UNIT II- Understanding Cloud Architecture

• Cloud computing architectures consist of front-end platforms called clients or cloud clients.
• These clients comprise servers, fat (or thick) clients, thin clients, zero clients, tablets and
mobile devices.
• These client platforms interact with the cloud data storage via an application (middleware),
via a web browser, or through a virtual session.
• The zero or ultra-thin client initializes the network to gather required configuration files that
then tell it where its OS binaries are stored.
• The entire zero client device runs via the network. This creates a single point of failure, in
that, if the network goes down, the device is rendered useless.
• Examples: Web browsers,
• An online network storage where data is stored and accessible to multiple clients.
• Cloud storage is generally deployed in the following configurations: public cloud,
private cloud, community cloud, or some combination of the three also known as
hybrid cloud.
• In order to be effective, the cloud storage needs to be agile, flexible, scalable, multi-tenancy,
and secure.
• Cloud based delivery- Iaas, Saas or Paas
• A typical zero client product is a small box that serves to connect a keyboard,
mouse, monitor andEthernet connection to a remote server.
• The server, which hosts the client's operating system (OS) and software
applications, can be accessed wirelessly or with cable.
• Zero clients are often used in a virtual desktop infrastructure (VDI)
environment.
• Benefits of Thin Clients:
• Power usage can be as low as 1/50th of fat client requirements.
• Devices are much less expensive than PCs or thin clients.
• Efficient and secure means of delivering applications to end users.
• No software at the client means that there is no vulnerability to malware.
• Easy administration.
• In a VDI environment, administrators can reduce the number of physical PCs or blades
and run multiple virtual PCs on server class hardware.
• Vendors of zero client products include Digi International, Pano Logic Inc., Teradici,
Via Labs and Wyse Technology.
Generally, the cloud network layer should offer:
•High bandwidth (low latency)
Allowing users to have uninterrupted access to their data and applications.
•Agile network
On-demand access to resources requires the ability to move quickly and efficiently between
servers and possibly even clouds.
•Network security
Security is always important, but when you are dealing with multi-tenancy, it becomes much more
important because you're dealing with segregating multiple customers.
Exploring the Cloud Computing
Stack
• Based on distributed network applications on the Internet.
• N-tiered Internet application coupling software and hardware to
provide on-demand service.
• Two architectural layers:
A client as a front end, The “cloud” as a backend
• Provides encapsulated information controlled using API’s
• A cloud architecture can be created using an infrastructure or
outsourced to a datacentre.
• Mostly uses virtualized resources which are easier to modify and
optimize.
Composability
• Assembling of resources or components
• A composable component must be:
• Modular: It is a self-contained and independent unit that is cooperative,
reusable, and replaceable.
• Stateless: A transaction is executed without regard to other transactions or
requests.
• Modular storage take advantage of the movement toward network storage
through consolidation, scalability, performance, availability and a better
return on investment.
• Currently EMC's Symmetrix, IBM's Enterprise Storage Server (Shark),
StorageTek's SVA, and Hitachi Data Systems' Lightning Series provide this large
form-factor storage system capable of attaching to mainframes, as well as
open systems server environments.
• Portable and interoperable solutions easier to implement by the
composable design of software and hardware.
• But most of the cloud computing solutions follow non std versions.-
incorporate cloud computing stack.
• Vendors such as Amazon Web Services, GoGrid, or Rackspace, it
makes no sense to offer non-standard machine instances to
customers, because those customers are almost certainly deploying
applications built on standard operating systems such as Linux,
Windows, Solaris, or some other well-known operating system.
• Vendors such as Windows Azure or Google AppEngine may narrow
the definition of standard parts to standard parts that work with their
own platforms- only to provide modularity.
• Highest degree of integration in cloud computing, which is SaaS
(Software as a Service), the notion of composability for users may
completely disappear.
• An SaaS vendor such as Quicken.com or Salesforce.com is delivering
an application as a service to a customer but not as a composable
service rather a custom application.
• Few benefits of composable systems:
• Easier to assemble systems
• Cheaper system development
• More reliable operation
• A larger pool of qualified developers
• A logical/reasonable design methodology
Infrastructure
• Virtual servers described in terms of a machine image or instance have
characteristics that often can be described in terms of real servers delivering a
certain number of microprocessor (CPU) cycles, memory access, and network
bandwidth to customers.
• Virtual machines are containers that are assigned specific resources.
• The software that runs in the virtual machines is what defines the utility of the
cloud computing system.
• Eg: IaaS uses virtual machine technology to run applications on servers like
citrixen or vmware or IBM hypervisors.
• Figure 3.1 shows the portion of the cloud computing stack that is defined as the
“server.” In the diagram, the API is shown shaded in gray because it is an optional
component that isn't always delivered with the server.
• The VMM component is the Virtual Machine Monitor, also called a hypervisor.
• This is the low-level software that allows different operating systems to run in
their own memory space and manages I/O for the virtual machines.
Platforms
• A platform in the cloud is a software layer that is used to create higher
levels of service.
• Examples:
• Salesforce.com's Force.com Platform
• Windows Azure Platform
• Google Apps and the Google AppEngine
• These three services offer all the hosted hardware and software
needed to build and deploy Web applications or services that are
custom built by the developer within the context and range of
capabilities that the platform allows.
• Platforms represent nearly the full cloud software stack, missing
only the presentation layer that represents the user interface
• Constructed from components and services and controlled through
the API that the platform provider publishes.
• Google App Engine (often referred to as GAE or simply App Engine) is a
platform as a service (PaaS) cloud computing platform for developing and
hosting web applications in Google-managed data centers.
• Applications are sandboxed and run across multiple servers.
• App Engine offers automatic scaling for web applications—as the
number of requests increases for an application, App Engine
automatically allocates more resources for the web application to handle
the additional demand.
• Google App Engine is free up to a certain level of consumed resources.
• Fees are charged for additional storage, bandwidth, or instance hours
required by the application.
• It was first released as a preview version in April 2008 and came out of
preview in September 2011.
• Platforms represent nearly the full cloud software stack, missing only
the presentation layer that represents the user interface.
• This is the same portion of the cloud computing stack that is a virtual
appliance and is shown in Figure 3.2.
• What separates a platform from a virtual appliance is that the
software that is installed is constructed from components and
services and controlled through the API that the platform provider
publishes.
• A virtual appliance is software that installs as middleware onto a
virtual machine.
A virtual appliance is software that installs as
middleware onto a virtual machine- a platform

In computing, a virtual machine (VM) is an

emulation of a particular computer system.
Virtual machines operate based on the
computer architecture and functions of a real or
hypothetical computer, and their implementations
may involve specialized hardware, software, or a
combination of both.

A virtual machine (VM) is an operating

system OS or application environment that is
installed on software which imitates
dedicated hardware.
The end user has the same experience on a
virtual machine as they would have on
• A virtual appliance is a pre-configured virtual machine image, ready to run on a
hypervisor;
• virtual appliances are a subset of the broader class of software appliances.
• Installation of a software appliance on a virtual machine and packaging that into an
image creates a virtual appliance.
• Like software appliances, virtual appliances are intended to eliminate the
installation, configuration and maintenance costs associated with running complex
stacks of software.
• A virtual appliance is not a complete virtual machine platform, but rather a
software image containing a software stack designed to run on a virtual machine
platform which may be a Type 1 or Type 2 hypervisor.
• Like a physical computer, a hypervisor is merely a platform for running an operating
system environment and does not provide application software itself.
• Many virtual appliances provide a Web page user interface to permit their
configuration.
• A virtual appliance is usually built to host a single application; it therefore
represents a new way to deploy applications on a network.
• Azure virtual machines (VMs) can be created through
the Azure portal.
• This method provides a browser-based user interface to
create VMs and their associated resources.
• This quickstart shows you how to use the Azure portal to
deploy a virtual machine (VM) in Azure that runs
Windows Server 2022 Datacenter.
• To see your VM in action, you then RDP to the VM and
install the IIS web server.
 • A hypervisor or virtual machine monitor (VMM) is a piece of
computer software, firmware or hardware that creates and runs
virtual machines.
• A computer on which a hypervisor is running one or more virtual
machines is defined as a host machine.
• Each virtual machine is called a guest machine.

Type-1: native or bare-metal hypervisors

These hypervisors run directly on the host's hardware to control the
hardware and to manage guest operating systems. For this reason, they
are sometimes called bare metal hypervisors. A guest operating system
runs as a process on the host.

Type-2: hosted hypervisors

These hypervisors run on a conventional operating system just as other
computer programs do. Type-2 hypervisors abstract guest operating
systems from the host operating system. VMware Workstation,
VMware Player and VirtualBox are examples of type-2 hypervisors.
• Server virtualization uses virtual machines (VMs) to segment a single physical
computer server into multiple logical virtual servers.
• In many environments, collapsing multiple overpowered physical servers onto
a single server running multiple VMs can reap significant economic rewards.
• A single server consumes less power, takes up less space, may be easier to
manage, and allows for the dynamic creation and removal of VMs on demand.
• VMs can be used inside an enterprise IT department or on public clouds, such
as Amazon's EC2.
• They can move from one physical or geographical location to another using a
variety of tools and technologies, such as Rightscale's
Cloud Management Platform or VMware's VMotion.
• Yet unfortunately, when a VM moves from one location to another, it becomes
dependent on the networking infrastructure of the physical appliances
attached to the new location.
• Internet Information Services (IIS, formerlyInternet Information Server)
is an extensible web server created by Microsoft for use with Windows
NT family. IIS supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP.
• IIS 10 is included in Windows Server 2016 and Windows 10. This version
includes support for HTTP/2
• Anonymous authentication
• Basic access authentication
• Digest access authentication
• Integrated Windows Authentication
Five Best Virtual Machine Applic
•ations
Virtual machines allow you to run one operating system emulated
within another operating system. Your primary OS can be Windows 7
64-bit, for example, but with enough memory and processing power,
you can run Ubuntu and OS X side-by-side within it.
• The five most popular picks.
• Sun
• Qemu linux
• Windows virtual pc
• Mac
• Microsoft Azure /ˈæʒər/ is a cloud computing platform and infrastructure, created by
Microsoft, for building, deploying and managing applications and services through a
global network of Microsoft-managed and Microsoft partner hosted datacenters.
• It provides bothPaaS and IaaS services and supports many different
programming languages, tools and frameworks, including both Microsoft-specific and
third-party software and systems.
• Virtual machines[edit]
• Windows Azure virtual machines comprise the infrastructure as a service (IaaS)
offering from Microsoft for their public cloud.
• Virtual machines enable developers to migrate applications and infrastructure
without changing existing code and can run both Windows Serverand Linux
virtual machines.
• It was announced in preview form at the Meet Windows Azure event in June 2012.[2]
• Customers can create virtual machines, of which they have complete control, to run
in Microsoft's data centers. As of the preview the virtual machines supported
Windows Server 2008 and 2012 operating systems and a few distributions of Linux.
The General Availability version of Virtual Machine was released in May 2013.
• In IIS, you can create sites, applications, and virtual directories to
share information with users over the Internet, an intranet, or an
extranet.
• Although these concepts existed in earlier versions of IIS, several
changes in IIS 7 and above affect the definition and functionality of
these concepts.
• Most importantly, sites, applications, and virtual directories now work
together in a hierarchical relationship as the basic building blocks for
hosting online content and providing online services.
 Applications
• Although the cloud computing stack encompasses many details that describe
how clouds are constructed, it is not a perfect vehicle for expressing all the
considerations that one must account for in any deployment.
• The Internet was designed to treat each request made to a server as an
independent transaction.
• Therefore, the standard HTTP commands are all atomic in nature: GET to read
data, PUT to writedata, and so on.
• Design of Internet protocols & HTTP as a stateless service is one reason.
• In computing, a stateless protocol is a communications protocol that treats each
request as an independent transaction that is unrelated to any previous request
so that the communication consists of independent pairs of request and response
.
• A stateless protocol does not require the server to retain session information or
status about each communications partner for the duration of multiple requests.
• While stateless servers are easier to architect and stateless
transactions are more resilient and can survive outages, much of the
useful work that computer systems need to accomplish are stateful.
• Here's the classic example. When you go to a reservation system to
purchase something, you query inventory, reserve the item, and then
pay for it.
• In a multiuser system, if you don't have a stateful system, you cannot
know whether the item you reserved has already been taken by
another user before you can enter your payment for the item.
• Should you decide you don't want the item at some later time, it is
much easier to restore the item to inventory and return payments or
make other adjustments if you can roll back all the steps as a
transactional unit.
• The development of transaction servers, message queuing servers,
and other middleware is meant to bridge this problem.
• Cloud computing is no exception to this problem, and to an extent it
amplifies the problem by not only making transactions stateless but
also virtualizing resources so transactions are always occurring in
physically different locations.
• In cloud computing, a variety of constructs are brought to bear to
solve these issues, but these are the two most important concepts:
The notion of orchestration—that process flow can be choreographed as a
service
The use of what is referred to as a service bus that controls cloud components
• These are the methods for establishing transactional integrity in cloud
computing.
 Connecting to the Cloud
• Clients can connect to a cloud service in a number of different ways.
• These are the two most common means:
• A Web browser
• A proprietary application
• These applications can be running on a server, a PC, a mobile device, or a cell
phone.
• What these devices have in common with either of these application types is that
they are exchanging data over an inherently insecure and transient medium.
• There are three basic methods for securely connecting over a connection:
• Use a secure protocol to transfer data such as SSL (HTTPS), FTPS, or IPsec, or connect using
a secure shell such as SSH to connect a client to the cloud.
• Create a virtual connection using a virtual private network (VPN), or with a remote data
transfer protocol such as Microsoft RDP or Citrix ICA, where the data is protected by a
tunnelling mechanism.
• Encrypt the data so that even if the data is intercepted or sniffed, the data will not be
meaningful.
• The best client connections use two or more of these techniques to
communicate with the cloud.
• In current browser technology, clients rely on the Web service to make
available secure connections, but in the future, it is likely that cloud clients
will be hardened so the client itself enforces a secure connection.
• Other solutions include using VPN software; here are three recommended
solutions:
• Hotspot VPN (http://www hotspotvpn.com/)
• AnchorFree Hotspot Shield (http://hotspotshield.com/)
• Gbridge (http://www.gbridge.com/), a third-party VPN based on Google's GoogleTalk
infrastructure.
• Gbridge is an interesting solution that illustrates the use of VPN over a cloud
connection.
• To use this product, you need to log into the GoogleTalk (or Gtalk)
network and connect to another computer using your Google
account.
• Gbridge allows additional people to join a connection when invited
and supports collaborative features such as desktop sharing using the
Virtual Network Computing (VNC) software, chat, live folder browsing,
folder synchronization, and automated backup.
Gbridge provides a means for securely connecting one
computer to another using Gtalk. Shown here is the
SecureShares folder-browsing feature.
The Jolicloud cloud client operating system is a social networking
platform for netbooks with a dedicated application store.
• ..\cloud-computing-bible.pdf
Understanding Service Oriented Architecture
• Service Oriented Architecture (SOA) describes a standard method for requesting
services from distributed components and managing the results.
• With SOA, clients and components can be written in different languages and can use
multiple messaging protocols and networking protocols to communicate with one
another.
• SOA provides the standards that transport the messages and makes the
infrastructure to support it possible.
• SOA provides access to reusable Web services over a TCP/IP network, which makes
this an important topic to cloud computing going forward.
• Monolithic cloud applications like backup, e-mail, Web page access, or instant messaging
• If additional services are required, SOA offers access to ready-made, modular, highly
optimized, and widely shareable components that can minimize developer and
infrastructure costs.
• The environment SOA creates is a virtual message-passing system with a loose coupling between clients
and services.
• The specification of the manner in which messages are passed in SOA, or in which events are handled, are
referred to as their contract
Few scenarios….
• For example, the system identifies my location via GPS and can
provide me with information via a personalized localization.
• Using the integrated camera one can scan a barcode and run a
price comparison through the system.
• How to go for optimized processes/cost?

• Many will look for these by default:

location-based services, social networks, mobile search, mobile
commerce, mobile cash, context-aware services, object
recognition, mobile instant messaging, mobile e-mail, and mobile
video.
• Typically, SOA requires the use of an orchestrator or broker service to ensure
that messages are correctly transacted.
• SOA makes no other demands on either the client (consumer) or the components (provider) of the service; it is concerned only
with the interface or action boundary between the two.
Service and Data Contract:
• Service contract is an interface that defines the message types used by service
providers and consumers to exchange messages.

• Data contract is a formal agreement between service and a client that abstracts the
definition of data to be exchanged.

• During service call- a service consumer invokes the operations specified in a service
contract and exchanges data as per the data contract
• GST –service contract
• Online transaction- net banking uses billing info very securely- data contract
• Enterprise Service Bus –takes care of transformation of
functions and routing between service providers and consumers.

• Web services are SOAP (XML over HTTP which is machine readable)
and RESTful (JSON/XML/XHTML over HTTP which is human readable)

• APIs are needed for RESTful services.

• Components are coded with their service logic and their dependencies,
QoS is established, and the service is instantiated.
• In the SCA (Servcie Component Architecture) model, data and
messages are exchanged in a Service Data Object (SDO).
• This system of messaging using objects and services is sometimes
referred to as a Data Access Service (DAS).
• Figure 13.2 shows how components of different types can
communicate using different protocols as part of SOA.
 SOA allows for different component and client construction, as well as access to each using different
protocols.

• When you combine Web services to create

business processes, the integration must be
managed.
• Two main methods are used to combine
Web services: orchestration and
choreography.
• In orchestration, a middleware service
centrally coordinates all the different Web
service operations, and all services send
messages and receive messages from the
orchestrator.
• The logic of the compound business
process is found at the orchestrator alone.
Figure 13.3 shows how orchestration is
managed.
• Eg: WebLogic. Web Sphere, Kafka,
HTTP, Apache Tomcat, WebSocket,
Liberty servers
• In choreography, each Web service that
is part of a business process is aware of:
• when to process a message and ??
• with what client or component it needs
to interact with??
• Choreography is a collaborative effort
where the logic of the business process
is pushed out to the members who are
responsible for determining which
operations to execute and when to
execute them, the structure of the
messages to be passed and their timing,
and other factors. Figure 13.4 illustrates
the nature of choreography.
• Choreography is different from orchestration, which is a
centralized approach where a single service governs the
interactions between all services.
• Execution of distributed services using specific logic is choreography.

• In orchestration, a controller process calls each service

involved in a transaction, monitors the results, and then
calls the next service or performs a rollback.
• Netflix is an example of a web service that uses
choreography in its microservices architecture.
• Choreography is an event-driven approach where
services react independently to events or messages.
• In Netflix's case, each microservice operates
independently and communicates via events.
• For example, when a new movie is added, the content
service publishes an event that the recommendation
service consumes to update user recommendations.
Drivers for SOA
• Business:
• Rapid business process changes
• Reduction of process cycle times
• Promotion of business through multiple channels
• Protection of investments in legacy applications
• Lower total cost of ownership.

• Technology:
• Application modernization
• Technology change management
• Integration and interoperability for heterogeneous applications
• Support by product vendors
Dimensions of SOA

• To enable business transformation are:

• Reuse- build once and use many times
• Integration – stitching components to automate execution of process
• Agility- connects to external components through configuration

• Additional dimensions:
• Governance – define policies that services need to adhere to at design/runtime.

• QoS- is to monitor and enforce policies at runtime.

Conceptual model of SOA
Event-driven SOA or SOA 2.0
• Event-driven SOA or SOA 2.0 is an extension of the Service Oriented
Architecture to respond to events that occur as a result of business processes or
perhaps cause and influence a business process.
• For example, in a business process, sales at a certain Web site are processed.
• If the business process recognizes the rate at which sales are occurring, it could
perform an analysis to determine what events might influence the buying decision.
• This is the sort of analysis that event-driven SOA is meant to address.
• SOA 2.0 can allow low-level events to trigger a business process, correlate events
with information contained in the SOA design, inhibit a business process if the
appropriate events don’t appear, or invoke a reaction or response based on a
trigger.
The Enterprise Service Bus

• Architectural pattern- broker between service provider

and consumer.
• Integration task through routing content and
transformation.

• Orchestration and choreography-set of services for a

business process, defining workflow, BPEL , process
level integration and automation of services.
• ESB performs message translation, registration,
routing, logging, auditing, and managing transactional
integrity.
• Transactional integrity is similar to ACID in a database
system—atomicity, consistency, isolation, and
durability, the essence of which is that transactions
succeed or they fail and are rolled back.
These typical features are found in ESBs, among others:
• • Monitoring services aid in managing events.
• • Process management services manage message transactions.
• • Data repositories or registries store business logic and aid in governance of
business processes.
• • Data services pass messages between clients and services.
• • Data abstraction services translate messages from one format to another, as
required.
• • Governance is a service that monitors compliance of your operations with
governmental
• regulation, which can vary from state to state and from country to country.
• • Security services validate clients and services and allow messages to pass from
one to the other.
This figure shows a network services model infrastructure for an SOA,
which is based on the SOA meta-model of the Linthicum Group, 2007.
 Service catalogs
SOA infrastructure often includes a catalog service. This service stores information on the following, among
other things:

• What services are available, both internal and external

• How to use a service
• Which applications are related to a particular service (dependencies)
• How services relate to one another
• Who owns the service and how a service is modified
• The event history of a service, including service levels, outages, and so on
• The nature of service contracts
 Defining SOA Communications

• Message passing in SOA requires the use of two different protocol types:
• the data interchange format
• and the network protocol that carries the message.
• A client (or customer) connected to an ESB communicates over a network
protocol such as HTTP, Representational State Transfer (REST), or Java Message
Service (JMS) to a component (or service).
• Messages are most often in the form of the eXtensible Markup Language (XML)
or in a variant such as the Simple Object Access Protocol (SOAP) or JSON.
• SOAP is a messaging format used in Web services that use XML as the message
format while relying on Application layer protocols such as HTTP and Remote
Procedure Calls (RPC) for message negotiation and transmission
• The software used to write clients and components can be written in
Java, .NET, Web Service Business Process Execution Language (WS-BPEL), or
another form of executable code; the services that they message can be written
in the same or another language.
• What is required is the ability to transport and translate a message into a form that
both parties can understand.
• An ESB may require a variety of combinations in order to support communications
between a service consumer and a service provider.
• For example, in WebSphere ESB, you might see the following combinations:
• XML/JMS (Java Message Service)
• SOAP/JMS
• SOAP/HTTP
• Text/JMS
• Bytes/JMS
WSDL
• The Web Service Description Language (WSDL) is one of the most commonly
used XML protocols for messaging in Web services.
• Version 1.1 of WSDL is a W3C standard, but the current version WSDL 2.0
(formerly version 1.2) has yet to be ratified by the W3C.
• The significant difference between 1.1 and 2.0 is that version 2.0 has more support
for RESTful (e.g. Web 2.0) application, but much less support in the current set of
software development tools.
• The most common transport for WSDL is SOAP, and the WSDL file usually
contains both XML data and an XML schema.
REST
• REST offers some very different capabilities than SOAP.
• With REST, each URL is an object that you can query and manipulate.
• You use HTTP commands such as GET, POST, PUT, and DELETE to work with
REST objects.
• SOAP uses a different approach to working with Web data, exposing Web objects
through an API and transferring data using XML.
• The REST approach offers lightweight access using standard HTTP command, is
easier to implement than SOAP, and comes with less overhead.
• SOAP is often more precise and provides a more error-free consumption model.
• SOAP often comes with more sophisticated development tools.
• All major Web services use REST, but many Web services, especially newer ones,
combine REST with SOAP to derive the benefits that both offer.
Managing and Monitoring SOA
• For large SOA deployments
• Tools for managing SOAs tend to be multifaceted and run constantly.
SOA management tools:
• HP Software and Solutions OpenView SOA Manager
• (https://h10078.www1 hp.com/cda/hpms/display/main/hpms content.jsp?zn=bto&cp=1-10^36657
4000 100)- provides dynamic mapping, monitoring, and optimization of SOA services such as Web
services, software assets, and virtual services
• IBM Tivoli Framework Composite Application Manager for SOA (ITCAM; see
• http://www-01.ibm.com/software/tivoli/solutions/)- specializes in change management and SOA
lifecycle development, and it integrates with a WebSphere and others.
• Oracle BPEL Process Manager (http://www.oracle.com/technology/bpel/index html)- process
managers for creating an Enterprise Service Bus.
SOA security
• Network traffic is hijacked, spoofed, redirected, or blocked.
• No Application boundaries in SoA
• To address these issues products in the market are:
• Cisco has a family of products that enforce rules and policies for the transmission
of XML messaging that they have named Application Oriented Networking
(AON; http://www.cisco.com/en/US/products/ps6480/).
• A similar policy-based XML security service may be found in Citrix's NetScaler
9.0 (http://www.citrix.com/English/ps2/products/product.asp?contentID=21679)
Web application delivery appliance.
• To address SOA security, a set of OASIS standards (http://www.oasis-open.org/committees/tc home.php?wg
abbrev=security) was created, which includes the following:

• Security Assertion Markup Language (SAML) is an XML standard that provides for data authentication and
authorization between client and service. The SAML technology is used as part of Single Sign-on Systems
(SSO) and allows a user logging into a system from a Web browser to have access to distributed SOA resources.
• WS-Security (WSS) is an extension of SOA that enforces security by applying tokens such as Kerberos,
SAML, or X.509 to messages. Through the use of XML Signature and XML Encryption, WSS aims to offer
client/service security.
• WS-SecureConversion is a Web services protocol for creating and sharing security context. WS-
SecureConversion is meant to operate in systems where WS-Security, WS-Trust, and WS-Policy are in use, and
it attaches a security context token to communications such as SOAP used to transport messages in an SOA
enterprise.
• WS-SecurityPolicy provides a set of network policies that extend WS-Security, WS-Trust, and WS-
SecureConversion so messages complying to a policy must be signed and encrypted. The SecurityPolicy is part
of a general WS-Policy framework.
• WS-Trust extends WS-Security to provide a mechanism to issue, renew, and validate security tokens. A Web
service using WS-Trust can implement this system through the use of a SecurityToken Service (STS), a
mechanism for attaching security tokens to messages and a set of mechanisms for key exchanges that are used
to validate tokens and messages.
The Open Cloud Consortium
• The Open Cloud Consortium (OCC; see http://opencloudconsortium.org/) is an organization
comprised of several universities and interested companies that supports the development of
standards for cloud computing and for interoperating with the various frameworks.
Functions of OCC:
• They develop benchmarks for measuring cloud computing performance
• They provide testbeds that vendors can use to test their applications, including the Open Cloud
Testbed and the Intercloud Testbed that are part of the work of the Open Cloud Testbed and
Intercloud working groups
• They support the development of open-source reference implementations for cloud computing.
For Large Data Clouds extends the architecture for data storage with a distributed file system,
table services, and computing using MapReduce following the model that is part of Google's
offering.
• Eg: MapReduce, Apache Hadoop
Relating SOA and Cloud Computing
• Applications of big scale types have less of a need for the flexibility and loose coupling
that SOA provides.
• As cloud applications become more diverse in scope; SOA offers an architectural
blueprint for accessing diverse optimized services through a loosely coupled
standardized method.
• SOA is loosely coupled because the service is separated from the messaging.
• SOA components are often best-of-breed service providers that can provide a measured
service level and can play a role in Business Process Management (BPM) systems. The
separation of services from their design allows for much easier system upgrades and
maintenance.
• Many Web 2.0 applications use SOA components, and SOA will become increasingly
useful in larger applications that require many Web services. Eg: REST and AJAX.
• A mashup is the combination of data from two or more sources that creates a unique
service. The layers added to Google maps are examples of mashups.
• SoA- Inetrnet of Services (IoS)
• UNIT –II completed