Cloud Computing

 Cloud computing denotes the utilization of applications

and services deployed across a distributed network,
leveraging virtualized resources.

 Its distinguishing feature lies in the conceptualization of

resources as virtual and boundless, with the user being
shielded from the intricacies of the physical systems
supporting the software.

 Applications operate on unspecified physical systems, data

resides in undisclosed locations, system administration is
outsourced, and user access is widespread.
 The term "cloud" in cloud computing embodies two
fundamental concepts:
 Abstraction
 Virtualization

 Abstraction: Consider a cloud-based email service like

Gmail. Users interact with Gmail without needing to know
the specifics of the servers, databases, or networking
infrastructure supporting the service.
 They don't need to worry about hardware failures,
software updates, or security patches.

 Virtualization: For instance, a company might use AWS to

spin up virtual servers when they experience a surge in
traffic to their website.
 The virtual servers run on shared physical hardware.

 Cloud computing employs virtualization to pool and share

resources efficiently.

 Provisioning of resources occurs on-demand from a

centralized infrastructure, with costs assessment based
on usage.

 Multi-tenancy is enabled, allowing shared use of

resources, and scalability is achieved with agility in
adapting to changing demands.

 The concept of cloud computing is further explained by

categorizing it into deployment model and service model.
Deployment Model:

 In understanding cloud computing, the deployment

model plays a pivotal role in determining where the cloud
is situated and its intended purpose.

 Four distinct deployment models are recognized:

 Public Cloud: Accessible to the general public,
managed by a third-party service provider.

 Private Cloud: Reserved for a specific organization,

offering a more exclusive and controlled environment.

 Community Cloud: Shared among several

organizations with common concerns, fostering
collaboration.
Public Cloud:
 Multi-tenancy: Resources are shared among multiple
users or organizations.

 Scalability: Users can easily scale resources up or down

based on demand.

 Pay-per-use billing: Users are charged based on their

usage of resources.

 Amazon Web Services (AWS): AWS offers a wide range of

cloud computing services, including computing power,
storage, and databases. AWS could be utilized for
various purposes such as website hosting, data analytics,
and machine learning.
Private Cloud:
 It can be hosted internally within the organization's data
center or by a third-party provider, offering more control,
security, and customization options.

 Single-tenancy: Resources are exclusively used by one

organization.

 Enhanced security and privacy: Organizations have full

control over data and security measures.

 Customization: Organizations can tailor the cloud

environment to meet their specific requirements.
  Microsoft Azure Stack: Azure Stack allows organizations
to deploy Azure services on-premises or in a hosted
environment.

 It provides consistent cloud infrastructure and services,

enabling organizations to build and run applications
seamlessly across hybrid cloud environments.

Community Cloud:
 It offers benefits of both public and private clouds while
promoting collaboration among community members.

 Shared infrastructure: Resources are shared among

multiple organizations within the community.
  Collaboration: Organizations collaborate to address
common concerns and requirements.

 Enhanced security and compliance: Community clouds

often adhere to specific industry standards and
regulations.

 They ensure compliance with healthcare regulations such

as HIPAA (Health Insurance Portability and Accountability
Act).

Hybrid Cloud:
 Integration: Hybrid clouds integrate resources and
applications across public and private cloud
environments.
 Flexibility: Organizations can dynamically move
workloads between different cloud environments based
on requirements.

 Optimization: Hybrid clouds enable organizations to

optimize cost, performance, and security based on
workload characteristics.

 Google Anthos: Anthos is a hybrid and multi-cloud

platform by Google Cloud. It enables organizations to
build, deploy, and manage applications across on-
premises, Google Cloud, and other cloud environments
seamlessly.

Service Model
 It delineates the type of services offered by the service
Software as a Service (SaaS)
 Users access software applications over the internet
without the need for local installation.

 SaaS is a complete operating environment with

applications, management, and the user interface.

 The application is provided to the client through a thin

client interface (a browser, usually). Example: Google
spreadsheet

 The customer’s responsibility begins and ends with

entering and managing its data and user interaction.

 Everything from the application down to the

infrastructure is the vendor’s responsibility
Platform as a Service (PaaS)
 Offers a platform allowing customers to develop, run, and
manage applications without dealing with the complexity
of infrastructure.

 PaaS provides virtual machines, operating systems,

applications, services, development frameworks,
transactions, and control structures. Example: Google
app engine

 The client can deploy its applications on the cloud

infrastructure or use applications that are supported by
the PaaS service provider.

 The service provider manages the cloud infrastructure,

the operating systems, and the enabling software.
Infrastructure as a Service (IaaS)
 Provides virtualized computing resources over the
internet, allowing users to run virtual machines and
manage storage.

 The IaaS service provider manages all the infrastructure

 The client is responsible for all other aspects of the

deployment.

 This can include the operating system, applications, and

user interactions with the system.
The service models are interrelated, forming a hierarchy that
defines the responsibilities of both the service provider and
the client in cloud computing arrangements.

The three different service models taken together have come

to be known as the SPI model of cloud computing.

Many other service models have been mentioned: StaaS,

Storage as a Service; IdaaS, Identity as a Service; CmaaS,
Compliance as a Service; and so forth.

However, the SPI services encompass all the other

possibilities.
NIST Definitions and Framework
 The U.S. National Institute of Standards and Technology
(NIST) provides working definitions for cloud computing.
 NIST's definitions illustrate the relationship between
service models, deployment models, and essential
characteristics of cloud computing.
 The current model does not cover intermediary services
such as transaction or service brokers, provisioning,
integration, and interoperability (crucial elements in
cloud computing).
 Given the emerging roles of service buses, brokers, and
cloud APIs, it is essential to enhance the NIST model to
capture the complete landscape of cloud computing.
Cloud Cube Model
 The Open Group maintains the Jericho Forum, which
focuses on protecting cloud networks.

 The Jericho Forum has introduced the Cloud Cube Model

to categorize cloud networks based on four dimensions.

 Cloud Cube Model Dimensions:

 Physical Location of Data: Internal (I) / External (E)
determines organizational boundaries.

 Ownership: Proprietary (P) / Open (O) measures

technology ownership, interoperability, data transfer
ease, and vendor application lock-in.
  Security Boundary: Perimeterised (Per) / De-
perimeterised (D-p) distinguishes whether operations
are inside or outside the security boundary or network
firewall.

 Sourcing: Insourced or Outsourced determines

whether the service is provided by the customer or
the service provider.

Cloud Cube Model States:

 Combining these dimensions yields eight possible cloud
forms (Per: IP, IO, EP, EO and D-p: IP, IO, EP, EO).

 The sourcing dimension addresses the deliverer of the

service.
Changing Notions in Cloud Computing
 The Cloud Cube Model challenges the traditional idea of a
network boundary defined by the network's firewall.

 It highlights how the type of cloud network used alters

the perception of where the boundary between the
client’s network and the cloud exists.
Per: IP (Perimeterized, Internal, Proprietary): A private cloud
deployed within a company’s own data center, managed by
its internal IT team.

Per: IO (Perimeterized, Internal, Open): A government

agency builds a cloud using OpenStack for its internal
operations.

Per: EP (Perimeterized, External, Proprietary): A company

rents servers from AWS but keeps them in a private network
(VPN).

Per: EO (Perimeterized, External, Open): A research

institution using an external OpenStack-based cloud for
secure data processing.
D-p: IP (De-Perimeterized, Internal, Proprietary): A
multinational company allows employees to remotely access
its private cloud from anywhere.

D-p: IO (De-Perimeterized, Internal, Open): A university hosts

an OpenStack cloud for students and faculty, accessible
globally.

D-p: EP (De-Perimeterized, External, Proprietary): A company

moves all its applications to AWS or Azure without using a
VPN.

D-p: EO (De-Perimeterized, External, Open): A public

research cloud that is open to anyone in the world.

Google Drive (Public Cloud) is External, Open, De-

Cloud Reference Model
 It is a conceptual framework or blueprint that provides a
high-level understanding of the key components,
relationships, and interactions within a cloud computing
environment.

 It serves as a guide for designing, implementing, and

understanding cloud-based systems.

 As you move upward in the stack, each service model

inherits the capabilities of the service model beneath it.

 IaaS has the least levels of integrated functionality and

the lowest levels of integration, and SaaS has the most.
There are five major actors in Cloud computing reference
model
 Cloud Consumer.

 Cloud Provider.

 Cloud Carrier.

 Cloud Auditor.

 Cloud Broker.

Each actor is an entity, may be a person or an organization

that participates in a transaction or process and/or performs
tasks in cloud computing.
Cloud Consumer
 A cloud consumer is a person or organization that uses the
cloud services such as SaaS, PaaS and IaaS.

 A cloud consumer browses the service catalog provided by a

cloud provider, and requests the appropriate service.

 Cloud provider sets up cloud environment for the service and

make a contract (Service Level Agreement(SLA)) with the cloud
consumer for the use of the service.

 SLA act as an agreement for technical performance

requirements provided by a cloud provider.

 When a company uses Google Workspace (SaaS), they agree to

Google’s SLA, ensuring 99.9% uptime.
Cloud Provider
 Responsible for making a service available to the cloud
consumer. Cloud provider may be a person, team or an
organization.

 A Cloud Provider maintains and manages the different

cloud computing services for the consumer and makes
arrangement to deliver the cloud services to the Cloud
Consumers using internet.

Cloud Auditor
 A cloud auditor is a dedicated team of technically skilled
person that can perform an independent examination or
review with the intent to express strength and weakness
and give some suggestion for improvement.
  Audits are performed to verify the standards of services
after checking the evidence.

Cloud Broker
 Some time services integrations becomes more complex
due to which it becomes difficult for the cloud consumer
to manage the cloud service.

 In such situation cloud consumer request cloud services

from cloud broker. Cloud Broker acts as mediator
between consumer and provider.

 A cloud broker manages the delivery of cloud services,

their performance and use.
 Cloud broker involves in three types of activities:
 Service Intermediation
 A cloud broker may enhance a given service by
improving some specific capability and providing
value-added services to cloud consumers.

 The improvement may be related to managing the

access to cloud services, identity management,
performance reporting, enhanced security, etc.

 Service Aggregation
 It can be seen as combining and integrating
multiple services into one or more services.
  The broker ensures the data movement between
the cloud consumer and multiple cloud providers
in secure manner.

 Service Arbitrage
 In service arbitrage the services to be aggregated
are not fixed in advance.

 Broker has the flexibility to select the services

from multiple agencies.

 The cloud broker, for example, can use a credit-

scoring service to measure and select an agency
with the best score.
Cloud Carrier
 Role of cloud carrier is to provide the connectivity and
transport of cloud services between cloud consumers and
cloud providers.
Scenario: A Company Needs Cloud Storage Integration

Imagine a company, uses multiple cloud storage services:

• Google Drive – For document collaboration.

• AWS S3 (Amazon Simple Storage Service) – For storing

large datasets.

• Dropbox – For file sharing among remote employees.

The company faces three main challenges:

• Employees use different platforms, causing confusion and
inefficiency.
• Some files are on Google Drive, some on Dropbox, and
company backups are on AWS S3.

• Managing different platforms manually is time-consuming

and prone to errors.

Solution: Cloud Broker as an Integrator

• A Cloud Broker helps integrate these services into a single
interface, enabling seamless file management.

• The broker automates data movement and unifies access.

How the Cloud Broker Works?
A cloud broker acts as an intermediary and provides three
key services:

Service Intermediation (Enhancing Features)

• The broker adds extra features to improve security and
usability.

• It ensures single sign-on (SSO), so employees don’t need

to log into Google Drive, AWS S3, and Dropbox separately.

• It applies access control—some employees may have

read-only access to Dropbox but edit access to Google
Drive.
• Example: The finance team can only view reports in AWS
S3.
The marketing team can edit campaign files on Google
Drive.
The legal team can download contracts from Dropbox.

Service Aggregation (Merging Multiple Services)

• The broker connects Google Drive, AWS S3, and Dropbox
into one dashboard.

• Employees can search for files across all platforms from a

single interface.

• It automatically syncs files between platforms.

• Example: When an employee uploads an invoice to Google
Drive, the broker automatically copies it to AWS S3 for
backup. A new contract uploaded to Dropbox is
automatically shared with the legal team’s Google Drive
folder.

Service Arbitrage (Choosing the Best Service Dynamically)

• The broker analyzes cost and performance and selects the
best cloud service.

• If AWS S3 storage costs increase, the broker moves old

files to a cheaper cloud (e.g., Dropbox or Google Drive).

• The company saves money while ensuring data

availability.
• Example: If Dropbox gives 10TB free storage for a limited
period, the broker migrates low-priority files to Dropbox. If
AWS S3 offers faster access for active projects, the broker
keeps current project files there.
The essential characteristics of cloud computing include:
 On-Demand Self-Service:

 Broad Network Access:

 Resource Pooling:

 Rapid Elasticity:

 Measured Service:

 Ubiquitous Access:

 Dynamic Scalability:
Some key advantages of cloud computing include:
 Cost Savings:
 Pay-as-You-Go Model:

 Resource Efficiency:

 Scalability:
 On-Demand Resources:

 Flexibility and Agility:

 Rapid Deployment:

 Global Accessibility:
 Reliability and High Availability:
 Redundancy:

 Service Level Agreements (SLAs):

 Automatic Updates and Maintenance:

 Security:
 Data Encryption:

 Access Controls:

 Collaboration Efficiency:
 Shared Resources:
 Innovation and Time-to-Market:
 Focus on Core Competencies:

 Faster Time-to-Market:

 Disaster Recovery and Business Continuity:

 Data Backup:

 Geographic Redundancy:

 Environmentally Friendly:
 Resource Optimization:

 Shared Infrastructure:
While cloud computing offers numerous advantages, there
are also potential disadvantages and challenges:

 Security Concerns: Data breach due to a cloud

misconfiguration, could expose millions of customers’
data.

 Downtime and Service Outages: If the provider has

issues, services become unavailable.

 Limited Customization and Control: Google Drive does

not allow users to change its backend storage structure.

 Costs Over Time: A startup using AWS for hosting might

find its monthly bill increasing as data usage grows.
 Risk of Data Loss: Data can be lost due to service
failures/ failed migration.

 Compatibility Issues: A company using Microsoft Azure

might face challenges integrating certain AWS-specific
tools.
Cloud architecture
 Client Infrastructure – It contains the applications and
user interfaces which are required to access the cloud
platform.
 A user accesses Google Docs through a web browser.

 Application – It refers to a software or platform which

client uses.
 Zoom runs as a cloud-based video conferencing
application.

 Service – It refers to cloud services like SaaS, PaaS and

IaaS.
 Dropbox (SaaS) allows users to store and share files.
 Runtime Cloud – It provides the execution and Runtime
environment to the Virtual machine.
 Just like JRE, AWS Lambda executes applications in real
time.

 Storage – It provides flexible and scalable storage service

and management of stored data.
 Google Photos stores and organizes images.

 Infrastructure – It refers to the hardware and software

components of cloud like servers, storage, network
devices, virtualization software etc.
 Amazon EC2 provides virtual servers for developers.
 Management – It refers to management of backend
components.
 Microsoft Azure Monitor tracks cloud performance.

 Security – It refers to implementation of different security

mechanisms
 AWS Identity & Access Management (IAM) controls
access to cloud services.

 Internet – Internet connection acts as the medium or a

bridge between frontend and backend to establish
communication between them.
 Composability: Cloud computing emphasizes the ability
to build applications from component parts (modularity).
 This allows for modular, reusable, and replaceable
components, making system design easier to
implement and solutions more portable and
interoperable.

 Microservices architecture in Netflix – different services

like user authentication, streaming, and
recommendations function independently.

 Infrastructure Components: The infrastructure

components of cloud computing include virtual machines,
virtual storage, and virtualized resources.
 These components are essential for creating scalable
and on-demand cloud services.
 The Virtual Machine Monitor (VMM/ hypervisor) is the
low-level software that allows different operating
systems to run in their own memory space and
manages I/O for the virtual machines.

 Xen Hypervisor in Amazon EC2.

 Virtual Machines (VMs): Running Windows OS on a Mac

using VMware.

 Virtual Storage: Google Cloud Storage dynamically

expands as data grows.

 Virtualized Resources: Shared CPU, memory, and

networks.
 Platform Services: Platforms in the cloud are software
layers used to create higher levels of service.

 They offer hosted hardware and software needed to

build and deploy web applications or services,
providing a range of capabilities for developers.

 Google App Engine provides tools to build and run

web applications without managing the infrastructure.

 Like Windows, Google App Engine is an OS for web

apps.

 Developers upload code, and Google handles

everything else—server setup, scaling, and security.
 Virtual Appliances: Virtual appliances are software
modules installed on virtual servers, serving as
standardized components for assembling more complex
services.

 They simplify application configuration and

maintenance in cloud environments.

 Just like Ubuntu Live USB provides a ready-to-use OS,

 A Virtual Firewall Appliance provides a pre-configured

security solution for cloud networks without manual
setup.
 Communication Protocols: Cloud computing relies on
standard Internet protocols for communication, including
XML, and various Web Services Description Language
(WSDL) services.

 Google Maps API integrates with food delivery apps.

 HTTPS: A user logs into Gmail (Cloud Consumer ↔

Cloud Provider).

 Cloud Clients: The emergence of dedicated cloud client

operating systems, such as Jolicloud and Google Chrome
OS, represents a new approach to connecting to the
cloud.

 These client systems are designed to provide

IDaaS and its role in cloud computing architecture.

 Central Network Function: IDaaS is described as a central

network function that provides authentication and
authorization services on distributed networks.

 Digital Identity: An identity is defined as a set of

characteristics or traits that make something
recognizable or known.

 In the context of computer network systems, it refers

to digital identity, which includes attributes and
metadata of an object, making it identifiable.
 Identity Services: IDaaS includes various services such as
authentication, directory services, federated identity,
identity governance, identity and profile management,
provisioning, risk and event monitoring, and single sign-
on services.

 Interoperability: IDaaS services must rely on developing

industry standards to provide interoperability, supporting
standards such as User-centric authentication, Policy
Language, and Audit System.

 Open Standards: The document references the use of

open standards implement IDaaS infrastructure for cloud
computing.
 Compliance and Security: IDaaS plays a crucial role in
compliance and security, ensuring that only justifiable
parties have access to the minimal amount of information
and adhering to codes of conduct for user control,
minimal disclosure, justifiable access, and
interoperability.

 Vertical Clouds: Specialize in specific industries and offer

compliance as a service, such as healthcare, banking,
and government.
CaaS and its role in cloud computing architecture.

 Complexity of Compliance: CaaS is described as a

complex service that addresses compliance requirements
in cloud computing, which spans different jurisdictions
and legal frameworks.

 Role of Trusted Third Party: CaaS is positioned as a

service that may need to serve as a trusted third party,
managing cloud relationships, understanding security
policies and procedures, handling information and
administering privacy, and providing an incidence
response.

 Private Cloud Implementation: CaaS is more easily

implemented within a private cloud.
  As data is under the control of a single entity,
ensuring secure control and auditability of
transactions.

 Value-added Service: CaaS is positioned as a potentially

valuable value-added service that could measure risks,
ensure or indemnify customers against that risk, and
guarantee that transactions conform to certain
standards.