Unit 1 – Cloud Computing Fundamentals

1) Define Cloud Computing and list any three key

characteristics.
Definition: Cloud computing is the on-demand delivery of
compute, storage, networking, platforms, and software over
the internet with pay-as-you-go pricing. Providers pool and
virtualize resources in large data centers and expose them as
services.
Key characteristics (any 3; giving 6 for completeness):
• On-demand self-service: Users provision VMs, storage,
etc., without human interaction.
• Broad network access: Services are reachable over
standard networks and client types (laptop, phone,
tablet, thin client).
• Resource pooling (multi-tenancy): Shared physical
resources serve multiple customers with logical
isolation.
• Rapid elasticity: Scale up/down automatically and
quickly (auto-scaling).
• Measured service: Metered usage (CPU-hours, GB-
months) enables pay-per-use and chargeback.
• Resiliency and fault tolerance: Built-in redundancy
across zones/regions.
2) Components of Cloud Computing (with examples)
• Front end (client side): Browsers/apps that consume
services. Ex: Gmail app, AWS CLI.
• Back end (provider side):
o Compute layer: VMs/containers/serverless (EC2,
Azure VM, Google Cloud Run).
o Storage layer: Object, block, file (Amazon S3, Azure
Blob, EFS/FSx).
o Network layer: VPC/VNet, subnets, load balancers,
DNS, CDN (CloudFront).
o Virtualization/hypervisor: KVM, Xen, Hyper-V—
enables multiple VMs per host.
o Management & orchestration: Schedulers,
autoscaling, Kubernetes, Terraform.
o Security & IAM: Identity, policies, keys, secrets,
certificates.
o Monitoring & billing: Metering, logs, alerts, cost
reports (CloudWatch).
• Service catalog / APIs: Programmatic interfaces for
provisioning.
• Deployment models: Public, Private, Hybrid, Community
(see Q10).
3) Evolution: Mainframe → Client–Server → 3-Tier → Cloud
• Mainframe (1960s–80s): Centralized compute; “dumb
terminals”; time-sharing; very reliable but costly and
inflexible.
• Client–Server (1980s–90s): PCs (clients) talk to servers;
better interactivity; departmental apps; scaling needs
more servers.
• 3-Tier / N-Tier (1990s–2000s): Presentation (UI),
Application (business logic), Data (DB). Improves
maintainability and web scale.
• Utility/Virtualization (2000s): Virtual machines abstract
hardware; better consolidation and automation.
• Cloud (mid-2000s →): Virtualized, API-driven, elastic
resources delivered as IaaS/PaaS/SaaS; later containers
& serverless for finer-grained scaling.

4) Differentiate Mainframe vs Client–Server (with examples)

Aspect Mainframe Client–Server

Centralized compute, Distributed; clients +

Architecture
thin terminals one/more servers

Vertical (bigger Horizontal (add servers),

Scalability
mainframe) but complex
Aspect Mainframe Client–Server

High capex, Lower entry cost using

Cost
specialized commodity servers

Very high, single Depends on

Reliability
system clustering/failover

Core banking, airline Web apps, departmental

Use cases
reservations systems

IBM zSeries handling Web server + clients in an

Example
bulk transactions office

5) Compare IaaS, PaaS, SaaS (with real examples)

Mo What you You Typical Examp
Pros Cons
del get manage user les

More
OS,
AWS ops
Virtual middle Sysad Max
EC2, effort;
servers, ware, mins, control/fle
IaaS Azure patching,
storage, runtime DevOp xibility, lift-
VM, scaling
networks , app, s and-shift
GCE complexi
data
ty

Your Faster dev, Less

Paa Managed Develo Herok
code & built-in
S runtime/pl pers u, control
atform data Googl scaling over OS;
Mo What you You Typical Examp
Pros Cons
del get manage user les

(build, e App runtime

deploy) Engine limits;
, vendor
Azure lock-in
App
Servic
e

Limited
End Gmail, customiz
Only
Ready-to- users, Salesf Zero infra ation;
Saa configur
use busine orce, ops; quick data
S ation &
application ss Office start residenc
data
teams 365 y
concerns

6) Tenancy & Multi-Tenancy (with example)

• Tenancy: How resources are allocated to customers
(tenants).
• Single-tenancy: Dedicated app instance or DB per
customer; strongest isolation, higher cost.
• Multi-tenancy: Many customers share app
instances/infrastructure with logical isolation (separate
 schemas/keys). Lower cost and easier updates.
Example: Salesforce runs a multi-tenant CRM where
each org’s data is isolated by tenant IDs and access
controls.

7) Cloud Computing vs Grid Computing

Dimension Cloud Grid

Aggregate distributed
Elastic, on-demand
Primary goal compute for large
services with SLAs
batch/scientific jobs

Resource Virtualized data Federated clusters

model centers; pay-per-use across institutions

Limited; job schedulers

Elasticity Native auto-scaling
allocate static slots

Services
Jobs via grid middleware
Abstraction (IaaS/PaaS/SaaS),
(Globus/Condor)
APIs

Web/mobile apps, HPC: protein folding,

Typical use
analytics, SaaS weather models

Multi-admin, loosely
Management Central provider
coupled

8) At least four applications of Cloud Computing

 • Healthcare: Electronic Health Records (EHR), medical
image archiving, telemedicine, AI diagnostics.
• Education: LMS (Moodle/Canvas), virtual labs, video
lectures at scale.
• Finance: Real-time fraud detection, risk modeling,
secure mobile banking backends.
• Media & Gaming: Streaming (VOD/live), global CDN,
game servers with auto-scale.
• Manufacturing/IoT: Device telemetry ingestion, digital
twins, predictive maintenance.
• Government/Smart city: Citizen portals, surveillance
analytics, disaster response dashboards.

9) Benefits and limitations of Cloud for enterprises

Benefits
• Cost model: Opex, no large capex; pay only for actual
use.
• Agility/Time-to-market: Provision in minutes;
experiment cheaply.
• Scalability & performance: Auto-scale, managed
databases, global CDNs.
• Resilience & DR: Multi-AZ/region, snapshots, cross-
region replication.
 • Managed services: Databases, queues, analytics; less
undifferentiated heavy lifting.
Limitations / Risks
• Security & compliance: Data privacy, regulatory
constraints (mitigate via encryption, IAM, private
networking, audits).
• Vendor lock-in: Proprietary services hinder portability
(mitigate with open tech/abstraction).
• Unpredictable cost: Sprawl, egress charges (mitigate
with budgets, tagging, FinOps).
• Latency / data gravity: Large datasets hard to move (use
edge/CDN, hybrid).
• Operational visibility: Less hardware control; rely on
provider SLAs.

10) Hospital wants secure patient records with minimal

investment—deployment model?
Recommendation: Hybrid Cloud with a Private (or Virtual
Private) core.
• Private/virtual private segment (within a public
provider’s VPC) hosts EHR, databases, and PHI with
encryption, IAM, audit logs, HSM/KMS, and private
connectivity to hospital network.
 • Public cloud services handle non-PHI workloads
(appointment portal, messaging, analytics dashboards)
for elasticity and cost efficiency.
Why: Strong security & compliance posture for sensitive
data, yet low capex and easy scale for patient-facing
services.
Notes: Enable backups to a secondary region, role-based
access, MFA for clinicians, and WORM storage for audit
logs.

Unit 2 – Cloud Architecture & Services

1) Define Cloud Architecture and name three major
components.
Cloud architecture is the design of components that deliver
cloud services securely and reliably.
Major components:
1. Front end: Clients, SDK/CLI, browser or mobile apps.
2. Back end: Compute (VMs/containers/serverless),
storage, databases, orchestration, monitoring.
3. Cloud delivery/network: Internet, private links/VPN,
load balancers, CDN, DNS.
(Also important: IAM, logging/observability, automation/CI-
CD.)
2) Working of Infrastructure as a Service (IaaS) with example
How it works
• Provider maintains data centers + hypervisors; exposes
APIs to create VMs, networks (VPC), disks, and security
groups.
• Customer selects instance type, boots images, attaches
storage, sets firewall rules, and scales via autoscaling
groups.
• Billing meters compute hours, storage GB-months,
egress GB.
Example (hosting a web app)
1. Create a VPC with public (web) and private (DB) subnets.
2. Launch VMs behind a load balancer; attach block
storage.
3. Install web server/runtime, deploy code from CI-CD.
4. Add managed DB or self-hosted DB on a private VM,
enable backups.
5. Configure autoscaling + monitoring; enforce IAM & key-
based access.

3) Compare PaaS vs SaaS (control, customization, cost)

Aspect PaaS SaaS

You control code & config; You control only

Control provider manages app settings &
runtime/OS/network data

High within supported Limited to app’s

Customization runtimes; add-ons for configuration &
DB/queues plugins

Automatic scaling, zero OS Handled entirely

Scaling & Ops
patching by vendor

Pay for runtime Per-user or tiered

Cost model
hours/resources subscription

Use standard
Build/deploy custom
Use cases apps (CRM,
apps/APIs quickly
email, ERP)

App Engine, Heroku, Azure Gmail,

Examples
App Service Salesforce, Slack

4) Identity as a Service (IDaaS) with practical example

Concept: Cloud-hosted identity & access management
providing SSO, MFA, user lifecycle, and federation
(SAML/OIDC/OAuth).
Example: A university uses Azure AD/Okta to let students log
in once and access LMS, email, and library systems; risky sign-
ins trigger MFA.
Benefits: Central policy, passwordless/MFA, provisioning
automation, audit trails, conditional access.

5) Importance of Security as a Service (SECaaS)

Cloud-delivered security capabilities such as:
• WAF & DDoS protection, bot management
• CASB/SSE/SASE for SaaS control and secure edge access
• Email security, endpoint protection/EDR
• SIEM/SOAR for logging, detection, response
• KMS/HSM, secrets managers for crypto
Why important: Always-updated defenses, elastic
capacity against attacks, lower capex, consistent policies
across clouds.
Caveats: Data sovereignty, integration complexity; adopt
shared-responsibility mindset.

6) How Compliance as a Service (CaaS) helps with

regulations
• Maps provider controls to frameworks (ISO 27001, PCI
DSS, HIPAA, GDPR, RBI/SEBI, etc.).
 • Offers artifact portals, pre-certified services, audit logs,
data residency choices, encryption & key control, DLP,
WORM retention.
• Outcome: Faster audits, documented evidence, reduced
internal tooling, but customer still owns data
classification and secure configuration.

7) Differentiate IaaS, PaaS, SaaS, IDaaS, SECaaS, CaaS (with

examples)
Service What it is Example industry usage

Raw compute, storage, Retail runs e-commerce VMs

IaaS
network with load balancer

Managed runtime to Startup deploys API on App

PaaS
deploy code Engine/Heroku

Sales team uses Salesforce;

SaaS Complete app
HR uses Workday

Enterprise SSO to 200+ apps

IDaaS Identity & SSO/MFA
via Okta

Cloud security Bank uses WAF, DDoS, SIEM

SECaaS
functions as a service

Compliance Fintech downloads PCI docs,

CaaS
tooling/evidence uses KMS + WORM
8) Startup needs a mobile app quickly without managing
servers—what to choose and why?
Choose: PaaS + BaaS/Serverless
• Frontend: iOS/Android/Flutter.
• Backend: Firebase / AWS Amplify / Supabase (auth,
database, storage, push).
• Functions: Serverless (Cloud Functions/Lambda) for
business logic.
Why: No server ops, instant auth & data, autoscale,
free/low-cost tiers, fast time-to-market.

9) Role of SECaaS in hybrid clouds & impact on data privacy

• Unified policy plane: One place for access policy, threat
intel, and logging across on-prem + multiple clouds.
• Zero-trust access: Identity-centric controls, device
posture checks, least privilege.
• Encryption everywhere: TLS in transit; at rest with
customer-managed keys/HSM; tokenization for sensitive
fields.
• Data Loss Prevention (DLP): Inspects traffic/data for
PII/financial info; prevents exfiltration.
• CASB/SSE: Governs SaaS usage (shadow IT), provides
inline and API-based controls.
 • Privacy impact: Stronger protections (MFA, encryption,
data minimization) and clearer audit trails; must still
handle residency & lawful access requirements.

10) Financial company must meet government compliance

in cloud—what to recommend and why?
Recommended combination:
• Deployment: Hybrid (or single public cloud with strict
VPC isolation across multiple regions for DR).
• Core services:
o IaaS for VPC, private subnets, firewalls, bastionless
access (IAM only).
o Managed PaaS for databases/queues with
encryption, PITR, cross-region replicas.
o IDaaS with MFA, conditional access, Just-In-Time
privileged access.
o SECaaS: WAF + DDoS + EDR + SIEM/SOAR +
KMS/HSM + secrets manager.
o CaaS: Audit artifacts, compliance mappings
(PCI/ISO/RBI), WORM log retention, data residency
controls.
• Design highlights:
 o Customer-managed keys (CMK) with rotation;
segregate duties (no single admin can decrypt &
delete).
o Network egress controls & private endpoints for
SaaS/DB.
o Comprehensive logging (access logs, DB audit,
object versioning), immutable backups, and table-
top DR drills.
o FinOps guardrails: budgets, anomaly detection,
tagging.
Why: Meets regulatory expectations (security,
auditability, resilience) while leveraging cloud
elasticity and managed services for cost and speed.

Quick diagram cues you can sketch in notes

• Service models stack: Hardware → Virtualization → IaaS
→ PaaS → SaaS (who manages what).
• 3-tier web app: Browser (LB) → App servers → DB
(private subnet).
• Hybrid health setup: Hospital LAN ↔ VPN/Direct
Connect ↔ Cloud VPC (private subnets for PHI; public
subnets for portal/CDN).
• Zero-trust flow: User → IDaaS (MFA) → Policy engine →
App/API; all data encrypted, logs to SIEM.