Cloud Architecture

Engineering & Security

Week 4: Concepts and

Terminologies
 Resource Scaling
• There are two types of scaling options in the
cloud:
– Horizontal Scaling - Scaling out and scale in
– Vertical Scaling – Scaling up and scaling down
 Horizontal Scaling
• An IT resource is scaled out by adding more of the
same IT resources
• Scaling Out – The horizontal allocation of resources
• Scaling in- Horizontal Release of resources
 Vertical Scaling
• When an existing IT resource is
replaced by another with higher or
lower capacity, vertical scaling is
considered to have occurred.
• Specifically, the replacing of an IT
resource with another that has a
higher capacity is referred to as
scaling up
• The replacing an IT resource
with another that has a lower
capacity is considered scaling
down.
 Which one is better?

Vertical scaling is less common due to the downtime

required while replacement is taking place.
 Implementing a Cloud
Service
“A cloud service is any IT resource that is
made remotely accessible via a
cloud”
• All cloud resources are not accessible by the cloud
consumer.
• Database in the cloud may be accessible via the
cloud IT resources.
• Clients will connect to the cloud through the
following methods:
– A Web-based software program/ a proprietary application
– A remote access point
 Implementing a Cloud
•
Service
A cloud service can be implemented as a simple
web service/ program.
• Normally achieved using a user program that
has connected to the cloud via a
messaging protocol.
 Implementing a Cloud
•
Service
A virtual server can be accessed on the cloud
via a specialized interface designed to provide
connection to the virtual server.
 Roles and Boundaries
• Cloud Provider
• Cloud Consumer
 Cloud Service Owner
• Cloud consumer can be a cloud service
owner when it deploys its own service in
the cloud.
 Cloud Service Owner
• A cloud provider becomes a cloud
Service owner if it deploys its own cloud
service for other consumers to use.
 Trust Boundary
• A trust boundary is a logical perimeter that
typically spans beyond physical boundaries to
represent the extent to which IT resources are
trusted.
• Traditionally, no body trust anything beyond
the trust boundary. Hence:
• Multiple cloud consumer organizations will connect to the
same cloud. The organizations will add the cloud to their
trust boundary.
• Does this imply the Organization X trusts organization Y.

boundaries.
organizations’ trust
two
lines indicates the overlap of
diagonal
The shaded area with
Cloud Delivery Models
Infrastructure as a
Service (IaaS)
 IaaS
• A self contained IT environment
compromised of infrastructure-centric IT
resources.
• Resources can be accessed and managed via
cloud service based interfaces and tools.
• IaaS provides access to “raw” IT
resources.
• Typically includes hardware, network,
connectivity, etc
• Resources are mostly not pre configured
• IaaS provides consumer with high level of
control and responsibility over environment
configuration and utilization.
• IaaS is suitable for consumers that wish to
have higher level of control over the
environment they want to create.
• The environment is offered as a fresh
initiation of the virtual instance.
• Leasing of the resources generally
happens through specification of
environment.
 Infrastructure Stack
Virtualization
• Provisioning
• Virtualization
• Billing

Hardware
• Memory
• Computation
• Storage

Co-location
• Real Estate
• Power
• Cooling
• Bandwidth
 Co-location
• Real Estate – Vacant warehouses, Containers,
office spaces, old factories
• Power– Stable power supply and cooling
requires multiple megawatts per year.
– Multiple power sources and backup is needed
• Cooling – 50% cost of power goes to cooling.
Need to consider optimized air flow, and
advanced cooling systems.
– Sub terrainian placement, water based
systems, renewable energy
• Bandwidth – Multiple communication links
required.
 Hardware
• A rack cabinet
is assembled and fitted
with the required
hardware.
• Each rack is 19 inch
wide
• Each rack unit will
require a minimum of
three holes on each
side to mount
hardware unit.
 Virtualization
• Network virtualization
– VLAN – Allows the cloud provider to
compartmentalize the network between
users, enterprises, etc.
– VPN – Create a secure network for the
cloud consumers.
 Virtualization
• Storage virtualization
– A physical storage can be abstracted into a
virtual storage device or a virtual disk.
– Virtualization also allows migration of
data without service disruption.
– Applications can continue making the same
logical requests event though data has
migrated to a new device.
 Virtualization
• Memory virtualization
– Can abstract volatile memory space and map
it to a set of pooled memory resources
among networked systems.
• Desktop virtualization
– Can provide services, applications, OS on
demand. Can be pre-loaded, run time booted,
streamed or hosted remotely and presented
on the desktop.
• Server Virtualization – abstracts the
underlying physical resources and presents
these as a set of virtual machines.
– Each virtual machine appears to the user
and application as if it were a physical
system.
IaaS
Workloads
 IaaS Workload
• A workload is a fundamental unit of virtualize
client in an IaaS deployment.
• The work done can be measured by the
number of transactions per minute (TPM) or a
similar metric.
• Network Interface layer, virtual application
software layer, RAID layer are logical
representations of a physical system.
• The cloud interconnect layer and above
are logical constructs.
• Logical Unit Number is an identifier for a
disk volume in a storage array target
• Cloud interconnect layer provides
IP addresses from a pool of
addresses.
• Virtual machine layer contains the software
that runs on the individual virtual machines.
• Architecturally every user is assigned its
own private network in IaaS.
 RAID - Terminologies
•Mirroring: Involves copying identical data onto two or
more disks, providing fault tolerance by having a backup if
one disk fails. This ensures data redundancy but reduces
storage efficiency since the same data is stored on multiple
drives.
•Striping: Divides data into smaller chunks and writes them
across multiple disks simultaneously, boosting read/write
speeds by accessing several disks at once. However, it
offers no redundancy, so if one disk fails, all data is lost.
•Parity: A technique that calculates and stores parity
information, which can be used to reconstruct lost data in
case of a single disk failure. Parity allows for redundancy
with less storage overhead compared to mirroring, but adds
a performance overhead during write operations.
 RAID – Which to choose?
•Data Safety:
•RAID levels 1, 4, 5, 6, and 1+0 (10) provide high protection
against drive or hardware failure.
•These RAID levels can be part of a backup strategy to
safeguard against theft, fire, flooding, and other disasters.
•Data Access Speed:
•RAID levels 0, 4, 5, and 1+0 (10) offer the fastest data
access speeds.
•SoftRAID allows up to 16 drives in a single volume, with the
option to spread volumes across multiple enclosures for
enhanced performance.
•Speed & Safety:
•For both fast access to files and protection against drive
failure, RAID levels 4, 5, 6, and 1+0 (10) provide a balanced
combination of speed and safety.
 Pods, Aggregation and
Silos
• Each workload can only accommodate a
certain number of users.
• Each virtual machine instance has a limit
which cannot be exceeded.
• A group of users within a particular instance is
called a pod.
• App designers need to consider pod size
when designing large cloud based
applications.
• Pods are aggregated into pools within an IaaS
region or site called an availability zone.
• Why would one do this?
– Fault tolerance and availability happens
pod to pod basis and then zone to zone
basis.
– For AWS’ IaaS infrastructure, the availability zones
are organized around the company’s data centers in
Northern California, Northern Virginia, Ireland, and
Singapore.
– A failover system between zones gives IaaS private clouds
a very
high degree of availability.
• When a cloud computing infrastructure isolates
user clouds from each other so the
management system is incapable of
interoperating with other private clouds, it
creates an information silo or cloud silo.
• Silos are the cloud computing equivalent of
compute islands: They are processing domains
that are sealed off from the outside.
• Are Silos against the cloud philosophy?