V.S.B.

Engineering College
(An Autonomous Institution)

DEPARTMENT OF
COMPUTER SCIENCE AND ENGINEERING
Clusters of Cooperative Computers
❑ A Computing clusters consists of interconnected stand alone
computers which work comparatively as a single integrated
computing resource.
❑ Cluster Architecture:

Department of Computer Science and Engineering 2

Clusters Architecture:
❑ Architecture of a typical server cluster build around a low latency,
high band width interconnection network.
❑ This network can be as simple as a SAN (eg. Myrinet - Myrinet,
ANSI/VITA 26-1998, is a high-speed local area networking system ) LAN
(eg. Ethernet).
❑ To build larger cluster with more nodes, the interconnection network
with multiple levels of Gigabit Ethernet, Myrinet, or lnfiniBand
switches.
❑ Through hierarchical construction wring a SAN, LAN, WAN one can
build scalable clusters with an increasing number of nodes.

Department of Computer Science and Engineering 3

Clusters Architecture:
❑ The cluster is connected to the Internet via a virtual private network
(VPN) gateway. The gateway IP address locates the cluster. The system
image of a computer is decided by the way the OS manages the shared
cluster resources.
❑ Most clusters have loosely coupled node computers. All resources of a
server node are managed by their own OS. Thus, most clusters have
multiple system images as a result of having many autonomous nodes
under different OS Control.

Department of Computer Science and Engineering 4

Single System Image
❑ An ideal cluster should merge multiple system images into a single
system image (SSI). Cluster designers desire a cluster operating
system of some middleware to support SSI at various levels, including
the sharing of CPUs, memory, and I/O across all cluster nodes.
❑ An SSI is an illusion created by software or hardware that presents a
collection of resources as one integrated, powerful resource.
❑ SSI makes the cluster appear like a single machine to the user.
❑ A cluster with multiple system images is nothing but a collection of
independent computers.

Department of Computer Science and Engineering 5

Hardware , Software and middleware support:
❑ Clusters exploring massive parallelism are commonly known as MPPs.
Almost all HPC clusters in the Top 500 list are also MPPs.
❑ The building blocks are computer nodes (PCs, Workstations, servers
or SMP ), special communication software such as PVM or MPI, and a
network interface card in each computer node.
❑ Most clusters run under the Linux OS. The computer nodes are
interconnected by a high-bandwidth network (such as Gigabit
Ethernet, Myrinet, Infini Band, etc.).
❑ Special cluster middleware supports are needed to create SSI or high
availability.

Department of Computer Science and Engineering 6

Hardware , Software and middleware support:
❑ Both sequential and parallel applications can run on the cluster, and
special parallel environments are needed to facilitate us of the cluster
resources.
❑ For example. distributed memory has multiple images.
❑ Users may want all distributed memory to be shared by all servers by
forming distributed memory.(DSM).
❑ Many SSI features are expensive or difficult to achieve at various
cluster operational levels.

Department of Computer Science and Engineering 7

Major Cluster Design Issues:
❑ A cluster-wide OS for complete resource sharing is not available yet.
Middleware or OS extensions were developed at the user space to
achieve SSI at selected functional levels.
❑ Without this middleware, cluster nodes cannot work together
effectively to achieve cooperative computing.
❑ The soft ware environments and applications must rely on the
middleware to achieve the high performance.

Department of Computer Science and Engineering 8

Grid computing Infrastructures:
❑ A web service such as HTTP enables remote access of remote web
pages. Grid computing is envisioned to allow close interaction among
applications running on distant computers simultaneously.
Computational Grids:
❑ The grid is often constructed across LAN, WAN, or internet backbone
networks at a regional, national or global scale.
❑ The computers used in a grid are primarily workstations, servers,
clusters and super computers.
❑ Personal computers, laptops can be used as access devices to a grid
system.

Department of Computer Science and Engineering 9

Computational Grids:

Department of Computer Science and Engineering 10

Department of Information Technology 11
Grid Families:
❑ Grid technology demands new distributed computing models,
software/ middleware support, network protocols and hardware
infrastructures.

Computational and Data

Design Issues P2P Grids
Grids
Grid Distributed Super Open Grid with P2P Flexibility
Applications Computing, National Grid resources from Client
Reported Initiatives Machines
Representative Tera Grid build in US, China JXTA, Fightaid@home
Systems Grid in China
Development Learned Restricted User Unreliable User Contributed
Lessons Group Resources

Department of Computer Science and Engineering 12

Peer-to-Peer Network Families :
❑ Peer-to-Peer Network Families An example of a well-established
distributed system is the client-server architecture. In this scenario,
client machines (PCs and workstations) are connected to a central
server for compute, e-mail, file access, and database applications.
❑ The P2P architecture offers a distributed model of networked First, a
P2P network is client-oriented instead of server-oriented In this
section, P2P systems are introduced at the physical level and overlay
networks at the logical level.

Department of Computer Science and Engineering 13

P2P Systems:
❑ In a P2P system, every node acts as both a client and a server,
providing part of the system resources. Peer machines are simply
client computers connected to the Internet.
❑ All client machines act autonomously to join or leave the system
freely. This implies that no master-slave relationship exists among the
peers. No central coordination or central database is needed.
❑ In other words, no peer machine has a global view of the entire P2P
system. The system is self-organizing with distributed control.

Department of Computer Science and Engineering 14

Structure of P2P Systems:

Department of Computer Science and Engineering 15

Structure of P2P Systems:
❑ The architecture of a P2P network at two abstraction levels. Initially,
the peers are totally unrelated. Each peer machine joins on leaves the
P2P network voluntarily.
❑ Only the participating peers form the physical network at any time.
Unlike the cluster or grid, a P2P network does not use a dedicated
interconnection network.
❑ The physical network is simply an ad hoc network formed at various
Internet domains randomly using the TCP/IP and NAI protocols. Thus,
the physical network varies in size and topology dynamically due to
the free membership in the P2P network.

Department of Computer Science and Engineering 16

Overlay Networks :
❑ Data items or files are distributed in the participating peers. Based on
communication or file-sharing needs, the peer IDs form an overlay
network at the logical level.
❑ This overlay is a virtual network formed by mapping Beach physical
machine with its ID, logically, through a virtual mapping. When a new
peer joins the system, its peer ID is added as a node in the overlay
network.
❑ When an existing peer leaves the system, its peer ID is removed from
the overlay network automatically. Therefore, it is the P2P overlay
network that characterizes the logical connectivity among the peers.

Department of Computer Science and Engineering 17

Overlay Networks :
❑ There are two types of overlay networks: unstructured and structured.
An unstructured overlay network is characterized by a random graph.
❑ There is no fixed route to send messages or files among the nodes.
Often, flooding is applied to send a query to all nodes in an
unstructured overlay, thus resulting in heavy network traffic and
nondeterministic search Structured overlay networks follow certain
connectivity topology and rules for inserting and removing nodes (peer
IDs) from the overlay graph.
❑ Routing mechanisms are developed to take advantage of the structured
overlays.

Department of Computer Science and Engineering 18

P2P Application Families :
❑ Based on application, P2P networks are classified into four groups. The
first family is for distributed file sharing of digital contents (music,
videos, etc.) on the P2P network.
❑ This includes many popular P2P networks such as Gnutella, Napster,
and BitTorrent, among others. Collaboration P2P networks include MSN
or Skype chatting, instant messaging, and collaborative design, among
others.
❑ The third family is for distributed P2P computing in specific
applications. For example, SETI@home provides 25 Tflops of
distributed computing power, collectively.

Department of Computer Science and Engineering 19

P2P Application Families :
❑ Over 3 million Internet host machines. Other P2P platforms, such as
JXTA, NET, and FightingAID@home, support naming, discovery,
communication, security, and resource aggregation in some P2P
applications.

Department of Computer Science and Engineering 20

Major Categories of P2P Network Families:

Department of Computer Science and Engineering 21

P2P Computing Challenges :
❑ P2P computing faces three types of heterogeneity problems in
hardware software, and network requirements.
❑ There are too many hardware models and architectures to select from;
incompatibility exists between software and the OS; and different
network connections and protocols make it too complex to apply in real
applications.
❑ We need system scalability as the workload System scaling is directly
related to performance and bandwidth. P2P networks do have these
properties.

Department of Computer Science and Engineering 22

P2P Computing Challenges :
❑ Data location is also important to affect collective performance. Data
locality, network proximity, and interoperability are three design
objectives in distributed P2P applications.
❑ P2P performance is affected by routing efficiency and self-organization
participating peers.
❑ Fault tolerance, failure management, and load balancing are other
important issues in using overlay networks.
❑ Lack of trust among peers poses another problem. Peers are strangers
to one another.
❑ Security, privacy, and copyright violations are major worries by those in
the industry in terms of applying P2P technology in business
applications.
Department of Computer Science and Engineering 23
P2P Computing Challenges :
❑ In a P2P network, all clients provide resources including computing
power. storage space, and I/O bandwidth.
❑ The distributed nature of P2P networks also increases robustness,
because limited peer failures do not form a single point of failure. By
replicating data in multiple peers, one can easily lose data in failed
nodes.
❑ On the other hand, disadvantages of P2P networks do exist. Because the
system is not centralized, managing it is difficult. In addition, the system
lacks security. Anyone can log on to the system and cause damage or
abuse.

Department of Computer Science and Engineering 24

Cloud Computing over the Internet :
❑ Supercomputers must be balanced systems, not just CPU farms but also
petascale I/O and networking arrays."In the future, working with large
data sets will typically mean sending the computations (programs) to
the data, rather than copying the data to the workstations.
❑ This reflects the trend in IT of moving computing and data from
desktops to large data centers, where there is on- demand provision of
software, hardware, and data as a service.
❑ This data explosion has promoted the idea of cloud computing. Cloud
computing has been defined differently by many users and designers.
For example, IBM, a major player in cloud computing, has defined it as
follows: "A cloud is a pool of virtualized computer resources.

Department of Computer Science and Engineering 25

Cloud Computing over the Internet :
❑ A cloud can host a variety of different workloads, including batch-style
backend jobs and interactive and user-facing applications." Based on
this definition, a cloud allows workloads to be deployed and scaled out
quickly through rapid provisioning of virtual or physical machines.
❑ The cloud supports redundant, self-recovering, highly scalable
programming models that allow workloads to recover from many
unavoidable hardware/software failures.
❑ Finally, the cloud system should be able to monitor resource use in real
time to enable rebalancing of allocations when needed.

Department of Computer Science and Engineering 26

Internet Clouds :
❑ Cloud computing applies a virtualized platform with elastic resources
on demand by provisioning hardware, software, and data sets
dynamically The idea is to move desktop computing to a service
oriented platform server clusters and huge databases at data centers.

Department of Computer Science and Engineering 27

Internet Clouds :
❑ Virtualized resources from data centers to form an Internet cloud,
provisioned with hardware, software, storage, network, and services for
paid users to run their applications.
❑ Cloud computing leverages low cost and simplicity to benefit both users
and Machine virtualization has enabled such cost- effectiveness. Cloud
computing intends to satisfy many user applications simultaneously.
The cloud ecosystem must be designed to be secure, trustworthy, and
dependable.
❑ Some computer users think of the cloud as a centralized resource pool.
Others consider the cloud to be a server cluster which practices
distributed computing over all the servers used.

Department of Computer Science and Engineering 28

Three cloud service models in a cloud landscape of major providers :

Department of Computer Science and Engineering 29

Three cloud service models in a cloud landscape of major providers :
Infrastructure as a Service (IaaS):
❑ This model puts together infrastructures demanded by users-namely
servers, storage, networks, and the data center fabric.
❑ The user can deploy and run on multiple VMs running guest OSes on
specific applications.
❑ The user does not manage or control the underlying cloud
infrastructure, can specify when to request and release the needed
resources.
Platform as a Service (PaaS):
This model enables the user to deploy user-built applications onto a
virtualized cloud platform.
PaaS includes middleware, databases, development tools, and some
Department of Computer Science and Engineering 30
Three cloud service models in a cloud landscape of major providers :
Platform as a Service (PaaS):
❑ This model enables the user to deploy user-built applications onto a
virtualized cloud platform.
❑ PaaS includes middleware, databases, development tools, and some
runtime support such as Web 2.0 and Java.
❑ The platform includes both hardware and software integrated with
specific programming interfaces.
❑ The provider supplies the API and software tools (e.g.. Java, Python,
Web 2.0, .NET). The user is freed from managing the cloud
infrastructure.

Department of Computer Science and Engineering 31

Conceptual Reference Model:

Department of Computer Science and Engineering 32

Conceptual Reference Model:
❑ . A cloud consumer may request cloud services from a cloud provider
directly or via a cloud broker.
❑ A cloud auditor conducts independent audits and may contact the to
collect necessary information.

Department of Computer Science and Engineering 33

Interactions between the Actors in Cloud Computing :
❑ . A cloud consumer may request service from a cloud broker instead of
contacting a cloud provider directly.
❑ The cloud broker may create a new service by combining multiple
services or by enhancing an existing service.
❑ In this example, the actual cloud providers are invisible to the cloud
consumer and the cloud consumer interacts directly with the cloud
broker.

Department of Computer Science and Engineering 34

Interactions between the Actors in Cloud Computing :

Department of Computer Science and Engineering 35

Usage Scenario for Cloud Brokers:
❑ Cloud carriers provide the connectivity and transport of cloud services
from cloud providers to cloud consumers.
❑ A cloud participates in and arranges for two unique service level
agreements (SLAs), one with a cloud carrier (e.g. SLA2) and one with a
cloud consumer (e.g. SLA1).
❑ A cloud provider arranges service level agreements (SLAs) with a cloud
carrier and may request dedicated and encrypted connections to
ensure the cloud services are consumed at a consistent level according
to the contractual obligations wit

Department of Computer Science and Engineering 36

Usage Scenario for Cloud Brokers:

Department of Computer Science and Engineering 37

Usage Scenario for Cloud Carriers:
❑ The provider may specify its requirements on capability, flexibility and
functionality in SLA2 in order to provide essential requirements in
SLA1.

Department of Computer Science and Engineering 38

Usage Scenario for Cloud Auditors :
❑ A cloud service, a cloud auditor conducts independent assessments of
the operation and security of the cloud service implementation.
❑ The may involve interactions with both the Cloud Consumer and the
Cloud Provider.

Department of Computer Science and Engineering 39

Cloud Consumer :
❑ The cloud consumer is the principal stakeholder for the cloud
computing A cloud consumer represents a person or organization that a
business relationship with, and uses the service from a cloud provider.
A cloud consumer browses the service catalog from a cloud provider,
requests the appropriate service, up service contracts with the cloud
provider, and uses the service.
❑ The cloud consumer may be billed for the service provisioned, and
needs to arrange payments accordingly.
❑ Cloud consumers SLAs to specify the technical performance
requirements fulfilled by a cloud provider.

Department of Computer Science and Engineering 40

Cloud Consumer :
❑ SLAs can cover terms regarding the quality of service, security,
remedies for performance failures. A cloud provider may also list in the
SLAs a set of promises explicitly not made to consumers, i.e. limitations,
and obligations that cloud consumers must accept.
❑ A cloud consumer can freely choose a cloud provider with better
pricing and more favorable terms. Typically a cloud provider's pricing
policy.
❑ SLAs are non-negotiable, unless the customer expects heavy usage and
might be able to negotiate for better contracts. Depending on the
services requested, the activities and usage can be different among
cloud consumers.
Department of Computer Science and Engineering 41
Services Available to a Cloud Consumer :

Department of Computer Science and Engineering 42

Services Available to a Cloud Consumer :
❑ cloud services available to a cloud consumer. SaaS applications in the
cloud and made accessible via a network to the SaaS consumers.
❑ The consumers of SaaS can be organizations that provide their
members with access to software applications, end users who directly
use software applications, or software application administrators who
configure applications for end users.
❑ SaaS consumers can be billed based on the number of end users, the
time of use, the network bandwidth consumed, the amount of data
stored or duration of stored data.

Department of Computer Science and Engineering 43

Cloud Architecture Models and Infrastructure:
❑ Cloud consumers of PaaS can employ the tools and execution resources
provided by cloud to develop, test, deploy and manage the applications
hosted in a cloud environment.
❑ PaaS consumers can be application developers who design and
implement application software. application testers who run and test
applications in cloud-based environments, application deployers who
publish applications into the cloud, and application administrators who
configure and monitor application performance on a platform.

Department of Computer Science and Engineering 44

Cloud Architecture Models and Infrastructure:
❑ PaaS consumers can be billed according to, processing, database
storage and network resources consumed by the PaaS application, and
the duration of the platform usage . cloud services available to a cloud
consumer.
❑ Consumers of laaS have access to virtual computers, network-accessible
storage, network infrastructure components, and other fundamental
computing resources on which they can deploy and run arbitrary
software. The consumers of IaaS can be system developers, system
administrators and IT managers who are interested in creating,
installing, managing and monitoring services for IT infrastructure
operations.
Department of Computer Science and Engineering 45
Cloud Architecture Models and Infrastructure:
❑ IaaS consumers are provisioned with the capabilities to access these
computing resources, and are billed according to the amount or
duration of the resources consumed, such as CPU hours used by virtual
computers, volume and duration of data stored, network bandwidth
consumed, number of IP addresses used for certain intervals.
Cloud Provider :
❑ A cloud provider is a person, an organization; it is the entity
responsible for a service available to interested parties.

Department of Computer Science and Engineering 46

Cloud Provider :
❑ A Cloud Provider acquires and manages the computing infrastructure
required for providing the services, runs the cloud software that
provides the services, and makes arrangement to deliver the cloud
services to the Cloud Consumers through network access.
❑ For Software as a Service, the cloud provider deploys, configures,
maintains and updates the operation of the software applications on a
cloud infrastructure so that the services are provisioned at the expected
service levels to cloud consumers.

Department of Computer Science and Engineering 47

Cloud Provider :
❑ The provider of SaaS assumes most of the responsibilities in managing
and controlling the applications and the infrastructure, while the cloud
consumers have limited administrative control of the applications.
❑ For PaaS, the Cloud Provider manages the computing infrastructure for
the platform and runs the cloud software that provides the component
❑ of the platform, such as runtime software execution stack, databases,
and development other middleware components.
❑ The PaaS Cloud Provider typically als supports the development,
deployment and management process of the Paas Cloud Consumer by
providing tools such as integrated environments (IDEs), development
version of cloud software, software development kits (SDKs),
deployment and management tools.
Department of Computer Science and Engineering 48
Cloud Provider :
❑ The Paas Cloud Consumer has control over the applications and
possibly some the hosting environment settings, but has no or limited
access to the infrastructure underlying the platform such as network,
servers, operating systems (OS), or storage.
❑ For IaaS, the Cloud Provider acquires the physical computing resources
underlying the service, including the servers, networks, storage and
hosting infrastructure.
❑ The Cloud Provider runs the cloud software necessary to makes
computing resources available to the IaaS Cloud Consumer through a
set of service interfaces and computing resource abstractions, such as
virtual machines and virtual network interfaces.
Department of Computer Science and Engineering 49
Cloud Provider :
❑ The IaaS Cloud Consumer in turn uses these computing resources, such
as a virtual computer, for their fundamental computing needs
Compared to SaaS and PaaS Cloud Consumers, an IaaS Cloud Consumer
has access to more fundamental forms of computing resources and thus
has more control over the more software components in an application
stack, including the OS and network.
❑ The IaaS Cloud Provider, on the other hand, has control over the
physical hardware and cloud software that makes the provisioning of
these infrastructure services possible, for example, the physical servers,
network equipment, storage host OS and hypervisors for virtualization.

Department of Computer Science and Engineering 50

Cloud Provider - Major Activities:

Department of Computer Science and Engineering 51

Cloud Provider - Major Activities:
❑ A Cloud Providers activities can be described in five major areas, a
cloud provider conducts its activities in the areas of service
deployment, service orchestration, cloud service management. security,
and privacy.
Cloud Auditor:
❑ A cloud auditor is a party that can perform an independent
examination of cloud service controls with the intent to express an
opinion thereon. Audits are performed to verify conformance to
standards through review of objective evidence.
❑ A cloud auditor can evaluate the services provided by a cloud provider
in terms of security controls, privacy impact, performance, etc.
Department of Computer Science and Engineering 52
Cloud Auditor :
❑ Auditing is especially important for federal agencies as "agencies
should include a contractual clause enabling third parties to assess
security controls of cloud providers".
❑ Security controls are the management, operational, and technical
safeguards or countermeasures employed within an organizational
information system to protect the confidentiality, integrity, and
availability of the system and its information.

Department of Computer Science and Engineering 53

Cloud Auditor :
❑ For security auditing, a cloud auditor can make an assessment of the
security controls in the information system to determine the extent to
which the controls are implemented correctly, operating as intended,
and producing the desired outcome with respect to the security
requirements for the system.
❑ The security auditing should also the verification of the compliance
with regulation and security policy.

Department of Computer Science and Engineering 54

Cloud Auditor :
❑ For example, an auditor can be tasked with ensuring that the correct
policies are applied to data retention according to relevant rules for the
jurisdiction.
❑ The auditor may ensure that fixed content has not been modified and
that the legal and business data archival requirements have been
satisfied.
❑ A privacy impact audit can help Federal agencies comply with
applicable privacy laws and regulations governing an individual's
privacy, and to ensure confidentiality, integrity, and availability of an
individual's personal information at every stage of development and
operation.
Department of Computer Science and Engineering 55
Cloud Broker :
❑ As cloud computing evolves, the integration of cloud services can be too
complex for cloud consumers to manage.
❑ A cloud consumer may request cloud services from a cloud broker,
instead of contacting a cloud provider directly.
❑ A cloud broker is an entity that manages the use, performance and
delivery of cloud services and negotiates relationships between cloud
providers and cloud consumers.

Department of Computer Science and Engineering 56

A cloud broker can provide services in three categories:
Service Intermediation:
❑ A cloud broker enhances a given service by improving some specific
capability and providing value-added services to cloud consumers.
❑ The improvement can be managing access to cloud services identity
management, performance reporting, enhanced security, etc.
Service Aggregation:
❑ A cloud broker combines and integrates multiple services into one or
more new services. The broker provides data integration ensures the
secure data movement between the cloud consumer and multiple cloud
providers.

Department of Computer Science and Engineering 57

Service Arbitrage:
❑ Service arbitrage is similar to service aggregation except that the
services being aggregated are not fixed. Service arbitrage means a
broker has the flexibility to choose services from multiple agencies .
❑ The cloud broker, for example, can use a credit-scoring service to
measure and select an agency with the best score.
Cloud Carrier :
❑ A cloud carrier as an intermediary that provides connectivity and
transport of cloud services between cloud consumers and cloud
providers.
❑ Cloud carriers provide access to consumers through network.
telecommunication and other access devices.
Department of Computer Science and Engineering 58
Cloud Carrier :
❑ For example, cloud consumers can obtain cloud services through
network access devices, such as computers, laptops, mobile phones,
mobile Internet devices (MIDs), etc.
❑ The distribution of cloud services is normally provided by network and
telecommunication carriers or a transport agent, where a transport
agent refers to a business organization that provides physical transport
of storage media such as high- capacity hard drives.
❑ Note that a cloud provider will set up SLAs with a cloud carrier to
provide services consistent with the level of SLAs offered to cloud
consumers, and may require the cloud carrier to provide dedicated and
secure connections between cloud consumers and cloud providers.
Department of Computer Science and Engineering 59
Scope of Control between Provider and Consumer :
❑ The Cloud Provider and Cloud Consumer share the control of resources
a cloud system.
❑ Different service models affect an organization's control over the
computational resources and thus what can be done in a cloud system.
Classic software stack notation comprised of the application,
middleware and OS layers.
❑ This analysis of delineation of controls over the application.

Department of Computer Science and Engineering 60

Scope of Control between Provider and Consumer :

Department of Computer Science and Engineering 61

Scope of Control between Provider and Consumer :
❑ The application layer includes software applications targeted at end
users or programs.
❑ The applications are used by SaaS consumers, or
installed/managed/maintained by PaaS consumers, IaaS consumers,
and SaaS The middleware layer provides software building blocks (e.g.,
libraries. database, and Java virtual machine) for developing
application software in the cloud.
❑ The middleware is used by PaaS consumers, installed/managed/
maintained by IaaS consumers or PaaS providers, and hidden from SaaS
consumers.

Department of Computer Science and Engineering 62

Scope of Control between Provider and Consumer :
❑ The OS layer includes operating system and drivers, and is hidden from
SaaS consumers and consumers. An IaaS cloud allows one or multiple
guest OS s to run virtualized on a single physical host.
❑ Generally, consumers have broad freedom to choose which OS to be
hosted among all the OS s that could be supported by the cloud
provider.
❑ The IaaS consumers should assume full responsibility for the guest OS s,
while the laas provider controls the host OS .

Department of Computer Science and Engineering 63

Service Deployment :
❑ A cloud infrastructure may be operated in one of the following
community cloud, or hybrid deployment models: public cloud, private
cloud, comm cloud.
❑ The differences are based on how exclusive the computing resources
are made to a Cloud Consumer.
❑ A public cloud is one in which the cloud infrastructure and computing
resources are made available to the general public over a public
network. A public cloud is owned by an organization selling cloud
services, and serves a diverse pool of clients.

Department of Computer Science and Engineering 64

Service Deployment :

Department of Computer Science and Engineering 65

Service Deployment:
❑ A private cloud gives a single Cloud Consumer's organization the
exclusive access to and usage of the infrastructure and computational
resources.
❑ It may be managed either by the Cloud Consumer organization or by a
third party, and may be hosted on the organization's premises (i.e. on-
site private clouds) or outsourced to a hosting company (i.e. outsourced
private clouds).
❑ A cloud serves a group of Cloud Consumers which have shared
concerns such as mission objectives, security, privacy and compliance
policy, rather than serving a single organization as does a private cloud.
Department of Computer Science and Engineering 66
Service Deployment :
❑ Similar to private clouds, a community cloud may be managed by the
organizations or by a third party, and may be implemented on customer
premise (i.e. on-site community cloud) or outsourced to a hosting
company (i.e. outsourced community cloud) .

Department of Computer Science and Engineering 67

Cloud Architecture Models and Infrastructure :
On-site Private Cloud

Department of Computer Science and Engineering 68

Cloud Architecture Models and Infrastructure :
Out-sourced Private Cloud

Department of Computer Science and Engineering 69

Cloud Architecture Models and Infrastructure :
Out-sourced Private Cloud
❑ A cloud consumer can access the local cloud resources, and also the
resources of other participating organizations through the connections
between the associated organizations.
❑ An outsourced community cloud, where the server side is outsourced to
a hosting company. In this case, an outsourced community cloud builds
its infrastructure off promise, and serves a set of organizations that
request and consume cloud services.

Department of Computer Science and Engineering 70

Cloud Architecture Models and Infrastructure :
On Sight ommunity Cloud

Department of Computer Science and Engineering 71

Cloud Architecture Models and Infrastructure :
Out Sourced Community Cloud

Department of Computer Science and Engineering 72

Cloud Architecture Models and Infrastructure :
❑ A hybrid cloud is a composition of two or more clouds (on-site private,
on-site community, off-site private, offsite community or public) that
remain as distinct entities but are bound together by standardized or
proprietary technology that enables data and application portability.

Department of Computer Science and Engineering 73

Cloud Architecture Models and Infrastructure :
Hybrid Cloud:

Department of Computer Science and Engineering 74

Cloud Architecture Models and Infrastructure :
Service Orchestration :
❑ Service Orchestration refers to the composition of system components
to support the Cloud Providers activities in arrangement, coordination
and management of computing resources in order to provide cloud
services to Cloud Consumers.
❑ A generic stack diagram of this composition that underlies the
provisioning of cloud services.
❑ A three-layered model is used in this representation, representing the
grouping of three types of system components Cloud Providers need to
compose to deliver their services.
Department of Computer Science and Engineering 75
Cloud Architecture Models and Infrastructure :
Service Orchestration :
❑ In, the top is the service layer, this is where Cloud Providers define
interfaces for Cloud Consumers to access the computing services.
❑ Access interfaces of each of the three service models are provided in
this layer.
❑ It is possible, though not necessary, that SaaS applications can be built
on top of PaaS components and PaaS components can be built on top of
IaaS components.

Department of Computer Science and Engineering 76

Cloud Provider - Service Orchestration :

Department of Computer Science and Engineering 77

Cloud Provider - Service Orchestration :
❑ The optional dependency relationships among SaaS, PaaS, and IaaS
components are represented graphically as components stacking on
each other; while the angling of the components represents that each of
the service component can stand by itself.
❑ For example, a SaaS application can be implemented and hosted on
virtual machines from an IaaS cloud or it can be implemented directly
on top of cloud resources without using IaaS virtual machines.
❑ The middle layer in the model is the resource abstraction and control
layer.

Department of Computer Science and Engineering 78

Cloud Provider - Service Orchestration :
❑ This layer contains the system components that Cloud Providers use to
provide and manage access to the physical computing resources
through abstraction.
❑ Examples of resource abstraction components include software
elements such as hypervisors, virtual machines, virtual data storage,
and other computing resource abstractions.
❑ The resource abstraction needs to ensure efficient, secure, and reliable
usage of the underlying resources. While virtual machine technology is
commonly used at this layer, other means of providing the necessary
software abstractions are also possible.

Department of Computer Science and Engineering 79

Cloud Provider - Service Orchestration :
❑ The control aspect of this layer refers to the software components that
are responsible for resource allocation, access control, and usage
monitoring.
❑ This is the software fabric that ties together the numerous underlying
physical resources and their software abstractions to enable resource
pooling, dynamic allocation, and measured service. Various open
source and proprietary cloud software are examples of this type of
middleware.
❑ The lowest layer in the stack is the physical resource layer, which
includes all the physical computing resources.

Department of Computer Science and Engineering 80

Cloud Provider - Service Orchestration :
❑ This layer includes hardware resources, such as computers (CPU and
memory), networks (routers, firewalls, switches, network links and
interfaces), storage components (hard disks) and other physical
infrastructure elements.
❑ It also includes facility resources, such as heating, ventilation and air
conditioning (HVAC), power, communications, and other aspects of the
physical plant. Following system architecture conventions, the
horizontal positioning, ie., the layering, in a model represents
dependency relationships-the upper layer components are dependent
on adjacent lower layer to function.

Department of Computer Science and Engineering 81

Cloud Provider - Service Orchestration :
❑ The resource and control layer exposes virtual cloud resources on top
of the physical resource layer and supports the service layer where
cloud services interfaces are exposed to Cloud Consumers, while Cloud
Consumers do not have direct access to the physical resources.
Cloud Service Management:
❑ Cloud Service Management includes all of the service-related functions
that are necessary for the management and operation of those services
required by or proposed to cloud consumers.
❑ cloud service management can be described from the perspective of
business support, provisioning and configuration, and from the
perspective of portability and interoperability requirements.
Department of Computer Science and Engineering 82
Cloud Provider - Cloud Service Management:

Department of Computer Science and Engineering 83

Business Support :
❑ Business Support entails the set of business-related services dealing
with clients and supporting processes. It includes the components used
to run business operations that are client-facing.
Customer Management:
❑ Manage customer accounts, open/close/terminate accounts, manage
user profiles, manage customer relationships by providing points-of-
contact and resolving customer issues and problems, etc.
Management:
❑ Manage service contracts, setup/negotiate/close/ terminate contract,
etc.

Department of Computer Science and Engineering 84

Inventory Management:
❑ Set up and manage service catalogs, etc.
Accounting Billing:
❑ customer billing information, send billing statements, process received
payments, track invoices, etc. Reporting Auditing: Monitor user
operations, generate reports, etc.
Pricing and Rating:
❑ Evaluate cloud services and determine prices, handle promotions and
pricing rules based on a user's profile, etc.

Department of Computer Science and Engineering 85

Inventory Management:
❑ Set up and manage service catalogs, etc.
Accounting Billing:
❑ customer billing information, send billing statements, process received
payments, track invoices, etc. Reporting Auditing: Monitor user
operations, generate reports, etc.
Pricing and Rating:
❑ Evaluate cloud services and determine prices, handle promotions and
pricing rules based on a user's profile, etc.

Department of Computer Science and Engineering 86

Provisioning and Configuration Rapid Provisioning:
❑ Automatically deploying cloud systems based on the requested
service/resources/capabilities.
Resource Changing:
❑ Adjusting configuration/resource assignment for repairs, upgrades and
joining new nodes into the cloud.
Monitoring and Reporting:
❑ Discovering and monitoring virtual resources, monitoring cloud
operations and events and generating performance reports.

Department of Computer Science and Engineering 87

Metering:
❑ Providing a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth,
and active user accounts).
SLA Management:
❑ Encompassing the SLA contract definition (basic schema with the QoS
parameters), SLA monitoring and SLA enforcement according to defined
policies.
Portability and Interoperability:
For portability, prospective customers are interested to know whether
they can move their data or applications across multiple cloud
environments at low cost and minimal disruption.
Department of Computer Science and Engineering 88
❑ From an interoperability perspective, users are concerned about the
capability to communicate between or among multiple clouds.
❑ Cloud providers should provide mechanisms to support data
portability, service interoperability, and system portability.
❑ portability is the of cloud consumers to copy data objects into or out of
a cloud or to use a disk for bulk data transfer. Service interoperability is
the ability of cloud consumers to use their data and services across
multiple cloud providers with a unified management interface.

Department of Computer Science and Engineering 89

❑ System portability allows the migration of a fully-stopped virtual
machine instance or a machine image from one provider to another
provider, or migrate applications and services and their contents from
one service provider to another.
Provisioning and Configuration
Rapid Provisioning:
❑ Automatically deploying cloud systems based on the requested
service/resources/capabilities. Resource Changing: Adjusting
configuration/resource assignment for repairs, upgrades and joining
new nodes into the cloud.

Department of Computer Science and Engineering 90

Monitoring and Reporting:
❑ Discovering and monitoring virtual resources, monitoring cloud
operations and events and generating performance reports. Metering:
Providing a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth,
and active user accounts).
SLA Management:
❑ Encompassing the SLA contract definition (basic schema with the QoS
parameters), SLA monitoring and SLA enforcement according to defined
policies.

Department of Computer Science and Engineering 91

Portability and Interoperability :
❑ For portability, prospective customers are interested to know whether
they can move their data or applications across multiple cloud
environments at low cost and minimal disruption.
❑ From an interoperability perspective, users are concerned about the
capability to communicate between or among multiple clouds. Cloud
providers should provide mechanisms to support data portability,
service interoperability, and system portability.
❑ portability is the of cloud consumers to copy data objects into or out of
a cloud or to use a disk for bulk data transfer.

Department of Computer Science and Engineering 92

Portability and Interoperability :
❑ Service interoperability is the ability of cloud consumers to use their
data and services across multiple cloud providers with a unified
management interface.
❑ System portability allows the migration of a fully-stopped virtual
machine instance or a machine image from one provider to another
provider, or migrate applications and services and their contents from
one service provider to another.

Department of Computer Science and Engineering 93

Implications of Cloud Deployment Models:
❑ The variations of cloud deployment models have important security
implication as well.
❑ One way to look at the security implications from the deployment
model perspective is the differing level of exclusivity of tenants in a
deployment model.
❑ A private cloud is dedicated to one consumer organization, where as a
public cloud could have unpredictable tenants co- existing with each
other, therefore, workload isolation is less of a security concern in a
private cloud than in a public cloud.

Department of Computer Science and Engineering 94

❑ Another way to analyze the security impact of cloud deployment models
is to use the concept of access boundaries.
❑ For example, an on-site private cloud may or may not need additional
boundary controllers at the cloud boundary when the private cloud is
hosted on-site within the Cloud Consumer organization's network
boundary, whereas an out-sourced private cloud tends to require the of
such perimeter protection at the boundary of the cloud.
Shared Security Responsibilities:
❑ The Cloud Provider and the Cloud Consumer have differing degrees of
control over the computing resources in a cloud system.

Department of Computer Science and Engineering 95

Shared Security Responsibilities:
❑ Compared to traditional IT systems, where one organization has control
over the whole stack of computing resources and the entire life-cycle of
the systems, Cloud Providers and Cloud Consumers collaboratively
design, build, deploy, and operate cloud-based systems.
❑ The split of control means both parties now share the responsibilities
in providing adequate protections to the cloud- based systems. Security
is a shared responsibility.

Department of Computer Science and Engineering 96

Shared Security Responsibilities:
❑ Security controls, i.e.. measures used to provide protections, need to be
analyzed to determine which party is in a better position to implement.
This analysis needs to include considerations from a service model
perspective, where different service models imply different degrees of
control between Cloud Providers and Cloud Consumers.
❑ For example, account management controls for initial system
privileged users in IaaS scenarios are typically performed by the IaaS
Provider whereas application user account management for the
application deployed in an IaaS environment is typically not the
provider's responsibility.

Department of Computer Science and Engineering 97

Privacy
❑ Should protect the assured, proper, and consistent collection,
processing, communication, use and disposition of personal
information (PI) and personally identifiable information (PII) in the
cloud.
CLOUD DEPLOYMENT MODELS :
❑ Within each of the three delivery models just described are multiple
deployment For example, a SaaS delivery model can be presented to
users in one of several deployment types, such as a private or public
cloud.

Department of Computer Science and Engineering 98

CLOUD DEPLOYMENT MODELS :
❑ Within each of the three delivery models just described are multiple
deployment For example, a SaaS delivery model can be presented to
users in one of several deployment types, such as a private or public
cloud.

Department of Computer Science and Engineering 99

CLOUD DEPLOYMENT MODELS :
❑ These deployment models are technically functionally unrelated to
each of the delivery models - that is, any of the delivery models can exist
in any of the deployment scenarios, although a specific
delivery/deployment model pairing may be more common than others
(e.g., SaaS/public).
❑ Additionally, based upon the usage of the cloud by an organization and
its relationship to the enterprise as a whole, these cloud deployment
models are often referred to as external or internal clouds. Each of
these models.

Department of Computer Science and Engineering 100

CLOUD DEPLOYMENT MODELS :
❑ However, must share the fundamental tenets of cloud computing: Each
model employs Internet-connected devices. model provides for
dynamic scaling of virtual resources.
❑ Users of each model commonly don't have control over the technology
being used.

Department of Computer Science and Engineering 101

NIST defines four cloud deployment models:
Private Cloud :
❑ The cloud infrastructure is operated solely for an organization. It may
be managed by the organization or a third party and may exist on
premise or off premise.
Community Cloud :
❑ The cloud infrastructure is by several organizations and supports a
specific community that has shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be
managed by the organizations or a third party and may exist on
premise or off premise.

Department of Computer Science and Engineering 102

NIST defines four cloud deployment models:
Public Cloud
❑ The cloud infrastructure is made available to the general public or a
large industry group and is owned by an organization selling cloud
services.
Hybrid Cloud:
❑ The cloud infrastructure is a composition of two or more clouds
(private, community, or public) that remain unique entities but are
bound together by standardized or proprietary technology that enables
data and application portability (e.g., cloud bursting for load-balancing
between clouds).

Department of Computer Science and Engineering 103

Public Cloud
❑ A public cloud is a cloud computing deployment scheme that is
generally open for use by the general The general public is defined in
this case as either individual users or corporations.
❑ The public cloud infrastructure used is owned by a cloud services
vendor organization; examples of public cloud deployment vendor
offerings include Amazon Web Services, Google App Engine,
Salesforce.com, and Microsoft Windows Azure.

Department of Computer Science and Engineering 104

Public Cloud Example:

Department of Computer Science and Engineering 105

Community Clouds :
❑ A cloud deployment model that is being rapidly implemented is called a
community cloud.
❑ Conceptually residing somewhere between a private cloud and a public
cloud, community cloud describes a shared infrastructure that is
employed by and supported by multiple companies.
❑ This shared cloud resource may be utilized by groups that have
overlapping considerations, such as joint compliance requirements,
noncompetitive business goals, or a need to pool high-level security
resources.

Department of Computer Science and Engineering 106

Community Clouds :
❑ Although the physical existence of the shared cloud may reside on any
member's premises, or even on a third-party site, managing the
community cloud may become complicated, due to unspecified shifting
ownership and responsibility, making it somewhat technically
challenging to deal with concerns over resource management, privacy,
resilience, latency, and security requirements.
❑ The authors have defined several elements that must be present in
order for a cloud to properly defined as community.
❑ While some of these points also apply to other cloud types, they should
all be present for a cloud to truly be called community:

Department of Computer Science and Engineering 107

Community Clouds :
Openness
❑ Removing the dependence on vendors makes the community cloud the
open equivalent to vendor clouds, and therefore identifies a new
dimension in the open versus proprietary struggle that has emerged in
code, standards and data, but has not until been expressed in the realm
of hosted services.
Community
❑ The community cloud is as much a social structure a technology
paradigm, because of the community ownership of the infrastructure.

Department of Computer Science and Engineering 108

❑ This community ownership carries with it a degree of economic
scalability, without which there would be diminished competition and
potential stifling of innovation as risked in vendor clouds.
Failure :
❑ The community cloud is not owned or controlled by any one
organization, and therefore not dependent on the lifespan or failure of
any one organization.
❑ It will be robust and resilient to failure, and immune to the system wide
cascade failures of vendor clouds, because of the diversity of its
supporting nodes.

Department of Computer Science and Engineering 109

Private Clouds :
❑ Using virtualization, some companies are building private cloud
computing environments intended to be used only by their employees
or designated partners.
❑ Also referred to as internal clouds, private clouds can offer the benefits
of public cloud computing, while still enabling the NIST describes a
private cloud as a cloud infrastructure operated solely for an
organization, managed by the organization or a third party and existing
either on premise or off-premise.
❑ The private cloud is typically hosted within the boundaries of the owner
organization.
❑ While the concept of a private cloud may create some cognitive
dissonance (isn't the purpose of cloud infrastructure to be shared?),
there are some specific characteristics of a private cloud that
differentiate it from the traditional IT distributed infrastructure.
❑ Firstly, private clouds differ from public clouds in that the
infrastructure associated with a private cloud is commonly dedicated to
a single enterprise and is not shared with any other enterprise.
Department of Computer Science and Engineering 110
Private Clouds :
❑ This infrastructure may include many corporate business intranet
clients/vendors, resellers, or any other groups engaged in a business
relationship with the enterprise.
❑ Secondly, security is considered to be tighter in a private cloud
deployment than it is in a public cloud.

Department of Computer Science and Engineering 111

Hybrid Clouds:

❑ A hybrid cloud is any combination of the previous three cloud

deployment models. More specifically, it's defined by NIST as "a
composition of two or more clouds (private, community, or public) that
remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability
(e.g., cloud bursting for load- balancing between clouds).“

❑ An example of hybrid cloud deployment may consist of an organization

deploying noncritical software applications in the public cloud, while
keeping critical or sensitive apps in a private cloud, on the premises.
Department of Computer Science and Engineering 112
Hybrid Clouds:

❑ Hybrid clouds combine both public and private cloud models, and they
can be particularly effective when both types of cloud are located in the
same facility.

Department of Computer Science and Engineering 113

Alternative Deployment Models :
❑ A couple of alternative deployment models, one that is based on SPE
and extends it, the other a completely different view of cloud computing
architecture.
The Linthicum Model :
❑ David Linthicum, editor-in-chief of SYS-CON's Virtualization Journal is
the proponent of a cloud computing model that enhances the SP
framework's maturity though the use of what he calls "stacks." He sees
10 major categories, or patterns, of cloud computing technology:
➢ Storage as a service
➢ Database as a service
➢ Information as a service
➢ Process as a service
Department of Computer Science and Engineering 114
 ➢ Application as a service
➢ Platform as a service
➢ Integration as a service
➢ Security as a service
➢ Management / Governance as a service
➢ Testing as a service
Jericho Cloud Cube Model
❑ The Jericho Forum's provides a description of the four dimensions of
the model.
Internal (I)/External (E)
❑ This is the dimension that defines the physical location of the data:
where does the cloud form you want to use exist inside or outside your
organization's boundaries?
• If it is within your own physical boundary then it is Internal.
• If it is not within your own physical boundary then it is External.
❑ For example, virtualized hard disks in an organization's data center
would be internal, while Amazon SC3 would be external at some
location "off-site."
Department of Computer Science and Engineering 115
Jericho Cloud Cube Model

Department of Computer Science and Engineering 116

Proprietary (P)/Open (0)
❑ This is the dimension that defines the state of ownership of the cloud
technology, services, interfaces, etc.
❑ Interoperability, as well as enabling "data/application transportability
between your own systems and other cloud forms, and the ability to
withdraw your data from a cloud form or to move it to another without
constraint.
❑ I also indicates any constraints on being able to share applications.
❑ Proprietary means that the organization providing the service in
keeping the means of provision under their ownership.
❑ As a result, when operating in clouds that are proprietary, you may not
be able to move to another cloud supplier without significant effort or
investment.
❑ Often the more technology advances occur in the proprietary domain.
As such the proprietor may choose to enforce restrictions through
patents and by keeping the technology involved a trade secret.

Department of Computer Science and Engineering 117

Proprietary (P)/Open (0)
❑ Clouds that are Open are using technology that is not proprietary,
meaning that there are likely to be more suppliers, and you are not as
constrained in being able to share your data and collaborate with
selected parties using the same open technology. Open services tend to
be those that are widespread and consumerized, and most likely a
published open standard for example email (SMTP).
Perimeterized (Per)/De-perimeterized (D-p) Architectures
❑ The third dimension represents the "architectural mindset" are you
operating inside your traditional IT perimeter or outside it?
❑ De. perimeterization has always related to the gradual failure/removal/
of the traditional silo-based IT perimeter.
❑ Perimeterized implies continuing to operate within the traditional IT
perimeter, often signaled by "network firewalls."

Department of Computer Science and Engineering 118

Perimeterized (Per)/De-perimeterized (D-p) Architectures
❑ As has been discussed in previous published Jericho Forum papers, this
approach inhibits collaboration.
❑ In effect, when operating in the perimeterized areas, you may simply
extend your own organization's perimeter into the external cloud
computing domain using a VPN and operating the virtual server in your
own IP domain, making use of your own directory services to control
access.
❑ Then, when the computing task is completed you can withdraw your
perimeter back to its original traditional position. We consider this type
of system perimeter to be a traditional, though virtual, perimeter.
Insourced/Outsource
❑ We define a fourth dimension that has two states in each of the eight
cloud forms: Per(IP, IO, EP, EO) and D-p(IP, IO, EP, EO), that responds to
the question "Who do you want running your Clouds?":

Department of Computer Science and Engineering 119

Insourced/Outsource
❑ We define a fourth dimension that has two states in each of the eight
cloud forms: Per(IP, IO, EP, EO) and D-p(IP, IO, EP, EO), that responds to
the question "Who do you want running your Clouds?":
Outsourced-
The service is provided by a third party.
Insourced
The service is provided by your own staff under your control.

❑ These two states describe who is managing delivery of the cloud

service(s) that you use. This is primarily a policy issue (i.e., a business
decision, not a technical or architectural decision) which must be
embodied in a contract with the cloud provider.
❑ Given the ease with which a user within your business can procure
cloud services - just by tendering a valid credit card - it is absolutely
essential that your business develops the ability to rapidly set up legally
binding.

Department of Computer Science and Engineering 120

Insourced/Outsource
❑ collaboration agreements, and to close them equally rapidly as soon as
they are no longer needed. Will it be possible in the future to design a
cloud data capsulation approach that means if the cloud provider
accepts the data capsule then they automatically accept the terms that
the data came with - for example "do not process outside the data
owner's national boundary"?

Department of Computer Science and Engineering 121

CSP examples and their respective offerings:

Department of Computer Science and Engineering 122

Cloud Service Models:
There are the following three types of cloud service models –
1. Infrastructure as a Service (IaaS)
2. Platform as a Service (PaaS)
3. Software as a Service (SaaS)
Infrastructure-as-a-Service (IaaS):
❑ Cloud Computing delivers infrastructure, platform, and software
(application) as services, which are made available as subscription-
based services in a pay-as-you-go model to consumers.
❑ The services provided over the cloud can be generally categorized into
three different service models: namely IaaS, Platform as a Service
(PaaS), and Software as a Service (SaaS).

Department of Computer Science and Engineering 123

Infrastructure-as-a-Service (IaaS):
❑ These form the three pillars on top of which cloud computing solutions
are delivered to end users. All three models allow users to access
services over the Internet, relying entirely on the infrastructures of
cloud service providers.
❑ These models are offered based on various SLAs between providers and
users. In a broad sense, the SLA for cloud computing is addressed in
terms of service availability, performance, and data protection and
security.
❑ Three cloud models at different service levels of the cloud. SaaS is
applied at the application end using special interfaces by users or
clients.

Department of Computer Science and Engineering 124

Infrastructure-as-a-Service (IaaS):
❑ At the PaaS layer, the cloud platform must perform billing services and
handle job queuing, launching, and monitoring services.
❑ At layer of the laaS services, databases, compute instances, the file
system, and storage must be provisioned to satisfy user demands.

Department of Computer Science and Engineering 125

The laaS, PaaS, and SaaS cloud service models at different service levels:

Department of Computer Science and Engineering 126

Example:
Amazon VPC for Multiple Tenants:
❑ A user can use a private facility for basic computations. When he must
meet a specific workload requirement, he can use the Amazon VPC to
provide additional EC2 instances or more storage (S3) to handle urgent
applications.

Department of Computer Science and Engineering 127

Platform-as-a-Service (PaaS) :
❑ SaaS is often built on top of the Pass, which is in turn built on top of the
IaaS.
❑ To be able to develop, deploy and manage the execution of application
wing provisioned resources demands a cloud platform with the proper
software environment.
❑ Such a platform includes operating system and runtime library support.
This has triggered the creation of the PaaS mode enable users to
develop and deploy their user applications.

Department of Computer Science and Engineering 128

Five Public Cloud Offfering Platform-as-a-Service (PaaS) :

Department of Computer Science and Engineering 129

Google App Engine for PaaS Applications:
❑ As web applications are running on Google's server clusters, they share
the same capability with many other users.
❑ The applications have features such as automatic scaling and load
balancing which are very convenient while building web applications.
❑ The distributed scheduler mechanism can also schedule tasks for
triggering events at specified times and regular intervals.
❑ To develop applications using GAE, a environment must be provided.

Department of Computer Science and Engineering 130

Google App Engine for PaaS Applications:

Department of Computer Science and Engineering 131

Software as a Service (SaaS):
❑ This refers to browser-initiated application software over thousands of
customers.
❑ Services and tools offered by PaaS are utilized in construction of
applications and management of their deployment on resources offered
by IaaS providers.
❑ The SaaS model provides software applications as a service. As a result,
on the customer side, there is no upfront investment in servers or
software licensing.
❑ On the provider side, costs are kept rather low, compared with
conventional hosting of user applications.

Department of Computer Science and Engineering 132

Software as a Service (SaaS):
❑ Customer data is stored in the cloud that is either vendor proprietary or
publicly hosted to support PaaS and IaaS.
❑ The best examples of SaaS services include Google Gmail and docs.
Microsoft SharePoint, and the CRM software from Salesforce.com.
Three Success Stories on SaaS Applications
1. To discover new drugs through DNA sequence analysis, Eli Lily Company
has used Amazon's AWS platform with provisioned server and storage
clusters to conduct high-performance biological sequence analysis without
using an expensive supercomputer. The benefit of this laaS application is
reduced drug deployment time with much lower costs.

Department of Computer Science and Engineering 133

2. The New York Times has applied Amazon's EC2 and S3 services to
retrieve useful pictorial information quickly from millions of archival
articles and newspapers. The New York Times has significantly reduced
the time and cost in getting the job done.
3. Pitney Bowes, an e-commerce company, offers clients the opportunity to
perform transactions using the Microsoft Azure platform, along with .NET
and SQL services. These offerings have significantly increased the
company's base.

Department of Computer Science and Engineering 134

A Generic Cloud Architecture Design
❑ An Internet cloud is envisioned as a public cluster of servers
provisioned on demand to perform collective web services or
distributed applications using data center resources.
Cloud Platform Design Goals

❑ Scalability, virtualization, efficiency, and reliability are four major

design goals of a cloud computing platform.
❑ Clouds support Web 2.0 applications. Cloud management receives the
user request, finds the correct resources, and then calls the
provisioning services which invoke the resources in the cloud.
❑ The cloud management software needs to support both physical and
virtual machines. Security in shared resources and shared access of
data centers also pose another design challenge.

Department of Computer Science and Engineering 135

Cloud Platform Design Goals

❑ Scalability, virtualization, efficiency, and reliability are four major

design goals of a cloud computing platform.
❑ Clouds support Web 2.0 applications. Cloud management receives the
user request, finds the correct resources, and then calls the
provisioning services which invoke the resources in the cloud.
❑ The cloud management software needs to support both physical and
virtual machines. Security in shared resources and shared access of
data centers also pose another design challenge.
❑ The platform needs to establish a very large-scale HPC infrastructure.
❑ The hardware and software systems are combined to make it easy and
efficient to operate.
❑ System scalability can benefit from cluster architecture. If one service
takes a lot of processing power, storage capacity, or network traffic, it is
simple to add more servers and bandwidth.
Department of Computer Science and Engineering 136
Enabling Technologies for Clouds

❑ The key driving forces behind cloud computing are the ubiquity of
broadband and wireless networking, falling storage costs, and
progressive improvements in Internet computing software.
❑ Cloud users are able to demand more capacity at peak demand, reduce
costs, experiment with new services, a unneeded capacity, whereas
service providers can increase system utilization via multiplexing,
virtualization, and dynamic resource provisioning.
❑ Clouds are enabled by the progress in hardware. software, and
networking technologies.

Department of Computer Science and Engineering 137

Cloud Enabling Technologies in Hardware, Software and Networking

Department of Computer Science and Engineering 138

Cloud Enabling Technologies in Hardware, Software and Networking

Department of Computer Science and Engineering 139

Cloud Enabling Technologies in Hardware, Software and Networking
❑ A security-aware cloud platform built with a virtual cluster of VMs, stor-
age, and networking resources over the data-center servers operated by
providers.
❑ A security-aware cloud architecture. The Internet cloud is envisioned
as a massive cluster of servers. These servers are provisioned on
demand to perform collective web services or distributed applications
using data-center resources.
❑ The cloud platform is formed dynamically by provisioning or
deprovisioning servers, software, and database resources. Servers in
the cloud can be physical machines or VMs.
❑ User interfaces are applied to request services. The provisioning tool
carves out the cloud system to deliver the requested service.

Department of Computer Science and Engineering 140

Cloud Enabling Technologies in Hardware, Software and Networking

❑ In addition to building the server cluster, the cloud platform demands

distributed storage and accompanying services.
❑ The cloud computing resources are built into the data centers, which
are typically owned and operated by a third-party provider. Consumers
do not need to know the underlying technologies.
❑ In a cloud, software becomes a service. The cloud demands a high
degree of trust of massive amounts of data retrieved from large data
centers. We need to build a framework to process large-scale data
stored in the storage system.
❑ This demands a distributed file system over the database system. Other
cloud resources are added into a cloud platform, including storage area
networks (SANs), database systems, firewalls, and security devices.
❑ Web service providers offer special APIs that enable developers to
exploit Internet clouds. Monitoring and metering units are used to track
the usage and performance of provisioned resources.
Department of Computer Science and Engineering 141
Layered Cloud Architectural Development :

Department of Computer Science and Engineering 142

Layered Cloud Architectural Development :
❑ The architecture of a cloud is developed at three layers: infrastructure.
platform, and application. These three development layers are
implemented with virtualization and standardization of hardware and
software resources provisioned in the cloud.
❑ The services to public, private, and hybrid clouds are conveyed to users
through networking support over the Internet and intranets involved. It
is clear that the infrastructure layer is deployed first to support IaaS
services.
❑ This infrastructure layer serves as the foundation for building the
platform layer of the cloud for supporting PaaS services. In turn, the
platform layer is a foundation for implementing the application layer
for SaaS applications. Different types of cloud services demand
application of these resources separately.
❑ The Infrastructure layer is built with virtualized compute, storage, and
network resources. The abstraction of these hardware resources is
meant to provide the flexibility demanded by users.
Department of Computer Science and Engineering 143
Layered Cloud Architectural Development :
❑ Internally, virtualization realizes automated provisioning of resources
and optimizes the infrastructure management process.
❑ The platform layer is for general-purpose and repeated usage of the
collection of software resources.
❑ This layer provides users with an environment to develop their
applications, to test operation flows, and to monitor execution results
and performance.
❑ The platform should be able to assure users that they have scalability,
dependability, and security protection.
❑ In a way, the virtualized cloud platform serves as a “system
middleware” between the infrastructure and application layers of the
cloud.

Department of Computer Science and Engineering 144

Market-Oriented Cloud Architecture :
❑ As consumers rely on cloud providers to meet more of their computing
needs, they will require a specific level of QoS to be maintained by their
providers, in order to meet their objectives and sustain their operations.
Cloud providers consider and meet the different QoS parameters of each
individual consumer as negotiated in specific SLAs.
❑ To achieve this, the providers cannot deploy traditional system-centric
resource management architecture. Instead, market-oriented resource
management is necessary to regulate the supply and demand of cloud
resources to achieve market equilibrium between supply and demand.
❑ The designer needs to provide feedback on economic incentives for
both consumers and providers.
❑ The purpose is to promote QoS-based resource allocation mechanisms.
In addition, clients can benefit from the potential cost reduction of
providers, which could lead to a more competitive market, and thus
lower prices.
Department of Computer Science and Engineering 145
Market-Oriented Cloud Architecture :

Department of Computer Science and Engineering 146

Quality of Service Factors:

❑ The data center comprises multiple computing servers that provide

resources to meet service demands.
❑ In the case of a cloud as a commercial offering to enable crucial
business operations of companies, there are critical QoS parameters to
consider in a service request, such as time, cost, reliability and
trust/security.
❑ In particular, QoS requirements cannot be static and may change over
time due to continuing changes in business operations and operating
environments.
❑ In short, there should be greater importance on customers since they
pay to access services in clouds.
❑ In addition, the state of the art in cloud computing has no or limited
support for dynamic negotiation of SLAs between participants

Department of Computer Science and Engineering 147

Virtualization Support and Disaster Recovery

❑ One very distinguishing feature of cloud computing infrastructure is the

use of system virtualization and the modification to provisioning tools.
Virtualization of servers on a shared cluster can consolidate web
services.
❑ As the VMs are the containers of cloud services, the provisioning tools
will first find the corresponding physical machines and deploy the VMs
to those nodes before scheduling the service to run on the virtual
nodes.

Department of Computer Science and Engineering 148

Virtualization Support and Disaster Recovery

Department of Computer Science and Engineering 149

Hardware Virtualization

❑ In many cloud computing systems, virtualization software is used to

virtualize the hardware.
❑ System virtualization software is a special kind of software which
simulates the execution of hardware and runs even unmodified
operating systems.
❑ Cloud computing systems use virtualization software as the running
environment for legacy software such as old operating systems and
unusual applications. Virtualization software is also used as the
platform for developing new cloud applications that enable developers
to use any operating systems and programming environments they like.
❑ The development environment and deployment environment can now
be the same, which eliminates some runtime problems.

Department of Computer Science and Engineering 150

Virtualized Resources in Compute, Storage, and Network Clouds

Department of Computer Science and Engineering 151

Recovery overhead of a conventional disaster recovery scheme, com- pared
with that required to recover from live migration of VMs.

Department of Computer Science and Engineering 152

Recovery overhead of a conventional disaster recovery scheme, com- pared
with that required to recover from live migration of VMs.
Virtualization Support in Public Clouds

❑ Three public clouds in the context of virtualization support: AWS,

Microsoft Azure, and GAE. AWS provides extreme flexibility (VMs) for
users to execute their own applications.
❑ GAE provides limited application-level virtualization for users to build
applications only based on the services that are created by Google.

Department of Computer Science and Engineering 153

Storage Virtualization for Green Data Centers

❑ IT power consumption in the United States has more than doubled to 3

percent of the total energy consumed in the country.
❑ The large number of data centers in the country has contributed to this
energy crisis to a great extent. More than half of the companies in the
Fortune 500 are actively implementing new corporate energy policies.
Recent surveys from both IDC and Gartner confirm the fact that
virtualization had a great impact on cost reduction from reduced power
consumption in physical computing systems.
❑ This alarming situation has made the IT industry become more energy-
aware. With little evolution of alternate energy resources, there is an
imminent need to conserve power in all computers.
❑ Virtualization and server consolidation have already proven handy in
this aspect.
❑ Green data centers and benefits of storage virtualization are considered
to further strengthen the synergy of green computing.
Department of Computer Science and Engineering 154
Virtualization for IaaS

VM technology has increased in ubiquity. This has enabled users to create

customized environments atop physical infrastructure for cloud
computing. Use of VMs in clouds has the following distinct benefits:

(1) System administrators consolidate workloads of underutilized servers

in fewer servers;

(2) VMs have the ability to run legacy code without interfering with other
APIs;

(3) VMs can be used to improve security through creation of sandboxes for
running applications with questionable reliability;

Department of Computer Science and Engineering 155

VM Cloning for Disaster Recovery:
❑ VM technology requires an advanced disaster recovery scheme. One
scheme is to recover physical danced disaster recovery scheme.
❑ The second scheme is to recover one VM by another VM. Total recovery
time is attributed to the hardware configuration expelling and
configuring the OS, installing the backup agents, and the long time to
restart the physical machine.
❑ To recover a VM platform, the installation and configuration times for
the OS and backup agents are eliminated.
❑ Therefore, we end up with a much shorter disaster recovery time, about
40 percent of that to recover the physical machines. Virtualization aids
in fast disaster recovery by VM encapsulation.
Department of Computer Science and Engineering 156
Challenge 1-Service Availability and Data Lock-in Problem

❑ The management of a cloud service by a single company is often the

source of single points of failure.
❑ To achieve HA, one can consider using multiple cloud providers. Even if
a company has multiple data centers located in different geographic
regions, it may have common software infrastructure and accounting
systems. Therefore, using multiple cloud providers may provide more
protection from failures.
❑ Another availability obstacle is distributed denial of service (DDoS)
attacks.

Department of Computer Science and Engineering 157

Challenge 2-Data Privacy and Security Concerns

❑ Traditional network attacks include buffer overflows, DoS attacks,

spyware, malware, rootkits, Trojan horses, and worms. In a cloud
environment, newer attacks may result from hypervisor malware, guest
hopping and hijacking, or VM rootkits.
❑ Another type of attack is the man-in-the-middle attack for VM
migrations. In general, passive attacks steal sensitive data or
passwords.
❑ Active attacks may manipulate kernel data structures which will cause
major damage to cloud servers.

Department of Computer Science and Engineering 158

Challenge 3-Unpredictable Performance and Bottlenecks

❑ Multiple VMs can share CPUs and main memory in cloud computing, but
I/O sharing is problematic. For example, to run 75 EC2 instances with
the STREAM benchmark requires a mean bandwidth of 1,355
MB/second. However, for each of the 75 EC2 instances to write 1 GB files
to the local disk requires a mean disk write bandwidth of only 55
MB/second.
❑ This demonstrates the problem of I/O interference between VMs.

Department of Computer Science and Engineering 159

Challenge 4-Distributed Storage and Widespread Software Bugs

❑ The database is always growing in cloud applications. The opportunity

is to create a storage system that will not only meet this growth, but also
combine it with the cloud advantage of scaling arbitrarily up and down
on demand.
❑ This demands the design of efficient distributed SANS. Data centers
must meet programmers' expectations in terms of scalability, data
durability, and HA.
❑ Data consistence checking in SAN-connected data centers is a major
challenge in cloud computing.

Department of Computer Science and Engineering 160

Challenge 5-Cloud Scalability, Interoperability, and Standardization

❑ The pay-as-you-go model applies to storage and network bandwidth;

both are counted in terms of the number of bytes used.
❑ Computation is different depending on virtualization level. GAE
automatically scales in response to load increases and decreases; users
are charged by the cycles used.
❑ AWS charges by the hour for the number of VM instances used, even if
the machine is idle.
❑ The opportunity here is to scale quickly up and down in response to
load variation, in order to save money, but without violating SLAS.

Department of Computer Science and Engineering 161

Challenge 6-Software Licensing and Reputation Sharing

❑ Many cloud computing providers originally relied on open source

software because the licensing model for commercial software is not
ideal for utility computing.
❑ The primary opportunity is either for open source to remain popular or
simply for commercial software companies to change their licensing
structure to better fit cloud computing.
❑ One can consider using both pay-for-use and bulk-use licensing
schemes to widen the business coverage.

Department of Computer Science and Engineering 162