Notes

Management Fundaont

TECHNICAL PUBLICATIONS-an up-thrust for knowledge

 UNIT II

Cloud Services Strategy

2
Syllabus
Fundamentals, Cloud Strategy Management Framewark, Cloud Palicy. Key Driver
Clond Strategy
Adoption, Risk Management, IT Capaciy and Utilization, Demand and Capscity mat hing,
for Management, Cloud Service Architecture
Demand Queueing. Change

Contents
Cloud Strategy Fundamentals
21

22 Cloud Strategy Management Framework

2.3 Cloud Policy
24 Key Driver for Adoption
2.5 Risk Management
26 IT Capacity and Utilization
2.7 Demand and Capacity Matching
28 Demand Queueing
2.9 Change Management
2.10 Cloud Service Architecture
2.11 Two Marks Questions with Answers

(2-1)
 Cloud Services

2.1 Cloud Strategy Fundamentals

"A chod strstegy is a pian that outlines the best practices, tools and services
mplementing a ch¢ soution. I's a vital tool for to
businesses looking to
cloud adopton, implementation, and operations.
.A cid strategy van be appliedto all ypes of cloud
deploy ments. This optimize hen
private, h hrd and multi cloud strategies.
Tnis capability. cost-benefit, enablement, enterprise risk and inchudes publi
strtegy pnnciples when it adopt.
Ckoud strategieshelps to ensune effective
performance of
account ability are the
clov
the
arpiais hosted in the cloud. A cloud strategy also
cloud defining Cost, functionality and service
by : infrastructure, workloads
leyels supports cloud
"A Cio strategy alows a company to take
Saritcing security or control. advantage of
cloud-based
management of th

" Chalkenges of acloud strategy are as follows: services witho

s) Data socurity and compliance
t) Managing change in culture and process
c) Knowing which services tto move to
the cloud and keep
d) IT staffing and talent shortage on-premise
e) Network infrastructure
challenges
22 Cloud Strategy Management
Framework
Strategic management is the process of
untional decisions that enable an formulating, implementing,
organization to achieve its and evaluating eros
management model entails
evaluation.
strategy assessment, formulation / objectives. The strategi
planning, execution an
"What does strategic management do ?
1. Enables
organizations to keep a continuous monitoring on the
the organization. goals and objectives
2. It incorporates all
of the functional areas of the
functional area works well with each other. organization and ensures that eac
3. It gives a broader perspective to the
employees in how their jobs fit into t
organization goals and plans.
" Fig. 2.2.1 shows strategic management
framework.

TECHNICAL PUBLICATIONSan up-thrust for knowledge

Clxt Services Manazament 23 Clond Servicos Strategy

Ongong Assess
management

Learn
and adapf
Ecetna
Measure
performance

Strategic
Implementation management
performance
Alignment system SWOT

Sratocy Transform StrategC

directian
organization
Strategic Establssh
operating strategy
plan Strategic
plan

Fig. 2.2.1Strategic management framework

1. Every strategic management framnework starts with an assessment. This is the phase of
gathering data and information to understand the needs of the business, the company's
strategic direction and the initiatives that willassist in growth and expansion.
2. Environmental assessment : In this phase, the factor which influence he business they
are evaluated. Factors may be internal or external. AN internal factor contains
organizational structure, intemal processes and core competencies of the empkoyees.
External factors contains industry and socio-economic factors whch impact the
competitive position of the business.
3. Strategy formulation: This phase depends on result analysis. It decides the best course
of action for accomplishing the business's objectives and purpose. This is the stage to
develop a vision and mission, long term objectives, generate alternative strategies and
choose which strategies to pursue.
4. Strategic planning: Strategic planning is the process of converting the strategies into an
ntegrated plan of action that can be implemented. It also involves creating a strategic
plan which summarizes the time-phased outputs and drivers.
TECHNICAL PUBLICATIONs an up-thrust tor knowlecdge
 CloudServicesManagement
2-4 Cloud Services Strateo
5. Strategy execution : This is action taken plhase. It includes designing the organization's
setting policies, developing decision
distributing resources,
structure,
managing human
resources. making process,
6 and
Strategic management : Continues evaluation is required for successfu implementation,
Itreviewsthe intemal and external factors impacting the strategy, measures performancs
corrective actions.
and takes
2.3CloudPolicy
Cloud Policv is a clear
statement of intent, describing the execution of specific cloua
related activities in accordance with a standard model designed to deliver some
e A
improvement of business value. Cloud policy can be used for financial management, cos
perfornance management and network security.
optimization.
forfinancial management
Cloud policies
. It heips on controlling operational budgets and monitor cost trends. It also helps in
identifying sudden increases in cloud spend that could be indicators of a bigger
security problem.
optimizing the cloud costs and value through Cloud
" By managing and
Management (CFM), organizations can leverage the cloud to respond faster to Financial
Ling market conditions, deliver new products and services, scale up or down o
and assets.
needed. and protect their data
follow a frameuo
To implement cloud financial management organizations need to
.hat consists of five building blocks : inform, operate, optimize, plan and govern.
Fstablishing acloud financial management practice can also help cost optimizationf
process.
FinOps or Cloud Cos
.Cloud Financial Management (CM), als0 known as
software-as-a-service for
Management. Financial Operation or FinOps works as a
department.
seamless management of the financial
department. They also
FinOps works collaboratively with IT professionals and finance
transactions made by the company to
make the exchange of data on expenses and of data
help of regular monitoring
create monthly reports of expenses. With the
expenses of an organization.
FinOps professional tries to reduce the unwanted
2. Cost optimization cloud policies
optimization is a strategic approach to controlling and minimizing the
Coud cost services.
expenses associated with business' cloud computing

knowledge
TECHNICAL PUBLICATIONS®-an up-thrust for
Coud Services Management 2-5 Cloud Services Strategy

. The goal of cloud cost optimization is to gain better visibility into cloud environment
to ensure that resources are utilized effectively, balancing cost with performance,
security and availability.
Optimizing the cloud can reduce cloud costs, boost engineers' productivity and enable
companies to move more operations from their data centers to the cloud.
.If business operates in a multi-cloud or hybrid cloud environment and third party
software solutions are available from multiple vendors, then cost optimization cloud
policies are applied.
Cloud policy for performance management
. It enables user to specify performance thresholds for virtual machines and storage
volumes. So user can monitor asset utilization whether it is underutilize or over
utilize.

The application of cloud policies for performance management will affect the policies
put in place for financial management and cost optimization.
4, Network security cloud policies
" Maintaining a secure perimeter to allow only legitimate traffie onto network is critical
in the cloud and the leading cloud service providers acknowledge this by
supplying
tools to determine which users or group identities should have access to hosted
services and applications.
. Amazon and Microsoft both call their tools "Security
Groups", Google offers the
"Identity-Aware Service"

2.4 Key Driver for Adoption

" Cloud computing has revolutionized the way how technology
becomes accessible for
everyone. It offers a faster and more efficient way to run and adapt business
changing market environments. It simplifies the consumerization of operations to
technology.
"A well-planned cloud adoption strategy is critical to a
faster and more effective
implementation with reduced risk. However, there are three distinct areas of cloud adoption
that require unique approaches. These three areas of cloud adoption are:
1. Software as a Service (SaaS)for faster
access to modern functionality
2. Cloud Infrastructure Platforms (CIPS) for
creating unique functions
3. Migrating current and legacy
applications
" When formulating your cloud strategy,
evaluate each approach for a complete view that
weighs the trade-offs between management and
operational control.

TECHNICAL PUBLICATIONS- an up-thrust for knowledge

 Cloud Senices Vanagement ?-6
Cloud Services Sratex
Important drivers of cloud services adoption are as follows:
" agility
business
a) Increasing
b) Enforcing mobility
c) Reducing cost
d) Improving productivity
new business avenues
c) Creating
a) Increasing business agility : Business agility is main benefit and
cloudadoptionamong enterprises. It reduces business complexity. key driver
b) Reducing cost :
Cloud computing enables
organizations to reduce belhing
consolidation, thin clients and community cost sharing. cOst
c) Enforcing mobility : Cloud computing is enabling employees to
through serve
anv time and on any device. work at any a
: Usee of place,
d) Improving productivity cloud-basedtools for email, instant
communication. information sharing and development, event messaging, voicand
conferencing is becoming an increasingly common feature of business life.
Creating new buusiness avenues : An enterprise can get new
scheduling
e)
provider of cloud services or added services. business opportunities as
25 Risk Management
. Arisk is the possibility of losing, damaging or destroying your assets or data due to a
Cloud-hased information systemns are exposed to threats that can have threat
adverse effects or
organizational operations, assets and individuals.
. Cloud risk management is the process of identifying, assessing, mitigating and continual
monitoring threats within an organisation's cloud computing environment. Developing
cloud risk management strategy requires company to take an accurate inventory of th
asets within its network, identify the risks that each presents and deternine the best wayt
prevent them from being realised.
. Risk management allows organizations to prevent and mitigate any threats, servic
disruptions, attacks or compromises by quantifying the risks below the threshold of
acceptable level of risks. Risk management process are as follows:
a) ldentify the risk
b) Analyze the risk
c) Evaluate the risk
d) Treat the risk
e) Monitor or reviewthe risk

for knowiledge
TECHNICAL PUBLICATIONS-an up-thrust
Ctoud ServIces Managemet 2-7 Cloud Services Strategy
strategy is as follows :
Subsequently, the process for creating a cloud risk manayement
present within the cloud environment,
" Pisk identification : Determining all the risks surface.
extent of their risk profile and attack
allowing companies to determine the full of its
scope of each risk, í.e., the likelihood
L Risk assessment Analyzing the
security teans can evaluate the risk
pccurrence and potential severity. After analysis,
as low, "moderate", and high."
and assignits mitigation a priority - such
policies and controls to mitigate risk
Risk mitigation : Implementing the appropriate
ie., potential for the highest
factors, starting with those with the highest priority,
negative impact.
the effectiveness of the implemented
) Continuous monitoring and review : Tracking must constantly review
security teams
risk mitigation measures. Additionally,
seek out new risk factors as
previously identified risks to re-evaiuate their priority and
environment.
they add newapplications, users, etc. to the
security risks include :
. Common cloud
hijacking, weak
a) Unauthorised access : Credential theft (c.g., phishing), account
access controls, over-privileged account permissions.
sensitive data.
b) Data breaches : Loss, theft, disclosure, etc., of
ransomware,
c) Malware : The infection of your cloud environment with viruses,
Trojans, rootkits, etc.
d) Misconfiguration : Open ports, inadvertent internet-facing assets, insecure network
configurations.
e) Application and system vulnerabilities : Unpatched software, lack of updates to
firmware and hardware.

2.5.1 Types of Risks in Cloud Computing

1. Data breach : Data breach stands for unauthorized access to the confidential data of the
organization by a third party such as hackers. In cloud computing, the data of the
organization is stored outside the premise, that is at the endpoint of the Cloud Service
Provider (CSP). Thus any attack to target data stored on the CSP servers may affect alf
of its customers. Managing data risk includes mitigating all factors that could
compromise your data's confidentiality, integrity or availability, i.e., the CIA triad. This
includes data loss, leakage, unintended modification and policies and controls related to
Identity and Access Management (IAM).
2. Compliance risk : As well as needing cyber security measures to protect senstive
customer data, an organization's policies and controls pertaining to data privacy must
comply with various legislative or industry regulatory requirements.

TECHNICAL PUBLICATIONS®- an up-thrust for knowledge

Cloud Services Management 2-8 Cloud Services Strategy

3. Cloud vendor risk : Every company's cloud computing environment is composed of

applications, systems and platfoms provided by different vendors. Depending on a
vendor's commitment and ability to develop secure software, its products may contain
vulnerabilities that malicious actors can exploit. By then using that software, we have
added another attack vector to cloud environment and increased the risk within it. Cloud
services can also increase the prevalence of shadow IT, ie., a business unit's use of
applications or systems without its IT department's knowledge or approval. This
increases cloud vendor risk and introduces security risk as security teams aren't aware
of the service to monitor it.
4. Availability risk : With company's infrastructure and data located in a cloud, user are
mor dependent on a reliable internet connection than a with traditional local network
setup. While a cloud environment enables access from any internet-enabled device, if an
employee can't establish a reliable connection, they're restricted in their ability to do
their job.
under two
" Arart from these risks, cloud computing possesses various security risks bound
main categories : Internal security risks and External security risks.
aternal security risks :
Ynsider risk refers to security threats that come from within our company. As well as
malicious activity such as theft, fraud or compromising data, insider threats include
non-intentional incidents such as divulging credentials in social engineering attacks
(phishing, etc.) or user error.
External security risks :
. Financial risk : The realization of any risk events described above carries
consequences for company - some of which will be financial. If, for example, we
suffer a data breach and one of our customers is impacted due to their sensitive data
being compromised, we may be liable to pay them compensation. Subsequently,
factoring in the potential financial consequences of cyber threats is essential when
conducting a cloud security risk assessment.
Reputational risk : As well as financial implications, risk events can incur
reputational costs for a company. In keeping with the example of a data breach, the
2
news of company being the victim of acyber attack willmake existing and prospective
customers wonder if their data is safe in user hands. If we are unable to alleviate their
fcars or, worse, continue to suffer data breaches, it could ireparably damage reputation
and negatively impact bottom line.

TECHNICAL PUBLICATIONS-an up-thrust for knowledge

loud Senvices Management 2-9 Cloud Services Strategy
2.5.2 Threats
Top threats identified by Cloud Security Alliance (CSA) of cloud computing are as
follows :
1 Insecure interface and APIs : Cloud computing providers expose a set of software
interfaces or APIs that customers use to manage and interact with cloud services.
Provisioning, management, orchestration and monitoring are all performed using these
interfaces.
. Remediation : Analyze the security model of cloud provider interfaces.
2. Malicious insiders : The threat of a malicious insider is well-known to most
organizations. The threat is amplified for consumers of cloud services by the
convergence of 1T services and customers under a single management domain,
combined with a general lack of transparency into provider procesS and procedure.
" Remediation : Determine security breach
notification processes.
3. Shared technology issues : laaS vendors deliver their services in a
scalable way by
sharing infrastructure.
" Remediation :Implement security best practices for
Monitor environment for unauthorized changes/activity.
installation/configuration.
4. Data loss or leakage : There are many ways to compromise data.
of records without a backup of the original content is an
Deletion or alteration
obvious
record from a larger context may render it unrecoverable, as can example.onUnlinking a
storage unreliable
media. Loss of an encoding key may result in effective destruction.
" Remediation : Implement strong API access
control. Encrypt and protect integrity of
data in transit.
5. Account or service hijacking : Attack methods such as
of software vulnerabilities still achieve results. phishing, fraud and exploitation
Credentials and passwords are often
reused, which amplifies the impact of such attacks.
Remediation : Prohibit the sharing of account credentials between users and
Leverage strong two-factor authentication techniques where services.
proactive monitoring to detect unauthorized activity. possible. Employ
.5.3 Benefits of Cloud Risk
Management
Stronger cloud security posture
Proactive cyber threat mitigation
Improved business continuity and disaster recovery
Reduced costs
Increased compliance
TECHNICAL PUBLICATIONs an up-thrust for knowledge
 2- 10 Cioud Sorvices Strategy
Cloud Services Management

2.6 IT Capacity and Utilization

capacity, is the maximum amount of
" The capacity. in regards to organizational resource
effective.
output that can be produced in a given period of time through
future resources utilization for holding.
" The 1T capacity plan is derived from the current and
fact that servers average
storing and accommodating the software services. It is a given
%. By contrast, when
utilization in the traditional data center is between 5 % and 20
is that utilization should
planning capacity in the cloud, the basic working assumption
and future trends.
match the demand at alltimes and support temporary demand peaks
depending on your cloud
When measuring cloud capacity, there are various approaches estimating and
provider, platform and tools. Cloud capacity planning is the process of
applications and services, based
allocating the optimal amount of cloud resources for user
on current and future needs and goals.
prevent cloud waste. Still, it's also
" The primary purpose of cloud capacity planning is to run on the
critical to maintain an appropriate capacity for the services and applications that
experience
pubfic cloud. To make the most of cloud investment while providing a positive
for clients and commercial users, use capacity management tool to :
1. Examine existing environment utilization to identify configuration changes that can be
made to enhance the efficiencyof cloud-based solutions.
2. identify potential configuration changes that could increase performance.
3, Assess cloud assets for additional chances for productivity or performance
improvement, such as discovering resources that have yet to be appropriately retired or
resources that are still available but are not in use.

4. Develop new guidelines for cloud capacity planning based on data-driven suggestions,
such as size, underutilized or overprovisioned capacity, etc.
IT capacityplanning is part of the capacity management process. The IT capacity planning
process provides insight into business needs, existing capacity, gaps and financial strain.
and offes an impact assessment.
1 Estimate storage, hardware, software and infrastructure requirements : Assess
and forccast future requirements to ensure that you purchase just enough resources to
meet needs.
2. Evaluate existing capacity : Take an in-depth look at your current production
schedule to analyze the performance of resources, usage, utilization and workload.
3. Identify gaps : Perform an analysis that defines how capacity should Jook compared
to current capacity. This helps you illustrate the gap in capacity.

TECHNICAL PUBLICATIONSan up-thrust for knowledge

 Cloud Servicos Managoment
2-11
4.
Identify alternatives : Define the other Cloud Services Strategy
example, use external capacity options available to fill the capacity
gaps. For
resources, or even do nothing and resources, inchoose specific timing for additional
reevaluate the
5. Assess
financial requirements : Understand the future.
alternatives. Capacity planning should help you financial needs associated with all
6. Understand the
impact on quality : Evaluateminimize costs by planning ahead.
the effect of
gaps vs. doing nothing. What is the addressing the capacity
7. Finalize the plan : impact with and without capacity
Conclude the capacity plan after adjustments ?
business partners and stakeholders. collectíng and analyzing data with
8. Implement the plan :
Execute the capacity plan to meet future
9. Monitor :
Capacity planning is not an isolated activity. Be capacity requirements.
data collection, analysis and sure to perform contínuous
and reduce monitoring to minimíze downtime, optimize resources,
unnecessary spending.
2.7 Demand and Capacity
. In
Matching
service industries the matching of
either toomuch demand for the capacity and demand is particularly difficult.
giving rise to unused capacity andcapacity, putting a strain on resources, or too little There is
a loss in revenue. demand,
" A service
organization with a fixed capacity may be faced with one of the
conditions :
following four
1.Excess demand : The demand
exceeds the maximum available
2. Demand exceeds the capacity.
optimum
use of capacity from the capacity level Optimum capacity refers to the
:
perspective of both, best
3. Demand and customers and the company.
supply are balanced at the optimum
situation. No one is turned away, no one is capacity : This is the ideal
receives quality service. overworked in the staff and customers
4. Excess capacity :
Demand is less than optimum capacity and
underutilized. In certain cases this may also pose the risk thattherefore resources are
d doubts about the service provider. customers may have
Yield management is a method for
managing demand and capacity profitably by service
organizations. It extensively uses computer based technology to study patterns in
behaviour in order to manage differential pricing. consumer
Yield management has gained
Widespread acceptance in airline and hotel industry.

TECHNICAL PUBLICATIONSan u-thrust for knowiedge

 Clod Servces Strategy

It
planning ams to match domand uith available reOurces. analyzes what
" Chood capiacity measuring their performance and predicting demand
systems are alrcady in place. allocate civud reurces based on that demand
Organizatinn can then rovision and
capscity-dennand management francwork.
. Fig. 2.71 shows fldertily usage patterms
bott shor term and
orgterm

Dnsnd managenent

Workload management

Translate customer
demands into
workloads put upon
critical components
Capacitymanagenent

Montot and collect pertormance

dt of cticat componertsin:
carent oonfiguratiorn

framework
Fig. 2.7.4 Capacity-demand management
:
as providers performtwo complementary management tasks
obligations are met as contracted with the
1. CapCN pianing to make sure that SLA
Service pnders and
workload to make the
CaatiEs optimization of resource utilization given specific
effciet use of the existing capacity.
cost efficient
The frst sk pertains to the long-term capacity management aimed at elastic
end users,
provsioing in scoordance with contracted SLAs. To protect SLAS with
sersices scale up and down dynamically.
services
The IaaS provider shouid plan capacity of the cloud in such a way that when
change re deands in response to environment conditions, the resources will
indeed pnoided with the contracted probability. At the same time, the laaS cloud provide
strives e minineliy Dser-provision capacity, thus minimizing the operational costs.
The second task pertains o short- and medium-term optimization of resource allocati
under the current workkoas, This optimization may be guided by different manageme
policies that support high-ievel business goals of an laaS provider.

TECHINICAL FUBLICATIONS-p-thrust for knoedge

 Maraomort 213 Cirset Saricos Strateay
28 Demand Queueing
Oueuing theory is a collection of mathematical modets of varions
or waiting lines arise when demand for a service facility
queuing systemis. (etes
exceeds the capacity of that facility
ie the customers do not get service imnmediately upon
reqest but must wat or the er ice
facilities stand idle and waiting for customers.
The queuing system in cloud service system consist of inpt oce ie.
source of reqets.
queuing process which has waiting requests in the quetE to be served,
ser ice prrcess
which comprises servers to process the various requests in the
qiee
Oueuing system is characterized by the components namely
a) Arrival rate : It describes the way the
population arrives either static or dy namcally.
b) Service rate :It describes how many
customers can be served hen the ser ice is
available.
c) No. of service channels : Service
channel contains single or mutiple
Customers enter
one of the parallel service channels and is
served by the customer
d) Queue discipline : Describes the
manner in which customers choose r the serv ice
like First in First out(FIFO), Last in First Out
(LIF0).
" Fig. 2.8.1 shows queuing system.

Input source Arrival Queuing Queue

process process
Serce
order

2 el Balking
Reneging Jockeyng
Fig. 2.8.1 Queuing system
" Queuing system may be finite capacity queuing
systems.
systems or infinite capacity queung
" Requests are generated at input source corresponding to uscrs
servers, the rate of arrival of request at the service whch s i serce fnm the
svstem IS deternet by the arIsa
process. Various rules are followed for the selection of
queue discipline or order. requests frm the queue AneWn as
" Service is rendered at a rate decided by the
service process De
requests and timing constraints, requests may balk. renege oe may npatient behav iNr ef
ea to jNcAey ing.
Balking is a prOcess in which requests do not enter the
quuc because of large wating e
expected. Request packets are dropped due to kot of trat n the
and requests gets shifted from one queue to queue kading to reneging
another rer t get quich ser ke in case ot
jockey ing,
TECHNICAL PUBL CATNNSan -theust tv kowiete
 Cd Services Sratn

Dennand qucueng in cloud empiting refers to the pcess of aanagingrequests from use
1Or appications for cud resures uhen those reurces are currently unavailable
msuffcieni o immoiatety fulfill those requests.
" Working of demand queeing in cloud computing :
a) Resoaree ava}ability monitoring: Cloud providers continuously monitor th
availabilty and utilizatiom of their resources, sach as Virtual Machines (VMs). storag
and netwking compnents.
h) Regest qoreing : Wen a user or application requests resources that are currentl
uNENai}abic in short supply. the request is placed into a queue. This queue may be
nanAged the cloud provider's infrastructure or implemented as part of the
catir's kogic.
rierity nansgement : Requests in the queue may have different priorities based on
Edrs sact as service level agreements (SLAS), subscription tiers or predefined rules
igher priority requests are typically processed ahead of lower priority ones.
d Reosroe alocation : As resources become available, the cloud provider allocates
those resciCÉS to the requests in the queue based on their priorities.
Queve mcnitoring and optimization : Cloud providers often employ sophisticated
alporithms to aptimize the queue management process. This may involve dynamically
adasting prioritics, preemptively provisioning resources based on predicted demand.
ealkocating resources from low-priority tasks to high-priority ones.
AFeedhack echanisms : Cloud providers may provide feedback to users or
anpications regarding the status of their equests in the queue, estimated wait times, or
ggestions for optimizing resource utilization.

2.9 Change Management

" Changc management is the process responsible for controlling the lifecycle of all
changes,
onableng beaefcisl changes to be made with minimum disruption to IT services. It refers to
aset of poicies and actions that ensure change is properly managed throughout every stage

he puose af change management is to control the lifecycles of all changes, allowing

changes to be made with minimal interruption to IT services.
considered as
Any acson takento imrove or alter services, intentional or unintentional is
change.
Iie prinsry objectise of change management is to enable beneficial changes to be made.
With minmun disruion ta IT services. Every change should deliver business value and
the change manageent processes should be geared towards enabling that delivery.

ECHACA PUBLICAIONS.an up-thrust for knowiedge

 Caatericns Strategy
Traditional IT environments require a considerahle ameant of planning for capacity
ngrades. This S not true of cloud environments, here afc-scaling ensures
be upgraded automatically, on demand. capacty can
Cloud environments also provide or facilitate the wse of a variety of
#itomation, inte ratn,
and deployment tools that allow the organization to make smail,
educe business risk and introduce business value at an insreased rate.
frguent chanzes that
Traditionally, there are multiple change authorities dependest on the type of change. A
change of significant cost and risk could go all the way to the beard fox
approval. while a
Iow-levelchange might just require the data center manager
Fig. 2.9.1 shows change management process.

Monitor tdentify

Closure
Change
management
process

Implement
Approve

Fig. 2.9.1 Change management

process
Change management is the practice of monitoring resource
manage a baseline. A baseline is a snapshot of a set of confguratss to esabiish and
time. This snapshot enables us to identify configuratwes ta gven pent in
diferent configurati siales ef a given
configuration item.
" The purpose of change
management should be to control the cha ges made to the haselne
In a safe and controlled method. The scope of
it doesn't conflict with any Dev SecOps environmen baeline hecds o be defined so
practices that deliver their cWn change managemet
through a release nmanagement process.
Any configurations that are not managed by a Dev
should be tracked as a change Sects icase management pnxess
management proceSs

TECHNCAL PU8LICATIOSa up-rust fy Arow

Clou Services Managernet
2-16 Cloud Services Strategy
as follows :
Steps for changemanagement process are
for change review".
1. The initial process is kaown as "Request
consultants use it to determine
2. Change planning: Change manager and how achange
will be implemented.
3. Change approval : Change manager, customer and service providers utilize
to sign offon any upconming adjustment.
this form
4. Infrastructure change implementation : Change to the infrastructure can be
the help of tools used by specialists, made with
5. Application change implementation :lt is used by specialists, release
representative all use it to roll out application updates. manager, clien
6. Pianned change closure After modifications have been installed. specialists use it to
conduct production tests, and change supervisors use it to finalize the changes.
7. Emergency change : Release administrator follows this method when adjusting fix
problems.
8. Emergency change closure : This is used to wrap up and finalize urgent modification
by specialists and change supervisors.
2.10 Cloud Service Architecture
Cloud services are a range of IT applications and resources that include software
mfrastructure, and platforms hosted by third-party providers and delivered on-demand to
organizations and individual customers through the internet.
Cloud services facilitate the flow of data to and from the servers of cloud servic:
providers/vendors and user/customer servers and gadgets. Users can access cloud services
through a computer with an internet connection or a virtual private network. They allon
customers to forgo investment into the payment of software licenses and the acquisition o
süpparting network infrastructure and servers.
The cse of cloud services allows customers to access software, cloud storage, computing
powet, Tnfrastructure, and other services without the need for incurring maintenanc:
costs or carryingout software and hardware updates. Cloud service providers use varios
billing models to charge customers, which is dependent on the resources consumed. 9
are ustally pay-as-you-go plans on a monthly or annual subscription.
Cloud serVice architecturecontains following elements :
a Service consumption
b) Service usage and billing
Fi 2.10.1 shows cloud service architecture.

TECHNICAL PUBLICATIONS-an up-thrust for knowledge

Cloud Services Management 2- 17 Cloud Services Strategy

Cloud services

Benefits

Activities

Function Machine

Service consumption

Service usage and billing

Service security

Service monitoring and contro!

Self service

Service support
Service function

Service economics

Service chain entity

Fig. 2.10.1 Cloud service architecture

Cloud consumption is measured by the amount of data transferred to and fromn the cloud. as
well as the volume of computing and storage resources used. The number of cloud
services
used, the number of users, and the size of cloud storage, and
computing capacity all
contribute to the overall cloud consumption figure.
Service usage and billing:It generates bills for the resources used from the cloud
based on
predefined billing policies. This may include metering, billing. unit of measurement and
instrumentation.
Metering involves the measurement of various aspects of resource
utilization, such as
network bandwidth, storage volume or CPUcycles, depending on the specific
service. This
TECHNICAL PUBLICATIONS- an up-thrust for knowledge
 2- 18 Cloud Services Strategy
Clod Servces Managerent
and determine
measurement allows service providets to gather data on usage levels
appropriate charges for their services.
"Metering forns the basis for accurate billing, as it provides the iccessary data to calcul..
costs basecd on defined pricing rates and usage plans.
metered data. Once s
The billing process involves computing the charges based on the
usage levels have been measured. the billing system applies the relevant pricing rates
bil.
generate an invoice reflecting the actual usage. This ensures that subscribers are
accurately for the resources they haveconsumed, aligning costs with usage levels.
" Service security: It includes consumer access, authentication and authorization, usaes
permissions.
" Service monitoring and control includes map, instrumentation and monitoring boundar
Cloud monitoring works in real time alongside its on-premises and hybrid counterpart
This helps improve visibility across the entire environment, including storage, networks
and apps. Key capabilities of cloud monitoring tools include tracking the consumption and
traffic of cloud-hosted resources.
Self service enables auto-fix seripts, access to knowledge's etc.
" Service support of cloud service architecture will cover service level agreemem
commitments, product owners and resolver groups. SLAs can help protect a business from
downtime and data loss if things go wrong with a cloud provider's services.
" For example, network outages can occur when internet connectivity between two device
fails to establish successfully. This failure can be costly for businesses and may occur du
to power failure at one end of the connection, natural disaster disrupting cables/satellites, o
human error on either side of the connection.
" Service function includes service name, function, description, status, utility and warranty.
" Service economics deals with the principles costs and benefits of cloud computing
includes cost management, cost model etc.
" In service chain entity, all parties are involved in the cloud service supply chain includin:
creator, provider, supporter, consumer and payer.
Benefits of cloud services:
1. Scalability : Cloud services' ability to scale as per business needs is an invaluabik
attribute.
2. Low cost : Cloud services allow customers to access cloud storage, applicat
software, and backup facilities without the need to invest in IT hardware and softwa
infrastructure.
3. High processingspeeds : Cloud services use advanced algorithms which otimiz
servers and find themost efficient routes to guide data traffic.

TECHNICAL PUBLICATIONS"- an up-thrust for knowledge

 Cloud Services Management 2-19 Cloud Services Strategy

Enhancedflexibility : Organizations enjoy the flexibility to use cloud services when in

need only, which reduces costs.
Data security : Cloud services are obliged to use the latest and most efficient data
security measures due to the large quantity of data handled through their cloud systems
2.11 Two Marks Questions with Answers
Q.1 Explain cloud risk management.
Ans. : Cloud risk management is the process of identifying. assessing. mitigating, and
eontinually monitoring threats within an organization's cloud computing environment.
Developing a cloud risk management strategy requires company to take an accurate inventory of
he assets within its network, identify the risks that each presents, and determine the best way to
prevent them from being realized.
02 List two functions of cloud management.
Ans. : Functions of cloud management are:
1. Managing the infrastructure of the cloud.
2. Managing the cloud application
0.3 What are the challenges of a cloud strategy ?
Ans. : Challenges of acloud strategy are as follows :
" Data security and compliance
Managing change in culture and process
" Knowing which services to move to the cloud and keep on-premise
" IT staffing and talent shortage
. Network infrastructure challenges

Q.4 Explain internal security risks.

Ans. : Insider risk refers to security threats that come from within our company. As well as
malicious activity such as theft, fraud or compromising data, insider threats include non
ntentional incidents such as divulging credentials in social engineering attacks (phishing. etc.)
or user error.

Q.5 What is yield management ?

Ans. : Yield management is a method for managing demand and capacity profitably by service
ganizations. It extensively uses computer based technology to study patterns in consumer
Enaviour in order to manage differential pricing. Yield management has gained widespread
Pceptance in airline and hotel industry.

TECHNICAL PUBLICATIONS- an up-thrust for knowledge

Ckwd Sercas Menag 2- 20 Cloud Services Strategy

Q.6Defina cloud capacity planning.

analyzes wh.
Ans.: dcanacits päriningais to match demand with available resources. It
Systems are already in place measuring their performance and predicting demand. Organizatiox
demand.
can then provisiOn andallocate cloudresources based on that
Q7 What is change management ?
establish
Ans. :Change msnagement is the practice of monitoring resource configurations to
in
and manage a baseline A baseline isa snapshot ofa set of configurations at a given point
time. This sapshot enables us to identify different configuration states of a given configuration

Q8What is Senice-Level Agreements?

(either internal
Ans. :Senice Level Agreement (SLA) is a contract between a service provider
from the service provider
of extenaly and the end user that defines the level of service expected
a9 Describe cloud policy.
execution of specific
Ans. À Ckoud Policy is a clear statement of intent, describing the
designed to deliver some
cioud elated activities in accordance with a standard model
management, cost
STHONement of business value. Cloud policy can be used for financial
optimizztion, periormance management and network security.
Q10 What does strategic management do ?
Strategic. management enables organizations to keep a continuous monitoring on the
Ans.
of the functional areas of the
goals ad obyectives of the organization. It incorporates all
well with each other.
organiZation ardensures that each functional area works
Q11What is demand queuing ?
managing requests from
Ans DBenand queuing in cloud computing refers to the process of unavailable or
those resources are currently
sers Ot applkcations for cloud resources when
nsufiCIet to immediately fulfill those requests.