Concept of VLAN (Virtual LAN) and Benefits

• Virtual LAN is a logical segmentation of local

area network (LAN) into different set of
broadcasting domains. Because the
segmentation is not physical it is called virtual.
Different Users in same location or in different
locations can use the same LAN.
 Advantages
• High Performance:
Generally, switches and routers need more
processing time for incoming traffic because
as the traffic passes through the routers,
latency increases and the network
performance decreases. If VLAN is used, then
there is no need of extra routers since VLAN
creates broadcasting domains.
• Virtual workgroups:
In current scenario, most of the
communication within the organization takes
place in small workgroups (e.g. development
team , marketing team , accounting team) to
manage broadcast and multi-cast functionality
within the workgroups, VLAN can be used to
enable communication.
• cost effective
The cost of routers can be reduced when VLANs
are used like broadcasting domains
• Easy administration
Traditional LAN has many access management
issues, including LAN cabling, new station
setup and addressing, and configuration of
hubs and routers. While using vLAN this access
management effort can be reduced because
user movement within vLAN requires no
reconfiguration of routers and hubs.
• Enhanced security
VLAN is also used to set firewalls, restrict
access permission for outside access, adding
an extra layer of security for intrusion
detection and controlling broadcasting
domain.
Concept of SAN (Virtual SAN) and Benefits

• When a Logical partition is created within a

physical storage area network (SAN), it is
called virtual storage area network (VSAN).
Virtualization technology enables division and
allocation of entire storage area network into
more logical SANs
 Benefits of SAN
• Enhanced application availability
• Higher application performance
• Centralized and consolidated storage
• Data transfer and vaulting to remote sites
• Simplified centralized management
 VM Migration
• It refers to the movement or transfer between
different physical machines without any
discontinuity
VM Consolidation & Management
 Cloud Interoperability Standards
• There is a strong need for the development of
integrated interoperability authentication among all
provider.
• Several organizations such as the Cloud Computing
Interoperability Forum (CCIF) have been working on
solutions to address cloud interoperability challenges.
The Cloud Standards Customer Council (CSCC)
provides the opportunity to convert and synchronize
client needs and specified requirement into standards
of development cloud firms and also for cloud users.
It provides standard research materials and
documents.
 Categories of Interoperability
When consumer wish to migrate from one cloud Provider to
another, interoperability falls into these categories:

1. Data and Application Portability: It means by running

applications and data, consumers should be able to migrate
easily from one cloud provider to another without any lock-
in issue.
2. Platform Portability: It means application development
environment or IDE should be capable enough to run over
any type of cloud infrastructure.

3. Infrastructure Portability: It means virtual server or

machine images should have the freedom of portability.
They should be able to migrate from one cloud provider to
another.
 Open Standards for Solving Cloud
Interoperability Challenges
• Application Solution
• Platform Solution
• Infrastructure Solution
 Open Virtualization Format
Characteristics:
1) Open standard
2) Portable VM packaging
3) Optimized for distribution
4) Multiple VM support
3.VIRTUALIZATION
 3.1 Move to Virtualization..
• Increased Performance and Computing
Capacity.
• Underutilized Hardware and Software
Resources.
• Lack of Space.
• Greening Initiatives.
• Rise of Administration
 Virtual Image Applications Applications
Guest
3.2 Characteristics of Virtualized Environment

Virtual Hardware Virtual Storage Virtual Networking

Virtualization Layer
Software Emulation

Host Physical Hardware Physical Storage Physical Networking

Virtualization Reference Model

 Characteristics of Virtualized Environment
Cont..

⚫Increased Security
The ability to control the execution of a guest in a completely
transparent manner opens new possibilities for delivering a secure,
controlled execution environment.
The virtual machine represents an emulated environment in which
the guest is executed. All the operations of the guest are generally
performed against the virtual machine, which then translates and
applies them to the host.
This level of indirection allows the VMM to control and filter the
activity of guest, thus preventing the harmful operations from being
performed.
 Characteristics of Virtualized
Environment Cont..
• Managed Execution
Virtualization of the execution environment
does not only allow increased security but a
wider range of features can be implemented.
In particular, sharing, aggregation, emulation,
and isolation are the most relevant.
 Characteristics of Virtualized
Environment Cont..
• Managed Execution includes following:
– Sharing
• Creating separate computing environment within the
same host.
• Underline host is fully utilized.
– Aggregation
• A group of separate hosts can be tied together and
represented as single virtual host.
– Emulation
• Controlling & Tuning the environment exposed to
guest.
– Isolation
• Complete separate environment for guests.
Managed Execution
 Characteristics of Virtualized
Environment Cont..
● Performance Tuning –
– control the performance of guest.
● Virtual Machine Migration –
– move virtual image into another machine.
● Portability –
– safely moved and executed on top of different
virtual machine.
– Availability of system is with you.
 3.3 Taxonomy of Virtualization
Techniques Cont..
• Virtualization is mainly used to emulate
execution environment, storage and
networks.
• Execution Environment classified into two :-
– Process-level – implemented on top of an existing
operating system.
– System-level – implemented directly on hardware
and do not or minimum requirement of existing
operating system
3.3 Taxonomy of Virtualization
Techniques Cont..
 Machine Reference Model
● It defines the interfaces between the
levels of abstractions, which hide
implementation details.
● Virtualization techniques actually replace
one of the layers and intercept the calls
that are directed towards it.
 Machine Reference Model [Cont.]

● Hardware is expressed in terms of the Instruction Set Architecture (ISA).

– ISA for processor, registers, memory and the interrupt management.
● Application Binary Interface (ABI) separates the OS layer from the
application and libraries which are managed by the OS.
– System Calls defined
– Allows portabilities of applications and libraries across OS.
 Machine Reference Model [Cont.]

● API – it interfaces applications to libraries

and/or the underlying OS.
● Layered approach simplifies the
development and implementation of
computing system.
● ISA has been divided into two security
classes:-
– Privileged Instructions
– Nonprivileged Instructions
 ISA: Security Classes
● Nonprivileged instructions
– That can be used without interfering with other
tasks because they do not access shared
resources. Ex. Arithmetic , floating & fixed point.
● Privileged instructions
– That are executed under specific restrictions
and are mostly used for sensitive operations,
which expose (behavior-sensitive) or modify
(control-sensitive) the privileged state.
● Behavior-sensitive – operate on the I/O
● Control-sensitive – alter the state of the CPU
register.
 Privileged Hierarchy:
Security Ring
● Ring-0 is in most privileged
level , used by the kernel.
● Ring-1 & 2 used by the OS-level
services
● and , R3 in the least privileged
level , used by the user.
● Recent system support two
levels :-
– Ring 0 – supervisor mode
– Ring 3 – user mode
 Hardware-level virtualization
● It is a virtualization technique that
provides an abstract execution
environment in terms of computer
hardware on top of which a guest OS
can be run.
● It is also called as system virtualization.
Hardware-level virtualization
 Hypervisor
● Hypervisor runs above the supervisor
mode.
● It runs in supervisor mode.
● It recreates a h/w environment.
● It is a piece of s/w that enables us to run
one or more VMs on a physical
server(host).
● Two major types of hypervisor
– Type -I
– Type-II
 Type-I Hypervisor
● It runs directly on top of the hardware.
● Takes place of OS.
● Directly interact with the ISA exposed by
the underlying hardware.

● Also known as native virtual machine.

 Type-II Hypervisor
● It require the support of an
operating system to provide
virtualization services.
● Programs managed by the
OS.
● Emulate the ISA of virtual
h/w.
● Also called hosted virtual
machine.
Virtual Machine Manager (VMM)
● Main Modules :-
– Dispatcher
● Entry Point of VMM
● Reroutes the instructions issued by VM instance.
– Allocator
● Deciding the system resources to be provided to the VM.
● Invoked by dispatcher
– Interpreter
● Consists of interpreter routines
● Executed whenever a VM executes a privileged instruction.
● Trap is triggered and the corresponding routine is executed.
Virtual Machine Manager (VMM)
 3)Hardware Virtualization Techniques

• Hardware assisted virtualization

• Full virtualization
• Para virtualization
• Partial virtualization
 Partial virtualization

– Partial emulation of the underlying hardware

– Not allow complete isolation to guest OS.
– Address space virtualization is a common
feature of contemporary operating systems.
– Address space virtualization used in time-
sharing system.
 Operating system-level
virtualization
● It offers the opportunity to create different and
separated execution environments for
applications that are managed concurrently.
● No VMM or hypervisor
● Virtualization is in single OS
● OS kernel allows for multiple isolated user
space instances
● Good for server consolidation.
● Ex. Jails, OpenVZ etc.
 Programming language-level
virtualization
● It is mostly used to achieve ease of deployment of application,
managed execution and portability across different platform and
OS.
● It consists of a virtual machine executing the byte code of a
program, which is the result of the compilation process.
● Produce a binary format representing the machine code for an
abstract architecture.
● Example
– Java platform – Java virtual machine (JVM)
– .NET provides Common Language Infrastructure (CLI)
● They are stack-based virtual machines
 Advantage of
programming/process-level VM
● Provide uniform execution environment
across different platforms.
● This simplifies the development and
deployment efforts.
● Allow more control over the execution
of programs.
● Security; by filtering the I/O operations
● Easy support for sandboxing
 Application-level virtualization
● It is a technique allowing applications to
run in runtime environments that do not
natively support all the features required
by such applications.
● In this, applications are not installed in the
expected runtime environment.
● This technique is most concerned with :-
– Partial file system
– Libraries
– Operating System component emulation
 Strategies for Implementation
Application-Level Virtualization
● Two techniques:-
– Interpretation -
● In this every source instruction is interpreted by an
emulator for executing native ISA instructions,
● Minimal start up cost but huge overhead.
– Binary translation -
● In this every source insruction is converted to native
instructions with equivalent functions.
● Block of instructions translated , cached and reused.
● Large overhead cost , but over time it is subject to better
performance.
 Advantages of Virtualization

• Eliminates the need for numerous dedicated servers;

• Offers the ability for different domain names, file
directories, email administration, IP addresses, logs and
analytics;
• Cost effective because many times server software
installation provisioning is available;
• If one virtual server has a software failure, the other servers
will not be affected;
• Reduces energy costs because only one device is running
instead of several;
• Offers a flexible IT infrastructure;
• Can quickly make changes with little downtime.
 Disadvantages of Virtualization
• Resource hogging could occur if there are too many
virtual servers within a physical machine.
• As software updates and patches must be compatible
with everything running on the virtual machine, admin
may have reduced control over the physical
environment.
• Administration, including backup and recovery,
requires specialized knowledge.
• If user experience is impacted, it can be difficult to
identify the root cause.
• Services offered by a dedicated server are more
accessible.
 4) OS Level Virtualization
OS level virtualization offers the opportunity to
create different and separated execution
environments for applications that are managed
concurrently. It is different from hardware
virtualization —there is no virtual machine
manager or hypervisor, and the virtualization is
done within a single operating system, where the
OS kernel allows for multiple isolated user space
instances.
 5)Programming Level Virtualization

Programming level virtualization is mostly

used for achieving ease of deployment of
applications, managed execution, and
portability across different platforms and
operating systems. It consists of a virtual
machine executing the byte code of a
program, which is the result of the
compilation process.
 6) Application Level Virtualization

Interpretation
Binary Translation
 Virtualization and Cloud
Computing
VM

VM VM VM VM VM

Virtual Machine Manager

Server A Server B
(running) (running)
Before Migration

VM VM VM

VM VM VM

Virtual Machine Manager

Server A Server B
(running) (inactive)

After Migration
 Advantages of Virtualization

• Eliminates the need for numerous dedicated servers;

• Offers the ability for different domain names, file
directories, email administration, IP addresses, logs and
analytics;
• Cost effective because many times server software
installation provisioning is available;
• If one virtual server has a software failure, the other servers
will not be affected;
• Reduces energy costs because only one device is running
instead of several;
• Offers a flexible IT infrastructure;
• Can quickly make changes with little downtime.
 Disadvantages of Virtualization
• Resource hogging could occur if there are too many
virtual servers within a physical machine.
• As software updates and patches must be compatible
with everything running on the virtual machine, admin
may have reduced control over the physical
environment.
• Administration, including backup and recovery,
requires specialized knowledge.
• If user experience is impacted, it can be difficult to
identify the root cause.
• Services offered by a dedicated server are more
accessible.
Lecture # 20-21

VIRTUALIZATION & CLOUD COMPUTING

CSE 423

•Defining Cloud computing

•Cloud Types
 Cloud Computing

• Cloud computing refers to applications and services that run on a

distributed network using virtualized resources and accessed by common
Internet protocols and networking standards.

• It is distinguished by the notion that resources are virtual and limitless and
that details of the physical systems on which software runs are abstracted
from the user.
• Abstraction:
– Cloud computing abstracts the details of system implementation from
users and developers.
– Applications run on physical systems that aren't specified,
– data is stored in locations that are unknown,
– administration of systems is outsourced to others, and access by users
is ubiquitous.
• Virtualization:
– Cloud computing virtualizes systems by pooling and sharing resources.
– Systems and storage can be provisioned as needed from a centralized
infrastructure,
– costs are assessed on a metered basis,
– multi-tenancy is enabled,
– and resources are scalable with agility.
 Cloud Types
• Deployment Model:
• Refers to location and management of the cloud’s infrastructure

• Service Model
• Consists of particular types of services that can be accessed on cloud computing
platform

• Some widely used model

• NIST Model
• The Cloud Cube Model
National Institute of Standard and Technology (NIST Definition of Cloud Computing)
 The Cloud Cube Model
• Business managers are requiring IT operations to
assess the risks and benefits this computing model
represents.
• The Jericho Forum, an international independent
group of information security leaders, have added
their input as to how to collaborate securely in the
clouds.
• The Jericho Cloud Cube Model describes the
multidimensional elements of cloud computing,
framing not only cloud use cases, but also how they
are deployed and used.
The Cloud Cube Model
 The Cloud Cube Model
• The Jericho Forum has identified four criteria to
differentiate cloud formations from each other and
the manner of their provision. The Cloud Cube Model
effectively summarizes these four dimensions:
• Internal/External
• Proprietary/Open
• Perimeterised/De-perimeterized Architectures
• Insourced/Outsourced
 The Cloud Cube Model
• Physical location of the data: Internal (I) / External (E)
determines your organization's boundaries.

• Ownership: Proprietary (P) / Open (O) is a measure of not

only the technology ownership, but of interoperability, ease
of data transfer, and degree of vendor application lock-in.

• Security boundary: Perimeterised (Per) / De-perimiterised (D-

p) is a measure of whether the operation is inside or outside
the security boundary or network firewall.

• Sourcing: Insourced or Outsourced means whether the

service is provided by the own staff of organization or the
service provider(third party).
Deployment Models
• Public Cloud
– Hosted , operated and managed by a third party system owned by organization
selling cloud services

• Private Cloud
– The private cloud infrastructure is operated for the exclusive use of an
organization. The cloud may be managed by that organization or a third
party. Private clouds may be either on- or off-premises.

• Hybrid Cloud
– A hybrid cloud combines multiple clouds (private, community of public) where
those clouds retain their unique identities, but are bound together as a unit.

• Community Cloud
– A community cloud is one where the cloud has been organized to serve a
common function or purpose.
– It may be for one organization or for several organizations, but they share
common concerns such as their mission, policies, security, regulatory compliance
needs, and so on
Service Models
• Infrastructure as a Service(IaaS)
– Deliver Infrastructure on Demand in the form of
virtual Hardware, Storage and Networking. Virtual
Hardware is utilised to provide compute on demand
in the form of virtual machine instances
– Eg.Amazon EC2,, Eucalyptus, GoGrid, Rightspace
Cloud

• Platform as a Service (PaaS)

– Deliver scalable and elastic runtime environments
on demand that host the execution of applications.
– Backed by core middleware platform for creating
abstract environment to deploy and execute
application

• Software as a service (SaaS)

– Provide application and services on demand eg
office automation, Photo Editing software,
facebook., Twitter accessible through browser on
demand
Cloud Companies/Service Providers
Benefits of Cloud Computing
• Lower Computational Costs
• Improved Performance
• Reduced Software Costs
• Instant Software updates
• Unlimited storage capacity
• Increased Data Reliability
• Universal Document Access
• Latest version availability
• Easier Group Collaboration/ Sharing
• Device Independence
Disadvantages of Cloud Computing
• Requires constant Internet Connection
• Does not work well with low speed connection
• Stored data might not be Secured
• Stored data can be lost
• Features might be limited
Lecture # 16-17

VIRTUALIZATION & CLOUD COMPUTING

CSE 423

•Introduction to Cloud Computing

 Cloud Computing in a nutshell
• Analogy to electricity use

• Technologies such as cluster, grid, and now cloud computing, have all
aimed at allowing access to large amounts of computing power in a fully
virtualized manner, by aggregating resources and offering a single system
view

• Utility computing describes a business model for on-demand delivery of

computing power; consumers pay providers based on usage.

• It denotes a model on which a computing infrastructure is viewed as a

“cloud,” from which businesses and individuals access applications from
anywhere in the world on demand
 Cloud Computing in a nutshell

• BUYYA
• “Cloud is a parallel and distributed computing system consisting of a
collection of inter-connected and virtualized computers that are
dynamically provisioned and presented as one or more unified
computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and
consumers.”

• NIST
• a pay-per-use model for enabling available, convenient, on-demand
network access to a shared pool of configurable computing resources
(e.g. networks, servers, storage, applications, services) that can be
rapidly provisioned and released with minimal management effort or
service provider interaction.”
 Cloud Computing in a nutshell

• While there are countless other definitions, there seems to be common

characteristics between the most notable ones listed above, which a
cloud should have: (

(i) pay-per-use (no ongoing commitment, utility prices);

(ii) elastic capacity and the illusion of infinite resources;
(iii) self-service interface
(iv) resources that are abstracted or virtualised.
Roots of Cloud Computing
 Roots of Cloud Computing

(i) Mainframe to cloud

(ii) SOA, Web Services, Web 2.0 and Mashups
(iii) Grid Computing
(iv) Utility Computing
(v)Hardware Virtualization
(vi)Virtual Appliance and OVF
(vii) Autonomic Computing
 From Mainframe to cloud

• Currently experiencing a switch in the IT world, from in-house generated

computing power into utility-supplied computing resources delivered
over the Internet as Web services

• Computing delivered as a utility can be defined as “on demand delivery

of infrastructure, applications, and business processes in a security-rich,
shared, scalability based computer environment over the Internet for a
fee”

• Advantage to both consumer and providers

• Earlier provided timeshared mainframes , declined due to advent of fast

and inexpensive microprocessors
 SOA, Web Services, Web 2.0 and Mashups

• Web services can glue together applications running on different

messaging product platforms, enabling information from one application
to be made available to others, and enabling internal applications to be
made available over the Internet.

• The purpose of a SOA is to address requirements of loosely coupled,

standards-based, and protocol-independent distributed computing

• Services such user authentication, e-mail, payroll management, and

calendars are examples of building blocks that can be reused and
combined in a business solution in case a single, ready-made system
does not provide all those features
 Grid Computing

• Grid computing is the collection of computer resources from multiple

locations to reach a common goal. The grid can be thought of as a
distributed system with non-interactive workloads that involve a large
number of files.

• A key aspect of the grid vision realization has been building standard
Web services-based protocols that allow distributed resources to be
“discovered, accessed, allocated, monitored, accounted for, and billed
for..

• Issues:
• QOS, Avaibility of resource with diverse software configuration
• Soln: virtualisation
 Utility Computing

• Utility computing is a service provisioning model in which a service

provider makes computing resources and infrastructure management
available to the customer as needed, and charges them for specific usage
rather than a flat rate.

• In utility computing environments, users assign a “utility” value to their

jobs, where utility is a fixed or time-varying valuation that captures
various QoS constraints (deadline, importance, satisfaction).

• The service providers then attempt to maximize their own utility, where
said utility may directly correlate with their profit.
 Hardware Virtualisation
• Hardware virtualization allows running multiple operating systems and
software stacks on a single physical platform

• 3 basic capabilities related to management of workload: isolation,

Consolidation and Migration
• A number of VMM platforms exist that are the basis of many utility or
cloud computing environments.

• VMWare ESXi :
• pioneer in virtualisation, bare metal hypervisor,
• provides advanced virtualization techniques of processor, memory, and
I/O. Especially, through memory ballooning and page sharing, it can
overcommit memory,

• Xen:
• open-source project
• It has pioneered the para-virtualization concept, on which the guest
operating system, by means of a specialized kernel, can interact with the
hypervisor, thus significantly improving performance
• KVM:

• kernel-based virtual machine (KVM) is a Linux virtualization subsystem

• Is has been part of the mainline Linux kernel since version 2.6.20, thus
being natively supported by several distributions.

• In addition, activities such as memory management and scheduling are

carried out by existing kernel

• KVM leverages hardware-assisted virtualization, which improves

performance and allows it to support unmodified guest operating
systems
Virtual Appliance and OVF(open virtual format)

• An application combined with the environment needed to run it

(operating system, libraries, compilers, databases, application containers,
and so forth) is referred to as a “virtual appliance.”
• A virtual appliance is a pre-integrated, self contained system that is
made by combining a software application (e.g., server software) with
just enough operating system for it to run optimally on industry standard
hardware or a virtual machine e.g., VMWare, VirtualBox

• In a multitude of hypervisors, where each one supports a different VM

image format and the formats are incompatible with one another, a
great deal of interoperability issues arises.

• For instance, Amazon has its Amazon machine image (AMI) format,
made popular on the Amazon EC2 public cloud. Other formats are used
by Citrix XenServer, several Linux distributions that ship with KVM,
Microsoft Hyper-V, and VMware ESX
 Autonomic Computing

• The increasing complexity of computing systems has motivated research

on autonomic computing, which seeks to improve systems by
decreasing human involvement in their operation

• Autonomic, or self-managing, systems rely on monitoring probes and

gauges (sensors), on an adaptation engine (autonomic manager) for
computing optimizations based on monitoring data, and on effectors to
carry out changes on the system.
 Migration

• When and how to migrate one’s application into a cloud ?

• What part or component of the IT application to migrate into a cloud and

what not to migrate into a cloud ?

• What kind of customers really benefit from migrating their IT into the
cloud ?
The Seven-Step Model of Migration into a Cloud
The Seven-Step Model of Migration into a Cloud
The Seven-Step Model of Migration into a Cloud

Step 1
• Cloud migration assessments comprise assessments to understand the
issues involved in the specific case of migration at the application level
or the code, the design, the architecture, or usage levels.

• These assessments are about the cost of migration as well as about the
ROI that can be achieved in the case of production version.

Step 2
• isolating all systemic and environmental dependencies of the enterprise
application components within the captive data center

Step 3
• generating the mapping constructs between what shall possibly remain
in the local captive data center and what goes onto the cloud.
The Seven-Step Model of Migration into a Cloud

Step 4
• substantial part of the enterprise application needs to be rearchitected,
redesigned, and reimplemented on the cloud
Step 5
• We leverage the intrinsic features of the cloud computing service to
augment our enterprise application in its own small ways.
Step 6
• we validate and test the new form of the enterprise application with an
extensive test suite that comprises testing the components of the
enterprise application on the cloud as well
Step 7
• Test results could be positive or mixed.
• In the latter case, we iterate and optimize as appropriate. After several
such optimizing iterations, the migration is deemed successful
The Seven-Step Model of Migration into a Cloud
These are the unique characteristics of an ideal cloud computing model:

• Scalability: You have access to unlimited computer resources as needed.

• Elasticity: You have the ability to right-size resources as required.

• Low barrier to entry: You can gain access to systems for a small investment.

• Utility: A pay-as-you-go model matches resources to need on an ongoing

basis. .
Companies become cloud computing providers for several reasons:

• Profit: The economies of scale can make this a profitable business.

• Optimization: The infrastructure already exists and isn't fully utilized.

- This is the case for Amazon Web Services.

• Strategic: A cloud computing platform extends the company's products and

defends their franchise.
- This is the case for Microsoft's Windows Azure Platform.

• Extension: A branded cloud computing platform can extend customer

relationships by offering additional service options.
This is the case with various IBM cloud services.
• Presence: Establish a presence in a market before a large competitor can
emerge.
- Google App Engine allows a developer to scale an application
immediately. For Google, its office applications can be rolled out quickly
and to large audiences.

• Platform: A cloud computing provider can become a hub master at the

center of many ISV's (Independent Software Vendor) offerings.

- The customer relationship management provider SalesForce.com has a

development platform called Force.com that is a PaaS offering.
 The law of cloudonomics
1. Utility services cost less even though they cost more.
Utilities charge a premium for their services, but customers save money
by not paying for services that they aren't using.

2. On-demand trumps forecasting.

The ability to provision and tear down resources (de-provision) captures
revenue and lowers costs.

3. The peak of the sum is never greater than the sum of the peaks.
A cloud can deploy less capacity because the peaks of individual tenants
in a shared system are averaged over time by the group of tenants.

.
 The law of cloudonomics
4. Aggregate demand is smoother than individual.
Multi-tenancy also tends to average the variability intrinsic in individual
demand. With a more predictable demand and less variation, clouds can
run at higher utilization rates than captive systems. This allows cloud
systems to operate at higher efficiencies and lower costs.

5. Average unit costs are reduced by distributing fixed costs over more units
of output.
Cloud vendors have a size that allows them to purchase resources at
significantly reduced prices.

6. Superiority in numbers is the most important factor in the result of a

combat (Clausewitz).
Weinman argues that a large cloud's size has the ability to repel botnets
and DDoS attacks better than smaller systems do.
 The law of cloudonomics
7. Space-time is a continuum (Einstein/Minkowski).
The ability of a task to be accomplished in the cloud using parallel
processing allows real-time business to respond quicker to business
conditions and accelerates decision making providing a measurable
advantage.

8. Dispersion is the inverse square of latency.

Cutting latency in half requires four times the number of nodes in a
system.

9. Don't put all your eggs in one basket.

Large cloud providers with geographically dispersed sites worldwide
therefore achieve reliability rates that are hard for private systems to
achieve.
 The law of cloudonomics
10. An object at rest tends to stay at rest (Newton).

Private datacenters tend to be located in places where the company or

unit was founded or acquired. Cloud providers can site their datacenters
in what are called “greenfield sites.”

A greenfield siteis one that is environmentally friendly: locations that are

on a network backbone, have cheap access to power and cooling, where
land is inexpensive, and the environmental impact is low.
 Laws of Behavioral Cloudonomics
• 1. People are risk averse and loss averse.
• 2. People have a flat-rate bias.
• 3. People have the need to control their
environment and remain autonomous.
• 4. People fear change.
• 5. People value what they own more than
what they are given.
• 6. People favor the status quo and invest
accordingly.
• 7. People discount future risk and favor
instant gratification.
• 8. People favor things that are free.
• 9. People have the need for status.
• 10. People are incapacitated by choice.
Measuring cloud computing costs
• The cost of a cloud computing deployment is
roughly estimated to be
CostCLOUD=Σ(UnitCostCLOUD X(Revenue–CostCLOUD))
• where the unit cost is usually defined as the cost
of a machine instance per hour.
• To compare your cost benefit with a private
cloud, you will have to compare the value that
you determined in the previous equation with
the same calculation:
• CostDATACENTER = Σ(Unit CostDATACENTER x (Revenue –
(CostDATACENTER /Utilization))
• The CostDATACENTER consists of the summation of
the cost of each of the individual systems with all the
associated resources, as follows:
• CostDATACENTER = 1nΣ(UnitCostDATACENTER x (Revenue –
(CostDATACENTER/Utilization))SYSTEMn

where the sum includes terms for System 1, System

2, System 3, and so on.
• The costs associated with the cloud model are calculated rather
differently. Each resource has its own specific cost and many
resources can be provisioned independently of one another. In
theory, therefore,
• the CostCLOUD is better represented by the equation:
CostCLOUD = 1nΣ(UnitCostCLOUD x (Revenue – CostCLOUD))INSTANCEn +
1
n
Σ(UnitCostCLOUD x (Revenue–CostCLOUD))STORAGE_UNITn +
1 Σ(UnitCostCLOUD x(Revenue – CostCLOUD))NETWORK_UNITn + …
n
 Defining Licensing Models
When you purchase shrink-wrapped software, you are
using that software based on a licensing agreement
called a EULA or End User License Agreement. The EULA
may specify that the software meets the following
criteria:
• It is yours to own.
• It can be installed on a single or multiple machines.
• It allows for one or more connections.
• It has whatever limit the ISV(independent software vendor)
has placed on its software.
In most instances, the purchase price of the software is
directly tied to the EULA.
 Chapter 3: Understanding
Cloud Architecture
• IN THIS CHAPTER
• Using the cloud computing stack to describe
different models
• Understanding how platforms and virtual
appliances are used
• Learning how cloud communications work
• Discovering the new world of the cloud client
• One property that differentiates cloud computing is
referred to as composability, which is the ability to
build applications from component parts.
A platform is a cloud computing service that is both
hardware and software. Platforms are used to create
more complex software. Virtual appliances are an
important example of a platform, and they are
becoming a very important standard cloud computing
deployment object.
 Cloud computing requires some standard protocols with which different layers of
hardware, software,and clients can communicate with one another. Many of these
protocols are standard Internet protocols.

Cloud computing relies on a set of protocols needed to manage interprocess

communications that have been developed over the years. The most commonly used
set of protocols uses XML as the messaging format, the Simple Object Access Protocol
(SOAP) protocol as the object model, and a set of discovery and description protocols
based on the Web Services Description Language (WSDL) to manage transactions.

Some completely new clients are under development that are specifically meant to
connect to the cloud. These clients have as their focus cloud applications and services,
and are often hardened and more securely connected. Two examples presented are
Jolicloud and Google Chrome OS. They represent a new client model that is likely to
have considerable impact.
 Exploring the Cloud Computing
Stack
• Composability
• Infrastructure
• Platforms
• Virtual Appliances
• Communication Protocols
• Applications
 Composability

• A composable component must be:

• Modular: It is a self-contained and
independent unit that is cooperative,
reusable, and replaceable.
• Stateless: A transaction is executed without
regard to other transactions or requests.
• The essence of a service oriented design is that services are constructed
from a set of modules using standard communications and service
interfaces.

• An example of a set of widely used standards describes the services

themselves in terms of the Web Services Description Language (WSDL),
data exchange between services using some form of XML, and the
communications between the services using the SOAP protocol.
 Infrastructure
Most large Infrastructure as a Service (IaaS) providers rely on virtual machine
technology to deliver servers that can run applications.

Virtual servers described in terms of a machine image or instance have

characteristics that often can be described in terms of real servers delivering a
certain number of microprocessor (CPU) cycles, memory access, and network
bandwidth to customers.

Virtual machines are containers that are assigned specific resources. The software
that runs in the virtual machines is what defines the utility of the cloud computing
system.
Arch dig illustrates the Portion of
cloud computing stack that is
designated as the server
 Platforms
• Platform in the cloud is a software layer that is
used to create higher levels of service.
• Salesforce.com's Force.com Platform
• Windows Azure Platform
• Google Apps and the Google AppEngine
A virtual appliance is software that installs as middleware onto a virtual machine.
 Virtual Appliances
• Virtual appliances are software installed on virtual servers—application
modules that are meant to run a particular machine instance or image
type.
• A virtual appliance is a platform instance. Therefore, virtual appliances
occupy the middle of the cloud computing stack
Understanding Services and
Applications by Type
 Types
• Infrastructure as a Service (IaaS)
• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service allows for the
creation of virtual computing systems or
networks.
• Software as a Service represents a hosted
application that is universally available over
the Internet, usually through a browser.
• Software as a Service, the user interacts
directly with the hosted software.
• SaaS may be seen to be an alternative model
to that of shrink-wrapped software and may
replace much of the boxed software that we
buy today.
• Platform as a Service is a cloud computing
infrastructure that creates a development
environment upon which applications may be
build.

• PaaS provides a model that can be used to create

or augment complex applications such as
Customer Relation Management (CRM) or
Enterprise Resource Planning (ERP) systems.

• PaaS offers the benefits of cloud computing and

is often componentized and based on a service-
oriented architecture model.
• Identity as a Service (IDaaS)
• Identity as a Service provides authentication
and authorization services on distributed
networks.
• Infrastructure and supporting protocols for
IDaaS.
• Other service types such as Compliance as a
Service (CaaS), provisioning, monitoring,
communications.
 Infrastructure as a Service (IaaS)
• Infrastructure as a Service (IaaS) is a cloud
computing service model in which hardware is
virtualized in the cloud.
• In this particular model, the service vendor owns
the equipment: servers, storage, network
infrastructure.
• The developer creates virtual hardware on which
to develop applications and services.
• Essentially, an IaaS vendor has created a
hardware utility service where the user
provisions virtual resources as required.
• The fundamental unit of virtualized client in an
IaaS deployment is called a workload.
• A workload simulates the ability of a certain
type of real or physical server to do an amount
of work.
• The work done can be measured by the
number of Transactions Per Minute (TPM) or a
similar metric against a certain type of system.
• Throughput
• attributes such as
• Disk I/Os measured in Input/Output Per
Second IOPS
• the amount of RAM consumed under load in
MB
• Network throughput and latency
• In a hosted application environment, a client's
application runs on a dedicated server inside a
server rack or perhaps as a standalone server in a
room full of servers.
• In cloud computing, a provisioned server called
an instance is reserved by a customer, and the
necessary amount of computing resources
needed to achieve that type of physical server is
allocated to the client's needs.
Pods, aggregation and silos
 Platform as a Service (PaaS)
• Platform as a Service model describes a
software environment in which a developer
can create customized solutions within the
context of the development tools that the
platform provides.
• Platforms can be based on specific types of
development languages, application
frameworks or other constructs.
• PaaS offering provides the tools and development
environment to deploy applications on another vendor's
application.
• Often a PaaS tool is a fully integrated development
environment i.e all the tools and services are part of the PaaS
service.
• In a PaaS model, customers may interact with the software to
enter and retrieve data, perform actions, get results, and to
the degree that the vendor allows it, customize the platform
involved.
• The customer takes no responsibility for maintaining the
hardware, the software or the development of the
applications and is responsible only for his interaction with
the platform.
• The one example that is most quoted as a PaaS offering is
Google's App Engine platform.
• Google Maps, Google Earth, Gmail, and the
myriad of other PaaS offerings as conforming
to the PaaS service model, although these
applications themselves are offered to
customers under what is more aptly described
as the Software as a Service (SaaS) model.
 Software as a Service (SaaS)
• SaaS provides the complete infrastructure,
software, and solution stack as the service
offering.
• A good way to think about SaaS is that it is the
cloud-based equivalent of shrink-wrapped
software.
• Software as a Service (SaaS) may be described
as software that is deployed on a hosted
service and can be accessed globally over the
Internet, most often in a browser.
• With the exception of the user interaction
with the software, all other aspects of the
service are abstracted away.
• SaaS software for end-users are Google Gmail
and Calendar, QuickBooks online, Zoho Office
Suite, and others that are equally well known.
• SaaS applications come in all shapes and sizes,
and include custom software such as
• billing and invoicing systems
• Customer Relationship Management (CRM)
applications
• Help Desk applications
• Human Resource (HR) solutions
 SaaS characteristics
• The software is available over the Internet globally through a browser on demand.
• The typical license is subscription-based or usage-based and is billed on a recurring
basis.
• The software and the service are monitored and maintained by the vendor,
regardless of where all the different software components are running.
• There may be executable client-side code, but the user isn't responsible for
maintaining that code or its interaction with the service.
• Reduced distribution and maintenance costs and minimal end-user system costs
generally make SaaS applications cheaper to use than their shrink-wrapped
versions.
• Such applications feature automated upgrades, updates, and patch management
and much faster rollout of changes.
• SaaS applications often have a much lower barrier to entry than their locally
installed competitors, a known recurring cost, and they scale on demand (a
property of cloud computing in general).
• All users have the same version of the software so each user's software is
compatible with another's.
• SaaS supports multiple users and provides a shared data model through a single-
instance, multi-tenancy model.
 Identity as a Service (IDaaS)
• An identity service is one that stores the
information associated with a digital entity in
a form that can be queried and managed for
use in electronic transactions.
• Identity services have as their core functions:
a data store, a query engine, and a policy
engine that maintains data integrity.
• The Domain Name Service can run on a private
network, but is at the heart of the Internet as a service
that provides identity authorization and lookup.
• The name servers that run the various Internet
domains (.COM, .ORG, .EDU, .MIL, and so on) are IDaaS
servers.
• DNS establishes the identity of a domain as belonging
to a set of assigned addresses, associated with an
owner and that owner's information, and so forth. If
the identification is the assigned IP number, the other
properties are its metadata.
 What is an identity?
• An identity is a set of characteristics or traits
that make something recognizable or known.
• In computer network systems, it is one's
digital identity that most concerns us.
• A digital identity is those attributes and
metadata of an object along with a set of
relationships with other objects that makes an
object identifiable.
 An identity can belong to a person and may
include the following:
• Things you are: Biological characteristics such as age, gender,
appearance, and so forth

• Things you know: Biography, personal data such as social security

numbers, PINs, where you went to school, and so on

• Things you have: A pattern of blood vessels in your eye, your

fingerprints, a bank account you can access, a security key you were
given, objects and possessions, and more

• Things you relate to: Your family and friends, a software license,
beliefs and values, activities and endeavors, personal selections and
choices, habits and practices, an iGoogle account, and more
 Networked Identity Service
Classes
• To validate Web sites, transactions,
transaction participants, clients, and network
services—various forms of identity services—
have been deployed on networks.
• Ticket or token providing services, certificate
servers, and other trust mechanisms all
provide identity services that can be pushed
out of private networks and into the cloud.
Identity as a Service (IDaaS) may include any
of the following:
• Authentication services (identity verification)
• Directory services
• Federated identity
• Identity governance
• Identity and profile management
• Policies, roles, and enforcement
• Provisioning (external policy administration)
• Registration
• Risk and event monitoring, including audits
• Single sign-on services (pass-through authentication)
 Identity System Codes of Conduct
• User control for consent: Users control their identity and must consent to
the use of their information.
• Minimal Disclosure: The minimal amount of information should be
disclosed for an intended use.
• Justifiable access: Only parties who have a justified use of the information
contained in a digital identity and have a trusted identity relationship with
the owner of the information may be given access to that information.
• Directional Exposure: An ID system must support bidirectional
identification for a public entity so that it is discoverable and a
unidirectional identifier for private entities, thus protecting the private ID.
• Interoperability: A cloud computing ID system must interoperate with
other identity services from other identity providers.
• Unambiguous human identification: An IDaaS application must provide
an unambiguous mechanism for allowing a human to interact with a
system while protecting that user against an identity attack.
• Consistency of Service: An IDaaS service must be simple to use, consistent
across all its uses, and able to operate in different contexts using different
technologies.
 Compliance as a Service (CaaS)
• The laws of the country of a request's origin
may not match the laws of the country where
the request is processed, and it's possible that
neither location's laws match the laws of the
country where the service is provided.
• A Compliance as a Service application would need to serve
as a trusted third party, because this is a man-in-the-middle
type of service.

• CaaS may need to be architected as its own layer of a SOA

architecture in order to be trusted.

• A CaaS would need to be able to manage cloud

relationships, understand security policies and procedures,
know how to handle information and administer privacy, be
aware of geography, provide an incidence response,
archive, and allow for the system to be queried, all to a
level that can be captured in a Service Level Agreement.