Cloud Computing

Unit III
1.LAYERED ARCHITECTURE
Generic Cloud Architecture Design:
An Internet cloud is envisioned as a public cluster of servers provisioned on demand to perform collective web
services or distributed applications using data-center resources.

❖ Cloud Platform Design Goals

❖ Enabling Technologies for Clouds
❖ A Generic Cloud Architecture Cloud Platform Design Goals

Scalability
Virtualization
Efficiency
Reliability
Security
Cloud management receives the user request and finds the correct resources. Cloud calls the provisioning services
which invoke the resources in the cloud. Cloud management software needs to support both physical and virtual
machines
Enabling Technologies for Clouds
• Cloud users are able to demand more capacity at peak demand, reduce
costs, experiment with new services, and remove unneeded capacity.
• Service providers can increase system utilization via multiplexing,
virtualization and dynamic resource provisioning.
• Clouds are enabled by the progress in hardware, software and
networking technologies
A Generic Cloud Architecture
• The Internet cloud is envisioned as a massive cluster of servers.
• Servers are provisioned on demand to perform collective web services
using datacenter resources.
• The cloud platform is formed dynamically by provisioning or
deprovisioning servers, software, and database resources.
• Servers in the cloud can be physical machines or VMs.
• User interfaces are applied to request services.
• The cloud computing resources are built into the data centers.
• Data centers are typically owned and operated by a third-party provider.
Consumers do not need to know the underlying technologies
• In a cloud, software becomes a service.
• Cloud demands a high degree of trust of massive amounts of data retrieved from
large data centers.
• The software infrastructure of a cloud platform must handle all resource
management and maintenance automatically.
• Software must detect the status of each node server joining and leaving.
• Cloud computing providers such as Google and Microsoft, have built a large
number of data centers.
• Each data center may have thousands of servers.
• The location of the data center is chosen to reduce power and cooling costs.
Layered Cloud Architectural Development

The architecture of a cloud is developed at three layers

• Infrastructure
• Platform
• Application
Implemented with virtualization and standardization of hardware and
software resources provisioned in the cloud.
The services to public, private and hybrid clouds are conveyed to
users through networking support
Infrastructure Layer
• Foundation for building the platform layer.
• Built with virtualized compute, storage, and network resources.
• Provide the flexibility demanded by users.
• Virtualization realizes automated provisioning of resources and
optimizes the infrastructure management process.
Platform Layer
• Foundation for implementing the application layer for SaaS
applications.
• Used for general-purpose and repeated usage of the collection of
software resources.
• Provides users with an environment to develop their applications, to
test operation flows, and to monitor execution results and
performance.
The platform should be able to assure users that they have scalability,
dependability, and security protection
Application Layer
• Collection of all needed software modules for SaaS applications.
• Service applications in this layer include daily office management work,
such as information retrieval, document processing, and authentication
services.
• The application layer is also heavily used by enterprises in business
marketing and sales, consumer relationship management (CRM) and
financial transactions.
• Not all cloud services are restricted to a single layer.
• Many applications may apply resources at mixed layers.
• Three layers are built from the bottom up with a dependence relationship
Market-Oriented Cloud Architecture
• High-level architecture for supporting market-oriented resource
allocation in a cloud computing environment.
• Users or brokers acting on user’s behalf submit service requests to the
data center.
• When a service request is first submitted, the service request examiner
interprets the submitted request for QoS requirements.
Accept or Reject the request.
 VM Monitor: Latest status information regarding resource availability.
 Service Request Monitor: Latest status information workload processing
 Pricing mechanism: Decides how service requests are charged.
 Accounting mechanism: Maintains the actual usage of resources by requests to compute the final
cost.
 VM Monitor mechanism keeps track of the availability of VMs and their resource entitlements.
 Dispatcher starts the execution of accepted service requests on allocated VMs.
Service Request Monitor mechanism keeps track of the execution progress of service requests.
Multiple VMs can be started and stopped on demand
Quality of Service Factors
QoS parameters
Time
Cost
Reliability
Trust/security
QoS requirements cannot be static and may change over time.
2.CLOUD REFERENCE ARCHITECTURE
Definitions
A model of computation and data storage based on “pay as you go”
access to “unlimited” remote data center capabilities.
A cloud infrastructure provides a framework to manage scalable,
reliable, on-demand access to applications.
Cloud services provide the “invisible” backend to many of our mobile
applications.
High level of elasticity in consumption.
NIST Cloud Definition:
• The National Institute of Standards and Technology (NIST) defines
cloud computing as a
"pay-per-use model for enabling available, convenient and on-demand
network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications and services) that can be
rapidly provisioned and released with minimal management effort or
service provider interaction."
Architecture

Architecture consists of 3 tiers

Cloud Deployment Model

Cloud Service Model

Essential Characteristics of Cloud Computing .

Essential Characteristics 1
• On-demand self-service.
◦ A consumer can unilaterally provision computing capabilities such as server
time and network storage as needed automatically, without requiring human
interaction with a service provider.
Essential Characteristics 2
• Broad network access.
◦ Capabilities are available over the network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client platforms
(e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloud
based software services.
Essential Characteristics 3
• Resource pooling.
◦ The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources dynamically assigned and reassigned according
to consumer demand.
Essential Characteristics 4
• Rapid elasticity.
◦ Capabilities can be rapidly and elastically provisioned - in some cases automatically - to quickly
scale out; and rapidly released to quickly scale in.
◦ To the consumer, the capabilities available for provisioning often appear to be unlimited and can
be purchased in any quantity at any time.
Essential Characteristics 5
• Measured service.
◦ Cloud systems automatically control and optimize resource . Resource usage can be monitored,
controlled, and reported - providing transparency for both the provider and consumer of the service.
NIST (National Institute of Standards and Technology Background)
The goal is to accelerate the federal government’s adoption of secure and effective cloud computing to
reduce costs and improve services.
Example Usage Scenario 1:
A cloud consumer may request service from a cloud broker instead of contacting a cloud provider directly.
The cloud broker may create a new service by combining multiple services or by enhancing an existing service.
Usage Scenario- Cloud Brokers
In this example, the actual cloud providers are invisible to the cloud consumer.
The cloud consumer interacts directly with the cloud broker.
Example Usage Scenario 2
Cloud carriers provide the connectivity and transport of cloud services from cloud providers to cloud
consumers.
A cloud provider participates in and arranges for two unique service level agreements (SLAs), one with a cloud
carrier (e.g. SLA2) and one with a cloud consumer (e.g. SLA1).
Usage Scenario for Cloud Carriers
➢ A cloud provider arranges service level agreements (SLAs) with a cloud carrier.
➢ Request dedicated and encrypted connections to ensure the cloud services.
Example Usage Scenario 3
For a cloud service, a cloud auditor conducts independent assessments of the operation and security
of the cloud service implementation.
The audit may involve interactions with both the Cloud Consumer and the Cloud Provider.
Cloud Consumer
The cloud consumer is the principal stakeholder for the cloud computing service.
A cloud consumer represents a person or organization that maintains a business relationship with, and
uses the service from a cloud provider.
The consumers of SaaS can be organizations that provide their members with access to software
applications, end users or software application administrators.
SaaS consumers can be billed based on the number of end users, the time of use, the network
bandwidth consumed, the amount of data stored or duration of stored data.
PaaS consumers can be application developers or application testers who run and test applications in
cloud-based environments,.
PaaS consumers can be billed according to, processing, database storage and network resources
consumed.
The consumers of IaaS can be system developers, system administrators and IT managers.
IaaS consumers are billed according to the amount or duration of the resources consumed, such as
CPU hours used by virtual computers, volume and duration of data stored.
Cloud Provider
A cloud provider is a person, an organization;
It is the entity responsible for making a service available to interested parties.
A Cloud Provider acquires and manages the computing infrastructure required for providing the
services.
Runs the cloud software that provides the services.
Makes arrangement to deliver the cloud services to the Cloud Consumers through network access.
Cloud Auditor
A cloud auditor is a party that can perform an independent examination of cloud service controls.
Audits are performed to verify conformance to standards through review of objective evidence.
A cloud auditor can evaluate the services provided by a cloud provider in terms of security
controls, privacy impact, performance, etc.
Cloud Broker
Integration of cloud services can be too complex for cloud consumers to manage.
A cloud consumer may request cloud services from a cloud broker, instead of contacting a cloud
provider directly.
A cloud broker is an entity that manages the use, performance and delivery of cloud services.
Negotiates relationships between cloud providers and cloud consumers.
Services of cloud broker
Service Intermediation:
A cloud broker enhances a given service by improving some specific capability and providing value-added
services to cloud consumers.
Service Aggregation:
A cloud broker combines and integrates multiple services into one or more new services.
The broker provides data integration and ensures the secure data movement between the cloud consumer
and multiple cloud providers.
Services of cloud broker
Service Arbitrage:
Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed.
Service arbitrage means a broker has the flexibility to choose services from multiple agencies.
Cloud Carrier
A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services
between cloud consumers and cloud providers.
Cloud carriers provide access to consumers through network.
The distribution of cloud services is normally provided by network and telecommunication carriers or
a transport agent
A transport agent refers to a business organization that provides physical transport of storage media
such as high-capacity hard drives and other access devices.
Scope of Control between Provider and Consumer
The Cloud Provider and Cloud Consumer share the control of resources in a cloud system
The application layer includes software applications targeted at end users or programs.
The applications are used by SaaS consumers, or installed/managed/maintained by PaaS
consumers, IaaS consumers and SaaS providers.
The middleware layer provides software building blocks (e.g., libraries, database, and Java virtual
machine) for developing application software in the cloud.
Used by PaaS consumers, installed/ managed/ maintained by IaaS consumers or PaaS providers,
and hidden from SaaS consumers.
The OS layer includes operating system and drivers, and is hidden from SaaS consumers and PaaS
consumers.
An IaaS cloud allows one or multiple guest OS to run virtualized on a single physical host. The
IaaS consumers should assume full responsibility for the guest OS, while the IaaS provider controls
the host OS
Cloud Deployment Model

• Public Cloud
• Private Cloud
• Hybrid Cloud
• Community Cloud
Public cloud
• A public cloud is one in which the cloud infrastructure and computing resources are made available to the general public
over a public network.

• A public cloud is meant to serve a multitude(huge number) of users, not a single customer.

• A fundamental characteristic of public clouds is multitenancy.

• Multitenancy allows multiple users to work in a software environment at the same time, each with their own resources.

• Built over the Internet (i.e., service provider offers resources, applications storage to the customers over the internet) and
can be accessed by any user.

• Owned by service providers and are accessible through a subscription.

• Services are offered on a price-per-use basis.

• Promotes standardization, preserve capital investment

• Public clouds have geographically dispersed datacenters to share the load of users and better serve them according to their
locations

• Provider is in control of the infrastructure

Examples:
Amazon EC2 is a public cloud that provides Infrastructure as a Service
Google AppEngine is a public cloud that provides Platform as a Service
SalesForce.com is a public cloud that provides software as a service.
Advantage

• Offers unlimited scalability – on demand resources are available to meet your business needs.

• Lower costs—no need to purchase hardware or software and you pay only for the service you use.

• No maintenance - Service provider provides the maintenance.

• Offers reliability: Vast number of resources are available so failure of a system will not interrupt
service.

• Services like SaaS, PaaS, IaaS are easily available on Public Cloud platform as it can be accessed
from anywhere through any Internet enabled devices.

• Location independent – the services can be accessed from any location

Disadvantage

• No control over privacy or security

• Cannot be used for use of sensitive applications(Government and Military

agencies will not consider Public cloud)

• Lacks complete flexibility(since dependent on provider)

• No stringent (strict) protocols regarding data management

Private Cloud
• Cloud services are used by a single organization, which are not exposed to the public
• Services are always maintained on a private network and the hardware and software are
dedicated only to single organization
• Private cloud is physically located at
Organization’s premises [On-site private clouds] (or)
Outsourced(Given) to a third party[Outsource private Clouds]
• It may be managed either by
Cloud Consumer organization (or)
By a third party
• Private clouds are used by
government agencies
financial institutions
Mid size to large-size organisations.
Advantage
• Offers greater Security and Privacy
• Organization has control over resources
• Highly reliable
• Saves money by virtualizing the resources

Disadvantage
• Expensive when compared to public cloud
• Requires IT Expertise to maintain resources.
Hybrid Cloud

• Built with both public and private clouds

• It is a heterogeneous cloud resulting from a private and public clouds.
• Private cloud are used for
• sensitive applications are kept inside the organization’s network
• business-critical operations like financial reporting
• Public Cloud are used when
• Other services are kept outside the organization’s network
• high-volume of data
• Lower-security needs such as web-based email(gmail,yahoomail etc)
• The resources or services are temporarily leased for the time required and then released. This
practice is also known as cloud bursting.
Advantage
• It is scalable
• Offers better security
• Flexible-Additional resources are availed in public cloud when needed
• Cost-effectiveness—we have to pay for extra resources only when needed.
• Control - Organisation can maintain a private infrastructure for sensitive application

Disadvantage
• Infrastructure Dependency
• Possibility of security breach(violate) through public cloud
Community Cloud

Community cloud is a cloud infrastructure that allows systems and services to

be accessible by a group of several organizations to share the information. It is
owned, managed, and operated by one or more organizations in the community, a
third party, or a combination of them.
Advantage

Cost effective
Community cloud is cost effective because the whole cloud is shared between several
organizations or a community.
Flexible and Scalable
The community cloud is flexible and scalable because it is compatible with every user. It allows
the users to modify the documents as per their needs and requirement.
Security
Community cloud is more secure than the public cloud but less secure than the private cloud.
Sharing infrastructure
Community cloud allows us to share cloud resources, infrastructure, and other capabilities among
various organizations.
Disadvantages

• There are the following disadvantages of Community Cloud -

• Community cloud is not a good choice for every organization.

• Slow adoption to data

• The fixed amount of data storage and bandwidth is shared among all community
members.

• Community Cloud is costly than the public cloud.

• Sharing responsibilities among organizations is difficult.

Cloud Service Models

• Software as a Service (SaaS)

• Platform as a Service (PaaS)

• Infrastructure as a Service (IaaS)

Software as a Service(SaaS)( Complete software offering on the cloud)

• SaaS is a licensed software offering on the cloud and pay per use
• SaaS is a software delivery methodology that provides licensed multi-tenant access to software
and its functions remotely as a Web-based service. Usually billed based on usage
◦ Usually multi tenant environment
◦ Highly scalable architecture
• Customers do not invest on software application programs.
• The capability provided to the consumer is to use the provider’s applications running on a cloud
infrastructure.
• The applications are accessible from various client devices through a thin client interface such as a
web browser (e.g., web-based email).
• The consumer does not manage or control the underlying cloud infrastructure including network,
servers, operating systems, storage, data or even individual application capabilities, with the
possible exception of limited user specific application configuration settings.
• On the customer side, there is no upfront investment in servers or software licensing.
• It is a “one-to-many” software delivery model, whereby an application is shared across multiple
users
Characteristic of Application Service Provider(ASP)

• Product sold to customer is application access.

• Application is centrally managed by Service Provider.

• Service delivered is one-to-many customers

• Services are delivered on the contract E.g. Gmail and docs, Microsoft SharePoint,
and the CRM software(Customer Relationship management)
SaaS providers

• Google’s Gmail, Docs, Talk etc

• Microsoft’s Hotmail, Sharepoint

• SalesForce,

• Yahoo

• Facebook
Infrastructure as a Service (IaaS) ( Hardware offerings on
the cloud)
• IaaS is the delivery of technology infrastructure (mostly hardware) as an on demand, scalable
service .
◦ Usually billed based on usage
◦ Usually multi tenant virtualized environment
◦ Can be coupled with Managed Services for OS and application support
◦ User can choose his OS, storage, deployed app, networking components
◦ The capability provided to the consumer is to provision processing, storage, networks, and other
fundamental computing resources.
• IaaS/HaaS solutions bring all the benefits of hardware virtualization: workload partitioning,
application isolation, sandboxing, and hardware tuning
• Sandboxing: A program is set aside from other programs in a separate environment so that if errors
or security issues occur, those issues will not spread to other areas on the computer.
• Hardware tuning: To improve the performance of system
• The user works on multiple VMs running guest OSes
• the service is performed by rented cloud infrastructure
IaaS providers

• Amazon Elastic Compute Cloud (EC2)

◦ Each instance provides 1-20 processors, upto 16 GB RAM, 1.69TB storage
• RackSpace Hosting
◦ Each instance provides 4 core CPU, upto 8 GB RAM, 480 GB storage
• Joyent Cloud
◦ Each instance provides 8 CPUs, upto 32 GB RAM, 48 GB storage
• Go Grid
◦ Each instance provides 1-6 processors, upto 15 GB RAM, 1.69TB storage
Platform as a Service (PaaS) ( Development platform)
• PaaS provides all of the facilities required to support the complete life cycle of building, delivering
and deploying web applications and services entirely from the Internet.

• Typically applications must be developed with a particular platform in mind

• Multi tenant environments

• Highly scalable multi tier architecture

• The capability provided to the consumer is to deploy onto the cloud infrastructure consumer
created or acquired applications created using programming languages and tools supported by the
provider.

• The consumer does not manage or control the underlying cloud infrastructure including network,
servers, operating systems, or storage.
Characteristics of PaaS Runtime framework:

Executes end-user code according to the policies set by the user and the provider.

• Abstraction: PaaS helps to deploy(install) and manage applications on the cloud.

• Automation: Automates the process of deploying applications to the

infrastructure, additional resources are provided when needed.

• Cloud services: helps the developers to simplify the creation and delivery cloud
applications.
PaaS providers

• Google App Engine

◦ Python, Java, Eclipse
• Microsoft Azure
◦ .Net, Visual Studio
• Sales Force
◦ Apex, Web wizard
• TIBCO,
• VMware,
• Zoho
Architectural Design Challenges

Challenge 1 : Service Availability and Data Lock-in Problem

Service Availability
Service Availability in Cloud might be affected because of
• Single Point Failure
• Distributed Denial of Service
Single Point Failure
• Depending on single service provider might result in failure
• In case of single service providers, even if company has multiple data centres located in different
geographic regions, it may have common software infrastructure and accounting systems.
Solution:
• Multiple cloud providers may provide more protection from failures and they provide High
Availability(HA)
• Multiple cloud Providers will rescue the loss of all data.
Distributed Denial of service (DDoS) attacks.
• Cyber criminals, attack target websites and online services and makes services unavailable to users.
• DDoS tries to overwhelm (disturb) the services unavailable to user by having more traffic than the
server or network can accommodate.
Solution:
• Some SaaS providers provide the opportunity to defend against DDoS attacks by using quick scale-
ups.
• Customers cannot easily extract their data and programs from one site to run on another.
• Have standardization among service providers so that customers can deploy (install) services and data
across multiple cloud providers.
Data Lock-in
• It is a situation in which a customer using service of a provider cannot be moved to
another service provider because technologies used by a provider will be
incompatible with other providers.
• This makes a customer dependent on a vendor for services and makes customer
unable to use service of another vendor.
Solution:
• Have standardization (in technologies) among service providers so that customers
can easily move from a service provider to another.
Challenge 2: Data Privacy and Security Concerns
Cloud services are prone to attacks because they are accessed through internet.
Security is given by
• Storing the encrypted data in to cloud.
• Firewalls, filters.
Cloud environment attacks include
• Guest hopping
• Hijacking
• VM rootkits.
Guest Hopping:
Virtual machine hyper jumping (VM jumping) is an attack method that exploits(make use of)
hypervisor’s weakness that allows a virtual machine (VM) to be accessed from another.
Hijacking:
Hijacking is a type of network security attack in which the attacker takes control of a
communication
VM Rootkit: is a collection of malicious (harmful) computer software, designed to
enable access to a computer that is not otherwise allowed.
A man-in-the-middle (MITM) attack is a form of eavesdroppping(Spy) where
communication between two users is monitored and modified by an unauthorized
party.
Man-in-the-middle attack may take place during VM migrations [virtual machine
(VM) migration - VM is moved from one physical host to another host].
Passive attacks steal sensitive data or passwords.
Active attacks may manipulate (control) kernel data structures which will cause
major damage to cloud servers.
Challenge 3: Unpredictable Performance and Bottlenecks
Multiple VMs can share CPUs and main memory in cloud computing, but I/O sharing
is problematic.
Internet applications continue to become more data-intensive (handles huge amount of
data).
Handling huge amount of data (data intensive) is a bottleneck in cloud environment.
Weak Servers that does not provide data transfers properly must be removed from cloud
environment
Challenge 4: Distributed Storage and Widespread Software Bugs
The database is always growing in cloud applications.
There is a need to create a storage system that meets this growth.
This demands the design of efficient distributed SANs (Storage Area Network of Storage devices).
Data centres must meet
• Scalability
• Data durability
• HA(High Availability)
Data consistence Bug refers to errors in software.
Debugging must be done in data centres.
Challenge 5: Cloud Scalability, Interoperability and Standardization
Cloud Scalability
• Cloud resources are scalable. Cost increases when storage and network bandwidth
scaled(increased)
Interoperability
• Open Virtualization Format (OVF) describes an open, secure, portable, efficient,
and extensible format for the packaging and distribution of VMs.
• OVF defines a transport mechanism for VM, that can be applied to different
virtualization platforms
Standardization
• Cloud standardization, should have ability for virtual machine to run on any virtual
platform.
Challenge 6: Software Licensing and Reputation Sharing
• Cloud providers can use both pay-for-use and bulk-use licensing schemes to
widen the business coverage.
• Cloud providers must create reputation-guarding services similar to the “trusted e-
mail” services
• Cloud providers want legal liability to remain with the customer, and vice versa.
Cloud Storage

• Storing your data on the storage of a cloud service provider rather than on a local
system.

• Data stored on the cloud are accessed through Internet.

• Cloud Service Provider provides Storage as a Service

Storage as a Service
Third-party provider rents space on their storage to cloud users.
Customers move to cloud storage when they lack in budget for having their own storage.
Storage service providers takes the responsibility of taking current backup, replication, and disaster
recovery needs.
Small and medium-sized businesses can make use of Cloud Storage
Storage is rented from the provider using a
• cost-per-gigabyte-stored (or)
• cost-per-data-transferred
The end user doesn’t have to pay for infrastructure (resources), they have to pay only for how much
they transfer and save on the provider’s storage.
Providers
• Google Docs allows users to upload documents, spreadsheets, and presentations to Google’s data
servers.
• Those files can then be edited using a Google application.
• Web email providers like Gmail, Hotmail, and Yahoo! Mail, store email messages on their own
servers.
• Users can access their email from computers and other devices connected to the Internet.
• Flicker and Picasa host millions of digital photographs, Users can create their own online photo
albums.
• YouTube hosts millions of user-uploaded video files.
• Hostmonster and GoDaddy store files and data for many client web sites.
• Facebook and MySpace are social networking sites and allow members to post pictures and other
content. That content is stored on the company’s servers.
• MediaMax and Strongspace offer storage space for any kind of digital data.