1

MODULE-2
INFRASTRUCTURE AS A
SERVICE
 Pre-Requisites 2

 Chart on resources between 3 Service Models

 Difference between IAAS, PAAS and SAAS

Index on Module-3
 Overview of IaaS,
 Introduction to IaaS providers (AWS, Azure, Google Cloud Platform),
 Introduction to Virtualization technologies (KVM, Xen, VMware),
 Networking in IaaS (VPC, subnetting, routing),
 Storage in IaaS (block storage, object storage),
 Networking in IaaS (VPC, Subnets, Security Groups)
 Responsibility Chart on resources between 3 Service Models
Below chart shows different ways in which responsibility can be divided up
between a cloud service provider and a user.

ao
S R
i t h
Am

3
 Continued - Responsibility Chart

- The primary distinction is how much of the total software and hardware
stack is managed by the user vs. by the cloud provider.

o
- In the on-premises model at the left, there is no cloud provider, and

Ra
everything is the responsibility of the user. As you move from left to right,
each deployment model increases the role of the cloud service provider,

S
and consequently offloads work from the user.

h
i t
Am

4
 Difference between IAAS, PAAS and SAAS
Basis Of IAAS PAAS SAAS
Infrastructure as a Software as a
Stands for Platform as a service.
service. service.

1 Uses
IAAS is used by network
architects.
ao
PAAS is used by developers.
SAAS is used by
the end user.

S R
IAAS gives access to the PAAS gives access to run time

h
SAAS gives

t
resources like virtual environment to deployment

i
2 Access access to the end
machines and virtual and development tools for
user.

m
storage. application.

A It is a service
It is a service model that It is a cloud computing model model in cloud
provides virtualized that delivers tools that are computing that
3 Model
computing resources used for the development of hosts software to
over the internet. applications. make it available
to clients.
5
 Basis Of IAAS PAAS SAAS

There is no requirement
Technical Some knowledge is
It requires technical about technicalities
5. understandi required for the
knowledge. company handles
ng. basic setup.
everything.

ao
It is popular among
S R
It is popular among
developers who
It is popular among
consumers and
6. Popularity developers and

i
researchers.
t h focus on the
development of
apps and scripts.
companies, such as file
sharing, email, and
networking.

Percentage Am
It has around a 12% It has around 32%
It has about a 27 % rise in
7. the cloud computing
rise increment. increment.
model.

Used by the skilled Used by mid-level

Used among the users of
8. Usage developer to develop developers to build
entertainment.
unique applications. applications.
6
 Basis Of IAAS PAAS SAAS
Amazon Web Facebook, and MS Office web,
9. Cloud services. Services, sun, vCloud Google search Facebook and Google
Express. engine. Apps.

Enterprise AWS virtual private

o
10. Microsoft Azure. IBM cloud analysis.
services. cloud.

11.
Outsourced
Salesforce
RaForce.com,
AWS, Terremark

S
cloud services. Gigaspaces.

i t h
Operating System,
Runtime, Data of the

m
12. User Controls Nothing
Middleware, and application

AApplication data

It is highly scalable
It is highly scalable to
to suit the different
It is highly scalable suit the small, mid
13. Others businesses
and flexible. and enterprise level
according to
business
resources.

7
Overview of IAAS
- IaaS is one of the layers of the cloud computing platform. It allows
customers to outsource their IT infrastructures, such as servers,
networking, processing, storage, virtual machines, and other resources.
- Customers access these resources on the Internet using a pay-as-per-use

ao
model, and hence also known as Hardware as a Service.

R
- IaaS is one of the 3 types of cloud services, along with Software as a

S
Service (SaaS), Platform as a SService (PaaS).
- Security is a major concern for organizations that subscribe to IaaS

i t h
Am

8
 IaaS providers (AWS, Azure, Google Cloud Platform)
These cloud service providers support one or more of the 3 cloud
computing delivery models : IaaS, PaaS and SaaS.
1. Amazon(AWS) is a pioneer in IaaS introduced in 2000,
2. Google(Cloud Platform) efforts are focused on SaaS and PaaS delivery
models and
ao
R
3. Microsoft(Azure) is involved in PaaS
Amazon Web Services

h S
 AWS often considered the pioneer of cloud computing, launching its first
service back in 2006.
i t
Am
 Built an unmatched service range, covering possible cloud need, from
compute resources (like EC2) to advanced machine learning services.
 For businesses building a Web application or SaaS product, AWS provides
an excellent set of resources. Amazon RDS, for example, offers managed
relational databases, and Amazon S3 provides scalable object storage.
 AWS Lambda supports serverless computing, helping developers focus
more on their code and less on infrastructure management.
9
Azure: Microsoft's Powerhouse for Integrated Solutions

 Azure is Microsoft's offering in the cloud market, boasting seamless

o
integration with Microsoft's wide range of software, making it the go-to

a
choice for businesses deeply invested in the Microsoft ecosystem.

R
h S
 From a backend developer's perspective, Azure Functions provides a
compelling serverless experience, which is particularly well integrated
with other Azure services.
i t
Am
 Additionally, Azure's DevOps solutions are considered among the best,
offering a suite of services like Boards, Pipelines, Repos, and more.

10
Google Cloud Platform: AI and Machine Learning Focus
 Google Cloud Platform (GCP), newer to the scene than AWS or
Azure, stands out with its deep expertise in data analytics and
machine learning,
ao
S R
 GCP's BigQuery is a highly scalable and fast data warehouse
solution, appreciated by developers who need to handle massive
amounts of data.
i t h
Am
 For machine learning tasks, GCP offers AI Platform, providing tools
for the entire ML workflow.

 Besides, GCP's Firestore is an excellent choice for developers

building web applications needing a flexible, scalable NoSQL
database.

11
 IaaS provider provides the following services

Load balancers: provides load balancing capability at the infrastructure layer

Network: Network as a Service (NaaS) provides networking components

ao
such as VLANs, routers, switches, and bridges for the VMS.

S R
Compute: Computing as a Service includes virtual central processing

h
units(CPU) and virtual main memory for the Vms that is provisioned (server

i t
virtualization)to the end- users.

Am
Storage: IaaS provider provides back-end storage for storing files.

Note: VMS stands for Vendor Management Systems, software or online applications
that facilitate the procurement of staffing services between employers and the
staffing suppliers who match them with contingent labor.

12
 Key Benefits of IaaS

1. Shared infrastructure
IaaS allows multiple users to share the same physical infrastructure.

2. Web access to the resources

ao
Iaas allows IT users to access resources over the internet.

S R
-Customer issues administrative command to run the virtual machine that
cloud provider owns to start web server or to install new applications or
to save data on cloud server.
i t h
Am
3. Pay-as-per-use model
IaaS providers provide services based on the flexible and efficient renting
of computer hardware like virtual machines, storage devices, bandwidth,
IP addresses, monitoring services, firewalls, etc. are made available to the
customers on rent
. The users are required to pay for what they have used.

13
4. Focus on the core business
IaaS providers focus to scale on the organization's core business of the
user rather than on IT infrastructure.

5. On-demand scalability and flexibility

ao
On-demand scalability is one of the biggest advantages of IaaS-

S R
resources can be deployed by the provider to a customer’s environment
at any given flexible time. Using IaaS, users do not worry about to

t h
upgrade software and troubleshoot the issues related to hardware
components.
i
Am
6. Portability, interoperability with legacy applications
It is possible to maintain legacy between applications and workloads
between IaaS clouds. For example, network applications such as e-mail
server or web server that normally runs on customer-owned server
hardware can also run from VMs in IaaS cloud.

14
IaaS examples

IAAS is the base layer of a CC model and is the foundation of most applications
today.

Some common eg are :--

• Amazon Web Services
ao
• Microsoft Azure
• Google Compute Engine (GCE)
S R
h
• DigitalOcean
• Linode
• Rackspace
i t
• Cisco Metapod

Am
IaaS pricing follows a similar model to SaaS but focuses more on the actual
usage of the infrastructure resources. It's common for IaaS pricing models to
bill for read, write, queries, use, etc..

15
 Cloud Computing at Amazon (AWS)
Amazon Web Services: Elastic Compute Cloud (EC2) is web service with the simple
interface of launching the instances of an application under several operating
system. An instance is a virtual server. It is on automated distributed systems.

ao
S R
i t h
Am

16
Simple Storage System(S3) is a storage service designed to store large objects
with write, read and delete functions. Can handle unlimited number of objects.
Objects are inside buckets.

ao
Elastic Block Store (EBS) provides persistent block-level storage volumes for

R
use. Supports the creation of the snapshots of the volume of storage attached
to an instances and then uses them to restart an instance.

h S
t
Simple DB is a nonrelational data store that allows developers to store and

m i
query data items via webservice request. Automatically manages infra structure
provisioning replication and indexing of data items and performance tuning.

A
Simple Queue Service (SQS) is a hosted message queue. SQS is a system for
supporting automated workflows which allows sending and receiving of SQS
messages.

17
CloudWatch is a monitoring infrastructure used by developers or Administrators
to track the optimizing of the performance of the application and then trying to
increase the optimization. Uses graph and metrics.

ao
Elastic Beanstalk, a service that interacts with AWS services for Auto Scaling of

R
codes in a file(say .war files) using management console and then deployed .
Same as Elastic load balancing which interacts with other services

h S
t
What is NAT and why is it used?

m i
NAT stands for Network Address Translation. It's a way to map multiple private
addresses inside a local network to a public IP address before transferring the

A
information onto the internet

18
 AWS vs. Azure vs. Google Cloud : the key differences
Features Amazon Microsoft Azure Google Cloud
Age 11 years old 5 years old 6 years old
Per second pricing with a
Pricing Per-minute basis Per-minute basis
60-second minimum

o
EC2 (Elastic Compute
Cloud) provides all the
computing administration.
The program oversees
Ra
With Microsoft Azure,
you can create
As part of GCP
(Google Cloud

S
Comput Platform), GCE
virtual machines, which virtual machines and
e (Google Compute

h
can either be designed by scale sets for virtual

t
Engine) does a

i
the owner or have pre- machines.
similar function.

m
configured settings for
convenience

A
AWS provides apportioned,
transient (brief)
Azure uses ID drives
(transient capacity),
and Page Blobs VM-
Comparatively,
Google's Cloud
Platform offers both
based volumes are
stockpiling. As soon as an brief stockpiling and
Storage stored in Block
instance begins, it is constant circles. For
Storage (Microsoft's
demolished at the end of Object stockpiling,
choice). Object
the case. GCP has Google
Storage uses Square
Cloud Storage.
Blobs and Files.
19
 Virtualization technologies (KVM, Xen, VMware)

What is Virtualization ?

Kernel-Based Virtual Machine (KVM)

support for virtual machines on Linux.

ao
KVM is a component of Linux operating system component that provides native

S R
- The purpose of KVM is to provide the ability of virtualization to Linux.

h
- It is an open-source technology which provides which allows Linux machines

i t
(host) to run different environments called virtual machines.

m
- Each virtual machine represents a different Linux process.

A
- Each VM has its own copy of hardware such as memory, processor, and software
this allows to use of resources to a greater extent causing more reliability.

Another definition-KVM
- KVM is an open source virtualization technology built into Linux.
- Specifically, KVM lets you turn Linux into a hypervisor that allows a host machine
to run multiple, isolated virtual environments called guests or virtual machines
(VMs).
20
Xen is a virtualization entity that comes under Linux. KVM is seen
as a superficial hypervisor module that is based on the Linux
kernel. Xen's supporting enterprises include Citrix, Novell, Oracle,
Ret Hat (RHEL5), and Virtual Iron.

ao
S R
i t h
Am

21
 Storage in IaaS (block storage, object storage)
Note:--First will understand cloud storage and then will know IaaS Storage.

Cloud storage is a virtual locker where we can remotely hide any data.

ao
S R
-When we upload a file to a cloud-based server like Google Drive,
OneDrive, or iCloud that file gets copied over the Internet into a data

t h
server that is cloud-based actual physical space where companies store
files on multiple hard drives.
i
Am
-Most companies have hundreds of the servers known as ‘server farms’
spreaded across multiple locations. So, if our data gets lost we will not
loose our data because it will be backed up by another location. This is
known as redundancy which keeps our data safe from being lost.

22
 What is Storage in IaaS?

IaaS providers offer 3 types of data storage

resources:

1) Block storage stores data in blocks like

an SSD or hard drive.
ao
2) Object storage stores data as objects
S R
programming.
i t h
similar to those in object-oriented

Am
3) File storage stores data as files like in a
NAS. Network-attached storage (NAS)
is a file-dedicated storage device
that makes data continuously available
for employees to collaborate
effectively over a network.
23
1. Block-Based Storage System :-

• Hard drives are block-based storage systems. Your operating system like
Windows or Linux actually sees a hard disk drive. So, drive on which you can
create a volume, and then you can partition that volume and format them.

ao
• For eg; If a system has 1000 GB of volume, then we can partition it into 800 GB

R
and 200 GB for local C and local D drives respectively.

S
• Remember with a block-based storage system, your computer would see a

h
t
drive, and then you can create volumes and partitions.

m i
A

24
2. Object-Based Storage System

•Here user uploads objects to a container i.e., Object Storage Container .

•This uses the HTTP Protocols with the REST
of the APIs (eg; POST, GET, PUT, SELECT, DELETE).

ao
you need to download some images, text, or
S R
•For example, when you connect to any website,

h
anything that the website contains. For that,

i t
it is a code HTTP GET request. If you want to

m
review any product then you can use PUT

A
and POST requests.

•There is no hierarchy of objects in the container.

Every file is on the same level in an
Object-Based storage system.

25
3. File-Based Storage System –

•In this, you are actually connecting through a Network Interface Card (NIC). You
are going over a network, and then you can access the network-attached storage
server (NAS). NAS devices are file-based storage systems.

ao
•This storage server is another computing device that has disk in it. It is already

S R
created a file system so that it’s already formatted its partitions, and it will share
its file systems over the network. Here, you can actually map the drive to its
network location.

i t h
•In this, like the previous one, there is no need to partition and format the volume

Am
by the user. It’s already done in file-based storage systems. So, the operating
system sees a file system that is mapped to a local drive letter.

26
 ao
S R
i t h
Am

27
 Networking in IaaS (VPC, subnetting, routing)

What is VPC ?
VPC stands for Virtual Private Cloud

ao
Amazon Virtual Private Cloud (Amazon VPC) is a service that allows its
users to launch their virtual machines(or AWS resources) in a protected as
R
well as isolated virtual environment/ virtual network defined by them.

S
t h
You have complete control over your virtual networking environment,
i
including a selection of your IP address range, the creation of subnets,

Am
and configuration of route tables and network gateways.

You can easily customize the network configuration for your Amazon
Virtual Private Cloud.
E.g., you can create a public-facing subnet for web servers that can access
to the internet and can also place your backend system such as databases
or application servers to a private-facing subnet.
28
You can provide multiple layers of security, including security groups and network
access control lists, to help control access to Amazon EC2 instances in each subnet.

VPC enables us to select the virtual address of our private cloud and we can also
define all the sub-constituents of the VPC like subnet, subnet mask, availability
zone, etc on our own.

ao
S R
i t h
Am

29
The Architecture of Amazon VPC

ao
S R
i t h
Am
The basic architecture of a properly functioning VPC consists of many distinct
services such as Gateway, Load Balancer, Subnets, etc.
These resources are grouped inside VPC to create an isolated virtual environment.
There are also security checks on multiple levels.
It is initially divided into subnets, connected with each other via route tables along
with a load balancer.
30
The following features help you configure a VPC to provide the connectivity that
your applications need:

Virtual private clouds (VPC)

A VPC is a virtual network that closely resembles a traditional network that you

o
would operate in your own data center. After you create a VPC, you can add
subnets.

Ra
S
Subnets
A subnet is a range of IP addresses in your VPC. A subnet must reside in a single

i t h
Availability Zone. After you add subnets, you can deploy AWS resources in your
VPC. To reduce traffic, the subnet will divide the big network into smaller,
connected networks

Route Tables Am
Routing uses route tables to determine where network traffic from your subnet or
gateway is directed. Route Tables are used to define the protocol for traffic routing
between the subnets

31
Network Access Control Lists (NACL):
Network ACL is the firewall or much like security groups for VPC by managing both
inbound and outbound rules. There will be a default NACL for each VPC that cannot
be deleted.

Internet Gateway(IGW): will make it possible to link the resources in the VPC to the
Internet.

ao
S R
Network Address Translation (NAT): Network Address Translation (NAT) will enable
the connection between the private subnet and the internet.

IP addressing
i t h
Am
IP addresses enable resources in your VPC to communicate with each other, and with
resources over the internet EC2 instances, NAT gateways and Network Load
balancers.
Some ranges are reserved for private subnet:
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Peering connections
Use a VPC peering connection to route traffic between the resources in two VPCs.
32
Gateways and endpoints
A gateway connects your VPC to another network. For example, use an internet
gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS
services privately, without the use of an internet gateway or NAT device.

o
VPC Flow Logs

interfaces in your VPC.

Ra
A flow log captures information about the IP traffic going to and from network

VPN connections

h S
i t
Connect your VPCs to your on-premises networks using AWS Virtual Private Network
(AWS VPN).

Traffic Mirroring
Am
Copy network traffic from network interfaces and send it to security and monitoring
appliances for deep packet inspection.

Transit gateways
Use a transit gateway, which acts as a central hub, to route traffic between your
VPCs, VPN connections, and AWS Direct Connect connections.
33
IPv4 stands for Internet Protocol version 4. It is the underlying technology
that makes it possible for us to connect our devices to the web. Whenever a
device accesses the Internet, it is assigned a unique, numerical IP address such
as 99.48

What is IPv4 address used for?

ao
S R
The IPv4 address is a 32-bit number that uniquely identifies a network interface
on a machine. An IPv4 address is typically written in decimal digits

Advantages of IPv4
i t h
m
IPv4 security permits encryption to keep up privacy and security.

A
IPV4 network allocation is significant and presently has quite 85000 practical
routers.
It becomes easy to attach multiple devices across an outsized network while not
NAT.

34
General Points to remember:-

1. VirtualBox is a powerful x86 hardware targeted at server and AMD64/Intel64

virtualization product for enterprise as well as home use.

large number of guest operating system

ao
2. VirtualBox runs on Windows, Linux, macOS, and Solaris hosts and supports a

S R
3. A host OS runs on hardware, while a guest OS runs on a VM.

i t h
4. Transactional data is information that is captured from

m
transactions. It records the time of the transaction, location, price, payment

A
method, quantities & Qualities associated with transaction.

5. VMware was the first commercially successful company to

virtualize the x86 architecture. VMware's desktop software runs
on Microsoft Windows, Linux, and macOS. VMware
software provides a completely virtualized set of hardware to the
guest operating system

35
 Networking in IaaS (VPC, Subnets, Security Groups)

VPCs, subnets, and security groups are fundamental building blocks for networking
in IaaS. They provide a comprehensive framework for creating secure, scalable, and
manageable network environments within the cloud.

ao
S R
i t h
Am

36
Virtual Private Cloud (VPC)

A VPC serves as a logically isolated section of the cloud, allowing you to

launch and manage AWS resources in a private network. It acts as a virtual
container for your cloud resources, providing a secure and scalable network
environment. VPCs enable you to:-
ao
ensuring privacy and security.
S R
1. Isolate Resources: VPCs isolate your cloud resources from other tenants,

i t h
2. Control Network Traffic: VPCs allow you to control network traffic using

m
route tables, network access control lists (ACLs), and security groups.

A
3. Create Private Networks: VPCs enable you to create private networks for
your resources, restricting access from the public internet.
4. Configure Internet Access: VPCs can be connected to the internet using
internet gateways or NAT gateways.

37
Subnets
A subnet represents a range of IP addresses within your VPC. It further
segments your VPC into smaller, logically isolated network partitions.
Subnets provide granular control over network traffic and enable you to:

ao
1. Isolate Resources within a VPC: Subnets allow you to isolate different
types of resources, such as web servers and database servers, within
the same VPC.

S R
i t h
2. Implement Network Policies: Subnets enable you to apply different
network policies, such as access control and routing rules, to specific

Am
groups of resources.
3. Improve Availability: Creating subnets across multiple Availability
Zones (AZs) enhances the availability of your applications by ensuring
redundancy in case of AZ failures.
4. Optimize Network Performance: Subnets facilitate efficient network
routing by minimizing traffic between different types of resources.
38
Security Groups
A security group acts as a virtual firewall, controlling inbound and
outbound traffic to your EC2 instances within your VPC. It allows you to
define rules that specify which types of traffic are allowed to enter or leave
your instances. Security groups provide:

ao
R
1. Granular Access Control: Security groups enable you to control access to
your instances based on source IP addresses, protocols, and port
numbers.
h S
i t
2. Flexible Traffic Management: You can create multiple security groups

m
and apply them to different instances or groups of instances, allowing

A
for flexible traffic management.
3. Enhanced Security: Security groups help protect your instances from
unauthorized access and potential cyberattacks.
4. Stateful Inspection: Stateful inspection allows security groups to track
the state of network connections, enhancing security by preventing
unauthorized traffic flows.
39
 a o
End of Unit-2
S R (IAAS)
i t h
Am

40