Cloud Computing Notes UNIT-2 Saba Raees

Ques 1: Cloud Computing Reference Model

The reference model for cloud computing is an abstract model that characterizes and standardizes a
cloud computing environment by partitioning it into abstraction layers and cross-layer functions.

From the book of Sir Rajkumar Buyya Cloud computing reference model

The Cloud Computing Reference Model provides a conceptual framework for understanding and
categorizing the various components and functions of cloud computing. It helps define the relationships

1
Cloud Computing Notes UNIT-2 Saba Raees

and interactions between different cloud computing elements. The most widely recognized and used
reference model is the NIST (National Institute of Standards and Technology) Cloud Computing
Reference Architecture.

Let’s explore the key components of the NIST Cloud Computing Reference Model:

1. Cloud Service Models:

• Infrastructure as a Service (IaaS): Provides virtualized computing resources, such as virtual

machines, storage, and networks, on-demand to users.
• Platform as a Service (PaaS): Offers a platform with development tools, libraries, and services
for users to build and deploy applications.
• Software as a Service (SaaS): Delivers software applications over the internet, typically
accessed through web browsers, without the need for installation or maintenance.

2. Cloud Deployment Models:

• Public Cloud: Resources are owned and operated by a cloud service provider and made
available to the general public over the internet.
• Private Cloud: Resources are exclusively used by a single organization, providing greater
control, security, and customization.
• Hybrid Cloud: Combines public and private cloud environments, allowing data and
applications to be shared between them.
• Community Cloud: Shared infrastructure and services are used by a specific community or
group of organizations with shared interests or requirements.

3. Essential Characteristics:

• On-Demand Self-Service: Users can provision computing resources as needed without

requiring human intervention from the service provider.
• Broad Network Access: Services are accessible over standard network protocols and can be
accessed by various devices.
• Resource Pooling: Computing resources are shared and dynamically assigned to users based
on demand, with multi-tenancy support.
• Rapid Elasticity: Resources can be scaled up or down quickly to meet changing demands.
• Measured Service: Cloud service usage is monitored, controlled, and billed based on specific
metrics, providing transparency and cost optimization.

4. Cloud Service Orchestration:

• Refers to the management and coordination of multiple cloud services to deliver end-to-end
solutions.
• It involves integrating various services, components, and workflows to achieve business
objectives efficiently and effectively.

5. Cloud Security and Management:

• Covers the governance, security, and management aspects of cloud computing.

• It includes identity and access management, data protection, compliance, monitoring, and
service-level agreement (SLA) management.

The NIST Cloud Computing Reference Model provides a standardized framework to understand the
key components and relationships within cloud computing. It serves as a common language for

2
Cloud Computing Notes UNIT-2 Saba Raees

discussing and designing cloud-based solutions, enabling interoperability and facilitating the adoption
of cloud computing technologies.

The NIST cloud computing reference model defines five major actors:

1. Cloud consumer

2. Cloud provider

3. Cloud carrier

4. Cloud auditor and

5. Cloud broker.

Each actor is an entity (a person or an organization) that participates in a transaction or process and/or
performs tasks in cloud computing

3
Cloud Computing Notes UNIT-2 Saba Raees

Example Usage Scenario 1: A cloud consumer may request service from a cloud broker instead
of contacting a cloud provider directly. The cloud broker may create a new service by
combining multiple services or by enhancing an existing service. In this example, the actual
cloud providers are invisible to the cloud consumer and the cloud consumer interacts directly
with the cloud broker.

Example Usage Scenario 2: Cloud carriers provide the connectivity and transport of cloud
services from cloud providers to cloud consumers. As illustrated in Figure 4, a cloud provider
participates in and arranges for two unique service level agreements (SLAs), one with a cloud
carrier (e.g. SLA2) and one with a cloud consumer (e.g. SLA1). A cloud provider arranges
service level agreements (SLAs) with a cloud carrier and may request dedicated and encrypted
connections to ensure the cloud services are consumed at a consistent level according to the
contractual obligations with the cloud consumers. In this case, the provider may specify its
requirements on capability, flexibility and functionality in SLA2 in order to provide essential
requirements in SLA1.

4
Cloud Computing Notes UNIT-2 Saba Raees

Example Usage Scenario 3: For a cloud service, a cloud auditor conducts independent
assessments of the operation and security of the cloud service implementation. The audit may
involve interactions with both the Cloud Consumer and the Cloud Provider.

Ques 2: Cloud Computing Reference Model Architecture defines 5 major actors.

Explain them in detail.
Cloud Consumer
The cloud consumer is the principal stakeholder for the cloud computing service. A cloud consumer
represents a person or organization that maintains a business relationship with, and uses the service
from a cloud provider. A cloud consumer browses the service catalog from a cloud provider, requests
the appropriate service, sets up service contracts with the cloud provider, and uses the service. The
cloud consumer may be billed for the service provisioned, and needs to arrange payments accordingly.

Cloud consumers need SLAs to specify the technical performance requirements fulfilled by a
cloud provider. SLAs can cover terms regarding the quality of service, security, remedies for
performance failures. A cloud provider may also list in the SLAs a set of promises explicitly
not made to consumers, i.e. limitations, and obligations that cloud consumers must accept. A
cloud consumer can freely choose a cloud provider with better pricing and more favorable
terms. Typically a cloud provider‟s pricing policy and SLAs are non-negotiable, unless the
customer expects heavy usage and might be able to negotiate for better contracts.

5
Cloud Computing Notes UNIT-2 Saba Raees

SaaS applications in the cloud and made accessible via a network to the SaaS consumers. The consumers
of SaaS can be organizations that provide their members with access to software applications, end users
who directly use software applications, or software application administrators who configure
applications for end users. SaaS consumers can be billed based on the number of end users, the time of
use, the network bandwidth consumed, the amount of data stored or duration of stored data.
Cloud consumers of PaaS can employ the tools and execution resources provided by cloud providers to
develop, test, deploy and manage the applications hosted in a cloud environment. PaaS consumers can
be application developers who design and implement application software, application testers who run
and test applications in cloud-based environments, application deployers who publish applications into
the cloud, and application administrators who configure and monitor application performance on a
platform. PaaS consumers can be billed according to, processing, database storage and network
resources consumed by the PaaS application, and the duration of the platform usage.
Consumers of IaaS have access to virtual computers, network-accessible storage, network infrastructure
components, and other fundamental computing resources on which they can deploy and run arbitrary
software. The consumers of IaaS can be system developers, system administrators and IT managers
who are interested in creating, installing, managing and monitoring services for IT infrastructure
operations. IaaS consumers are provisioned with the capabilities to access these computing resources,
and are billed according to the amount or duration of the resources consumed, such as CPU hours used
by virtual computers, volume and duration of data stored, network bandwidth consumed, number of IP
addresses used for certain intervals.
Cloud Provider
A cloud provider is a person, an organization; it is the entity responsible for making a service available
to interested parties. A Cloud Provider acquires and manages the computing infrastructure required for
providing the services, runs the cloud software that provides the services, and makes arrangement to
deliver the cloud services to the Cloud Consumers through network access.
For Software as a Service, the cloud provider deploys, configures, maintains and updates the operation
of the software applications on a cloud infrastructure so that the services are provisioned at the expected
service levels to cloud consumers. The provider of SaaS assumes most of the responsibilities in
managing and controlling the applications and the infrastructure, while the cloud consumers have
limited administrative control of the applications.
For PaaS, the Cloud Provider manages the computing infrastructure for the platform and runs the cloud
software that provides the components of the platform, such as runtime software execution stack,
databases, and other middleware components. The PaaS Cloud Provider typically also supports the
development, deployment and management process of the PaaS Cloud Consumer by providing tools
such as integrated development environments (IDEs), development version of cloud software, software
development kits (SDKs), deployment and management tools. The PaaS Cloud Consumer has control
over the applications and possibly some the hosting environment settings, but has no or limited access
to the infrastructure underlying the platform such as network, servers, operating systems (OS), or
storage.
For IaaS, the Cloud Provider acquires the physical computing resources underlying the service,
including the servers, networks, storage and hosting infrastructure. The Cloud Provider runs the cloud
software necessary to makes computing resources available to the IaaS Cloud Consumer through a set
of service interfaces and computing resource abstractions, such as virtual machines and virtual network
interfaces. The IaaS Cloud Consumer in turn uses these computing resources, such as a virtual
computer, for their fundamental computing needs Compared to SaaS and PaaS Cloud Consumers, an
IaaS Cloud Consumer has access to more fundamental forms of computing resources and thus has more
control over the more software components in an application stack, including the OS and network. The

6
Cloud Computing Notes UNIT-2 Saba Raees

IaaS Cloud Provider, on the other hand, has control over the physical hardware and cloud software that
makes the provisioning of these infrastructure services possible, for example, the physical servers,
network equipments, storage devices, host OS and hypervisors for virtualization.

Cloud Auditor
A cloud auditor is a party that can perform an independent examination of cloud service controls with
the intent to express an opinion thereon. Audits are performed to verify conformance to standards
through review of objective evidence. A cloud auditor can evaluate the services provided by a cloud
provider in terms of security controls, privacy impact, performance, etc.
Auditing is especially important for federal agencies as “agencies should include a contractual clause
enabling third parties to assess security controls of cloud providers. Security controls are the
management, operational, and technical safeguards or countermeasures employed within an
organizational information system to protect the confidentiality, integrity, and availability of the system
and its information. For security auditing, a cloud auditor can make an assessment of the security
controls in the information system to determine the extent to which the controls are implemented
correctly, operating as intended, and producing the desired outcome with respect to the security
requirements for the system. The security auditing should also include the verification of the compliance
with regulation and security policy. For example, an auditor can be tasked with ensuring that the correct
policies are applied to data retention according to relevant rules for the jurisdiction. The auditor may
ensure that fixed content has not been modified and that the legal and business data archival
requirements have been satisfied.
A privacy impact audit can help Federal agencies comply with applicable privacy laws and regulations
governing an individual‟s privacy, and to ensure confidentiality, integrity, and availability of an
individual‟s personal information at every stage of development and operation.

Cloud Broker
As cloud computing evolves, the integration of cloud services can be too complex for cloud consumers
to manage. A cloud consumer may request cloud services from a cloud broker, instead of contacting a
cloud provider directly. A cloud broker is an entity that manages the use, performance and delivery of
cloud services and negotiates relationships between cloud providers and cloud consumers.
In general, a cloud broker can provide services in three categories:
1. Service Intermediation: A cloud broker enhances a given service by improving some
specific capability and providing value-added services to cloud consumers. The

7
Cloud Computing Notes UNIT-2 Saba Raees

improvement can be managing access to cloud services, identity management,

performance reporting, enhanced security, etc.

2. Service Aggregation: A cloud broker combines and integrates multiple services into
one or more new services. The broker provides data integration and ensures the secure
data movement between the cloud consumer and multiple cloud providers.

3. Service Arbitrage: Service arbitrage is similar to service aggregation except that the
services being aggregated are not fixed. Service arbitrage means a broker has the
flexibility to choose services from multiple agencies. The cloud broker, for example,
can use a credit-scoring service to measure and select an agency with the best score.

Cloud Carrier
A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services
between cloud consumers and cloud providers. Cloud carriers provide access to consumers through
network, telecommunication and other access devices. For example, cloud consumers can obtain cloud
services through network access devices, such as computers, laptops, mobile phones, mobile Internet
devices (MIDs), etc. The distribution of cloud services is normally provided by network and
telecommunication carriers or a transport agent [8], where a transport agent refers to a business
organization that provides physical transport of storage media such as high-capacity hard drives. Note
that a cloud provider will set up SLAs with a cloud carrier to provide services consistent with the level
of SLAs offered to cloud consumers, and may require the cloud carrier to provide dedicated and secure
connections between cloud consumers and cloud providers.

Ques 3: Scope of control between Provider and Consumer.

The Cloud Provider and Cloud Consumer share the control of resources in a cloud system. As illustrated
in Figure, different service models affect an organization‟s control over the computational resources
and thus what can be done in a cloud system. The figure shows these differences using a classic software
stack notation comprised of the application, middleware, and OS layers. This analysis of delineation of
controls over the application stack helps understand the responsibilities of parties involved in managing
the cloud application.

8
Cloud Computing Notes UNIT-2 Saba Raees

• The application layer includes software applications targeted at end users or programs. The
applications are used by SaaS consumers, or installed/managed/ maintained by PaaS
consumers, IaaS consumers, and SaaS providers.

• The middleware layer provides software building blocks (e.g., libraries, database, and Java
virtual machine) for developing application software in the cloud. The middleware is used by
PaaS consumers, installed/managed/maintained by IaaS consumers or PaaS providers, and
hidden from SaaS consumers.

• The OS layer includes operating system and drivers, and is hidden from SaaS consumers and
PaaS consumers. An IaaS cloud allows one or multiple guest OS‟s to run virtualized on a single
physical host. Generally, consumers have broad freedom to choose which OS to be hosted
among all the OS‟s that could be supported by the cloud provider. The IaaS consumers should
assume full responsibility for the guest OS’s, while the IaaS provider controls the host OS.

Ques 4: Types of Cloud Computing (DEPLOYMENT MODELS)

The cloud deployment model identifies the specific type of cloud environment based on ownership,
scale, and access, as well as the cloud’s nature and purpose. The location of the servers you’re utilizing
and who controls them are defined by a cloud deployment model. It specifies how your cloud
infrastructure will look, what you can change, and whether you will be given services or will have to
create everything yourself. Relationships between the infrastructure and your users are also defined by
cloud deployment types.

There are four different cloud models that you can subscribe according to business needs. Following
are the different Types of Clouds:

1. Private Cloud: Here, computing resources are deployed for one particular organization. This
method is more used for intra-business interactions. Where the computing resources can be
governed, owned and operated by the same organization.
2. Community Cloud: Here, computing resources are provided for a community and
organizations.
3. Public Cloud: This type of cloud is used usually for B2C (Business to Consumer) type
interactions. Here the computing resource is owned, governed and operated by government,
an academic or business organization.
4. Hybrid Cloud: This type of cloud can be used for both type of interactions B2B (Business to
Business) or B2C (Business to Consumer). This deployment method is called hybrid cloud as
the computing resources are bound together by different clouds.

9
Cloud Computing Notes UNIT-2 Saba Raees

Public Cloud

The public cloud makes it possible for anybody to access systems and services. The public cloud may
be less secure as it is open to everyone. The public cloud is one in which cloud infrastructure services
are provided over the internet to the general people or major industry groups. The infrastructure in this
cloud model is owned by the entity that delivers the cloud services, not by the consumer. It is a type of
cloud hosting that allows customers and users to easily access systems and services. This form of cloud
computing is an excellent example of cloud hosting, in which service providers supply services to a
variety of customers. In this arrangement, storage backup and retrieval services are given for free, as a
subscription, or on a per-user basis. For example, Google App Engine etc.

Advantages of the Public Cloud Model

• Minimal Investment: Because it is a pay-per-use service, there is no substantial upfront fee,

making it excellent for enterprises that require immediate access to resources.
• No setup cost: The entire infrastructure is fully subsidized by the cloud service providers, thus
there is no need to set up any hardware.
• Infrastructure Management is not required: Using the public cloud does not necessitate
infrastructure management.
• No maintenance: The maintenance work is done by the service provider (not users).
• Dynamic Scalability: To fulfill your company’s needs, on-demand resources are accessible.

Disadvantages of the Public Cloud Model

• Less secure: Public cloud is less secure as resources are public so there is no guarantee of high-
level security.
• Low customization: It is accessed by many public so it can’t be customized according to
personal requirements.

10
Cloud Computing Notes UNIT-2 Saba Raees

Private Cloud

The private cloud deployment model is the exact opposite of the public cloud deployment model. It’s a
one-on-one environment for a single user (customer). There is no need to share your hardware with
anyone else. The distinction between private and public clouds is in how you handle all of the hardware.
It is also called the “internal cloud” & it refers to the ability to access systems and services within a
given border or organization. The cloud platform is implemented in a cloud-based secure environment
that is protected by powerful firewalls and under the supervision of an organization’s IT
department. The private cloud gives greater flexibility of control over cloud resources.

Advantages of the Private Cloud Model

• Better Control: You are the sole owner of the property. You gain complete command over
service integration, IT operations, policies, and user behavior.
• Data Security and Privacy: It’s suitable for storing corporate information to which only
authorized staff have access. By segmenting resources within the same infrastructure, improved
access and security can be achieved.
• Supports Legacy Systems: This approach is designed to work with legacy systems that are
unable to access the public cloud.
• Customization: Unlike a public cloud deployment, a private cloud allows a company to tailor
its solution to meet its specific needs.

Disadvantages of the Private Cloud Model

• Less scalable: Private clouds are scaled within a certain range as there is less number of clients.
• Costly: Private clouds are more costly as they provide personalized facilities.

11
Cloud Computing Notes UNIT-2 Saba Raees

Hybrid Cloud

By bridging the public and private worlds with a layer of proprietary software, hybrid cloud computing
gives the best of both worlds. With a hybrid solution, you may host the app in a safe environment while
taking advantage of the public cloud’s cost savings. Organizations can move data and applications
between different clouds using a combination of two or more cloud deployment methods, depending on
their needs.

Advantages of the Hybrid Cloud Model

• Flexibility and control: Businesses with more flexibility can design personalized solutions
that meet their particular needs.
• Cost: Because public clouds provide scalability, you’ll only be responsible for paying for the
extra capacity if you require it.
• Security: Because data is properly separated, the chances of data theft by attackers are
considerably reduced.

Disadvantages of the Hybrid Cloud Model

• Difficult to manage: Hybrid clouds are difficult to manage as it is a combination of both public
and private cloud. So, it is complex.
• Slow data transmission: Data transmission in the hybrid cloud takes place through the public
cloud so latency occurs.

Community Cloud

It allows systems and services to be accessible by a group of organizations. It is a distributed system

that is created by integrating the services of different clouds to address the specific needs of a
community, industry, or business. The infrastructure of the community could be shared between the
organization which has shared concerns or tasks. It is generally managed by a third party or by the
combination of one or more organizations in the community.

12
Cloud Computing Notes UNIT-2 Saba Raees

Advantages of the Community Cloud Model

• Cost Effective: It is cost-effective because the cloud is shared by multiple organizations or

communities.
• Security: Community cloud provides better security.
• Shared resources: It allows you to share resources, infrastructure, etc. with multiple
organizations.
• Collaboration and data sharing: It is suitable for both collaboration and data sharing.

Disadvantages of the Community Cloud Model

• Limited Scalability: Community cloud is relatively less scalable as many organizations share
the same resources according to their collaborative interests.
• Rigid in customization: As the data and resources are shared among different organizations
according to their mutual interests if an organization wants some changes according to their
needs they cannot do so because it will have an impact on other organizations.

Ques 5: Cloud Computing Services (SERVICE MODELS)

Cloud Computing can be defined as the practice of using a network of remote servers hosted on the
Internet to store, manage, and process data, rather than a local server or a personal computer. Companies
offering such kinds of cloud computing services are called cloud providers and typically charge for
cloud computing services based on usage. Grids and clusters are the foundations for cloud computing.

Cloud Computing helps in rendering several services according to roles, companies, etc. Cloud
computing models are explained below.

The three major Cloud Computing Offerings are:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)

13
Cloud Computing Notes UNIT-2 Saba Raees

Different business use some or all of these components according to their requirement.

1. SaaS (Software as a Service):

➢ SaaS or software as a service is a software distribution model in which applications

are hosted by a vendor or service provider and made available to customers over a
network (internet). SaaS is becoming an increasingly prevalent delivery model as
underlying technologies that supports Service Oriented Architecture (SOA) or
Web Services. Through internet this service is available to users anywhere in the
world.
➢ Traditionaly, software application needed to be purchased upfront &then installed it
onto your computer. SaaS users on the other hand, instead of purchasing the software
subscribes to it, usually on monthly basis via internet.
➢ Anyone who needs an access to a particular piece of software can be subscribe as a
user, whether it is one or two people or every thousands of employees in a
corporation. SaaS is compatible with all internet enabled devices.
➢ Many important tasks like accounting, sales, invoicing and planning all can be
performed using SaaS.

2. PaaS (Platform as a Service):

➢ Platform as a service, is referred as PaaS, it provides a platform and environment to

allow developers to build applications and services. This service is hosted in the
cloud and accessed by the users via internet.
➢ To understand in a simple terms, let compare this with painting a picture, where you
are provided with paint colors, different paint brushes and paper by your school
teacher and you just have to draw a beautiful picture using those tools.
➢ PaaS services are constantly updated & new features added. Software developers,
web developers and business can benefit from PaaS. It provides platform to support
application development. It includes software support and management services,
storage, networking, deploying, testing, collaborating, hosting and maintaining
applications.

3. IaaS (Infrastructure as a Service):

➢ IaaS (Infrastructure As A Service) is one of the fundamental service model of cloud

computing alongside PaaS (Platform as a Service). It provides access to computing
resources in a virtualized environment “the cloud” on internet. It provides computing
infrastructure like virtual server space, network connections, bandwidth, load
balancers and IP addresses. The pool of hardware resource is extracted from multiple
servers and networks usually distributed across numerous data centers. This provides
redundancy and reliability to IaaS.

14
Cloud Computing Notes UNIT-2 Saba Raees

➢ IaaS (Infrastructure as a service) is a complete package for computing. For small

scale businesses who are looking for cutting cost on IT infrastructure, IaaS is one of
the solutions. Annually a lot of money is spent in maintenance and buying new
components like hard-drives, network connections, external storage device etc. which
a business owner could have saved for other expenses by using IaaS.

Software as a Service (SaaS)

Software-as-a-Service (SaaS) is a way of delivering services and applications over the Internet. Instead
of installing and maintaining software, we simply access it via the Internet, freeing ourselves from the
complex software and hardware management. It removes the need to install and run applications on our
own computers or in the data centers eliminating the expenses of hardware as well as software
maintenance.

SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud
service provider. Most SaaS applications can be run directly from a web browser without any downloads
or installations required. The SaaS applications are sometimes called Web-based software, on-
demand software, or hosted software.

Advantages of SaaS:

1. Cost-Effective: Pay only for what you use.

2. Reduced time: Users can run most SaaS apps directly from their web browser without
needing to download and install any software. This reduces the time spent in installation and
configuration and can reduce the issues that can get in the way of the software deployment.
3. Accessibility: We can Access app data from anywhere.
4. Automatic updates: Rather than purchasing new software, customers rely on a SaaS provider
to automatically perform the updates.
5. Scalability: It allows the users to access the services and features on-demand.

The various companies providing Software as a service are Cloud9 Analytics, Salesforce.com, Cloud
Switch, Microsoft Office 365, Big Commerce, Eloqua, dropBox, and Cloud Tran.

Disadvantages of Saas:

1. Limited customization: SaaS solutions are typically not as customizable as on-premises

software, meaning that users may have to work within the constraints of the SaaS provider’s
platform and may not be able to tailor the software to their specific needs.
2. Dependence on internet connectivity: SaaS solutions are typically cloud-based, which
means that they require a stable internet connection to function properly. This can be
problematic for users in areas with poor connectivity or for those who need to access the
software in offline environments.
3. Security concerns: SaaS providers are responsible for maintaining the security of the data
stored on their servers, but there is still a risk of data breaches or other security incidents.
4. Limited control over data: SaaS providers may have access to a user’s data, which can be a
concern for organizations that need to maintain strict control over their data for regulatory or
other reasons.

Platform as a Service

PaaS is a category of cloud computing that provides a platform and environment to allow developers
to build applications and services over the internet. PaaS services are hosted in the cloud and accessed
by users simply via their web browser.

15
Cloud Computing Notes UNIT-2 Saba Raees

A PaaS provider hosts the hardware and software on its own infrastructure. As a result, PaaS frees
users from having to install in-house hardware and software to develop or run a new application.
Thus, the development and deployment of the application take place independent of the hardware.
The consumer does not manage or control the underlying cloud infrastructure including network,
servers, operating systems, or storage, but has control over the deployed applications and possibly
configuration settings for the application-hosting environment. To make it simple, take the example of
an annual day function, you will have two options either to create a venue or to rent a venue but the
function is the same.

Advantages of PaaS:

1. Simple and convenient for users: It provides much of the infrastructure and other IT
services, which users can access anywhere via a web browser.
2. Cost-Effective: It charges for the services provided on a per-use basis thus eliminating the
expenses one may have for on-premises hardware and software.
3. Efficiently managing the lifecycle: It is designed to support the complete web application
lifecycle: building, testing, deploying, managing, and updating.
4. Efficiency: It allows for higher-level programming with reduced complexity thus, the overall
development of the application can be more effective.

The various companies providing Platform as a service are Amazon Web services Elastic Beanstalk,
Salesforce, Windows Azure, Google App Engine, cloud Bees and IBM smart cloud.

Disadvantages of Paas:

1. Limited control over infrastructure: PaaS providers typically manage the underlying
infrastructure and take care of maintenance and updates, but this can also mean that users
have less control over the environment and may not be able to make certain customizations.
2. Dependence on the provider: Users are dependent on the PaaS provider for the availability,
scalability, and reliability of the platform, which can be a risk if the provider experiences
outages or other issues.
3. Limited flexibility: PaaS solutions may not be able to accommodate certain types of
workloads or applications, which can limit the value of the solution for certain organizations.

Infrastructure as a Service

Infrastructure as a service (IaaS) is a service model that delivers computer infrastructure on an

outsourced basis to support various operations. Typically IaaS is a service where infrastructure is
provided as outsourcing to enterprises such as networking equipment, devices, database, and web
servers.
It is also known as Hardware as a Service (HaaS). IaaS customers pay on a per-user basis, typically
by the hour, week, or month. Some providers also charge customers based on the amount of virtual
machine space they use.
It simply provides the underlying operating systems, security, networking, and servers for developing
such applications, and services, and deploying development tools, databases, etc.

Advantages of IaaS:

1. Cost-Effective: Eliminates capital expense and reduces ongoing cost and IaaS customers pay
on a per-user basis, typically by the hour, week, or month.
2. Website hosting: Running websites using IaaS can be less expensive than traditional web
hosting.
3. Security: The IaaS Cloud Provider may provide better security than your existing software.

16
Cloud Computing Notes UNIT-2 Saba Raees

4. Maintenance: There is no need to manage the underlying data center or the introduction of
new releases of the development or underlying software. This is all handled by the IaaS Cloud
Provider.

The various companies providing Infrastructure as a service are Amazon web services, Bluestack,
IBM, Openstack, Rackspace, and Vmware.

Disadvantages of laaS:

1. Limited control over infrastructure: IaaS providers typically manage the underlying
infrastructure and take care of maintenance and updates, but this can also mean that users
have less control over the environment and may not be able to make certain customizations.
2. Security concerns: Users are responsible for securing their own data and applications, which
can be a significant undertaking.
3. Limited access: Cloud computing may not be accessible in certain regions and countries due
to legal policies.

Ques 6: What is the Right Choice for Cloud Deployment Model?

As of now, no such approach fits picking a cloud deployment model. We will always consider
the best cloud deployment model as per our requirements. Here are some factors which should
be considered before choosing the best deployment model.

• Cost: Cost is an important factor for the cloud deployment model as it tells how much
amount you want to pay for these things.
• Scalability: Scalability tells about the current activity status and how much we can scale
it.
• Easy to use: It tells how much your resources are trained and how easily can you
manage these models.
• Compliance: Compliance tells about the laws and regulations which impact the
implementation of the model.
• Privacy: Privacy tells about what data you gather for the model.

Each model has some advantages and some disadvantages, and the selection of the best is only
done on the basis of your requirement. If your requirement changes, you can switch to any
other model.

Ques 7: Overall Analysis of Cloud Deployment Models

The overall Analysis of these models with respect to different factors is described below.

Factors Public Cloud Private Cloud Community Hybrid Cloud

Cloud
Initial Setup Easy Complex, Complex, Complex,
requires a requires a requires a
professional professional professional
team to setup team to setup team to setup

17
Cloud Computing Notes UNIT-2 Saba Raees

Scalability High High Fixed High

and
Flexibility
Cost- Cost-Effective Costly Distributed cost Between public
Comparison among members and private
cloud
Reliability Low Low High High
Data Security Low High High High
Data Privacy Low High High High

Ques 8: Cloud Computing Architecture

➢ Cloud computing architecture refers to the components and subcomponents

required for cloud computing. These components typically consist of a front-end
platform (fat client, thin client, mobile), back end platforms (servers, storage), a cloud
based delivery, and a network (Internet, Intranet, Intercloud). Combined, these
components make up cloud computing architecture.
➢ Cloud Computing Architecture is a combination of components required for a Cloud
Computing service. A Cloud computing architecture consists of several components like a
frontend platform, a backend platform or servers, a network or Internet service, and a cloud-
based delivery service.
➢ Cloud computing comprises two components, the front end, and the back end. The front end
consists of the client part of a cloud computing system. It comprises interfaces and
applications that are required to access the Cloud computing or Cloud programming platform.
➢ The Architecture of Cloud computing contains many different components. It includes Client
infrastructure, applications, services, runtime clouds, storage spaces, management, and
security. These are all the parts of a Cloud computing architecture.

18
Cloud Computing Notes UNIT-2 Saba Raees

The cloud architecture is divided into 2 parts i.e.

1. Front End
2. Back End

Front End: The client uses the front end, which contains a client-side interface and application. Both
of these components are important to access the Cloud computing platform. The front end includes
web servers (Chrome, Firefox, Opera, etc.), clients, and mobile devices.

Back End: The backend part helps you manage all the resources needed to provide Cloud computing
services. This Cloud architecture part includes a security mechanism, a large amount of data storage,
servers, virtual machines, traffic control mechanisms, etc.

Architecture of cloud computing is the combination of both Service Oriented Architecture and Event
Driven Architecture. Client infrastructure, application, service, runtime cloud, storage, infrastructure,
management and security all these are the components of cloud computing architecture.

Here are some important components of Cloud computing architecture:

1. Client Infrastructure: Client Infrastructure is a front-end component that provides a GUI.

It helps users to interact with the Cloud. It contains the applications and user interfaces which
are required to access the cloud platform. In other words, it provides a GUI( Graphical User
Interface ) to interact with the cloud.
2. Application: Application in backend refers to a software or platform to which client
accesses. Means it provides the service in backend as per the client requirement.
3. Service: The service component manages which type of service you can access according to
the client’s requirements. Three Cloud computing services are: Software as a Service (SaaS),
Platform as a Service (PaaS), Infrastructure as a Service (IaaS)

19
Cloud Computing Notes UNIT-2 Saba Raees

4. Runtime Cloud: Runtime cloud offers the execution and runtime environment to the virtual
machines.
5. Storage: Storage is another important Cloud computing architecture component. It provides
a large amount of storage capacity in the Cloud to store and manage data.
6. Infrastructure: It offers services on the host level, network level, and application level.
Cloud infrastructure includes hardware and software components like servers, storage,
network devices, virtualization software, and various other storage resources that are needed
to support the cloud computing model.
7. Management: This component manages components like application, service, runtime
cloud, storage, infrastructure, and other security matters in the backend. It also establishes
coordination between them.
8. Security: Security in the backend refers to implementing different security mechanisms for
secure Cloud systems, resources, files, and infrastructure to the end-user.
9. Internet: Internet connection acts as the bridge or medium between frontend and backend. It
allows you to establish the interaction and communication between the frontend and backend.

Benefits of Cloud Computing Architecture:

• Makes overall cloud computing system simpler.

• Improves data processing requirements.
• Helps in providing high security.
• Makes it more modularized.
• Reduces IT operating costs.
• Provides high level reliability.
• Scalability.
• It solves latency issues and improves data processing requirements
• It reduces IT operating costs and gives good accessibility to access data and digital tools
• It helps businesses to easily scale up and scale down their cloud resources
• It has a flexibility feature which gives businesses a competitive advantage
• It results in better disaster recovery and provides high security
• It automatically updates its services
• It encourages remote working and promotes team collaboration

Ques 9: Economics of Cloud Computing.

The main drivers of cloud computing are economy of scale and simplicity of software delivery
and its operation. In fact, the biggest benefit of this phenomenon is financial: the pay-as-you-
go model offered by cloud providers.

Economics of Cloud Computing is based on the PAY AS YOU GO method. Users/Customers must
have to pay only for their way of the usage of the cloud services. It is definitely beneficial for the users.
So the Cloud is economically very convenient for all. Another side is to eliminate some indirect costs
which is generated by assets such as license of the software and their support. In the cloud, users can
use software applications on a subscription basis without any cost because the property of the software
providing service remains to the cloud provider.

Economical background of the cloud is more useful for developers in the following ways:

• Pay as you go model offered by cloud providers.

• Scalable and Simple.

20
Cloud Computing Notes UNIT-2 Saba Raees

In particular, cloud computing allows:

1. Reducing the capital costs associated to the IT infrastructure

2. Eliminating the depreciation or lifetime costs associated with IT capital assets

3. Replacing software licensing with subscriptions

4. Cutting the maintenance and administrative costs of IT resources

In the case of a small startup, it is possible to completely leverage the cloud for many aspects, such as:

• IT infrastructure
• Software development
• CRM and ERP

What is Capital Cost:

It is cost occurred in the purchasing infrastructure or the assets that is important in the production of
goods. It takes a long time to generate profit.

In the case of start-ups, there is no extra budget for the infrastructure and its maintenance. So cloud
can minimizes expenses of any small organization in terms of economy. It leads to the developers can
only focus on the development logic and not on the maintenance of the infrastructure.

There are three different Pricing Strategies that are introduced by Cloud Computing: Tiered Pricing,
Per-unit Pricing, and Subscription-based Pricing. These are explained as following below.

1. Tiered Pricing: In this model, cloud services are offered in several tiers, each of which offers
a fixed computing specification and SLA at a specific price per unit of time. This model is
used by Amazon for pricing the EC2 service, which makes available different server
configurations in terms of computing capacity (CPU type and speed, memory) that have
different costs per hour.
2. Per-unit Pricing: The model is based upon the unit-specific service concept. Data transfer
and memory allocation include in this model for specific units. This model is more suitable to
cases where the principal source of revenue for the cloud provider is determined in terms of
units of specific services, such as data transfer and memory allocation. In this scenario
customers can configure their systems more efficiently according to the application needs.
This model is used, for example, by GoGrid, which makes customers pay according to
RAM/hour units for the servers deployed in the GoGrid cloud.
3. Subscription-based Pricing: This is the model used mostly by SaaS providers in which users
pay a periodic subscription fee for use of the software or the specific component services that
are integrated in their applications.

All of these costs are based on a pay-as-you-go model, which constitutes a more flexible solution for
supporting the delivery on demand of IT services. This is what actually makes possible the conversion
of IT capital costs into operational costs, since the cost of buying hardware turns into a cost for leasing
it and the cost generated by the purchase of software turns into a subscription fee paid for using it.

21
Cloud Computing Notes UNIT-2 Saba Raees

Ques 10: Computing Platforms and Technologies

Cloud computing applications develops by leveraging platforms and frameworks. Various types of
services are provided from the bare metal infrastructure to customize-able applications serving specific
purposes.

A cloud computing system can be developed using either a single technology and vendor or a
combination of them. Some cloud platforms that are widely used in industry for building real
commercial applications: Amazon Web Services, Google App Engine, and Microsoft Windows Azure.

Amazon Web Services (AWS) provides solutions for building infrastructure in the Amazon Cloud.
Amazon EC2 and Amazon S3 represent AWS’s core value offering. The former allows developers to
create virtual servers and customize their computing stack as required. The latter is a storage solution
that allows users to store documents of any size. These core services are then complemented by a wide
collection of services, covering networking, data management, content distribution, computing
middleware, and communication, which make AWS a complete solution for developing entire cloud
computing systems on top of the Amazon infrastructure.

AWS provides different wide-ranging clouds IaaS services, which ranges from virtual compute, storage,
and networking to complete computing stacks. AWS is well known for its storage and compute on
demand services, named as Elastic Compute Cloud (EC2) and Simple Storage Service (S3). EC2 offers
customizable virtual hardware to the end user which can be utilize as the base infrastructure for
deploying computing systems on the cloud. It is likely to choose from a large variety of virtual hardware
configurations including GPU and cluster instances. Either the AWS console, which is a wide-ranged
Web portal for retrieving AWS services, or the web services API available for several programming
language is used to deploy the EC2 instances. EC2 also offers the capability of saving an explicit
running instance as image, thus allowing users to create their own templates for deploying system. S3
stores these templates and delivers persistent storage on demand. S3 is well ordered into buckets which
contains objects that are stored in binary form and can be grow with attributes. End users can store
objects of any size, from basic file to full disk images and have them retrieval from anywhere. In
addition, EC2 and S3, a wide range of services can be leveraged to build virtual computing system
including: networking support, caching system, DNS, database support, and others.

Google AppEngine is a distributed and scalable platform for building Web applications in the Cloud.
AppEngine is a scalable runtime that offers developers a collection of services for simplifying the
development of Web applications. These services are designed with scalability in mind and constitute
functional blocks that can be reused to define applications. Developers can build their applications in
either Java or Python, first locally using the AppEngine SDK. Once the applications have been
completed and fully tested, they can deploy the application on AppEngine.

Google AppEngine is a scalable runtime environment frequently dedicated to executing web

applications. These utilize benefits of the large computing infrastructure of Google to dynamically scale

22
Cloud Computing Notes UNIT-2 Saba Raees

as per the demand. AppEngine offers both a secure execution environment and a collection of which
simplifies the development if scalable and high-performance Web applications. These services include:
in-memory caching, scalable data store, job queues, messaging, and corn tasks. Developers and
Engineers can build and test applications on their own systems by using the AppEngine SDK, which
replicates the production runtime environment, and helps test and profile applications. On completion
of development, Developers can easily move their applications to AppEngine, set quotas to containing
the cost generated, and make it available to the world. Currently, the supported programming languages
are Python, Java, and Go.

Windows Azure is the cloud operating system deployed on Microsoft datacenters for building
dynamically scalable applications. Azure’s core components are represented by compute services
expressed in terms of roles, storage services, and the AppFabric, the middleware that ties together all
these services and constitutes the infrastructure of Azure. A role is a sandboxed runtime environment
specialized for a specific development scenario: Web applications, background processing, and virtual
computing. Developers define their Azure applications in terms of roles and then deploy these roles on
Azure. Storage services represent a natural complement to roles. Besides storage for static data and
semi-structured data, Windows Azure also provides storage for relational data by means of the SQL
Azure service.

Microsoft Azure is a Cloud operating system and a platform in which user can develop the
applications in the cloud. Generally, a scalable runtime environment for web applications and
distributed applications is provided. Application in Azure are organized around the fact of
roles, which identify a distribution unit for applications and express the application’s logic.
Azure provides a set of additional services that complement application execution such as
support for storage, networking, caching, content delivery, and others.

Apache Hadoop is an open source framework that is appropriate for processing large data sets on
commodity hardware. Hadoop is an implementation of MapReduce, an application programming model
which is developed by Google. This model provides two fundamental operations for data processing:
map and reduce. Yahoo! Is the sponsor of the Apache Hadoop project, and has put considerable effort
in transforming the project to an enterprise-ready cloud computing platform for data processing.
Hadoop is an integral part of the Yahoo! Cloud infrastructure and it supports many business processes
of the corporates. Currently, Yahoo! Manges the world’s largest Hadoop cluster, which is also available
to academic institutions.

Force.com is a Cloud computing platform at which user can develop social enterprise applications. The
platform is the basis of SalesForce.com – a Software-as-a-Service solution for customer relationship
management. Force.com allows creating applications by composing ready-to-use blocks: a complete
set of components supporting all the activities of an enterprise are available. From the design of the data
layout to the definition of business rules and user interface is provided by Force.com as a support. This
platform is completely hostel in the Cloud, and provides complete access to its functionalities, and those
implemented in the hosted applications through Web services technologies.

AppEngine and Windows Azure are PaaS solutions. AWS extends its services across all three layers of
the Cloud Computing Reference Model, although it is well known for its IaaS offerings, represented by
EC2 and S3. An overview of a few prominent cloud computing platforms and a brief description of the
types of service they offer are shown in Table.

23
Cloud Computing Notes UNIT-2 Saba Raees

Ques 11: Cloud Infrastructure

Cloud Infrastructure which comes under the backend part of cloud architecture represents the hardware
and software component such as server, storage, networking, management software, deployment
software and virtualization software etc. In backend, cloud infrastructure enables the complete cloud
computing system.
Cloud computing refers to providing on demand services to the customer anywhere and anytime
irrespective of everything where the cloud infrastructure represents the one who activates the complete
cloud computing system.
Cloud infrastructure has more capabilities of providing the same services as the physical infrastructure
to the customers. It is available for private cloud, public cloud, and hybrid cloud systems with low cost,
greater flexibility and scalability.
Cloud infrastructure consists of servers, storage devices, network, cloud management software,
deployment software, and platform virtualization.
Components of Cloud Infrastructure:

24
Cloud Computing Notes UNIT-2 Saba Raees

Hypervisor: It is a firmware or low-level program that acts as a Virtual Machine Manager. It allows
to share the single physical instance of cloud resources between several tenants.
Management Software: It helps to maintain and configure the infrastructure and monitors and
optimizes resources, data, applications and services.
Deployment Software: It helps to deploy and integrate the application on the cloud and helps in
building a virtual computing environment.
Network: It is the key component of cloud infrastructure. It allows to connect cloud services over the
Internet. It is also possible to deliver network as a utility over the Internet, which means, the customer
can customize the network route and protocol.
Server: The server helps to compute the resource sharing and offers other services such as resource
allocation and de-allocation, monitoring the resources, providing security etc.
Storage: Cloud keeps multiple replicas of storage. If one of the storage resources fails, then it can be
extracted from another one, which makes cloud computing more reliable.
Fundamental constraints that cloud infrastructure should implement are:

Transparency: Virtualization is the key to share resources in cloud environment. But it is not possible
to satisfy the demand with single resource or server. Therefore, there must be transparency in resources,
load balancing and application, so that we can scale them on demand.
Scalability: Scaling up an application delivery solution is not that easy as scaling up an application
because it involves configuration overhead or even re-architecting the network. So, application delivery
solution is need to be scalable which will require the virtual infrastructure such that resource can be
provisioned and de-provisioned easily.
Intelligent Monitoring: To achieve transparency and scalability, application solution delivery will
need to be capable of intelligent monitoring.
Security: The mega data center in the cloud should be securely architected. Also, the control node, an
entry point in mega data center, also needs to be secure.

25
Cloud Computing Notes UNIT-2 Saba Raees

Ques 12: Economics of Private Cloud

Organizations see similar benefits when they deploy data reduction in their private cloud environments.
Private cloud deployments are selected over public because they offer the increased flexibility of the
public cloud model but keep privacy and security under their own control.
Supply-Side Savings: Large scale data centers lower costs per servers.
Multi-tenancy efficiency: Increasing the number of tenants (ie. Customers or users) lowers the
application management and server cost per tenant.
Infrastructure labour costs: By automating many repetitive management tasks, larger facilities are
able to lower them further than smaller ones.
Security and Reliability: Large commercial cloud providers are often better able to bring deep
expertise to bear on this problem than a typical corporate IT department.
Buying Power: Operators of large data centers can get discounts on hardware purchases of up to 30
percent over small buyers.

Ques 13: Software Productivity in Cloud

The infrastructure needs for developing and testing enterprise applications are different from those of a
production environment, for example data security requirements are lower. At the same time the
variability of demand is high, with new development servers being required for each project, many of
which become redundant once the application is released to production.
In this particular case, infrastructure demands from different development projects are likely to be
largely uncorrelated, so virtualization is likely to succeed in improving utilizations. However, the time
for provisioning and configuring a development environment can often become a significant overhead
in many large organizations due to procurement and ITIL procedures.
For agile business environments where new development projects are initiated regularly, such delays
can become an obstacle and impact IT agility. In such cases leveraging a public cloud infrastructure for
development and testing can be fast, cost effective as well as low risk, thereby improving business
agility by reducing delays while starting new IT projects.
Along with development and testing, designing applications for good performance requires stress
testing early in the development life cycle, preferably on a production-capacity hardware configuration.
This is often difficult, especially early in the development cycle, simply because of non-availability of
such an environment for testing purposes. Production capacity configurations are expensive so it is not
cost effective to invest in spare capacity at this scale for occasional performance testing needs. Using
public cloud infrastructure a production class infrastructure can be provisioned on demand and
disbanded once performance testing is complete.
Apart from agility and availability, software development using public cloud infrastructure is also often
better suited to supporting globally distributed development teams. The public cloud enables such teams
to rely on a ‘central’ build infrastructure that is easily accessible over the internet; thus no one part of
the team is naturally more advantageously placed in terms of being physically ‘closer’ to the build
servers. It is often underestimated how important such democratization is in terms of driving team
dynamics; groups physically co-located with the build environment often have higher access privileges
or at least experience better network performance than others, thereby making them ‘more fit’ than the
rest of the team for certain development tasks. Using the public cloud one eliminates such artificial
barriers (at the risk of reducing everyone to the lowest common denominator of internet bandwidth!).

26
Cloud Computing Notes UNIT-2 Saba Raees

Such teams can better leverage geographically distributed talent as well be more flexible in moving
work around the world by ‘following the sun’ to leverage time zone differences to their advantage.
So far we have considered public IaaS clouds and how they may impact software development. PaaS
clouds provide development tools using which developers can create applications; we now examine
whether these also impact development productivity in some manner. It is important to reemphasize
that both (Google as well as Microsoft) PaaS platforms are unique in comparison to widely used
development tools: They both rely on a non-relational data model which impacts portability of
applications to these platforms from other more standard ones. Also, both platforms build in scalability
so that developers do not need to be concerned about how many servers their application will run on,
how the different components of the application will execute in parallel using multiple servers or how
data will be distributed. Developers are supposed to write to the platform APIs, and scaling will be
managed automatically by the cloud.
The economic benefits of automatic scalability are significant: It is widely accepted in the software
industry that end-to-end development productivity in ‘mission critical’ projects where high transaction
volumes and scalability are critical is demonstrably lower. Moreover the difference in productivity is
often a factor of two or more, as compared to smaller ‘departmental’ level projects where such concerns
are not as important. If indeed cloud platforms are able to factor out scalability and make it a feature of
the platform itself, then this itself can result in an order of magnitude improvement in productivity for
large-scale systems. However, it is equally important to note that this claim that has yet to be proven
given that it is still early days for cloud computing and even more so for PaaS platforms.
Finally, a certain class of cloud-based offerings, ‘configurable SaaS platforms,’ allow the creation of
small to medium-sized business applications with little or no programming. An example is
Salesforce.com’s APEX development environment, now called Force.com.
While these are also software development platforms, they are are constrained to a particular class of
applications, i.e. web-based transaction processing. Therefore as a class of cloud offerings these are
more accurately labeled SaaS platforms for specific types of application development, unlike the more
versatile PaaS platforms where a full programming language is available.

Ques 14: Economies of Scale: Public Vs Private Clouds

Public cloud services can be cheaper than using similar virtualized infrastructure in-house. One needs
to ask how this has become possible while also allowing for profit margins. Amortizing capacity across
demand from a large number of customers enables better utilizations, but surely this alone cannot be
the basis for a profitable cloud business.
From the perspective of cloud providers, the primary advantage they enjoy is scale:

• First, purchasing hardware, network capacity and storage is three to seven times cheaper at a
scale of tens or hundreds of thousands of servers versus that at a scale of a medium-sized
enterprise data center, i.e. a few thousand servers or less. Second, they have been able to
amortize the cost of server administration over a larger number of servers as well as reduce it
with high levels of automation, also estimated to result in a factor of seven gain.

• Next, the cloud providers are all leveraging significantly lower power costs (by up to a factor
of three) by locating their data centers in power producing regions, such as Idaho and
Washington in the US. Finally, cloud providers are able to enjoy far higher degrees of server
utilization, say 60–80 percent, as compared to smaller data centers, by multiplexing the needs
of a large number of users across the available capacity.

27
Cloud Computing Notes UNIT-2 Saba Raees

• Last but not least, it is very important to understand that the leading cloud providers, viz. Google
and Amazon, developed these capabilities for other businesses (search, retail), and so, there
was very little marginal investment involved in adapting this infrastructure for providing cloud
services and opening up a new business model. Very few, if any, enterprises have the size to
leverage such large economies of scale; and if they did it is likely that they may begin making
available some of this infrastructure as yet another public cloud. After all, Amazon has for
many years been a retail company first, and only now is it becoming equally known for cloud
computing.
To summarize cloud computing economics, we can comfortably state that cloud infrastructure services
promise significant cost reductions even as compared to privately deployed cloud infrastructure.
The agility of cloud infrastructure management provides additional benefits, especially so in the context
of agile development.
Further, cloud development platforms promise an order of magnitude improvement in development
productivity for largescale high performance applications, and finally Dev 2.0 platforms promise a
similar order of magnitude improvement in productivity for small and medium applications, albeit so
far limited to the small but important class of transaction-processing applications.

Ques 15: SPI framework of Cloud Computing

The SPI model refers to the most common service models of cloud computing: software as a service
(SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).

Cloud computing is a technology model in which a vendor provides hosted services to users over the
internet. Based on its business goals, an enterprise can choose to adopt one, or multiple, of the cloud
service types depicted in the SPI model:

1. SaaS is a software distribution model in which a cloud provider hosts applications on its own
infrastructure and makes them available to users over a network, typically the internet.
2. PaaS is a model in which a cloud provider hosts an application development platform on its
own infrastructure and makes that platform available to users over the internet.
3. IaaS is a model in which a cloud provider hosts servers, storage, network components and
other key parts of IT infrastructure and then delivers those resources to users over the internet.

In general, all three of these cloud service models follow a pay-as-you-go approach and reduce the
hardware and software investments an enterprise needs to make within its own on-premises data center.

The three types of cloud computing service models within the SPI framework can be
deployed as part of a public cloud, private cloud, hybrid cloud or multi-cloud architecture.

28
Cloud Computing Notes UNIT-2 Saba Raees

A commonly agreed upon framework for describing cloud computing services goes by the acronym
"SPI." This acronym stands for the three major services provided through the cloud: software-as-a-
service (SaaS), platform-as-a-service (Paas), and infrastructure-as-a-service (Iaas). Figure illustrates the
relationship between services, uses, and types of clouds.

Relevant Technologies in Cloud Computing

Cloud computing isn't so much a technology as it is the combination of many preexisting technologies.
These technologies have matured at different rates and in different contexts, and were not designed as
a coherent whole; however, they have come together to create a technical ecosystem for cloud
computing. New advances in processors, virtualization technology, disk storage, broadband Internet
connection, and fast, inexpensive servers have combined to make the cloud a more compelling solution.

Figure illustrates the relevant technologies.

29
Cloud Computing Notes UNIT-2 Saba Raees

1) Cloud access devices

The range of access devices for the cloud has expanded in recent years. Home PCs, enterprise PCs,
network computers, mobile phone devices, custom handheld devices, and custom static devices
(including refrigerators) are all online. Interestingly, the growth of the iPhone and the proliferation of
applications available from its App Store illustrate an improvement in terms of access to the cloud. This
greater access is resulting in greater use and growth of services within the cloud. For example, you can
now use skype through the iPhone, thus bringing this peer-to-peer network much closer to users, and
Salesforce.com has introduced an application that allows users to access its services from the iPhone,
as well as many other vendors.

2) Browsers and thin clients

Users of multiple device types can now access applications and information from wherever they can
load a browser. Indeed, browsers are becoming increasingly sophisticated. Enterprise applications, such
as SAP and Oracle, can be accessed through a browser interface- -a change from when a client (a so-
called "fat") application needed to be loaded onto the desktop. The general population has become more
familiar with the browser function and can use a discrete application, where the context is intuitive,
without requiring training or user guides.

30
Cloud Computing Notes UNIT-2 Saba Raees

3) High-speed broadband access

A critical component of the cloud is the broadband network, which offers the means to connect
components and provides one of the substantial differences from the utility computing concept of 30
years ago. Broadband access is now widely available, especially in global metropolitan areas. Nearly
pervasive wireless access (e.g.. WiFi, cellular, emerging WiMAX) is available, which has established
mobile devices as entry points to the IT resources of the enterprise and the cloud.

4) Data centers and server farms

Cloud-based services require large computing capacity and are hosted in data centers and server farms.
These distributed data centers and server farms span multiple locations and can be linked via
internetworks providing distributed computing and service delivery capabilities.

A number of examples today illustrate the flexibility and scalability of cloud computing power. For
instance, Google has linked a very large number of inexpensive servers to provide tremendous
flexibility and power. Amazon's Elastic Compute Cloud (EC2) provides virtualization in the data center
to create huge numbers of virtual instances for services being requested. Salesforce.com provides Saas
to its large customer base by grouping its customers into clusters to enable scalability and flexibility.

5) Storage devices

Decreasing storage costs and the flexibility with which storage can be deployed have changed the
storage landscape. The fixed direct access storage device (DASD) has been replaced with storage area
networks (SANs), which have reduced costs and allowed a great deal more flexibility in enterprise
storage. SAN software manages integration of storage devices and can independently allocate storage
space on demand across a number of devices.

31
Cloud Computing Notes UNIT-2 Saba Raees

Miscellaneous Questions

Ques 1: Security Issues in Cloud Computing

There is no doubt that Cloud Computing provides various Advantages but there are also some security
issues in cloud computing. Below are some following Security Issues in Cloud Computing as follows.

1. Data Loss: Data Loss is one of the issues faced in Cloud Computing. This is also known as
Data Leakage. As we know that our sensitive data is in the hands of Some-body else, and we
don’t have full control over our database. So if the security of cloud service is to break by
hackers then it may be possible that hackers will get access to our sensitive data or personal
files.

2. Interference of Hackers and Insecure API’s: As we know if we are talking about the cloud
and its services it means we are talking about the Internet. Also, we know that the easiest
way to communicate with Cloud is using API. So it is important to protect the Interface’s and
API’s which are used by an external user. But also in cloud computing, few services are
available in the public domain. An is the vulnerable part of Cloud Computing because it may
be possible that these services are accessed by some third parties. So it may be possible that
with the help of these services hackers can easily hack or harm our data.

3. User Account Hijacking: Account Hijacking is the most serious security issue in Cloud
Computing. If somehow the Account of User or an Organization is hijacked by Hacker. Then
the hacker has full authority to perform Unauthorized Activities.

4. Changing Service Provider: Vendor lock In is also an important Security issue in Cloud
Computing. Many organizations will face different problems while shifting from one vendor
to another. For example, An Organization wants to shift from AWS Cloud to Google Cloud
Services then they ace various problem’s like shifting of all data, also both cloud services
have different techniques and functions, so they also face problems regarding that. Also, it
may be possible that the charges of AWS are different from Google Cloud, etc.

5. Lack of Skill: While working, shifting to another service provider, need an extra feature, how
to use a feature, etc. are the main problems caused in IT Company who doesn’t have skilled
Employee. So it requires a skilled person to work with cloud Computing.

6. Denial of Service (DoS) attack: This type of attack occurs when the system receives too
much traffic. Mostly DoS attacks occur in large organizations such as the banking sector,
government sector, etc. When a DoS attack occurs data is lost. So in order to recover data, it
requires a great amount of money as well as time to handle it.

Ques 2: Cloud Security Principles

Public cloud computing requires a security model that coordinates scalability and multi-tenancy with
the requirement for trust. As enterprises move their computing environments with their identities,
information and infrastructure to the cloud, they must be willing to give up some level of control. In
order to do so they must be able to trust cloud systems and providers, as well as to verify cloud processes
and events. Important building blocks of trust and verification relationships include access control, data
security, compliance and event management - all security elements well understood by IT departments
today, implemented with existing products and technologies, and extendable into the cloud.

32
Cloud Computing Notes UNIT-2 Saba Raees

The cloud security principles comprise three categories: identity, information and infrastructure.
Identity Security: End-to-end identity management, third-party authentication services and identity
must become a key element of cloud security. Identity security keeps the integrity and confidentiality
of data and applications while making access readily available to appropriate users. Support for these
identity management capabilities for both users and infrastructure components will be a major
requirement for cloud computing and identity will have to be managed in ways that build trust. It will
require:
1. Stronger authentication: Cloud computing must move beyond authentication of username and
password, which means adopting methods and technologies that are IT standard IT such as strong
authentication, coordination within and between enterprises, and risk-based authentication, measuring
behaviour history, current context and other factors to assess the risk level of a user request.
2. Stronger authorization: Authorization can be stronger within an enterprise or a private cloud, but in
order to handle sensitive data and compliance requirements, public clouds will need stronger
authorization capabilities that can be constant throughout the lifecycle of the cloud infrastructure and
the data.
Information Security: In the traditional data center, controls on physical access, access to hardware
and software and identity controls all combine to protect the data. In the cloud, that protective barrier
that secures infrastructure is diffused. The data needs its own security and will require:
1. Data isolation: In multi-tenancy environment data must be held securely in order to protect it when
multiple customers use shared resources. Virtualization, encryption and access control will be
workhorses for enabling varying degrees of separation between corporations, communities of interest
and users.
2. Stronger data security: In existing data center environments the role-based access control at the
level of user groups is acceptable in most cases since the information remains within the control of the
enterprise. However, sensitive data will require security at the file, field or block level to meet the
demands of assurance and compliance for information in the cloud.
3. Effective data classification: Enterprises will need to know what type of data is important and
where it is located as prerequisites to making performance cost-benefit decisions, as well as ensuring
focus on the most critical areas for data loss prevention procedures.
4. Information rights management: It is often treated as a component of identity on which users have
access to. The stronger data-centric security requires policies and control mechanisms on the storage
and use of information to be associated directly with the information itself.
5. Governance and compliance: A major requirement of corporate information governance and
compliance is the creation of management and validation information - monitoring and auditing the
security state of the information with logging capabilities. The cloud computing infrastructures must
be able to verify that data is being managed per the applicable local and international regulations with
appropriate controls, log collection and reporting.

Infrastructure Security: IaaS application providers treat the applications within the customer virtual
instance as a black box and therefore are completely indifferent to the operations and management of
a applications of the customer. The entire pack (customer application and run time application) is run
on the customers’ server on provider infrastructure and is managed by customers themselves. For this
reason it is important to note that the customer must take full responsibility for securing their cloud
deployed applications.

• Cloud deployed applications must be designed for the internet threat model.
• They must be designed with standard security countermeasures to guard against the common
web vulnerabilities.
• Customers are responsible for keeping their applications up to date – and must therefore ensure
they have a patch strategy to ensure their applications are screened from malware and hackers
scanning for vulnerabilities to gain unauthorized access to their data within the cloud.

33
Cloud Computing Notes UNIT-2 Saba Raees

• Customers should not be tempted to use custom implementations of Authentication,

Authorization and Accounting as these can become weak if not properly implemented.

The foundational infrastructure for a cloud must be inherently secure whether it is a private or public
cloud or whether the service is SAAS, PAAS or IAAS. It will require:

• Inherent component-level security: The cloud needs to be architected to be secure, built with
inherently secure components, deployed and provisioned securely with strong interfaces to
other components and supported securely, with vulnerability-assessment and change-
management processes that produce management information and service-level assurances that
build trust.
• Stronger interface security: The points in the system where interaction takes place (user-to-
network, server-to application) require stronger security policies and controls that ensure
consistency and accountability.
• Resource lifecycle management: The economics of cloud computing are based on multi-
tenancy and the sharing of resources. As the needs of the customers and requirements will
change, a service provider must provision and decommission correspondingly those resources
- bandwidth, servers, storage and security. This lifecycle process must be managed in order to
build trust.

The infrastructure security can be viewed, assessed and implemented according its building levels - the
network, host and application levels.

Infrastructure Security: The Network Level

When looking at the network level of infrastructure security, it is important to distinguish between
public clouds and private clouds. With private clouds, there are no new attacks, vulnerabilities, or
changes in risk specific to this topology that information security personnel need to consider. If public
cloud services are chosen, changing security requirements will require changes to the network topology
and the manner in which the existing network topology interacts with the cloud provider’s network
topology should be taken into account.
There are four significant risk factors in this use case:
1. Ensuring the confidentiality and integrity of organization’s data-in-transit to and from a public
cloud provider;
2. Ensuring proper access control (authentication, authorization, and auditing) to whatever
resources are used at the public cloud provider;
3. Ensuring the availability of the Internet-facing resources in a public cloud that are being used
by an organization, or have been assigned to an organization by public cloud providers;
4. Replacing the established model of network zones and tiers with domains.

Infrastructure Security: The Host Level

When reviewing host security and assessing risks, the context of cloud services delivery models (SaaS,
PaaS, and IaaS) and deployment models public, private, and hybrid) should be considered. The host
security responsibilities in SaaS and PaaS services are transferred to the provider of cloud services. IaaS
customers are primarily responsible for securing the hosts provisioned in the cloud
(virtualization software security, customer guest OS or virtual server security).

34
Cloud Computing Notes UNIT-2 Saba Raees

Infrastructure Security: The Application Level

Application or software security should be a critical element of a security program. Most enterprises
with information security programs have yet to institute an application security program to address this
realm. Designing and implementing applications aims at deployment on a cloud platform will require
existing application security programs to re-evaluate current practices and standards. The application
security spectrum ranges from standalone single-user applications to sophisticated multiuser e-
commerce applications used by many users.
The level is responsible for managing:
1. Application-level security threats
2. End user security
3. SaaS application security
4. PaaS application security
5. Customer-deployed application security
6. IaaS application security
7. Public cloud security limitations

It can be summarized that the issues of infrastructure security and cloud computing lie in the area
of definition and provision of security specified aspects each party delivers.

Ques 3: Security Compromises between the Three Cloud Deployment Models.

The following security compromises between the three cloud deployment models have been
identified:
1. SaaS provides the most integrated functionality built directly into the offering, with the least
consumer extensibility, and a relatively high level of integrated security since at the least the provider
bears a responsibility for the security.
2. PaaS is intended to enable developers to build their own applications on top of the platform. As a
result it tends to be more extensible than SaaS, at the expense of customer ready features. This trade-
off extends to security features and capabilities, where the built-in capabilities are less complete, but
there is more flexibility to layer on additional security.
3. IaaS provides few if any application-like features, but enormous extensibility. This generally
means less integrated security capabilities and functionality beyond protecting the infrastructure itself.
This model requires that operating systems, applications, and content be managed and secured by the
cloud consumer.

Ques 4: Security Management in the Cloud

Security management in the cloud is a set of strategies designed to allow a business to use cloud
applications and networks to their greatest potential while limiting potential threats and vulnerabilities.
This is often done with several independent tactics:

• Identifying and assessing cloud services. First, you need to spend time identifying which cloud
products and services are being used in your organization, and which ones might be considered
in the future. Then, you’ll need to assess and audit those items, analyzing their security and
potential vulnerabilities.

35
Cloud Computing Notes UNIT-2 Saba Raees

• Auditing and adjusting native security settings. Within each application, you’ll have full
control of your own privacy and security settings. It’s on your cloud security team to understand
which settings are available, and take full advantage of them to grant your organization the
highest possible level of security.
• Encrypting data. In many cases, you’ll need to take extra efforts to prevent data loss and
preserve data integrity by encrypting your data and securing your connections. It’s your
responsibility to allow legitimate network traffic and block suspicious traffic.
• Managing devices. Cloud applications allow you to reduce the amount of physical
infrastructure you maintain, but you and your employees will still be accessing data and services
with specific devices. You’ll need some way to manage and monitor those devices to ensure
only authorized devices can access your data.
• Managing users. Similarly, you’ll need to consider user-level controls. Establish varying levels
of user permissions, to restrict access to your most valuable or sensitive information, and
change user permissions as necessary to allow secure access.
• Reporting. It’s also important to monitor cloud activity from a high level, and report on that
activity so you can better understand your risks and ongoing operations.

Comprehensive Security Management in the Cloud

IT and security staff members often face difficulty managing all these strategies simultaneously,
especially with the sheer number of cloud applications and services used by a modern organization.
Large companies rely on hundreds, and sometimes thousands of different cloud-based services, making
it nearly impossible to conveniently apply consistent security settings or monitor the use of those
applications all at once.

That’s why it’s important to employ the use of a comprehensive security management tool, designed
for cloud security. With the right platform, you can hypothetically manage and monitor all your cloud
applications and gateways at once, all from one central location.

Ques 5: Security Management Standards

Top 10 cloud security standards and control frameworks:

ISO-27001 / ISO-27002: Any organisation that has sensitive information can benefit from ISO 27001
implementation. ISO-27001 contains a specification for an Information Security Management System
(ISMS). ISO-27002 describes controls that can be put in place for compliance with the ISO-27001
standard. Compliance with ISO-27001 demonstrates to your customers that your organisation takes
information security seriously and has implemented the best-practice information security methods.

ISO-27017: An extension of ISO-27001 incorporating clauses specific to information security in the

context of the cloud. Compliance with ISO-27017 should be considered alongside ISO-27001.

ISO-27018: This standard relates to the protection of personally identifiable information (PII) in
public clouds acting as PII processors. Whilst this standard is targeted specifically to public-cloud
providers such as AWS or Azure, PII controllers (e.g. a SaaS provider processing customer PII in
AWS) still have a level of responsibility. You should consider compliance against this standard if you
are a SaaS provider processing PII.

General Data Protection Regulation (GDPR): Data protection and privacy regulation for the
European Union. Whilst this regulation applies specifically to the European Union, you need to
consider this if you store or process any personal data of European Union citizens.

System and Organisation Controls (SOC) Reporting: A SOC 2 Audit Report demonstrates that

36
Cloud Computing Notes UNIT-2 Saba Raees

your organisation has policies, procedures and controls in place to meet the 5 trust principles:
Security, Availability, Processing Integrity, Confidentiality and Privacy. If you are a SaaS provider,
prospective clients may request that you demonstrate SOC 2 compliance.

Payment Card Industry Data Security Standard (PCI DSS): Specific to organisations handling
cardholder information. This standard provides baseline technical and operations requirements for
protecting cardholder data.

Health Insurance Portability and Accountability Act (HIPAA): Specific to organisations handling
medical information. The HIPAA Security Rule (HSR) is most appropriate in the context of
information security. This rule provides standards to protect individuals’ electronic personal health
information that is created, received, used, or maintained by a covered entity.

CIS AWS Foundations v1.2: Best practice security controls specific to Amazon Web Services
(AWS).

CIS Controls Top 20: A prioritised set of actions for protection against cyber threats.

ACSC Essential Eight: A baseline of eight essential strategies for preventing and limiting the
extent of cyber security incidents.

Ques 6: Recent Developments in Cloud Security

Here are the top 6 cloud security trends your security team needs to watch out:

1. Cyber security Mesh

Companies have their data and assets outside their network when it comes to the cloud, which must be
secured. Cyber security mesh is a concept of having a distributed network and infrastructure, creating
the security perimeter around the people and machines on the network. With this concept, companies
can manage access to their data from a centralized security point. This also provides centralized security
policies with enforcements distributed. Cyber security mesh is also considered as one of the building
blocks of Zero-Trust architecture.

2. Zero Trust

Zero-trust has the motto of “never trust, always verify,” which strongly implies that an organization
should not trust anything outside or inside its perimeters.

Considering the recent approach of migrating everything to the cloud, zero trust must be enforced in
every organization. Organizations rely on perimeter security and firewalls to protect their most valuable
resources like user data and intellectual property.

Security teams are spending too much time on manual tasks since they lack the insight to reduce attack
surfaces efficiently, especially in the cloud architecture. The practice of Zero Trust aims to enhance
security around every device, user, and connection. In addition to that, it also provides the ability to
manage threats proactively. This method helps in organizing and strategizing a thorough approach to
counter threats.

3. Hybrid and Multi-Cloud Environment

37
Cloud Computing Notes UNIT-2 Saba Raees

As per the new cloud security trend, cloud infrastructure seems feasible and reliable compared to the
old method; there are also types of methods to choose from. An organization can migrate their data
completely onto the cloud or have partial data on the cloud and other services hosted privately. Most
organizations prefer to use the hybrid approach since it proves to be more secure than moving the entire
thing to the cloud.

The hybrid-cloud approach implies that services and applications that can be hosted are configured
locally and can be migrated to the cloud. For example, containerization can be deployed in the cloud,
other infrastructure level things like a local-work environment can be deployed on-premises and
configured to work remotely.

The next popular cloud security trend is the multi-cloud environment. An IT survey reported that 95%
of the companies are approaching a multi-cloud strategy. Multi-cloud proves effective when tools like
SIEM and threat intelligence are deployed. One environment can contain security-based tools, and the
others might have applications and other services.

4. Cloud-Native Tools and Platforms

Cloud-native applications are becoming more prominent when working on cloud platforms. These
applications are specifically designed to work on the cloud. Cloud-native applications seek advantage
of the speed and efficiency of the cloud platform. The security tools and platforms designed for the on-
premises applications are not enough to protect the cloud-based resources.

Companies realized that failing to choose the right tools and platforms, could leave their applications
exposed to threats. They are increasingly investing in cloud-based security tools like Apptrana WAF to
prevent attackers from exploiting their resources in the cloud.

5. Merging Security Through DevSecOps

DevSecOps is a methodology that incorporates security protocols at every stage of an SDLC process.
This makes it convenient to deal with threats during the lifecycle itself and not after something is
exposed.

Ever since the deployment of DevOps, software releases have been shortened for every product release.
DevSecOps proves to be secure and fast only with a fully automated software development lifecycle.
It also enables businesses to innovate securely. This means that the entire supply chain will be filled
with security measures and protocols.

To provide a massive digital transformation and security, the DevOps and Security teams must
collaborate. Digital services and applications need stronger and better security in exponential amounts.
This methodology must be enforced in a CI/CD pipeline to make it a continuous process.

6. SASE Framework

Gartner said that “The Future of Network Security is in the Cloud.”

Gartner defined cloud-based cyber security as vital to securely connect users, systems, and endpoint
devices to a single-cloud environment.

SASE is one such type of framework that provides a cloud-based cyber security solution and supports
digital enterprises’ dynamic, secure access needs.

38
Cloud Computing Notes UNIT-2 Saba Raees

SASE’s working structure includes a combination of WAN with multiple security capabilities like anti-
malware, security brokers, and securing the network.

The Way Forward

Cloud infrastructures have a vast variety of attack surfaces. Hence, cloud security practices are much
more needed to secure the cloud environment from external threats. Even a small misconfiguration of
a storage bucket might lead to disastrous data breaches.

With the right cloud security tools in place, you can automate security, prevent internal threats, and
lower breach risks. Indusface AppTrana, for example, can go a long way in reducing cloud security
complexity while driving innovation.

39