CBE 321– Cloud Computing

and Security
Dr. E.Silambarasan
Assistant Professor
Department of CSE - Cyber Security
Indian Institute of Information Technology, Kottayam
Cloud Computing Definitions:
NIST Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a
(2011) shared pool of configurable computing resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction.

Microsoft Cloud computing is the delivery of computing services—including servers, storage, databases,
networking, software, analytics, and intelligence—over the internet (“the cloud”) to offer faster
innovation, flexible resources, and economies of scale. You typically pay only for cloud services
you use, helping you lower your operating costs, run your infrastructure more efficiently, and
scale as your business needs change.

AWS Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go
pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can
access technology services, such as computing power, storage, and databases, on an as-needed
basis from a cloud provider like Amazon Web Services (AWS).

Google Cloud computing is the on-demand availability of computing resources (such as storage and
Cloud infrastructure), as services over the internet. It eliminates the need for individuals and businesses
to self-manage physical resources themselves, and only pay for what they use.
Cloud Computing Definitions:
Rajkumar Cloud is a parallel and distributed computing system consisting of a collection of inter-
Buyya (2009) connected and virtualized computers that are dynamically provisioned and presented as
one or more unified computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and consumers.

Vaquero Clouds are a large pool of easily usable and accessible virtualized resources (such as
(2009) hardware, development platforms, and/or services). These resources can be dynamically
reconfigured to adjust to a variable load (scale), allowing also for optimum resource
utilization. This pool of resources is typically exploited by a pay-per-use model in which
guarantees are offered by the Infrastructure Provider using customized Service Level
Agreements

McKinsey Clouds are hardware-based services offering compute, network, and storage capacity
(2009) where: Hardware management is highly abstracted from the buyer, buyers incur
infrastructure costs as variable OPEX, and infrastructure capacity is highly
Elastic
Cloud Computing Architecture
• Cloud architecture can be defined as the combination of various technological
components that make up a cloud system.
• This usually involves using virtualization technology to put together several
resources and share them across a network.
• Cloud architecture also talks about the relationship between the various
components of a cloud system and the benefits they deliver.
• These components form the cloud computing architecture that applications can run
on, thus allowing end-users to leverage the power of cloud resources.
They include:
• A front-end platform (The client or device used to access the cloud)
• A back-end platform (servers and storage)
• A cloud-based delivery model
• A network
Fundamental Components of Cloud
Architecture
Clients
The devices that the end users interact with to manage
their information on the cloud. Clients generally fall into three
categories:
• Mobile
• Mobile devices include PDAs or smartphones, like a
blackberry, windows mobile smartphone, or an iPhone.
• Thin
• Clients are computers that do not have internal hard
drives, but rather let the server do all the work, but then
display the information.
• Thick
• This type of client is a regular computer, using a web
browser like Firefox or Internet Explorer to connect to
the cloud.
Fundamental Components of Cloud
Architecture
Benefits of thin clients
• Lower hardware cost
• Lower IT cost
• Security
• Data Security
• Less power consumption
• Ease of repair or replacement
• Less noise
Datacenter:
• A data center is a physical location that stores computing machines and their related
hardware equipment.
• It contains the computing infrastructure that IT systems require, such as servers, data
storage drives, and network equipment.
• It is the physical facility that stores any company's digital data.
Fundamental Components of Cloud
Architecture
• On-premises data centers
• Fully owned company data centers that store sensitive data and critical
applications for that company.
• You set up the data center, manage its ongoing operations, and purchase and
maintain the equipment.
• Benefits: An enterprise data center can give better security because you manage
risks internally. You can customize the data center to meet your requirements.
• Limitations: It is costly to set up your own data center and manage ongoing staffing
and running costs. You also need multiple data centers because just one can become
a single high-risk point of failure.
Fundamental Components of Cloud
Architecture
• Colocation data centers
• Colocation facilities are large data center facilities in which you can rent space to
store your servers, racks, and other computing hardware.
• The colocation center typically provides security and support infrastructure such
as cooling and network bandwidth.
• Benefits: Colocation facilities reduce ongoing maintenance costs and provide fixed
monthly costs to house your hardware. You can also geographically distribute
hardware to minimize latency and to be closer to your end users.
• Limitations: It can be challenging to source colocation facilities across the globe and
in different geographical areas you target. Costs could also add up quickly as you
expand..
Fundamental Components of Cloud
Architecture
• Cloud data centers
• In a cloud data center, you can rent both space and infrastructure.
• Cloud providers maintain large data centers with full security and compliance.
• You can access this infrastructure by using different services that give you more
flexibility in usage and payment.
• Benefits:
• A cloud data center reduces both hardware investment and the ongoing
maintenance cost of any infrastructure.
• It gives greater flexibility in terms of usage options, resource sharing, availability,
and redundancy.
Fundamental Components of Cloud
Architecture

Virtualization
• This involves the virtual representation of physical resources
such as servers or storage.
• This virtualization of resources is employed in building cloud
networks and enables the utilization of the same physical
resources by multiple applications.
• This increases the efficiency of networking, storage, and
servers throughout the establishment.
Fundamental Components of Cloud
Architecture
Infrastructure
• These include all the physical components of data centers
such as servers, storage, and networking gear such as routers
and switches, etc.
Middleware
• These are software components that enable networked
software, applications, and computers to communicate with
each other.
• Examples of middleware include databases and
communication applications.
Fundamental Components of Cloud
Architecture
Management
• These are tools that are used to continually monitor the
performance and capacity of a cloud environment.
• These tools allow the tracking, usage, integration, deployment
of new apps, and data recovery in the cloud environment, all
from one console.
Automation software
• When there are situations such as a rise in the need for
computing power or fluctuating market demands, automation
can be employed to scale up the system resources to
accommodate the spike, deploy applications, and can even be
used for proper governance in a cloud system.
• Automation of IT services lessens the workload, reduces
costs, and allows for streamlining of application delivery.
Characteristics
1. On-Demand Self-Service
• With cloud computing, you can provision computing services, like server time and
network storage, automatically. No need to interact with the service provider.
• Cloud customers can access their cloud accounts through a web self-service portal to view
their cloud services, monitor their usage, and provision and de-provision services.
2. Broad Network Access
• Access cloud services over the network and on portable devices like mobile phones,
tablets, laptops, and desktop computers.
• A public cloud uses the internet; a private cloud uses a local area network.
• Latency and bandwidth both play a major role in cloud computing and broad network
access, as they affect the quality of service.
Characteristics
3. Resource Pooling
• Multiple customers can share physical resources using a multi-tenant model.
• This model assigns and reassigns physical and virtual resources based on demand.
• Multi-tenancy allows customers to share the same applications or infrastructure while
maintaining privacy and security.
• Though customers won't know the exact location of their resources, they may be able to
specify the location at a higher level of abstraction, such as a country, state, or data center.
• Memory, processing, and bandwidth are among the resources that customers can pool.
Characteristics
4. Pay-per-use pricing
• This cloud computing characteristic shifts IT spending from Capex to Opex as providers
offer per-second billing.
• This model achieves economies of scale through reducing costs on a large scale and seeing
an increase in efficiency.
• Though this can generally be seen as a positive, IT teams must be careful since their
resource needs likely aren't static.
• VMs should be right-sized, turned off while not in use, or scaled down as conditions
dictate.
• Otherwise, organizations waste money and can end up with sticker shock when the
monthly bill arrives.
• This pricing model was once the only way to pay for cloud. However, vendors have since
added various pricing plans that provide cheaper costs in exchange for longer-term
commitments.
• This model is cost-effective since customers only pay for what they use.
Characteristics
5. Rapid Elasticity
• Cloud services can be elastically provisioned and released, sometimes automatically, so
customers can scale quickly based on demand.
• The capabilities available for provisioning are practically unlimited.
• Customers can engage with these capabilities at any time in any quantity.
• Customers can also scale cloud use, capacity, and cost without extra contracts or fees.
• With rapid elasticity, customers won’t need to buy computer hardware. Instead, can use the
cloud provider's cloud computing resources.
6. Measured Service
• In cloud systems, a metering capability optimizes resource usage at a level of abstraction
appropriate to the type of service.
• For example, you can use a measured service for storage, processing, bandwidth, and users.
• Payment is based on actual consumption by the customer via a pay-for-what-you-use model.
• Monitoring, controlling, and reporting resource use creates a transparent experience for both
consumers and providers of the service.
Characteristics
7. Resiliency and Availability
• Resilience in cloud computing refers to the ability of a service to recover quickly from any
disruption.
• Cloud resiliency is measured by how fast its servers, databases, and networks restart and
recover after any damage.
• To prevent data loss, cloud services create a copy of the stored data.
• If one server loses data for any reason, the copy version from the other server restores.
• Availability is a related key concept in cloud computing. The benefit of cloud services is that you
can access them remotely, so there are no geographic restrictions when using cloud resources.
8. Flexibility
• Companies need to scale as their business grows.
• The cloud provides customers with more freedom to scale as they please without restarting the
server.
• They can also choose from several payment options to avoid overspending on resources they
won't need.
Characteristics
9. Security
• While many enterprises balked at migrating workloads because of security fears,
those concerns have largely subsided, partly due to the benefits of the above
characteristics of cloud computing.
• Cloud vendors employ some of the best security experts in the world and are
generally better equipped to handle threats than most in-house IT teams.
• Public cloud providers follow the shared-responsibility model. They tend to the
security of the platform, and users handle their own apps that sit on top.
10. Remote Work
• Cloud computing helps users work remotely.
• Remote workers can safely and quickly access corporate data via their devices,
including laptops and smartphones.
• Employees who work remotely can also communicate with each other and
perform their jobs effectively using the cloud.
Cloud Services
Service Model
IaaS - on-demand access to cloud-hosted physical and virtual servers,
storage and networking - the backend IT infrastructure for running
applications and workloads in the cloud.
PaaS - On-demand access to a complete, ready-to-use, cloud-hosted
platform for developing, running, maintaining, and managing applications.
SaaS - On-demand access to ready-to-use, cloud-hosted application
software.
Deployment Models
• It refers to an arrangement of distinct environment variables like storage size,
ownership, and accessibility of the distribution framework.
• Cloud deployment models can be categorized based on their location and the entity
managing the infrastructure.
• Factors to be considered for choosing deployment model
• Ease of Use
• Cost
• Scalability
• Compliance
• Privacy
Public Cloud
• Benefits:
• Significant Cost Savings
• Effortless Infrastructure
• Boundless Scalability
• Cutting-Edge Technology
• Command Over Control
• Smooth Transition
• Limitations of Public Cloud
• Compromised Data Security and Privacy
• Unreliable Performance
• Usage and License Restraints
• Control Erosion
Private Cloud
• Benefits
• Data Privacy
• Security
• Supports Legacy Systems
• Full Control
• Customization
• Compliance Assurance
• Confidential Data Management
• Limitations
• Higher Cost
• Fixed Scalability
• High Maintenance.
• Access Constraints
• Enhancing Government Operations: The Role of Private Cloud in Central Ministries
Community Cloud
• Benefits
• Smaller Investment
• Setup Benefits
• Shared Infrastructure
• Security Simplified
• Flexibility
• Reliability & High Availability
• Limitations
• Shared Resources
• Not as Popular
• Data Uptake Challenges
• Cost Consideration
• The Complexity of Shared Duties
Hybrid Cloud
• Benefits
• Cost-Effectiveness
• Security
• Flexibility
• Control
• Speed.
• Limitations
• Infrastructure Complexity
• Specific Use Case
• Limited Visibility and Control
• Network Bottlenecks
• Lack of Transparency
Multi Cloud
• Benefits
• Cost Optimization
• Performance Improvement
• Reliability and availability
• Security and compliance
• Limitations
• Complexity.
• Require Specialized Skills: compatibility and Interoperability Issues
Important Factors to
Public Private Community Hybrid Multi-Cloud
Consider

Requires professional Requires professional Requires professional Complex to setup,

Setup and ease of use Easy
IT Team IT Team IT Team integrate, and use

Data Security and

Low High Very High High Low
Privacy
Scalability and
High High Fixed requirements High High
flexibility
Higher than the
Cheaper than private
Cost is distributed Hybrid model due to
Cost Effectiveness Most affordable Most expensive but more expensive
among members different cloud service
than public
providers

Reliability Low High Relatively Higher High High

Low as the service

High, provided there is Low as the service
provider exercises Very high as the user Very high if the
Data Control collaboration among provider has total
complete control over has ownership environment is right
the members control
data

Demand for in-house No need for in-house No need for in-house

No Yes No
hardware hardware hardware
Challenges
• In private systems, costs associated with operations are fixed due to licenses and
must be charged back to accounts based on some formula or usage model. For cloud
computing, the pay-as-you-go usage model allows for costs to be applied to
individual accounts directly.
• Compliance with laws and policies varies by geographical area. This requires that
the cloud accommodate multiple compliance rules.
• To ensure data privacy in the cloud, additional security methods such as private
encryption, VLANs, firewalls, and local storage of sensitive data are necessary.
• For private systems, any monitoring system the organization wishes to deploy can
be brought to tolerate. Cloud computing models often have limited monitoring
because it is vendor-defined.
Challenges
• Network bottlenecks occur when large data sets must be transferred. This is the
case for staging, replication, and other operations. On-premise operations use LANs
that are better able to accommodate transfers than the WAN connections used in
cloud computing.
• The reputation for cloud computing services for the quality of those services is
shared by tenants. An outage of the cloud provider impacts individuals. Clouds often
have higher reliability than private systems.
• Security: The different trust mechanisms require that applications be structured
differently and that operations be modified to account for these differences.
Challenges
• Cloud SLAs are standardized to appeal to the majority of its audience. Custom SLAs
that allow for multiple data sources are difficult to obtain or enforce.
• Cloud SLAs do not generally offer industry-standard chargeback rates, and
negotiations with large cloud providers can be difficult for small users.
• Business risks that aren’t covered by a cloud SLA must be taken into account.
• Software Stack: The cloud enforces standardization and lowers the ability of a
system to be customized for need.
• Enterprise class storage is under the control of an on-premise system and can
support high-speed queries. In cloud computing large data stores are possible but
they have low bandwidth connections. High-speed local storage in the cloud tends to
be expensive.
Challenges
• Vendor lock-in is a function of the particular enterprise and application in an on-
premises deployment. For cloud providers, vendor lock-in increases going from the
IaaS to SaaS to PaaS model. Vendor lock-in for a cloud computing solution in a PaaS
model is very high.
Measuring Cloud Computing Cost
• The cost of a cloud computing deployment is roughly estimated to be
CostCLOUD = Σ(UnitCostCLOUD x (Revenue – CostCLOUD ))
• where the unit cost is usually defined as the cost of a machine instance per hour or
another resource.
• Depending upon the deployment type, other resources add additional unit costs:
storage quantity consumed, number of transactions, incoming or outgoing amounts
of data, and so forth.
• Different cloud providers charge different amounts for these resources, some
resources are free for one provider and charged for another, and there are almost
always variable charges based on resource sizing.
• Cloud resource pricing doesn’t always scale linearly based on performance.
Measuring Cloud Computing Cost
• To compare your cost-benefit with a private cloud, you will want to compare the value you
determine in the equation above with the same calculation:
CostDATACENTER = Σ(UnitCostDATACENTER x (Revenue – (CostDATACENTER /Utilization))
• The additional term for Utilization added as a divisor to the term for CostDATACENTER .
• This term appears because it is assumed that a private cloud has a capacity that can’t be
captured, and it is further assumed that a private cloud doesn’t employ the same level of
virtualization or pooling of resources that a cloud computing provider can achieve.
• Indeed, no system can work at 100 percent utilization because queuing theory states that as
the system approaches 100 percent, the latency and response times go to infinity.
• Typical efficiencies in datacenters are between 60 and 85 percent.
• It is also further assumed that the datacenter is operating under averaged loads (not at peak
capacity) and that the capacity of the data center is fixed by the assets it has.
Measuring Cloud Computing Cost
• There is another interesting aspect to the calculated costs associated with CostCLOUD vs. CostDATACENTER:
The costs associated with resources in the cloud computing model CostCLOUD can be unbundled to a
greater extent than the costs associated with CostDATACENTER .
• The CostDATACENTER consists of the summation of the cost of each of the individual systems with all the
associated resources, as follows:
Cost DATACENTER = 1 nΣ(UnitCostDATACENTER x (Revenue – (CostDATACENTER /Utilization))SYSTEMn,
• where the sum includes terms for System 1, System 2, System 3, and so on.
• The costs of a system in a data center must also include the overhead associated with power, cooling,
and the physical plant.
• Estimates of these additional overheads indicate that over the lifetime of a system, overhead roughly
doubles the cost of any system.
• For a server with a four-year life time, you would therefore need to include an overhead roughly equal
to 25 percent of the system’s acquisition cost.
• The overhead associated with IT staff is also a major cost, but it’s highly variable from the organization
to organization. It is not uncommon for the burden cost of a system in a data center to be 150 percent of
the cost of the system itself
Measuring Cloud Computing Cost
• The costs associated with the cloud model are calculated rather differently.
• Each resource has its own specific cost and many resources can be provisioned
independently of one another.
• In theory, therefore, the CostCLOUD is better represented by the equation:
Cost CLOUD = 1nΣ(UnitCostCLOUD x (Revenue – CostCLOUD ))INSTANCEn +
1nΣ(UnitCostCLOUD x (Revenue – CostCLOUD)) STORAGE_UNITn +.
1nΣ(UnitCostCLOUD x (Revenue – CostCLOUD)) NETWORK_UNITn + …
• In practice, cloud providers offer packages of machine instances with a fixed relationship
between a machine instances, memory allocation (RAM), and network bandwidth.
• Storage and transactions are unbundled and variable.
Measuring Cloud Computing Cost
• Many cloud computing providers have created their own cost calculators to support their
customers.
• Amazon lets you create a simulated billing based on the machine instances, storage,
transactions, and other resources that you provision.
• An example is the Amazon Simple Monthly Calculator
(http://calculator.s3.amazonaws.com/calc5.html)
• You can find similar calculators elsewhere or download a spreadsheet with the calculations
built into it from the various sites.