Unit 2: Cloud Computing Architecture

• Platform as service,
• Software as a service,
• Infrastructure as service,
• Public clouds,
• Private clouds,
• Community cloud,
• Hybrid clouds,
• Cloud design and implementation using SOA,
• security,
• trust and privacy
 Cloud Service Models
• Service Models Cloud computing is based on service
models.
• These are categorized into three basic service models which
are –
• Infrastructure-as–a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)
• Anything-as-a-Service (XaaS) is yet another service model,
which includes Network-as-aService, Business-as-a-
Service, Identity-as-a-Service, Database-as-a-Service or
Strategy-as-aService.
• The Infrastructure-as-a-Service (IaaS) is the most basic
level of service.
• Each of the service models inherit the security and
management mechanism from the underlying model, as
shown in the following diagram:
 INFRASTRUCTURE-AS-A-SERVICE (IAAS)
• IaaS provides access to fundamental resources such as
physical machines, virtual machines, virtual storage, etc.
• IaaS refers not to a machine that does all the work, but
simply to a facility given to businesses that offers users
the leverage of extra storage space in servers and data
centers.
• Examples of IaaS include: Amazon CloudFormation (and
underlying services such as Amazon EC2), Rackspace
Cloud, Terremark, Windows Azure Virtual Machines,
Google Compute Engine, and Joyent.
• All of the above resources are made available to end user
via server virtualization.
• Moreover, these resources are accessed by the customers
as if they own them.
 Benefits
• IaaS allows the cloud provider to freely locate
the infrastructure over the Internet in a
costeffective manner.
Some of the key benefits of IaaS are listed below:
• Full control of the computing resources through
administrative access to VMs.
• Flexible and efficient renting of computer
hardware.
• Portability, interoperability with legacy
applications.
• App Engine of Google and Force.com are
examples of PaaS offering vendors.
• Developer may log on to these websites and use
the built-in API to create web-based applications.
• But the disadvantage of using PaaS is that, the
developer locks-in with a particular vendor.

• For example, an application written in Python

against API of Google, and us ing App Engine of
Google is likely to work only in that environment.
 PLATFORM-AS-A-SERVICE (PAAS)
• PaaS provides the runtime environment for
applications, development and deployment tools,
etc.
• Platform-as-a-Service offers the runtime
environment for applications.
• It also offers development and deployment tools
required to develop applications.
• PaaS has a feature of point-and-click tools that
enables non-developers to create web
applications.
 Benefits
1. Lower administrative overhead Customer need
not bother about the administration because it is
the responsibility of cloud provider.
2. Lower total cost of ownership Customer need not
purchase expensive hardware, servers, power, and
data storage.
3. Scalable solutions It is very easy to scale the
resources up or down automatically, based on
their demand.
4. More current system software It is the
responsibility of the cloud provider to maintain
software versions and patch installations
 SOFTWARE-AS-A-SERVICE (SAAS)
• SaaS model allows to use software applications as a service to
end-users.
• Software-as–a-Service (SaaS) model allows to provide
software application as a service to the end users.
• It refers to a software that is deployed on a host service and is
accessible via Internet.
• There are several SaaS applications listed below:
 Billing and invoicing system
 Customer Relationship Management (CRM) applications
 Help desk applications
 Human Resource (HR) solutions
• Some of the SaaS applications are not customizable such as
Microsoft Office Suite.
• But SaaS provides us Application Programming Interface
(API), which allows the developer to develop a customized
application.
 Characteristics
• Here are the characteristics of SaaS service
model:
 SaaS makes the software available over the
Internet.
 The software applications are maintained by the
vendor.
 The license to the software may be subscription
based or usage based. And it is billed on recurring
basis.
 SaaS applications are cost-effective since they do
not require any maintenance at end user side
 Characteristics
They are available on demand.
 They can be scaled up or down on demand.
They are automatically upgraded and updated.
SaaS offers shared data model.
• Therefore, multiple users can share single
instance of infrastructure.
• It is not required to hard code the functionality
for individual users.
 All users run the same version of the software.
 Benefits
• Benefits Using SaaS has proved to be beneficial
in terms of scalability, efficiency and
performance. Some of the benefits are listed
below:
Modest software tools
Efficient use of software licenses
 Centralized management and data
 Platform responsibilities managed by provider
Multitenant solutions
 Public Cloud
• Public Cloud allows systems and services to be
easily accessible to general public.
• The IT giants such as Google, Amazon and
Microsoft offer cloud services via Internet.
• The Public Cloud Model is shown in the
diagram below.
 Benefits
1. Cost Effective
Since public cloud shares same resources with large number of customers
it turns out inexpensive.
2. Reliability
The public cloud employs large number of resources from different locations.
If any of the resources fails, public cloud can employ another one.
3. Flexibility
The public cloud can smoothly integrate with private cloud, which gives
customers a flexible approach.
4. Location Independence
Public cloud services are delivered through Internet, ensuring location
independence.
5. Utility Style Costing
Public cloud is also based on pay-per-use model and resources are accessible
whenever customer needs them.
6. High Scalability
Cloud resources are made available on demand from a pool of resources, i.e.,
they can be scaled up or down according the requirement.
 Disadvantages
• Here are some disadvantages of public cloud
model:
1. Low Security
In public cloud model, data is hosted off-site
and resources are shared publicly, therefore
does not ensure higher level of security.
2. Less Customizable
It is comparatively less customizable than private
cloud.
 Private Cloud
• Private Cloud Private Cloud allows systems
and services to be accessible within an
organization.
• The Private Cloud is operated only within a
single organization.
• However, it may be managed internally by the
organization itself or by third-party.
• The private cloud model is shown in the
diagram below.
 Benefits
1. High Security and Privacy
Private cloud operations are not available to general
public and resources are shared from distinct pool of
resources. Therefore, it ensures high security and
privacy.
2. More Control
The private cloud has more control on its resources and
hardware than public cloud because it is accessed only
within an organization.
3. Cost and Energy Efficiency
The private cloud resources are not as cost effective as
resources in public clouds but they offer more
efficiency than public cloud resources.
 Disadvantages
Here are the disadvantages of using private cloud model:
1. Restricted Area of Operation
The private cloud is only accessible locally and is very
difficult to deploy globally.
2. High Priced
Purchasing new hardware in order to fulfill the demand is
a costly transaction.
3. Limited Scalability
The private cloud can be scaled only within capacity of
internal hosted resources.
4. Additional Skills
In order to maintain cloud deployment, organization
requires skilled expertise
 Hybrid Cloud Model
• Hybrid Cloud is a mixture of public and private
cloud.
• Non-critical activities are performed using
public cloud while the critical activities are
performed using private cloud.
• The Hybrid Cloud Model is shown in the
diagram below.
 Benefits
1. Scalability
It offers features of both, the public cloud scalability
and the private cloud scalability.
2. Flexibility
It offers secure resources and scalable public
resources.
3. Cost Efficiency
Public clouds are more cost effective than private
ones. Therefore, hybrid clouds can be cost saving.
4. Security
The private cloud in hybrid cloud ensures higher
degree of security
 Disadvantages
1. Networking Issues
Networking becomes complex due to presence of
private and public cloud.
2. Security Compliance
It is necessary to ensure that cloud services are
compliant with security policies of the
organization.
3. Infrastructure Dependency
The hybrid cloud model is dependent on internal IT
infrastructure, therefore it is necessary to ensure
redundancy across data centers.
 Community Cloud
• Community Cloud allows system and services
to be accessible by group of organizations.
• It shares the infrastructure between several
organizations from a specific community.
• It may be managed internally by organizations
or by the third-party.
• The Community Cloud Model is shown in the
diagram below.
 Benefits
1. Cost Effective
Community cloud offers same advantages as that of
private cloud at low cost.
2. Sharing Among Organizations
Community cloud provides an infrastructure to
share cloud resources and capabilities among
several organizations.
3. Security
The community cloud is comparatively more secure
than the public cloud but less secured than the
private cloud.
 Cloud Security
• Cloud computing is the delivery of hosted
services, including software, hardware, and
storage, over the Internet.
• The benefits of rapid deployment, flexibility,
low up-front costs, and scalability, have made
cloud computing virtually universal among
organizations of all sizes, often as part of a
hybrid/multi-cloud infrastructure architecture.
• Cloud security refers to the technologies,
policies, controls, and services that protect
cloud data, applications, and infrastructure
from threats
• Cloud security is a responsibility that is shared
between the cloud provider and the customer.
• There are basically three categories of
responsibilities in the Shared Responsibility Model:
responsibilities that are always the provider’s,
responsibilities that are always the customer’s, and
responsibilities that vary depending on the service
model: Infrastructure as a Service (IaaS), Platform
as a Service (PaaS), or Software as a Service (SaaS),
such as cloud email.
• The security responsibilities that are always the
provider’s are related to the safeguarding of the
infrastructure itself, as well as access to, patching,
and configuration of the physical hosts and the
physical network on which the compute instances
run and the storage and other resources reside.
The security responsibilities that are always the
customer’s include
• managing users and their access privileges
(identity and access management),
• the safeguarding of cloud accounts from
unauthorized access,
• the encryption and protection of cloud-based data
assets, and managing its security posture
(compliance).
• Some of the advanced cloud-native
security challenges and the multiple layers of risk
faced by today’s cloud-oriented organizations
include:
1. Increased Attack Surface
• The public cloud environment has become a large
and highly attractive attack surface for hackers
who exploit poorly secured cloud ingress ports in
order to access and disrupt workloads and data in
the cloud.
• Malware, Zero-Day, Account Takeover and many
other malicious threats have become a day-to-day
reality.
2. Lack of Visibility and Tracking
• In the IaaS model, the cloud providers have full control
over the infrastructure layer and do not expose it to their
customers.
• The lack of visibility and control is further extended in the
PaaS and SaaS cloud models.
• Cloud customers often cannot effectively identify and
quantify their cloud assets or visualize their cloud
environmets.
3. Ever-Changing Workloads
• Cloud assets are provisioned and decommissioned
dynamically—at scale and at velocity.
• Traditional security tools are simply incapable of enforcing
protection policies in such a flexible and dynamic
environment with its ever-changing and ephemeral
workloads.
5. Granular Privilege and Key Management
• Often cloud user roles are configured very
loosely, granting extensive privileges beyond
what is intended or required.
• One common example is giving database delete
or write permissions to untrained users or users
who have no business need to delete or add
database assets.
• At the application level, improperly configured
keys and privileges expose sessions to security
risks.
4. DevOps, DevSecOps and Automation
• Organizations that have embraced the highly
automated DevOps CI/CD culture must ensure
that appropriate security controls are identified
and embedded in code and templates early in the
development cycle.
• Security-related changes implemented after a
workload has been deployed in production can
undermine the organization’s security posture as
well as lengthen time to market.
6. Complex Environments
• Managing security in a consistent way in the
hybrid and multicloud environments favored by
enterprises these days requires methods and tools
that work seamlessly across public cloud
providers, private cloud providers, and on-premise
deployments—including branch office edge
protection for geographically distributed
organizations.
7. Cloud Compliance and Governance
• All the leading cloud providers have aligned
themselves with most of the well-known
accreditation programs
• However, customers are responsible for ensuring
that their workload and data processes are
compliant.
• Given the poor visibility as well as the dynamics
of the cloud environment, the compliance audit
process becomes close to mission impossible
unless tools are used to achieve continuous
compliance checks and issue real-time alerts about
mis configurations.
• SOA is much more than a technological approach
and methodology for creating IT systems.
• It’s also a business approach and methodology.
• Companies have used the principles of SOA to
deepen the understanding between the business
and IT and to help business adapt to change.
 Cloud design and implementation using SOA
• A cloud has some key characteristics: elasticity, self-service
provisioning, standards based interfaces, and pay as you go.
• This type of functionality has to be engineered into the
software.
• To accomplish this type of engineering requires that the
foundation for the cloud be well designed and well
architected.
• What about cloud architecture makes this approach
possible?
• The fact is that the services and structure behind the cloud
should be based on a modular architectural approach.
• A modular, component-based architecture enables flexibility
and reuse.
• A Service Oriented Architecture (SOA) is what lies beneath
this flexibility.
• One of the key benefits of a service oriented
approach is that software is designed to reflect best
practices and business processes instead of making
the business operate according to the rigid structure
of a technical environment.
• A service-oriented architecture is essentially a
collection of services.
• A service is, in essence, a function that is well
defined, self-contained, and does not depend on the
context or state of other services.
• Services most often reflect logical business activities.
Some means of connecting services to each other is
needed, so services communicate with each other,
have an interface, and are message-oriented.
 Combining Cloud and SOA:
• Cloud services benefit the business by taking the
best practices and business process focus of SOA
to the next level.
• These benefits apply to both cloud service
providers and cloud service users.
• Cloud service providers need to architect
solutions by using a service-oriented approach to
deliver services with the expected levels of
elasticity and scalability.
• Companies that architect and govern business
processes with reusable service-oriented
components can more easily identify which
components can be successfully moved to public
and private clouds.
• A service oriented architecture (SOA) is a
software architecture for building business
applications that implement business processes or
services through a set of loosely coupled, black-
box components orchestrated to deliver a well
defined level of service.
• This approach lets companies leverage existing
assets and create new business services that are
consistent, controlled, more easily changed, and
more easily managed.
• SOA is a business approach to designing efficient
IT systems that support reuse and give the
businesses the flexibility to react quickly to
opportunities and threats.
Characterizing SOA :
• The principal characteristics of SOA are described in more detail here:
• - SOA is black-box component architecture. The black box lets you reuse
existing business applications; it simply adds a fairly simple adapter to
them. You don’t need to know every detail of what’s inside each
component; SOA hides the complexity whenever possible.

SOA components are loosely coupled.

• Software components are loosely coupled if they’re designed to interact
in a standardized way that minimizes dependencies.
• One loosely coupled component passes data to another component and
makes a request; the second component carries out the request and, if
necessary, passes data back to the first.
• Each component offers a small range of simple services to other
components.
• A set of loosely coupled components does the same work that software
components in tightly structured applications used to do, but with loose
coupling you can combine and recombine the components in a bunch of
ways.
• This makes a world of difference in the ability to make changes easily,
accurately, and quickly.