AUB Cloud Technology
Cloud Architecture and Design
Page 1 of 19
�AUB Cloud Technology
Page 2 of 19
�AUB Cloud Technology
Cloud Computing : it is a model for enabling ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources that can be rapidly provisioned and released with
minimal management effort of service provider interaction.
Cloud architecture mindset
Capital expense (CapEx) to Operation expense (OpEx) is the driving factor for cloud
Cloud customer is ultimately accountable for its security
Ensure all roles and responsibilities are appropriately captured in the contractual agreement
Customer should own key management
Encryption or crypto shredding is the method for data deletion in cloud
Service level agreement is an important constrain in the cloud
Data held in the cloud need to be considered about different jurisdiction as data might be
dispersed in multiple location
Security in cloud doesn’t come free
Cloud should be as secured as traditional data center.
1-History of Cloud Computing
The concept of Cloud Computing came into existence in the year 1950 with implementation of
mainframe computers, accessible via thin/static clients. Since then, cloud computing has been
evolved from static clients to dynamic ones and from software to services.
The following diagram explains the evolution of cloud computing:
Page 3 of 19
�AUB Cloud Technology
A. History of AWS
The full form of AWS
Is Amazon Web Services. It is a platform that offers flexible, reliable, scalable, easy-to-use and,
cost-effective cloud computing solutions.
AWS is a comprehensive, easy to use computing platform offered Amazon. The platform is
developed with a combination of infrastructure as a service (IaaS), platform as a service (PaaS)
and packaged software as a service (SaaS) offerings.
History of AWS
Page 4 of 19
�AUB Cloud Technology
2002- AWS services launched
2006- Launched its cloud products
2012- Holds first customer event
2015- Reveals revenues achieved of $4.6 billion
2016- Surpassed $10 billon revenue target
2016- Release snowball and snowmobile
2019- Offers nearly 100 cloud services
2021- AWS comprises over 200 products and services
Page 5 of 19
�AUB Cloud Technology
Important AWS Services
Amazon Web Services offers a wide range of different business purpose global cloud-based
products. The products include storage, databases, analytics, networking, mobile, development
tools, and enterprise applications, with a pay-as-you-go pricing model.
Page 6 of 19
�AUB Cloud Technology
2- Benefits of cloud computing
Cloud Computing has numerous advantages
Trade capital expense (CAPEX) for operational expense (OPEX)
Pay On-Demand: don’t own hardware
Reduced Total Cost of Ownership (TCO) & Operational Expense (OPEX)
Benefit from massive economies of scale
Prices are reduced as AWS is more efficient due to large scale
Stop guessing capacity
Scale based on actual measured usage
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes: leverage the cloud global infrastructure
One can access applications as utilities, over the Internet.
One can manipulate and configure the applications online at any time.
It does not require to install a software to access or manipulate cloud application.
Cloud Computing offers online development and deployment tools, programming runtime
environment through PaaS model.
Cost saving
more flexibility and reliability
increased performance and efficiency etc
3- Understand Cloud Computing Concepts
Page 7 of 19
�AUB Cloud Technology
Managed Service Provider (MSP) - the consumer dictates the technology and operating
procedures.
MSP has the following
Some form of NOC service
Some form of helpdesk
Remote monitoring and management of all or most of the objects
Proactive maintenance under the management of customer
Delivery of these solutions
Cloud Service Provider (CSP) - the service provider dictates both the technology and the
operational procedures being made available to cloud customers.
Cloud auditor: A cloud service partner who is responsible for conducting an audit of the use of
cloud services. An audit may be for general security hygiene, but is often for legal or compliance
purposes.
Cloud service broker: A cloud service partner who negotiates relationships between cloud service
providers and cloud service customers.
Cloud service customer: A person or group that is in a business relationship to provision and use
cloud services from a cloud service provider.
Cloud service partner: A person or group that supports the provision, use, or other activities of
the cloud service provider, the cloud service customer, or both.
Cloud service user: A person or entity (which may be a device, for example) that uses cloud
services on behalf of the cloud service customer.
Cloud backup service provider: third party, which manages cloud-based backup responsibility.
Page 8 of 19
�AUB Cloud Technology
Cloud Carrier – The intermediary that provides connectivity and transport of cloud services
between Cloud Providers and Cloud Consumers (mostly ISP).
Reduce IT complexity
Risk reduction
Scalability
Elasticity
Consumption-based pricing
Virtualization
Cost (pay per use)
Business agility
Create service as quickly
Mobility (access from anywhere)
Collaboration and innovation
Page 9 of 19
�AUB Cloud Technology
Reputational risk: the loss of the value of a brand or an organization’s ability to persuade.
Ways to manage reputational risk
Strategic alignment
Effective board oversight
Integration of risk into strategy setting and business planning
Cultural alignment
Strong corporate value and focus on compliance
Operational focus
Strong control environment
It would be incorrect to say that cloud computing is insecure than a traditional on premise solution
without comparing it side by side through several parameters.
Page 10 of 19
�AUB Cloud Technology
5 Key cloud computing characteristics
On-Demand Self-Service - A consumer can unilaterally provision computing capabilities, such as
server time and network storage, as needed automatically without requiring human interaction
with each service provider.
Broad Network Access - Capabilities are available over the network and accessed through
standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g.,
mobile phones, tablets, laptops, and workstations).
Resource Pooling - The provider’s computing resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources dynamically assigned and
reassigned according to consumer demand. Examples of resources include storage, processing,
memory, and network bandwidth.
Rapid Elasticity - Capabilities can be elastically provisioned and released, in some cases
automatically, to scale rapidly outward and inward commensurate with demand.
Measured Service - Cloud systems automatically control and optimize resource use by leveraging
a metering capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts), pay as we are using.
Cloud computing functions
Page 11 of 19
�AUB Cloud Technology
Cloud administrator: responsible for implementing, monitoring, as well as maintenance within
the organization or on behalf of a third party, work directly with system, network, and cloud
admin.
Cloud application architect: responsible for porting, adapting, and deploying the application to
the cloud, work with development and other integration team to ensure the application is reliable,
secure through the lifecycle.
Cloud architect: determines when and how private cloud meets the policies, and contractual
requirement from a technical perspective.
Cloud data architect: similar to cloud architect, manages the various storage type, and
mechanism utilized within cloud environment. Take care of SLA.
Cloud developer: focus on the development of cloud infrastructure.
Cloud operator: maintain day to day operation task from maintenance to monitoring.
Cloud service manager: responsible for policy design, business agreement, pricing model and
some elements of SLA, work closely with cloud management and customer.
Cloud storage administrator: focus on mapping, segregation, bandwidth, and reliability of volume
storage, it ensures SLA is met.
3 Cloud Service Models
Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision
processing, storage, networks, and other fundamental computing resources where the consumer
is able to deploy and run arbitrary software, which can include operating systems and
applications. The consumer does not manage or control the underlying cloud infrastructure but
has control over operating systems, storage, and deployed applications; and possibly limited
control of select networking components (e.g., host firewalls).
Consumer can provision (subscribe) processing, storage, network, and other fundamental
computing resource and deploy their own software, and OS.
Customer CSP
OS Storage, physical
Application, software, host firewall (HIPS) Network
Data Hypervisor
Page 12 of 19
�AUB Cloud Technology
Example of IAAS in AWS: Amazon EC2
Question
1-Who will be responsible for security patch for linux operating system on Cloud infrastructure?
A. Cloud Service Provider
B. Cloud customer
C. Cloud service partner
D. Cloud service broker
2- Who will be responsible for Installation of CCTV for on Cloud infrastructure?
A. Cloud Service Provider
B. Cloud customer
C. Cloud service partner
D. Cloud service broker
3-Who will be responsible for installation of oracle database on cloud infrastructure?
A. Cloud Service Provider
B. Cloud customer
C. Cloud service partner
D. Cloud service broker
4-Window server is part of which of the following cloud service model?
A. IAAS
B. PAAS
C. SAAS
D. SeAAS
Page 13 of 19
�AUB Cloud Technology
Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud
infrastructure consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider. The consumer does not manage or control
the underlying cloud infrastructure, including network, servers, operating systems, or storage, but
has control over the deployed applications and possibly configuration settings for the application-
hosting environment.
Customer CSP
Application Storage, physical
Configuration Network
Data Hypervisor , OS
Benefits
Operating system can be changed and updated frequently
Distributed team can work on the same project
Service are available and can be obtained from diverse source
Single vendor reduce cost
Example of PAAS on AWS: Elastic Beanstalk
Question
1-on PAAS, who is responsible for installation of Ubuntu?
A. Cloud service Provider
B. Cloud customer
Page 14 of 19
�AUB Cloud Technology
C. Cloud service broker
D. ISP
2-In PAAS, who will be responsible for installation of apache as well as nginx web server?
A. Cloud service Provider
B. Cloud customer
C. Cloud service broker
D. ISP
3-Oracle database is part of which of the following cloud service model, select the best one?
A. IAAS
B. PAAS
C. SAAS
D. SeAAS
Software as a Service (SaaS) - The capability provided to the consumer is to use the provider’s
applications running on a cloud infrastructure. The applications are accessible from various client
devices through either a thin client interface, such as a web browser (e.g., web-based e-mail), or
a program interface. The consumer does not manage or control the underlying cloud
infrastructure, including network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited user-specific application
configuration settings.
Customer CSP
Data Storage, physical
Network
Hypervisor , Application, OS
Page 15 of 19
�AUB Cloud Technology
Question
1-in SAAS, who will be responsible for accessing to cloud service via browser, example: accessing to gmail,
youtube, google etc?
A. Cloud service provider
B. Cloud customer
C. Cloud service broker
D. ISP
2-Who is responsible for data security on cloud infrastructure?
A. Cloud service provider
B. Cloud customer
C. Shared responsibility (cloud service provider and cloud customer)
D. None above
3-Who is ultimately responsible for Data security on cloud infrastructure?
A. Cloud service provider
B. Cloud customer
C. Shared responsibility (cloud service provider and cloud customer)
D. None above
4-in SAAS, security patch on database is the responsibility of which of the following?
Page 16 of 19
�AUB Cloud Technology
A. Cloud service provider
B. Cloud customer
C. Cloud service broker
D. ISP
4 Cloud deployment models
Identifying which cloud model should be adopted, should be influenced by the organization’s risk,
appetite, cost, compliance, regulatory requirements, and legal obligations.
Private Cloud - the cloud infrastructure is provisioned for exclusive use by a single organization
comprising multiple consumers (e.g., business units). It may be owned, managed, and operated
by the organization, a third party, or some combination of them, and it may exist on or off
premises, it meets security perspective but it is expensive.
Benefit
Increase control over data, application and system
Ownership and retention of governance control
Assurance over data location and removal of multiple jurisdiction, legal, and compliance
requirement
Data center is managed by us
We can build our private cloud on our organization by using: Openstack, Oracle private cloud, IBM private
cloud, Vmware private cloud, and etc.
Public Cloud - provisioned for open use by the general public. It may be owned, managed, and
operated by a business, academic, or government organization, or some combination of them. It
exists on the premises of the cloud provider, it is cost effective but violating with security
perspective.
Benefit
Easy and inexpensive
Streamlined and easy to provision resource
Scalability to meet customer needs
No wasted resources
Drawback
Violation with security perspective from country to country
Decrease control over data, application and system
Decrease Ownership and retention of governance control
Page 17 of 19
�AUB Cloud Technology
Decrease Assurance over data location and removal of multiple jurisdiction, legal, and compliance
requirement
Example of public cloud: AWS, Azure, GCP, Microsoft, IBM…
Hybrid Cloud - a composition of two or more distinct cloud infrastructures (private, community,
or public) that remain unique entities but are bound together by standardized or proprietary
technology that enables data and application portability (e.g., cloud bursting for load balancing
between clouds).
Hybrid cloud = Public cloud + Private cloud
(Non critical data, cost saving) (Security)
Benefit
Retain ownership and oversight of critical task
Reuse previous investment in technology within the organization
Control the most critical business component and system
Cost effective way of fulfilling a non-critical business function
Enhance cloud bursting and disaster recovery (cloud busting: when private cloud workload has
reached a maximum limit, public cloud resource are being used).
Community Cloud - provisioned for exclusive use by a specific community of consumers from
organizations that have shared concerns (e.g., mission, security requirements, policy, and
compliance considerations). It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some combination of them, and it may exist on
or off premises
Page 18 of 19
�AUB Cloud Technology
Page 19 of 19
