Introduction to

Cloud Computing
(First Module)

Computer Science Engineering

 What is Cloud Computing?
2

According to US National Institute of Standards and Technology

(NIST) Cloud Computing is defined as:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of configurable computing resources (e.g. networks,
servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. ”
 What is Cloud Computing?
3

Cloud Computing is referred to the accessing and storing of data and providing services
related to computing over the internet. It is simply referred to as remote services on the
internet to manage and access data online rather than any local drives. The data can be
anything like images, videos, audio, documents, files, etc.
 What is Cloud Computing?
4

Cloud is a parallel and distributed computing system consisting of a collection of inter-

connected and virtualized computers that are dynamically provisioned and presented as
one or more unified computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and consumers.

Clouds are a large pool of easily usable and accessible virtualized resources (such as
hardware, development platforms, and/or services). These resources can be
dynamically reconfigured to adjust to a variable load (scale), allowing also for
optimum resource utilization. This pool of resources is typically exploited by a pay-
per-use model in which guarantees are offered by the Infrastructure Provider by means
of customized Service Level Agreements.
 What is Cloud Computing?
5

 Cloud computing is an umbrella term used to refer to Internet-based

development and services

 A number of characteristics define cloud data, applications services, and

infrastructure:
 Remotely hosted: Services or data are hosted on remote infrastructure.

 Ubiquitous: Services or data are available from anywhere.

 Commodified: The result is a utility computing model similar to

traditional that of traditional utilities, like gas and electricity - you pay
for what you would want!
 Essential Characteristics
6

• On-demand self-service
• A consumer can unilaterally provision computing capabilities, such as server
time and network storage, as needed automatically without requiring human
interaction with each service provider.

• Broad network access

• Capabilities are available over the network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client platforms
(e.g., mobile phones, tablets, laptops, and workstations).

• Resource pooling
• The provider’s computing resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand.
 Essential Characteristics
7

• Measured Service
– Cloud systems automatically control and optimize resource use by leveraging a
metering capability at some level of abstraction appropriate to the type of
service (e.g., storage, processing, bandwidth, and active user accounts).
Resource usage can be monitored, controlled, and reported, providing
transparency for both the provider and consumer of the utilized service.

• Rapid elasticity
– Capabilities can be elastically provisioned and released, in some cases
automatically, to scale rapidly outward and inward commensurate with demand.
To the consumer, the capabilities available for provisioning often appear to be
unlimited and can be appropriated in any quantity at any time.
 Common Characteristics
8

• Massive Scale- Computer systems where processing power, memory, data storage, and networks are assembled
at scale to tackle computational tasks beyond the capabilities of everyday computers.
• Resilient Computing- Resiliency is the ability of your system to react to failure and still remain functional.
It's not about avoiding failure, but accepting failure and constructing your cloud-native services to respond to it.
• Homogeneity- One where everything is from the same vendor.
• Geographic Distribution- By spanning multiple data centers at different geographical locations, can provide
a cloud platform with much larger capacities.
• Virtualization- Virtual representations of servers, storage, networks, and other physical machines.
• Service Orientation- Each service provides a business capability, and services can also communicate with
each other across platforms and languages.
• Low-Cost Software
• Advanced Security
 History of Cloud Computing
9

• Before Computing came into existence, client Server Architecture was used
where all the data and control of the client resides on the Server side. If a single
user wants to access some data, firstly user needs to connect to the server, and after
that user will get appropriate access. But it has many disadvantages.

• So, After Client Server computing, Distributed Computing was come into
existence, in this type of computing all computers are networked together with the
help of this, user can share their resources when needed. It also has certain
limitations. So in order to remove limitations faced in a distributed system, cloud
computing emerged.
 History of Cloud Computing
10

• In 1961, John MacCharty delivered his speech at MIT that “Computing Can be sold
as a Utility, like Water and Electricity.” According to John MacCharty, it was a
brilliant idea. But people at that time don’t want to adopt this technology. They
thought the technology they are using was efficient enough for them. So, this
concept of computing was not appreciated much so, and very less will research on
it. But as time fleet technology caught the idea after a few years this idea is
implemented. So, this is implemented by Salesforce.com in 1999.
• This company started delivering an enterprise application over the internet and this
way the boom of Cloud Computing was started.
• In 2002, Amazon started Amazon Web Services (AWS), and Amazon started
providing storage and computation over the internet. In 2006 Amazon launched
Elastic Compute Cloud Commercial Service which is open for Everybody to use.
 History of Cloud Computing
11

• After that in 2009, Google Play also started providing Cloud Computing Enterprise
Applications, as the other companies see the emergence of cloud Computing, they
also started providing their cloud services. Thus, in 2009, Microsoft launched
Microsoft Azure and after that other companies like Alibaba, IBM, Oracle, and
HP also introduces their Cloud Services. Today Cloud Computing become a very
popular and important skill.
 Disadvantages of Client-Server Architecture
12

• Network Traffic Congestion: The main disadvantage of a client-server model is

the danger of a system overload owing to a lack of resources to service all of the
clients. If too many different clients try to connect to the shared network at the same
time, the connection may fail or slow down. Additionally, if the internet connection
is down, any website or client in the world will be unable to access the information.
Large businesses may be at risk if they are unable to get important information.
• High Cost: In client-server networks, the cost of setting up and maintaining the
server is typically higher than the cost of running the network. The networks might
be expensive to buy because of their strength. The users won't all be able to afford
them as a result.
• Robustness: The whole network will be interrupted if the primary server
experiences failure or interference. Client-server networks lack hence in terms of
resilience since client-server networks are centralized.
 Disadvantages of Client-Server Architecture
13

• Maintenance Difficulty: When the servers are put in place, they will run
continuously, which implies they need to receive the necessary care. If there are any
mistakes, they must be fixed right away without further delay. As a result, a
qualified network manager should be hired to look after the server.
• Unacquirable Resources: Not all of the resources on the server are available for
acquisition. For instance, you cannot immediately print a document from the web or
change any information stored on the client's hard drive.
 Disadvantages of Distributed Computing
14

 Complexity- Distributed computing systems are more difficult to deploy, maintain

and troubleshoot/debug than their centralized counterparts. The increased
complexity is not only limited to the hardware as distributed systems also need
software capable of handling security and communications.

 Higher Initial Cost-The deployment cost of distribution is higher than a single

system. Increased processing overhead due to additional computation and exchange
of information also adds up to the overall cost.

 Security Concerns- Data access can be controlled fairly easily in a centralized

computing system, but it’s not an easy job to manage the security of distributed
systems. Not only the network itself has to be secured, users also need to control
replicated data across multiple locations.
Difference between Distributed Computing
and Cloud Computing
15

Cloud Computing Distributed Computing

Cloud computing refers to providing on- Distributed computing refers to solving a
demand IT resources/services like servers, problem over distributed autonomous
storage, database, networking, analytics, computers and they communicate between
software, etc. over the internet. them over a network.
In simple cloud computing can be said as a Simple distributed computing can be said as a
computing technique that delivers hosted computing technique that allows multiple
services over the internet to its computers to communicate and work to solve
users/customers. a single problem.
Cloud computing provides services such as Distributed computing helps to achieve
hardware, software, networking resources computational tasks faster than using a single
through internet. computer as it takes a lot of time.
The goal of cloud computing is to provide The goal of distributed computing is to
on-demand computing services over the distribute a single task among multiple
internet on pay per use model. computers and to solve it quickly by
maintaining coordination between them.
 Cloud Services Models
16

• Software as a Service (SaaS)

 The capability provided to the consumer is to use the provider’s applications
running on a cloud infrastructure. The applications are accessible from various
client devices through either a thin client interface, such as a web browser (e.g.,
web-based email), or a program interface.

• The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited user-specific
application configuration settings.
• E.g.: Google Spread Sheet
 Cloud Services Models
17

Platform as a Service (PaaS)

The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider.

The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed
applications and possibly configuration settings for the application-hosting
environment.
 Cloud Services Models
18

Cloud Infrastructure as a Service (IaaS)

The capability provided to provision processing, storage, networks, and other

fundamental computing resources
Consumers can deploy and run arbitrary software
E.g.: Amazon Web Services and Flexi scale.
 Cloud Services Models
19
 Types of Cloud (Deployment Models)
20

Private cloud.

The cloud infrastructure is provisioned for exclusive use by a single organization

comprising multiple consumers (e.g., business units). It may be owned, managed, and
operated by the organization, a third party, or some combination of them, and it may
exist on or off premises.
 Types of Cloud (Deployment Models)
21

Community cloud

The cloud infrastructure is provisioned for exclusive use by a specific community of

consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned, managed, and
operated by one or more of the organizations in the community, a third party, or some
combination of them, and it may exist on or off premises.
 Types of Cloud (Deployment Models)
22

Public cloud.

The cloud infrastructure is provisioned for open use by the general public. It may be
owned, managed, and operated by a business, academic, government organization, or
some combination of them. It exists on the premises of the cloud provider.
 Types of Cloud (Deployment Models)
23

Hybrid cloud.

The cloud infrastructure is a composition of two or more distinct cloud infrastructures

(private, community, or public) that remain unique entities, but are bound together by
standardized or proprietary technology that enables data and application portability
(e.g., cloud bursting for load balancing between clouds).
 Advantages of Cloud Computing
24

Lower computer costs:

•

– No need for a high-powered and high-priced computer to run cloud

computing’s web-based applications.
– Since applications run in the cloud, not on the desktop PC, your desktop PC
does not need the processing power or hard disk space demanded by traditional
desktop software.
– When you are using web-based applications, your PC can be less expensive,
with a smaller hard disk, less memory, more efficient processor...
– In fact, your PC in this scenario does not even need a CD or DVD drive, as no
software programs have to be loaded and no document files need to be saved.
 Advantages of Cloud Computing
25

•Improved performance:
– With a few large programs hogging your computer's memory, you will see
better performance from your PC.
– Computers in a cloud computing system boot and run faster because they have
fewer programs and processes loaded into memory.
•Reduced software costs:

– Instead of purchasing expensive software applications, you can get most of

what you need for free.
• most cloud computing applications today, such as the Google Docs suite are
better than paying for similar commercial software.
Advantages of Cloud Computing

• Instant software updates

– Another advantage to cloud computing is that you are no longer faced with
choosing between obsolete software and high upgrade costs.
– When the application is web-based, updates happen automatically
– When you access a web-based application, you get the latest version without
needing to pay for or download an upgrade.

• Improved document format compatibility. 26

– You do not have to worry about the documents you create on your machine
being compatible with other users' applications or OS.
– There are less format incompatibilities when everyone is sharing documents
and applications in the cloud.
 Advantages of Cloud Computing

• Unlimited storage capacity

– Cloud computing offers virtually limitless storage.
– Your computer's current 1 Tera Bytes hard drive is small compared to the
hundreds of Peta Bytes available in the cloud.
• Increased data reliability
– Unlike desktop computing, in which if a hard disk crashes and destroy all
your valuable data, a computer crashing in the cloud should not affect the
storage of your data. 27
• If your personal computer crashes, all your data is still out there in the
cloud, still accessible
– In a world where few individual desktop PC users back up their data on a
regular basis, cloud computing is a data-safe computing platform. For e.g.
Dropbox, Skydrive
 Advantages of Cloud Computing

• Universal information access

– That is not a problem with cloud computing, because you do not take your
documents with you.
– Instead, they stay in the cloud, and you can access them whenever you have a
computer and an Internet connection
– Documents are instantly available from wherever you are.
• Latest version availability
– When you edit a document at home, that edited version is what you see 28when
you access the document at work.
– The cloud always hosts the latest version of your documents as long as you are
connected, you are not in danger of having an outdated version.
Advantages of Cloud Computing

• Easier group collaboration

– Sharing documents leads directly to better collaboration.
– Many users do this as it is an important advantage of cloud computing
Multiple users can collaborate easily on documents and projects
• Device independence
– You are no longer tethered to a single computer or network.
– Changes to computers, applications, and documents follow you through the
cloud. 29

– Move to a portable device, and your applications and documents are still
available.
Disadvantages of Cloud Computing

• Requires a constant internet connection

– Cloud computing is impossible if you cannot connect to the Internet.
– Since you use the Internet to connect to both your applications and
documents if you do not have an Internet connection you cannot access
anything, even your own documents.
– A dead Internet connection means no work and in areas where Internet
connections are few or inherently unreliable, this could be a deal-breaker.
• Does not work well with low-speed connections 30

– Similarly, a low-speed Internet connection, such as that found with dial-up

services, makes cloud computing painful at best and often impossible.
– Web-based applications require a lot of bandwidth to download, as do large
documents.
Disadvantages of Cloud Computing

• Features might be limited

– This situation is bound to change, but today many web-based
applications simply are not as full-featured as their desktop-based
applications.
• For example, you can do a lot more with Microsoft PowerPoint
than with Google Presentation's web-based offering
• Can be slow
– Even with a fast connection, web-based applications can sometimes be
slower than accessing a similar software program on your desktop PC.
– Everything about the program, from the interface to the current31
document, has to be sent back and forth from your computer to the
computers in the cloud.
– If the cloud servers happen to be backed up at that moment, or if the
Internet is having a slow day, you would not get the instantaneous
access you might expect from desktop applications.
 Disadvantages of Cloud Computing

• Stored data might not be secured

– With cloud computing, all your data is stored in the cloud.
• The question is How secure is the cloud?
– Can unauthorized users gain access to your confidential data?

• Stored data can be lost!

– Theoretically, data stored in the cloud is safe and replicated across multiple
32
machines.
– But on the off chance that your data goes missing, you have no physical or
local backup.
• Put simply, relying on the cloud puts you at risk if the cloud lets you
down.
 Risk in Cloud Computing

Data Loss
Data loss is the most common cloud security risk of cloud computing. It is also
known as data leakage. Data loss is the process in which data is deleted, corrupted,
and unreadable by a user, software, or application. In a cloud computing
environment, data loss occurs when our sensitive data is in somebody else’s hands,
one or more data elements can not be utilized by the data owner, the hard disk is not
working properly, and the software is not updated.

Hacked Interfaces and Insecure APIs

As we all know, cloud computing completely depends on the Internet, so 33 it is
compulsory to protect interfaces and APIs that are used by external users. APIs are
the easiest way to communicate with most cloud services. In cloud computing, few
services are available in the public domain. These services can be accessed by third
parties, so there may be a chance that these services are easily harmed and hacked
by hackers.
 Risk in Cloud Computing

Data Breach
Data Breach is the process in which confidential data is viewed, accessed, or stolen
by a third party without any authorization, so an organization's data is hacked by
hackers.
Vendor lock-in
Vendor lock-in is the of the biggest security risks in cloud computing. Organizations
may face problems when transferring their services from one vendor to another. As
different vendors provide different platforms, that can cause difficulty moving from
one cloud to another.
Increased complexity strains IT staff 34

Migrating, integrating, and operating the cloud services is complex for the IT staff.
IT staff must require the extra capability and skills to manage, integrate, and
maintain the data in the cloud.
 Risk in Cloud Computing
Spectre & Meltdown
Spectre & Meltdown allows programs to view and steal data that is currently
processed on the computer. It can run on personal computers, mobile devices, and in
the cloud. It can store the password, and your personal information such as images,
emails, and business documents in the memory of other running programs.
Denial of Service (DoS) attacks
Denial of service (DoS) attacks occur when the system receives too much traffic to
buffer the server. Mostly, DoS attackers target web servers of large organizations
such as banking sectors, media companies, and government organizations. To
recover the lost data, DoS attackers charge a great deal of time and money to handle
35
the data.
Account hijacking
Account hijacking is a serious security risk in cloud computing. It is the process in
which an individual user's or organization's cloud account (bank account, e-mail
account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.
Applications of Cloud Computing

• Mail and Messaging

• Archiving
• Backup
• Storage
• Security
• Virtual Servers
• CRM (Customer Relationship Management) 36
• Collaboration across enterprises
• Hosted PBX (Private Branch Exchange)
• Video Conferencing
 Online Social Networks and Applications
•Social networks can be hosted in a cloud environment, and scalable apps can be used.

•Via storing heavy multimedia content in cloud storage systems, social networks help
improves Internet usability. Vendors of cloud computing, such as Salesforce and
Amazon, currently provide numerous services, including Customer Relationship
Management (CRM) and Enterprise Resource Planning (ERP). When they deliver
these items through cloud storage, without buying standalone software or hardware,
consumers can use the simplicity and scalability of the system.

•Cloud storage is useful in the event of a catastrophe by reducing the expense of data
backup and recovery. 37

•Social networks and messaging applications such as Snapchat rely on anonymity and
will potentially use these tools to provide their users with a more reliable and faster
service.

•For data analytics, social networks use cloud computing.

 IaaS Economics
In house server Cloud server
Purchase Cost $9600 (x86,3QuadCore,12GB RAM, 0
300GB HD)

Cost/hr (over 3 years) $0.36 $0.68

Cost ratio: Cloud/In house 1.88

Efficiency 40% 80%

Cost/Effective hr $0.90 $0.85

38
Power and cooling $0.36 0

Management Cost $0.10 $0.01

Total cost/effective hr $1.36 $0.86

Cost ratio: In house/Cloud 1.58

Source: Enterprise Cloud Computing by Gautam Shroff
Benefits for Small and Medium Businesses
(<250 employees)

39

Source: http://www.microsoft.com/en-us/news/presskits/telecom/docs/SMBCloud.pdf
Benefits for the end user while using public
cloud

• High utilization
• High scalability
• No separate hardware procurement
• No separate power cost
• No separate IT infrastructure administration/maintenance required
• Public clouds offer user friendly SLA by offering high availability (~99%) and
40
also provide compensation in case of SLA miss
• Users can rent the cloud to develop and test prototypes before making major
investments in technology
Benefits for the end user while using
public cloud

• In order to enhance portability from one public cloud to another, several

organizations such as Cloud Computing Interoperability Forum and Open
Cloud Consortium are coming up with standards for portability.
• For e.g. Amazon EC2 and Eucalyptus share the same API interface.

• Software startups benefit tremendously by renting computing and storage 41

infrastructure on the cloud instead of buying them as they are uncertain

about their own future.
Benefits of private cloud

• Cost of 1 server with 12 cores and 12 GB RAM is far lower than the cost
of 12 servers having 1 core and 1 GB RAM.
• Confidentiality of data is preserved
• Virtual machines are cheaper than actual machines 42
• Virtual machines are faster to provision than actual machines
 Economics of PaaS vs
IaaS

• Consider a web application that needs to be available 24X7, but

where the transaction volume is unpredictable and can vary rapidly
• Using an IaaS cloud, a minimal number of servers would need to be
provisioned at all times to ensure availability
• In contrast, merely deploying the application on the PaaS cloud costs
nothing. Depending upon the usage, costs are incurred.
43
• The PaaS cloud scales automatically to successfully handle increased
requests to the web application.

Source: Enterprise Cloud Computing by Gautam

Shroff
PaaS benefits

• No need for the user to handle scaling and load balancing of requests
among virtual machines
• PaaS clouds also provide a web-based Integrated Development
Environment for the development and deployment of applications on the
PaaS cloud.
• Easier to migrate code from the development environment to the actual
production environment. 44

• Hence developers can directly write applications on the cloud and

don’t have to buy separate licenses of IDE.
SaaS benefits

• Users subscribe to web services and web applications instead of buying

and licensing software instances.
• For e.g. Google Docs can be used for free, instead of buying document
reading software such as Microsoft Word.
• Enterprises can use web-based SaaS Content Relationship Management
applications, instead of buying servers and installing CRM software
45
and associated databases on them.
Customer relationship management
Benefits, as perceived by the IT industry

46
 Factors driving investment in cloud

47

Source:
http://www.cloudtweaks.com/2012/01/infographic-whats-driving-investment-in-cloud-
Factors driving investment in cloud

48

Source:
http://www.cloudtweaks.com/2012/01/infographic-whats-driving-investment-in-cloud-computing/
Purpose of cloud computing in
organizations

• Providing an IT platform for business processes involving multiple

organizations
• Backing up data
• Running CRM, ERP, and chain management applications
• Providing personal productivity and collaboration tools to employees
• Developing and testing software
• Storing and archiving large files (e.g., video or audio) 49

• Analyzing customer or operations data

• Running e-business or e-government websites

Source:
http://askvisory.com/research/key-drivers-of-cloud-computing-activity/
Amazon Web Services (AWS)

AWS (Amazon Web Services) is a comprehensive, evolving cloud computing

platform provided by Amazon that includes a mixture of infrastructure-as-a-service (
IaaS), platform-as-a-service (PaaS), and packaged-software-as-a-service (SaaS)
offerings. AWS services can offer tools such as compute power, database storage,
and content delivery services to an organization.

50
Amazon.com Web Services launched its first web services in 2002 from the internal
infrastructure that Amazon.com built to handle its online retail operations. In 2006, it
began offering its defining IaaS services. AWS was one of the first companies to
introduce a pay-as-you-go cloud computing model that scales to provide users with
computing, storage, or throughput as needed.
Amazon Web Services (AWS)

Groups such as government agencies, education institutions, non-profits, and private

organizations can use AWS services.

How AWS works

AWS is separated into different services; each can be configured in different ways
based on the user's needs. Users can see configuration options and individual server
51
maps for an AWS service.
Services provided by AWS
• compute
• storage
• databases
• data management
• migration
• hybrid cloud
• networking
• development tools
• management
• monitoring
• security 52
• governance
• Big data management
• analytics
• artificial intelligence (AI)
• mobile development
• messages and notification
Amazon Elastic Compute Cloud (Amazon
EC2)

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing

capacity in the Amazon Web Services (AWS) Cloud.

Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can
develop and deploy applications faster.

You can use Amazon EC2 to launch as many or as few virtual servers as you need,
configure security and networking, and manage storage. 53

Amazon EC2 enables you to scale up or down to handle changes in requirements or

spikes in popularity, reducing your need to forecast traffic.
Features of Amazon EC2
•Virtual computing environments, known as instances

•Preconfigured templates for your instances, known as Amazon Machine Images

(AMIs), that package the bits you need for your server (including the operating
system and additional software)

•Various configurations of CPU, memory, storage, and networking capacity for your
instances, known as instance types

•Secure login information for your instances using key pairs (AWS stores the public
key, and you store the private key in a secure place) 54

•Storage volumes for temporary data that are deleted when you stop, hibernate, or
terminate your instance, known as instance store volumes

•Persistent storage volumes for your data using Amazon Elastic Block Store
(Amazon EBS), known as Amazon EBS volumes
Features of Amazon EC2

• Multiple physical locations for your resources, such as instances and Amazon EBS
volumes, known as Regions and Availability Zones

• A firewall that enables you to specify the protocols, ports, and sources IP ranges
that can reach your instances using security groups

• Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses

• Metadata, known as tags, that you can create and assign to your Amazon EC2 55
resources

• Virtual networks you can create that are logically isolated from the rest of the AWS
Cloud and that you can optionally connect to your own network, known as virtual
private clouds (VPCs)
Assignment Question

•Explain Cloud computing?

•Difference between Cloud computing, Client-Server Architecture, and Distributed
computing.
•Explain the cloud computing service models?
•Explain the cloud computing deployment models?
•Explain why SMIs are migrating to cloud computing?
•Short notes on AWS and Amazon EC2.

56
(Second Module)
Cloud Computing
Architecture

Computer Science Engineering

Major building blocks of Cloud
Computing Architecture

58

Source:
http://www.sei.cmu.edu/library/assets/presentations/Cloud%20Computing%20Architecture%20-%20Gerald%20Kaefer.pdf
Context: High Level Architectural
Approach
 Technical Architecture

– Structuring according to XaaS stack

– Adopting cloud computing paradigms
– Structuring cloud services and cloud components
– Showing relationships and external endpoints
– Middleware and communication
– Management and security

 Deplpyment Operation Architecture: 59

– Geo-location check (Legal issues, export control)

– Operation and Monitoring
Cloud Computing Architecture - XaaS

60
XaaS Stack views: Customer view vs
Provider view

61

Source:
http://www.sei.cmu.edu/library/assets/presentations/Cloud%20Computing%20Architecture%20-%20Gerald%20Kaefer.pdf
Microsoft Azure vs Amazon EC2

62

Source:
http://www.sei.cmu.edu/library/assets/presentations/Cloud%20Computing%20Architecture%20-%20Gerald%20Kaefer.pdf
Architecture for elasticity

63

Source: http://www.sei.cmu.edu/library/assets/presentations/Cloud%20Computing%20Architecture%20-%20Gerald
%20Kaefer.pdf
Service Models (XaaS)

 Combination of Service-Oriented Infrastructure (SOI) and cloud

computing realizes to XaaS.
 X as a Service (XaaS) is a generalization for cloud-related services
 XaaS stands for "anything as a service" or "everything as a service“
 XaaS refers to an increasing number of services that are delivered over
the Internet rather than provided locally or on-site 64
 XaaS is the essence of cloud computing.
Service Models (XaaS)

65
Service Models (XaaS)

66

Source: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim Mather and Subra
Kumaraswamy
Service Models (XaaS)

⚫ Most common examples of XaaS are

 Software as a Service (SaaS)
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)

⚫ Other examples of XaaS include

 Business Process as a Service (BPaaS)
 Storage as a service (another SaaS)
 Security as a service (SECaaS)
 Database as a service (DaaS)
67
 Monitoring/management as a service (MaaS)
 Communications, content and computing as a service (CaaS)
 Identity as a service (IDaaS)
 Backup as a service (BaaS)
 Desktop as a service (DaaS)
Requirements of CSP (Cloud Service
Provider)

• Increase productivity
• Increase end user satisfaction
• Increase innovation
• Increase agility 68
Service Models (XaaS)

• Broad network access (cloud) + resource pooling (cloud) + business-driven

69
infrastructure on-demand (SOI) + service- orientation (SOI) = XaaS
• Xaas fulfils all the 4 demands!

Source: Understanding the Cloud Computing Stack: PaaS, SaaS, IaaS © Diversity
Limited, 2011
 Classical Service Model

 All the Layers(H/W, Operating System,

Development, Tools, Applications) Managed by the
user.
 Users bear the costs of the hardware, maintenance,
and technology.
 Each system is designed and funded for a specific
business activity: custom build-to-order.
 Systems are deployed as a vertical stack of “layers”
which are tightly coupled, so no single part can be 70
easily replaced or changed.
 Prevalent of manual operations for provisioning, and
management.

Source: Dragan , “XaaS as a Modern Infrastructure for eGoverement Busines Model in

the Republic of Croatia”
The key impact of cloud computing on IT
function: From Legacy IT to Evergreen IT

Simplified IT Simplified IT
Stack Stack
End-user devices End-user devices

Application Application

Dedicated Dedicated Infrastructure

Infrastructure
71
Legacy Evergreen
IT IT
Classic Model vs XaaS

72
Client Server Architecture

73

Source:Wikiped
ia
 Client Server Architecture

• Consists of one or more load-balanced servers servicing requests sent by the

clients
• Clients and servers exchange message in a request-response fashion
• Client is often a thin client or a machine with low computational capabilities
• Server could be a load-balanced cluster or a stand-alone machine. 74
Three-Tier Client-Server Architecture

75

Source:
Wikipedia
Client Server model vs. Cloud
model

Client-server model Cloud computing model

• Simple service model where • Variety of complex service

server services client requests models, such as, IaaS, PaaS,
• May/may not be load balanced SaaS can be provided
• Load balanced
• Scalable to some extent in a
• Theoretically infinitely scalable 76
cluster environment.
• No concept of virtualization • Virtualization is the core
concept
Cloud Services

77

Source :
http://www.opengroup.org/soa/source-book/socci/extend.htm#figure2
Cloud service models

78

Source: http://www.cs.helsinki.fi/u/epsavola/seminaari/Cloud%20Service
Simplified description of cloud service
models

 SaaS applications are designed for end users and are delivered over the web
 PaaS is the set of tools and services designed to make coding and deploying
applications quickly and efficiently
 IaaS is the hardware and software that powers it all – servers, storage,
network, operating systems
79

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
 Transportation Analogy

• By itself, infrastructure isn’t useful – it just sits there waiting for someone to
make it productive in solving a particular problem. Imagine the Interstate
transportation system in the U.S. Even with all these roads built, they
wouldn’t be useful without cars and trucks to transport people and goods. In
this analogy, the roads are the infrastructure and the cars and trucks are the
platforms that sit on top of the infrastructure and transport the people and
goods. These goods and people might be considered software and
information in the technical realm. 80

Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf
Software as a Service

• SaaS is defined as software that is deployed over the internet. With SaaS,
a provider licenses an application to customers either as a service on
demand, through a subscription, in a “pay-as-you-go” model, or
(increasingly) at no charge when there is an opportunity to generate
revenue from streams other than the user, such as from advertisement or
user list sales.
81

Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-
Stack.pdf
 SaaS characteristics

• Software is managed from a central location

• Software is delivered in a ‘one to many’ model
• Users are not required to handle software upgrades and patches
• Application Programming Interfaces (API) allow for integration between82
different pieces of software.

Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-
Stack.pdf
 Applications where SaaS is used

• Applications where there is significant interplay between the organization and

the outside world. E.g. email newsletter campaign software
• Applications that have a need for web or mobile access. E.g. mobile sales
management software
• Software that is only to be used for a short-term need.
• Software where demand spikes significantly.E.g. Tax/Billing
83
• E.g. of SaaS: Sales Force Customer Relationship Management (CRM)
software

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Applications where SaaS may not be
the best option

• Applications where extremely fast processing of real-time data is needed

• Applications where legislation or other regulation does not permit data to be
hosted externally
• Applications where an existing on-premise solution fulfills all of the
organization’s needs
84

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Platform as a Service

• Platform as a Service (PaaS) brings the benefits that SaaS bought for
applications, but over to the software development world. PaaS can be
defined as a computing platform that allows the creation of web
applications quickly and easily and without the complexity of buying and
maintaining the software and infrastructure underneath it.
• PaaS is analogous to SaaS except that, rather than being software delivered
over the web, it is a platform for the creation of software, delivered over
the web. 85

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Characteristics of PaaS

 Services to develop, test, deploy, host, and maintain applications in the same
integrated development environment. All the varying services needed to
fulfill the application development process.
 Web-based user interface creation tools help to create, modify, test, and
deploy different UI scenarios.
 Multi-tenant architecture where multiple concurrent users utilize the same
development application.
 Built in the scalability of deployed software including load balancing and
failover. 86
 Integration with web services and databases via common standards.
 Support for development team collaboration – some PaaS solutions include
project planning and communication tools.
 Tools to handle billing and subscription management
Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf
Scenarios where PaaS is used

 PaaS is especially useful in any situation where multiple developers will be

working on a development project or where other external parties need to
interact with the development process
 PaaS is useful where developers wish to automate testing and
deployment services.
 The popularity of agile software development, a group of software development
methodologies based on iterative and incremental development, will also
increase the uptake of PaaS as it eases the difficulties around rapid development
87
and iteration of the software.
 PaaS Examples: Microsoft Azure, Google App Engine
Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf
Scenarios where PaaS is not ideal

• Where the application needs to be highly portable in terms of where it is

hosted.
• Where proprietary languages or approaches would impact the
development process
• Where application performance requires customization of the underlying
hardware and software
88

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Infrastructure as a Service

• Infrastructure as a Service (IaaS) is a way of delivering Cloud Computing

infrastructure – servers, storage, network, and operating systems– as an
on-demand service.
• Rather than purchasing servers, software, data center space, or network
equipment, clients instead buy those resources as a fully outsourced
service on demand.
89

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Characteristics of IaaS

• Resources are distributed as a service

• Allows for dynamic scaling
• Has a variable cost, utility pricing model
• Generally includes multiple users on a single piece of hardware

90

Source:
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
Scenarios where IaaS makes
sense

 Where demand is very volatile – any time there are significant spikes
and troughs in terms of demand for the infrastructure
 For new organizations without the capital to invest in hardware
 Where the organization is growing rapidly and scaling hardware would be
problematic
 Where there is pressure on the organization to limit capital expenditure
91
and move to operating expenditure
 For specific lines of business, trial, or temporary infrastructural needs
 Scenarios where IaaS may not be the best
option

• Where regulatory compliance makes the offshoring or outsourcing of data

storage and processing difficult
• Where the highest levels of performance are required, and on-premise or
dedicated hosted infrastructure has the capacity to meet the organization’s
needs
 Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf
92
SaaS providers

93

Source: http://www.cs.helsinki.fi/u/epsavola/seminaari/Cloud%20Service
%20Models.pdf
Feature comparison of PaaS
providers

94

Source: http://www.cs.helsinki.fi/u/epsavola/seminaari/Cloud%20Service
%20Models.pdf
Feature comparison of IaaS providers

95

Source: http://www.cs.helsinki.fi/u/epsavola/seminaari/Cloud%20Service
%20Models.pdf
XaaS

Saa PaaS Iaa

S S Applications
Applications Applications
Data Data Data
Runtime Runtime Runtime
Managed by service provider

Middleware Middleware Middleware

Managed by service provider

Managed by service provider

O/S O/S O/S
Virtualization Virtualization Virtualization
Servers Servers Servers
Storage Storage Storage
Network Network Network

96
Role of Networking in cloud
computing

• In cloud computing, network resources can be provisioned dynamically.

• Some of the networking concepts that form the core of cloud computing are
Virtual Local Area Networks, Virtual Private Networks, and the different
protocol layers.
• Examples of tools that help in setting up different network topologies and
facilitate various network configurations are OpenSSH, OpenVPN, etc.
Source: http://www.slideshare.net/alexamies/networking-concepts-and-tools-for-the-cloud
97
Networking in different cloud models

98

Source: http://www.slideshare.net/alexamies/networking-concepts-and-tools-for-
the-cloud
Deployment Models

• Public Cloud
• Private Cloud
• Hybrid Cloud
• Community Cloud
99
 Public Cloud

 Cloud infrastructure is provisioned for open use by the general public. It may
be owned, managed, and operated by a business, academic, government
organization, or some combination of them. It exists on the premises of the
cloud provider.

 Examples of Public Cloud:

 Google App Engine
 Microsoft Windows Azure
 IBM Smart Cloud
 Amazon EC2

Source:Marcus Hogue,Chris Jacobson,”Security of Cloud

Computing”
Public Cloud

• In a Public setting, the provider's computing and storage resources are

potentially large; the communication links can be assumed to be implemented
over the public Internet; and the cloud serves a diverse pool of clients (and
possibly attackers).

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “
 Public Cloud

• Workload locations are hidden from clients (public):

– In the public scenario, a provider may migrate a subscriber's workload,
whether processing or data, at any time.
– Workload can be transferred to data centers where cost is low
– Workloads in a public cloud may be relocated anywhere at any time
unless the provider has offered (optional) location restriction policies
• Risks from multi-tenancy (public):
– A single machine may be shared by the workloads of any combination of
subscribers (a subscriber's workload may be co-resident with the
workloads of competitors or adversaries)
• Introduces both reliability and security risk
Public Cloud

• Organizations considering the use of an on-site private cloud

should consider:
– Network dependency (public):
• Subscribers connect to providers via the public Internet.
• Connection depends on Internet Infrastructure like
– Domain Name System (DNS) servers
– Router infrastructure,
– Inter-router links
Public Cloud

• Limited visibility and control over data regarding security (public):

– The details of provider system operation are usually considered
proprietary information and are not divulged to subscribers.
– In many cases, the software employed by a provider is usually proprietary
and not available for examination by subscribers
– A subscriber cannot verify that data has been completely deleted from a
provider's systems.
• Elasticity: illusion of unlimited resource availability (public):
– Public clouds are generally unrestricted in their location or size.
– Public clouds potentially have a high degree of flexibility in the
movement of subscriber workloads to correspond with available
resources.
Public Cloud

• Low up-front costs to migrate into the cloud (public)

• Restrictive default service level agreements (public):
– The default service level agreements of public clouds specify
limited promises that providers make to subscribers
 Private Cloud

• The cloud infrastructure is provisioned for exclusive use by a single

organization comprising multiple consumers (e.g., business units). It may
be owned, managed, and operated by the organization, a third party, or
some combination of them, and it may exist on or off premises.

• Examples of Private Cloud:

– Eucalyptus
– Ubuntu Enterprise Cloud - UEC
– Amazon VPC (Virtual Private Cloud)
– VMware Cloud Infrastructure Suite
– Microsoft ECI data center.
 Private Cloud

• Contrary to popular belief, a private cloud may exist off-premises and can be
managed by a third party. Thus, two private cloud scenarios exist, as follows:
• On-site Private Cloud
– Applies to private clouds implemented at a customer’s premises.
• Outsourced Private Cloud
– Applies to private clouds where the server side is outsourced to a hosting
company.
On-site Private Cloud

 The security perimeter extends around both the subscriber’s on-site

resources and the private cloud’s resources.
 Security perimeter does not guarantee control over the private cloud’s
resources but subscribers can exercise control over the resources.

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “
On-site Private Cloud

• Organizations considering the use of an on-site private cloud should consider:

– Network dependency (on-site-private):

– Subscribers still need IT skills (on-site-private):

• Subscriber organizations will need the traditional IT skills required to
manage user devices that access the private cloud and will require to
cloud IT skills as well.
– Workload locations are hidden from clients (on-site-private):
• To manage a cloud's hardware resources, a private cloud must be able to
migrate workloads between machines without inconveniencing clients.
With an on-site private cloud, however, a subscriber organization
chooses the physical infrastructure, but individual clients still may not
know where their workloads physically exist within the subscriber
organization's infrastructure
On-site Private Cloud

• Risks from multi-tenancy (on-site-private):

– Workloads of different clients may reside concurrently on the same
systems and local networks, separated only by access policies
implemented by a cloud provider's software. A flaw in the software or the
policies could compromise the security of a subscriber organization by
exposing client workloads to one another
• Data import/export, and performance limitations (on-site-private):
– On-demand bulk data import/export is limited by the on-site private
cloud's network capacity, and real-time or critical processing may be
problematic because of networking limitations.
On-site Private Cloud

• Potentially strong security from external threats (on-site-private):

– In an on-site private cloud, a subscriber has the option of implementing an
appropriately strong security perimeter to protect private cloud resources
against external threats to the same level of security as can be achieved for
non-cloud resources.
• Significant-to-high up-front costs to migrate into the cloud (on-site-
private):
– An on-site private cloud requires that cloud management software be
installed on computer systems within a subscriber organization. If the
cloud is intended to support process-intensive or data-intensive workloads,
the software will need to be installed on numerous commodity systems 11 or
1
on a more limited number of high-performance systems. Installing cloud
software and managing the installations will incur significant up-front
costs, even if the cloud software itself is free, and even if much of the
hardware already exists within a subscriber organization.
On-site Private Cloud

• Limited resources (on-site-private):

– An on-site private cloud, at any specific time, has a fixed computing and
storage capacity that has been sized to correspond to anticipated workloads
and cost restrictions.
Outsourced Private Cloud
• Outsourced private cloud has two security perimeters, one implemented
by a cloud subscriber (on the right) and one implemented by a provider.
• Two security perimeters are joined by a protected communications link.
• The security of data and processing conducted in the outsourced private cloud
depends on the strength and availability of both security perimeters and the
protected communication link.
 Outsourced Private Cloud

• Organizations considering the use of an outsourced private cloud should

consider:
– Network Dependency (outsourced-private):
• In the outsourced private scenario, subscribers may have the option to
provision unique protected, and reliable communication links with the
provider.
– Workload locations are hidden from clients (outsourced-private):
– Risks from multi-tenancy (outsourced-private):
• The implications are the same as those for an on-site private cloud.
Outsourced Private Cloud

• Data import/export, and performance limitations (outsourced-private):

– On-demand bulk data import/export is limited by the network capacity
between a provider and subscriber, and real-time or critical processing may be
problematic because of networking limitations. In the outsourced private cloud
scenario, however, these limits may be adjusted, although not eliminated, by
provisioning high-performance and/or high-reliability networking between the
provider and subscriber.
• Potentially strong security from external threats (outsourced-private):
– As with the on-site private cloud scenario, a variety of techniques exist to
harden a security perimeter. The main difference with the outsourced private
cloud is that the techniques need to be applied both to a subscriber's perimeter
and the provider's perimeter and that the communications link needs to be
protected.
 Outsourced Private Cloud

• Modest-to-significant up-front costs to migrate into the cloud (outsourced-

private):
– In the outsourced private cloud scenario, the resources are provisioned by the
provider
– Main start-up costs for the subscriber relate to:
• Negotiating the terms of the service level agreement (SLA)
• Possibly upgrading the subscriber's network to connect to the outsourced
private cloud
• Switching from traditional applications to cloud-hosted applications,
• Porting existing non-cloud operations to the cloud
• Training
Outsourced Private Cloud

• Extensive resources available (outsourced-private):

– In the case of the outsourced private cloud, a subscriber can rent resources in any
quantity offered by the provider. Provisioning and operating computing
equipment at scale is a core competency of providers.
 Community Cloud

 Cloud infrastructure is provisioned for exclusive use by a specific community of

consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned,
managed, and operated by one or more of the organizations in the community, a
third party, or some combination of them, and it may exist on or off premises.
 Examples of Community Cloud:
⚫ Google Apps for Government
⚫ Microsoft Government Community Cloud
On-site Community Cloud

• Community cloud is made up of a set of participant organizations. Each

participant organization may provide cloud services, consume cloud
services, or both
• At least one organization must provide cloud services
• Each organization implements a security perimeter

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “
On-site Community Cloud

• The participant organizations are connected via links between the

boundary controllers that allow access through their security perimeters
• Access policy of a community cloud may be complex
– Ex. : if there are N community members, a decision must be made, either
implicitly or explicitly, on how to share a member's local cloud resources
with each of the other members
– Policy specification techniques like role-based access control (RBAC),
attribute-based access control can be used to express sharing policies.
 On-site Community Cloud

• Organizations considering the use of an on-site community cloud should consider:

– Network Dependency (on-site community):
• The subscribers in an on-site community cloud need to either provision
controlled inter-site communication links or use cryptography over a less
controlled communications media (such as the public Internet).
• The reliability and security of the community cloud depend on
the reliability and security of the communication links.
 On-site Community Cloud

• Subscribers still need IT skills (on-site-community).

– Organizations in the community that provides cloud resources, require
IT skills similar to those required for the on-site private cloud scenario
except that the overall cloud configuration may be more complex and
hence require a higher skill level.
– Identity and access control configurations among the participating
organizations may be complex
• Workload locations are hidden from clients (on-site-community):
– Participant Organizations providing cloud services to the community
cloud may wish to employ an outsourced private cloud as a part of its
implementation strategy.
 On-site Community Cloud

• Data import/export, and performance limitations (on-site-community):

– The communication links between the various participant organizations in
a community cloud can be provisioned to various levels of performance,
security, and reliability, based on the needs of the participant organizations.
The network-based limitations are thus similar to those of the outsourced-
private cloud scenario.
• Potentially strong security from external threats (on-site-community):
– The security of a community cloud from external threats depends on the
security of all the security perimeters of the participant organizations and
the strength of the communications links. These dependencies are
essentially similar to those of the outsourced private cloud scenario, but
with possibly more links and security perimeters.
On-site Community Cloud

• Highly variable up-front costs to migrate into the cloud (on-site-

community):
– The up-front costs of an on-site community cloud for a participant
organization depend greatly on whether the organization plans to consume
cloud services only or also to provide cloud services. For a participant
organization that intends to provide cloud services within the community
cloud, the costs appear to be similar to those for the on-site private cloud
scenario (i.e., significant-to- high).
Outsourced Community Cloud

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “
Outsourced Community Cloud

• Organizations considering the use of an on-site community cloud

should consider:
• Network dependency (outsourced community):
– The network dependency of the outsourced community cloud is similar to
that of the outsourced private cloud. The primary difference is that
multiple protected communications links are likely from the community
members to the provider's facility.
• Workload locations are hidden from clients (outsourced- community).
– Same as the outsourced private cloud
Outsourced Community Cloud

• Risks from multi-tenancy (outsourced-community):

– Same as the on-site community cloud
• Data import/export, and performance limitations (outsourced-
community):
– Same as outsourced private cloud
• Potentially strong security from external threats (outsourced-
community):
– Same as the on-site community cloud
• Modest-to-significant up-front costs to migrate into the cloud
(outsourced-community):
• Same as outsourced private cloud
Outsourced Community Cloud

• Extensive resources available (outsourced community).

– Same as outsourced private cloud
Hybrid Cloud

• The cloud infrastructure is a composition of two or more distinct cloud

infrastructures (private, community, or public) that remain unique entities,
but are bound together by standardized or proprietary technology that
enables data and application portability

• Examples of Hybrid Cloud:

– Windows Azure (capable of Hybrid Cloud)
– VMware vCloud (Hybrid Cloud Services)
Hybrid Cloud

• A hybrid cloud is composed of two or more private, community, or public

clouds.
• They have significant variations in performance, reliability, and security
properties depending upon the type of cloud chosen to build hybrid cloud.

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and
Recommendations “
Hybrid Cloud

• A hybrid cloud can be extremely complex

• A hybrid cloud may change over time with constituent clouds joining and
leaving.
(Second Module)
Cloud Computing
Virtualization

Computer Science Engineering

 Virtualization
133

 The dictionary includes many definitions for the word “cloud.”

 A cloud can be a mass of water droplets, gloom, an obscure area, or a mass
of similar particles such as dust or smoke.
 When it comes to cloud computing, the definition that best fits the context is
“a collection of objects that are grouped together.”
 It is that act of grouping or creating a resource pool that is what succinctly
differentiates cloud computing from all other types of networked systems.
 Virtualization
134

 The benefits of pooling resources to allocate them on demand are so compelling as

to make the adoption of these technologies a priority. Without resource pooling, it is
impossible to attain efficient utilization, provide reasonable costs to users, and
proactively react to demand.
Virtualization abstracts the physical resources such as processors, memory, disk,
and network capacity into virtual resources. When you use cloud computing, you are
accessing pooled resources using a technique called Virtualization.
 Virtualization
135

 Virtualization assigns a logical name for a physical resource and then provides a
pointer to that physical resource when a request is made.
 Virtualization provides a means to manage resources efficiently because the
mapping of virtual resources to physical resources can be both dynamic and
facile.
 Virtualization is dynamic in that the mapping can be assigned based on rapidly
changing conditions, and it is facile because changes to a mapping assignment
can be nearly instantaneous.
 Virtualization
136

Different types of virtualization that are characteristic of cloud computing:

Access: A client can request access to a cloud service from any location.
Application: A cloud has multiple application instances and directs requests to
an instance based on conditions.
 CPU: Computers can be partitioned into a set of virtual machines with each
machine being assigned a workload. Alternatively, systems can be virtualized
through load-balancing technologies.
Storage: Data is stored across storage devices and often replicated for
redundancy. To enable these characteristics, resources must be highly
configurable and flexible.
 Virtualization
137

Features in software and hardware that enable flexibility by conforming to

one or more of the following mobility patterns:

 P2V: Physical to Virtual

 V2V: Virtual to Virtual
 V2P: Virtual to Physical
 P2P: Physical to Physical
 D2C: Datacentre to Cloud
 C2C: Cloud to Cloud
 C2D: Cloud to Datacentre
 D2D: Datacentre to Datacentre
 Virtualization
138

Properties

 Service-based: A service-based architecture is where clients are abstracted

from service providers through service interfaces.
Scalable and elastic: Services can be altered to affect capacity and performance
on demand.
 Shared services: Resources are pooled in order to create greater efficiencies.
 Metered usage: Services are billed on a usage basis.
 Internet delivery: The services provided by cloud computing are based on
Internet protocols and formats.
 IaaS – Infrastructure as a Service

• What does a subscriber get?

– Access to virtual computers, network-accessible storage, network
infrastructure components such as firewalls, and configuration services.

• How are usage fees calculated?

13
– Typically, per CPU hour, data GB stored per hour, network bandwidth 9
consumed, network infrastructure used (e.g., IP addresses) per hour, value-
added services used (e.g., monitoring, automatic scaling)
 IaaS Provider/Subscriber Interaction
Dynamics

The provider has a number of available virtual machines

(vm’s) that it can allocate to clients.
– Client A has access to vm1 and vm2, Client B has access to vm3 and Client
C has access to vm4, vm5 and vm6
– Provider retains only vm7 through vmN

14
0

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and Recommendations
“
IaaS Component Stack and Scope of Control

• IaaS component stack comprises of hardware, operating system,

middleware, and applications layers.
• Operating system layer is split into two layers.
– Lower (and more privileged) layer is occupied by the Virtual Machine Monitor (VMM),
which is also called the Hypervisor
– Higher layer is occupied by an operating system running within a VM called a guest
operating system

14
1

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and Recommendations
“
IaaS Component Stack and Scope of
Control

• In IaaS Cloud provider maintains total control over the physical

hardware and administrative control over the hypervisor layer
• Subscriber controls the Guest OS, Middleware and Applications layers.
• Subscriber is free (using the provider's utilities) to load any supported
operating system software desired into the VM. 14
2
• Subscriber typically maintains complete control over the operation of the
guest operating system in each VM.
IaaS Component Stack and Scope of
Control

• A hypervisor uses the hardware to synthesize one or more Virtual Machines

(VMs); each VM is "an efficient, isolated duplicate of a real machine" .
• Subscriber rents access to a VM, the VM appears to the subscriber as actual
computer hardware that can be administered (e.g., powered on/off,
peripherals configured) via commands sent over a network to the provider.
14
3
 IaaS Cloud Architecture

• Logical view of IaaS cloud structure and operation

14
4

Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and Recommendations
“
IaaS Cloud
Architecture

• Three-level hierarchy of components in IaaS cloud systems

– Top level is responsible for central control
– Middle level is responsible for management of possibly large computer
clusters that may be geographically distant from one another
– Bottom level is responsible for running the host computer systems on
which virtual machines are created.
• Subscriber queries and commands generally flow into the system at the145 top
and are forwarded down through the layers that either answer the queries or
execute the commands
IaaS Cloud Architecture

• Cluster Manager can be geographically distributed

• Within a cluster manger computer manger is connected via high speed
network.
14
6
Operation of the Cloud Manager

• Cloud Manager is the public access point to the cloud where subscribers sign
up for accounts, manage the resources they rent from the cloud, and access
data stored in the cloud.
• Cloud Manager has mechanism for:
– Authenticating subscribers
– Generating or validating access credentials that subscriber uses when
communicating with VMs. 14
7
– Top-level resource management.
• For a subscriber’s request cloud manager determines if the cloud has enough
free resources to satisfy the request
Data Object Storage (DOS)

• DOS generally stores the subscriber’s metadata like user

credentials, operating system images.
• DOS service is (usually) single for a cloud.

14
8
Operation of the Cluster Managers

• Each Cluster Manager is responsible for the operation of a collection of

computers that are connected via high speed local area networks.
• Cluster Manager receives resource allocation commands and queries from
the Cloud Manager, and calculates whether part or all of a command can
be satisfied using the resources of the computers in the cluster.
• Cluster Manager queries the Computer Managers for the computers in the14
9
cluster to determine resource availability, and returns messages to the
Cloud Manager.
Operation of the Cluster Managers

• Directed by the Cloud Manager, a Cluster Manager then instructs the

Computer Managers to perform resource allocation, and reconfigures the
virtual network infrastructure to give the subscriber uniform access.
• Each Cluster Manager is connected to Persistent Local Storage (PLS).
• PLS provide persistent disk-like storage to Virtual Machine.
15
0
 Operation of the Computer Managers

• At the lowest level in the hierarchy computer manger runs on each computer
system and uses the concept of virtualization to provide Virtual Machines to
subscribers
• Computer Manger maintains status information including how many virtual
machines are running and how many can still be started
15
• Computer Manager uses the command interface of its hypervisor to start, stop,
1

suspend, and reconfigure virtual machines

 Virtualization

• Virtualization is a broad term (virtual memory, storage, network, etc)

Virtualization basically allows one computer to do the job of multiple
computers, by sharing the resources of a single hardware across multiple
environments

App. A App. B App. App. D

Virtual Virtual
C
Container Container
Operating App. A App. C

System App. B
Virtualization Layer
App. D

Hardware 15
2

Hardware
Virtualized system
‘Non-virtualized’ system
A single OS controls all hardware It makes it possible to run multiple Virtual Containers on
platform resources a single physical platform

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-
Virtualization

• Virtualization is way to run multiple operating systems and user applications on the
same hardware
– E.g., run both Windows and Linux on the same laptop
• How is it different from dualboot?
– Both OSes run simultaneously
• The OSes are completely isolated from each other

15
3
Hypervisor or Virtual Machine
Monitor

A hypervisor or virtual machine monitor runs the guest OS directly on the

CPU. (This only works if the guest OS uses the same instruction set as the host
OS.) Since the guest OS is running in user mode, privileged instructions must be
intercepted or replaced. This further imposes restrictions on the instruction set for
the CPU, as observed in a now-famous paper by Popek and Goldberg identify
three goals for a virtual machine architecture:
•Equivalence: The VM should be indistinguishable from the underlying hardware.
•Resource control: The VM should be in complete control of any virtualized 15
4
resources.
•Efficiency: Most VM instructions should be executed directly on the underlying
CPU without involving the hypervisor.

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
Hypervisor or Virtual Machine
Monitor

Popek and Goldberg describe (and give formal proof of) the requirements for the CPU's
instruction set to allow these properties. The main idea here is to classify instructions into
•privileged instructions, which cause a trap if executed in user mode, and
•sensitive instructions, which change the underlying resources (e.g. doing I/O or changing
the page tables) or observe information that indicates the current privilege level (thus
exposing the fact that the guest OS is not running on the bare hardware).
•The former class of sensitive instructions is called control sensitive and the latter
behavior sensitive in the paper, but the distinction is not particularly important.

What Popek and Goldberg show is that we can only run a virtual machine with all three
15
desired properties if the sensitive instructions are a subset of the privileged instructions.
5 If
this is the case, then we can run most instructions directly, and any sensitive instructions
trap to the hypervisor which can then emulate them (hopefully without much slowdown).
VMM and VM

Equivalence Resource
Control Efficiency

Privileged instructions
Control sensitive
Behavior sensitive

• For any conventional third generation computer, a VMM may be constructed15

if
the set of sensitive instructions for that computer is a subset of the set
6 of
privileged instructions
• A conventional third generation computer is recursively virtualizable if it is
virtualizable and a VMM without any timing dependencies can be constructed
for it.
Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
Load Balancing and Virtualization

• One characteristic of cloud computing is virtualized network access to a

service. No matter where you access the service, you are directed to the
available resources. The technology used to distribute service requests to
resources is referred to as load balancing.

• Load balancing is an optimization technique. it can be used to increase

utilization and throughput, lower latency, reduce response time, and avoid
system overload
• The following network resources can be load balanced:
a. Network interfaces and services such as 15
b. DNS, FTP, and HTTP 7
c. Connections through intelligent switches
d. Processing through computer system assignment
e. Storage resources
f. Access to application instances

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
Load Balancing and Virtualization

• Without load balancing, cloud computing would very difficult to manage.

• Load balancing provides the necessary redundancy to make an intrinsically
unreliable system reliable through managed redirection.
• It also provides fault tolerance when coupled with a failover mechanism.
• Load balancing is nearly always a feature of server farms and computer
clusters and for high-availability applications.
• A load-balancing system can use different mechanisms to assign service
15
direction. 8

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
Load BalancingMechanism

• In the simplest load-balancing mechanisms, the load balancer listens to a

network port for service requests.

• When a request from a client or service requester arrives, the load balancer
uses a scheduling algorithm to assign where the request is sent.
15
• Typical scheduling algorithms in use today are round robin and weighted round
9

robin, fastest response time, least connections and weighted least connections,
and custom assignments based on other factors.
Load Balancing Mechanism

• A session ticket is created by the load balancer so that subsequent related

traffic from the client that is part of that session can be properly routed to the
same resource.

• Without this session record or persistence, a load balancer would not be able to
correctly failover a request from one resource to another.

• Persistence can be enforced using session data stored in a database 16

and
0
replicated across multiple load balancers.

• Other methods can use the client's browser to store a client-side cookie or the
use of a rewrite engine that modifies the URL.
Load Balancing Mechanism

• Of all these methods, a session cookie stored on the client has the least amount
of overhead for a load balancer because it allows the load balancer an
independent selection of resources.

• The algorithm can be based on a simple round-robin system where the next
system in a list of systems gets the request. 16
1

• Round robin DNS is a common application, where IP addresses are assigned

out of a pool of available IP addresses. Google uses round-robin DNS
Approaches to Server Virtualization

16
2
Evolution of Software Solutions
• 1st Generation: Full 2nd Generation: • 3rd Generation: Silicon-
virtualization
• (Binary Para-virtualization based (Hardware-
rewriting) – Cooperative assisted) virtualization
– Software Based virtualization – Unmodified guest
– VMware and – Modified guest – VMware and Xen on
Microsoft – VMware, Xen virtualization-
Virtual
… Virtual
… aware hardware
Machine Machine VM VM
platforms
Virtual
Machine …
Virtual
Machine
Dynamic Translation Hypervisor
Hypervisor
Operating System
Hardware Hardware
Hardware 16
Virtualization Logic
3
Full Virtualization

Virtual Machine
Guest OS
Device Drivers

• 1st Generation offering of x86/x64 server

virtualization Emulated
• Dynamic binary translation
Hardware
– Emulation layer talks to an operating system which Host OS

talks to the computer hardware Device Drivers

– Guest OS doesn't see that it is used in an emulated

16
environment 4

• All of the hardware is emulated including the

CPU
• Two popular open source emulators are QEMU Hardware
and Bochs
Full Virtualization - Advantages

• Emulation layer
– Isolates VMs from the host OS and from each other
– Controls individual VM access to system resources, preventing an unstable
VM from impacting system performance
• Total VM portability
– By emulating a consistent set of system hardware, VMs have the ability to
transparently move between hosts with dissimilar hardware without any
problems 16
5
• It is possible to run an operating system that was developed for another
architecture on your own architecture
• A VM running on a Dell server can be relocated to a Hewlett-Packard
server

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
 Full Virtualization - Drawbacks

• Hardware emulation comes with a performance price

• In traditional x86 architectures, OS kernels expect to run privileged code in
Ring 0
– However, because Ring 0 is controlled by the host OS, VMs are forced to
execute
at Ring 1/3, which requires the VMM to trap and emulate instructions 16
6
• Due to these performance limitations, para-virtualization and hardware-
assisted virtualization were developed

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
 Para-Virtualization

Virtual Machine

Guest OS
• Guest OS is modified and thus run kernel- Device Drivers

level operations at Ring 1 (or 3)

Specialized API
– Guest is fully aware of how to process privileged Virtual Machine Monitor
instructions
– Privileged instruction translation by the VMM is no
Device Drivers
longer necessary Hypervisor
– Guest operating system uses a specialized API to talk to
the VMM and, in this way, execute the privileged
instructions Hardware 16
7

Server virtualization
• VMM is responsible for handling the approaches
virtualization
requests and putting them to the hardware
Para-Virtualization

Today, VM guest operating systems are para-virtualized using two different approaches:
–Recompiling the OS kernel
• Para-virtualization drivers and APIs must reside in the guest operating system kernel
• You do need a modified operating system that includes this specific API, requiring a compiling
operating system to be virtualization aware
– Some vendors (such as Novell) have embraced para-virtualization and have provided para-virtualized
OS builds, while other vendors (such as Microsoft) have not
–Installing para-virtualized drivers
• In some operating systems it is not possible to use complete para-virtualization, as it requires a
specialized version of the operating system 16
8
• To ensure good performance in such environments, para-virtualization can be applied for
individual devices
• For example, the instructions generated by network boards or graphical interface cards can be
modified before they leave the virtualized machine by using para-virtualized drivers

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
Hardware-assisted virtualization Server virtualization approaches

Virtual Machine

Guest OS
Device Drivers

Specialized API
• Guest OS runs at ring 0 Virtual Machine Monitor

• VMM uses processor extensions (such as Intel®- VT

Device Drivers
or AMD-V) to intercept and emulate privileged
Hypervisor
operations in the guest
• Hardware-assisted virtualization removes many of the
problems that make writing a VMM a challenge Hardware 16
9
• VMM runs in a more privileged ring than 0, a
Virtual-1 ring is created
Hardware-assisted virtualization

• Pros
– It allows to run unmodified OSs (so legacy OS can be run without
problems)
• Cons
– Speed and Flexibility
• An unmodified OS does not know it is running in a virtualized17
environment and so, it can’t take advantage of any of the0
virtualization features
– It can be resolved using para-virtualization partially
Network Virtualization

Making a physical network appear as multiple logical

ones

Physical Virtualized Network - Virtualized Network -17

1
Network 1 2
Why Virtualize?

• Hard to come up with a one-size-fits-all architecture

–Almost impossible to predict what future might unleash

• Why not create an all-sizes-fit-into-one instead!

–Open and expandable architecture

• Testbed for future networking architectures and protocols 17

2
Related Concepts

• Virtual Private Networks (VPN)

– Virtual network connecting distributed sites
– Not customizable enough
– Active and Programmable Networks
– Customized network functionalities
– Programmable interfaces and active codes
17
3
• Overlay Networks
– Application layer virtual networks
– Not flexible enough
Network Virtualization Model

• Business Model
• Architecture
• Design Principles
• Design Goals
17
4
Architectur
e

34
Design Principles

 Concurrence of multiple Hierarchy of

heterogeneous virtual networks Roles
Service Provider N
🞑 Introduces diversity Infrastructure
Virtual Network N
Provider N+1
 Recursion of virtual networks …
🞑 Opens the door for network virtualization Service Provider 1
economics Virtual Network 1
Infrastructure
Provider 2

 Inheritance of architectural
Service Provider 0
attributes Virtual Network 0
Infrastructure
🞑 Promotes value-addition Provider 1
 Revisitation of virtual nodes
🞑 Simplifies network operation and Infrastructure
management Provider 0

35
Design Goals (1)

• Flexibility
– Service providers can choose
• arbitrary network topology,
• routing and forwarding functionalities,
• customized control and data planes
– No need for co-ordination with others
• IPv6 fiasco should never happen again

• Manageability
– Clear separation of policy from mechanism
– Defined accountability of infrastructure and service
providers 17
7
– Modular management
Design Goals (2)

• Scalability
– Maximize the number of co-existing virtual networks
– Increase resource utilization and amortize CAPEX and OPEX

• Security, Privacy, and Isolation

– Complete isolation between virtual networks 17
• Logical and resource 8

– Isolate faults, bugs, and misconfigurations

• Secured and private
Design Goals (3)

• Programmability
– Of network elements e.g. routers
– Answer “How much” and “how”
– Easy and effective without being vulnerable to threats

• Heterogeneity
– Networking technologies 17
9
• Optical, sensor, wireless etc.
– Virtual networks
Design Goals (4)

• Experimental and Deployment Facility

– PlanetLab, GENI, VINI
– Directly deploy services in the real world from the testing phase

• Legacy Support
– Consider the existing Internet as a member of the collection of
18
multiple virtual Internet 0
– Very important to keep all concerned parties satisfied
 Definition

Network virtualization is a networking environment that allows multiple service

providers to dynamically compose multiple heterogeneous virtual networks
that co-exist together in isolation from each other, and to deploy
customized end-to-end services on the fly as well as manage them on those
virtual networks for the end-users by effectively sharing and utilizing 18
1
underlying network resources leased from multiple infrastructure providers.
Typical
Approach

• Networking technology
– IP, ATM
• Layer of virtualization

• Architectural domain
– Network resource management, Spawning networks
18
• Level of virtualization 2
– Node virtualization, Full virtualization