Module 5 Unit 1 – Cloud Computing Overview

This unit will help you gain an understanding of the following:

● Cloud Computing Introduction

● Cloud-Based Virtualization
● Creating a Virtual Machine in the Cloud

The objectives listed below will be addressed in this unit:

● Describe how cloud computing works:

○ Differentiate between the following cloud computing models:
■ Platform as a Service (PaaS)
■ Software as a Service (SaaS)
■ Infrastructure as a Service (IaaS)
■ Public clouds
■ Private clouds
■ Hybrid clouds
● Identify how data center virtualization can be integrated with a cloud deployment.
● Identify cloud-based virtualization solutions.

Cloud Computing
When the concept of cloud computing first appeared in the IT industry in the mid-2000s, most
network administrators were skeptical. That’s all changed since then. Today, just about
everyone uses some type of cloud-based network service on a daily basis.

However, there is frequently some confusion as to what exactly is meant by the term cloud
computing. For the purposes of this course, assume that the term cloud computing refers to
services and data that are hosted remotely instead of locally and are accessed over an Internet
connection. For example, some popular end-user cloud services include:

● Microsoft Office 365

● Google Docs
● Gmail

The service and its data are stored remotely by a 3rd party and are accessed over an Internet
connection. This allows the information to be accessed from anywhere on any device.

Traditional Software Testing

For example, suppose a software developer is working on a new application that she needs to
test on several different versions and editions of Windows. One option for doing this would be
to:

● Procure multiple computer systems.

● Verify they all meet the minimum system requirements
● Install a different version/edition of Windows on each system.
● Install the latest updates on each system.
 ● Install the software to be tested on each system.
● Test the software on each system.

This method takes a very long time to set up and can incur considerable cost to purchase all of
the hardware required.

Cloud-Based Software Testing

Alternatively, the developer could use computing resources provided by a cloud vendor to test
her application. In this scenario, she logs on to her cloud vendor’s web site and requisitions
several new VMs, each one with a different version or edition of Windows. Then she installs the
software to be tested on each VM and runs her tests.

Provisioning all of these VMs takes only a few minutes and requires very little effort on the part
of the developer. A task that would have taken a day or more using the traditional method can
be accomplished in only a few minutes.

Cloud Computing Models

With cloud computing, services and information are hosted somewhere out on the internet
“cloud” instead of in the local datacenter. Different types of cloud implementations provide
different types of services:

● Software as a Service (SaaS) provides software applications through the cloud to

clients. In this model, applications are typically accessed remotely over a web
connection. Google Docs is a good example of a SaaS implementation. The key
advantage is that no local software needs to be installed (other than a browser) to use
the service. Most SaaS providers use a subscription model, which allows users to pay
for only what they need instead of paying for an entire software suite that may or may
not be used very much.
● Platform as a Service (PaaS) is designed to provide a cloud-based development
environment for software developers that enables them write code through an internet
connection. Again, no local software or hardware needs to be deployed (other than
standard desktop computer with a browser). Two well-known examples of this
implementation are Amazon Web Services and Google Code.
● Infrastructure as a Service (IaaS) provides network infrastructure using virtualization
that is delivered to clients through the internet. For example IaaS may provide resources
such as CPU processing, data storage, network infrastructure, and so on. The client can
deploy and run software without being required to purchase network hardware or lease
data center space.
● Security as a service (SECaaS) providers provide security services for networks. These
typically include anti-malware, penetration testing, intrusion detection, and
authentication management.

Cloud Computing Implementations

There are several different ways in which the above cloud computing models can be
implemented:
 ● A public cloud can be accessed by anyone. Resources are made available to the general
public by the cloud service provider, which may or may not require a fee for access.
Office 365, Gmail, and Google Docs are examples of public clouds.
● A private cloud provides resources to a single organization. Access to these resources is
restricted to authorized users within the organization. Unlike a public cloud, a private
cloud may be hosted internally within the company’s data center, although it may be
accessed by remote users over an Internet connection. However, hosting a private cloud
internally is expensive in terms of hardware and personnel, so it isn’t uncommon to see a
private cloud hosted by a 3rd party vendor. The cloud service provider hosts resources
off site and provides secure access through the Internet to these resources.
● A community cloud is shared by several organizations. Access is restricted to users who
belong to the organizations that share the community cloud infrastructure. This
implementation may be hosted internally, with each organization sharing the cost of
design, implementation, and on-going administration. However, like private clouds, this is
usually cost prohibitive, so it’s not uncommon to see community clouds hosted by a
third party vendor.
● A hybrid cloud is composed of combined public, private, and community cloud resources
from different service providers. The goal behind a hybrid cloud is to expand the
functionality of a given cloud service by integrating it with other cloud services.

Cloud Computing Security Issues

The convenience of cloud computing has its price. Using a cloud service means your
information is located somewhere else in the world. That means:

● Your data must cross an untrusted network to get to the cloud vendor.
● Your data resides on servers outside of your control.

Cloud computing introduces a whole new world of security concerns must be considered:

● Authentication. In a cloud computing model, the cloud vendor enforces authentication. If

the vendor’s authentication mechanisms are weak, then it may be possible for
unauthorized individuals to gain access your information. To help prevent this, consider
using a Cloud Access Security Broker (CASB). A CASB is a service that sits between your
network and the cloud service provider and ensures all access to the cloud service
provider complies with your organization's security policies and procedures.
● Access controls. In a cloud deployment, the vendor is responsible for restricting access
to information stored on the cloud. You need to carefully analyze and audit user access
to ensure each user has access to the information they need to do their job, but no more.
● Data segregation. Most cloud service providers host data and services for multiple
customers. This is called multitenancy. As a result, your information is stored on the
same systems as information from other customers. You need to ensure the service
provider can adequately prevent users from one organization from accessing the
information owned by other organizations.
● Regulatory Compliance. Depending on the type and size of your organization, there may
be regulatory rules with which you must comply. For example, if your organization is
publicly traded, then you must adhere to the Sarbanes-Oxley’s act. This can be difficult to
do if your data is not physically located on-premise. If you choose to use a cloud
 computing model for your organization, make sure your service provider is aware of and
supports the various rules dictated by Federal and state regulatory agencies.
● Encryption. A best practice is to encrypt everything in transit from your site to the cloud
vendor’s site. You should also encrypt the data at rest while it is being stored on the
cloud vendor’s site. This provides a degree of protection should the vendor’s
authentication mechanisms or access controls fail.
●