required components for application management

Run time environment, configuration, provisioning, changes, data base, migration etc

Required development model is exposed to user

Offers conventional model to prototyping facility

Complete IDE for multiple languages is supported

PaaS also offers infrastructure support along with middleware

API supported by service provider are employed to upload

PaaS provides vital support for developing and hosting application

Essential components:

  • Runtime framework
  • Higher level abstraction
  • Automation
  • Cloud services

61 of 72

62 of 72

Software as a service

Is a software delivery model focusing providing internet based access to applications

Applications are build by third parties for user requirements

Platform covers general set of features and customized on demand for user

The product sold to customer is application access.

The application is centrally managed.

The service delivered is one-to-many.

The service delivered is an integrated solution delivered on the contract

Benefits

Software cost reduction �Service-level improvements �Rapid implementation �Standalone and configurable �Subscription and pay-as-you-go

63 of 72

Types of clouds

Private, Public, Hybrid, Community

64 of 72

65 of 72

Useful for:

Media Industry , Health Industry, Public Sector, Scientific research

Benefits

Open, Community, Graceful Failure, Convenient and control, Environmental Sustainability

66 of 72

Economics of the cloud

Reduces capital cost

No depreciation Loss

No software licensing and Replacements

Reduces Operational and administration cost

Pricing Model

Subscription Based

Unit Pricing

Tired Pricing

Open challengesCloud definition �Cloud interoperability and standards �Scalability and fault tolerance �Security, trust, and privacy

67 of 72

Module-4 :Cloud SecurityCloud  Risks, Top concern for cloud users, privacy impact assessment, trust, OS security, VM Security, Security Risks posed by shared images and management OS. Textbook 2: Chapter 9: 9.1 to 9.6, 9.8, 9.9

broad classes of risk:

traditional security threats,

threats related to system availability,

threats related to third-party data control

Cloud Security Alliance (CSA) report in 2010

  1. abuse of the cloud,
  2. APIs that are not fully secure,
  3. malicious insiders,
  4. shared technology,
  5. account hijacking,
  6. data loss or leakage,
  7. unknown risk profiles � �

68 of 72

69 of 72

Security: The top concern for cloud users

Traditional closed arena to open arena

Major user concerns

unauthorized access to confidential information and data theft. �user control over the life cycle of data �Data theft posed by rogue employees �Lack of standardization Technology evolution

autonomic computing �self-organization �self-optimization �self-repair �Self-healing

Multitenancy and legal framework for enforcing Security

  1. CSP’s obligations to handle sensitive information and its obligation to comply with privacy laws.
  2. Spell out CSP liabilities for mishandling sensitive information.
  3. Spell out CSP liabilities for data loss.
  4. Spell out the rules governing the ownership of the data.
  5. Specify the geographical regions where information and backups can be stored

70 of 72

Privacy and privacy impact assessment

Many nations regard privacy as basic human right

The privacy laws are different for nations

Theft of private data is major problem

To comply with privacy law service provider ensure:

  1. Notice 2. Choice 3. Access 4. Security

Trust

The entity must work hard to build trust�Three Phases:

  1. Trust formation 2. Stability 3. Dissolution

Organization policy and reputation are vital to build and sustain trust

Trust should be persistent

“trust of a party A to a party B for a service X is the measurable belief of A in that B behaves dependably for a specified period within a specified context” �

71 of 72

Operating system security

OS must ensure the resources of the system are secured from external threats

Mandatory security is applied for OS

Must allow trusted user and application to access the authorized resources

Many OS do not support layered security

Multiple mechanism

Use of enforces and decider

Only trusted path

Sand boxed execution

OS security is necessary but many a times not enough to prevent security breach

Virtual machine security

VM plays important role in granting access to physical rsources

A secured trusted base (TCB) is necessary in VM

Many attackers use VM fingerprint o gain access to system

Log files created by VM are another security hole

VMM based threats

1. Starvation of resources and denial of service �2. VM side-channel attacks �3. Buffer overflow attacks

72 of 72

Deployment of malicious / rouge VM

Tampered VM image

Lack of mechanism to verify integrity of VM images