Notes

hello so welcome to our next lecture on cloud computing today we will continue some of ourdiscussion on ah on cloud architecture and specially see some aspects of a cloud takenis cloud like one of the aspects is virtualization right so as if we if we look at remember thatare there lectures we are discussing on different type of a service models and also we havedifferent type of deployment models in cloud namely public private hybrid and ah communitycloud different aspects and all all sort of services can be hosted in different type ofdeployment models rightso in case of a public cloud ah the as the name suggests it is available for public atlarge so it is it is ah you anyone can purchase that and it is somewhat omnipresent acrossthe internet right some of the very popular examples are ah google app engine microsoftazure ibm cloud amazon ec two and many others right many many others clouds are there rightso what happened that we have this public cloud and enterprise or individual can subscribethis public cloud right subscribe this public cloud over the internet and can have thatah its services over this in so the cloud infrastructure is provisioned for open useby general public ah organization enterprises and anyone who can pay and use the thingsthere are definitely some ah legal policies we need to be conformed too so it may be ownedmanaged and operated by a business academics government organization or some combinationof them right it exists in the premise of the cloud providerso typically the physically the public cloud is at the csps premise or premises right sothat means ah that means ah whatever the computing infrastructure storage infrastructure andother type of things are there those are residing in the csps ah of the cloud providers premisesnot at the ah private or not at the users premises so that is one one aspects of thething and ah in public in public setting providers computing and storage resources are potentiallylarge right so it it is serving to all communication links can be assumed to be implemented overpublic internet services and the cloud service serves a diverse pool of client and may beout of them do not all faithful clients there can be some attackers hackers etcetera eceteraso it is it is open to anybody who can subscribe a typically it can have a service providerand you can ah there can be different type of users at the things right so what are thetypical features workload locations are hidden from the cloud one one of the clients thatis one of the ah major thing like you dont know where the where your virtual machineis you dont know where the where your actually the data is residing which server which locationand with whom it is residing so it is it is all are hidden so as for as as if you youare not very stringent on the legal and policy matter about the security and other aspectsthough it is fine that you dont care so long your services are there there are risk frommulti tenancy that means your logically or or it may be ah theoretically always possiblethat you are computing your storage where it is residing somebody elses things are therenow if it is your somebody ah with some organization or some person who is who is not very faithfulor we are not very comfortable so that two things two some two different user can resideah can work on the same thingsso in other sense there is a risk there is this what we say multi tenancy and there arerisks of multi tenancy because i i dont know that where things are there where there thoughwhether there is a underlining channel to access my data services and other type ofthings so there is a risk of ah multi tenancyso single machine can be shared by workloads by any combination of subscriber subscriberworkload maybe co resident with the workload of the competitor or adversaries right inah so it introduce both reliability and security risk so organization considering use of onsitepublic cloud should consider network dependency right so whenever suppose iit kharagpur thingsthat all is ah all is ah or some of his labs will be running on public cloud so that sothat ah our overall maintaining and etcetera reduces cost of maintenance or overall loadon maintenance etcetera reducesnow there one first dependency is the network so it will be always available the networkconnectivity should be always available up to a mark so there is one dependency thereare limited visibility and control over the data regarding the security so i has we arementioning that i have limited visibility of the ah data i dont where the data is andhow it is secured only thing what i have is a some sort of a sla or some sort of a moubetween the provider and provider and me that this data is secured and so and so forthso there is a issue of elasticity or illusion of unlimited resource availability right soah this is when you use public cloud this is pretty fine because i theoretically i haveinfinite amount of elasticity like if i have i if i need more computing power it will beprovision if i one more other storage things it will be provisions when i dont requirei releases it or de provision it so those things are feasible so theoretically infiniteah scaling up scaling down is possible another important thing is the low upfrontcost to ah migrate into the cloud right so if you want to make a private cloud of yourown then you have to purchase the thing make provision where it will be housed installsoftware and etcetera run it test it there are issues of maintenance so and so here theup front there is no there is very low up front cost you pay and use it restrictivedefault service service level agreements so there is a now whenever we purchase somethingthere is a somewhere other we need to confirm to the ah that standard or what we say coatuncoat restrictive service level agreements between the provider and the consumerso most of the cases we need to follow the terms and condition ah provided the provideah like whatever is given by the provider unless you do for a large scale deploymentwhere you negotiate at special rate with special sla and type of things right but normallyfor a small institution and public at large we need to confirm to the whatever is beingprovidedso totally other means the other aspects of the form the public is the private so youhave your own cloud and you have all your resources which can be ah working on it rightso the cloud infrastructure is provision for exclusive use of a single organization comprisinga multiple consumers or business units like a same organization say iit kgp private cloudmy catering all the things which in the iit departments etcetera may be owned managedand operated by the organization or it can be outsourced by a third party managing resourcesout here but it is in your premises under your jurisdiction under your network controland type of things and it may exist on or off premises also rightso that there are usually on premises or i can say i have a private things or what wesay outsource private cloud ah where i can at the off premises but never the less itis jurisdiction or my policy stipulated rules or the organization rules which driven sothere are some of the open source and other public cloud one is that eucalyptus prettypopular there are open stack ubuntu enterprise cloud amazon epc virtual private cloud vmwarecloud infrastructures suite microsoft eci data centers and so on and so forthso there are several things which gives private cloud into the thing so contrary to popularbelief private cloud may exist off premises and can be managed by third party so i i ahnot only means take the responsibility or i basically i want to maintain the controlover the whole thing but i basically may ah off premise or i installed out with the helpof a third party to a separate thing also right there is two private cloud scenariosone is on site private cloud which is which is the de facto or which is immediately cometo which comes to our mind when we are talking about anything which is private applies toprivate clouds implemented as the customers premisesanother is the outsource private cloud like i have a private chunk of the things whichis outside outsource out of my premises but never the less it is private to me right soapplies to private cloud where the server side is outsource to the hosting company whereverits it is there so in case of on site private cloud the security perimeter extends aroundboth the subscriber on site resources and private cloud resources so i your securityperimeter or your ah legal control is basically have the encompass the private cloud rightsecurity perimeter does not guarantee control over private cloud resources but the subscribercan exercise control over the other resources over the resources like so that it it itsa incase of onsite like whatever the private cloud it is there i can have a overall controlover the whole resources of the private cloudso there are some issues characteristics pros and cons of the maintaining on site privatecloud one is the network dependency on site private right subscriber so it is dependencyon the on your internet network should be here subscriber still needs a it skill i imy organization is meeting my own cloud or the organization meeting own cloud so thereshould be some sort of a skill to maintain that workload location are hidden from theah client ah even if my clients are different differ in my subunits that also this is hiddenfrom the client like even ah if if it is within the premises or ah on site private cloud thatactually infrastructure is hidden from the cloud where client is my own organizationthings or or my own clients are on the other side risk from multi tenancy again the sameissues of within things also come into play data import export and performance limitationthere can be issues of data import export because there are lot of data which will begoing out and going downso that on demand bulk data import export is limited on onsite private clouds networkcapacity or real time critical processing maybe problematic because of network limitationpotentially strong security from external threats usually if it is a private withinyour network boundary all your network other features come into play like as i was mentioningin some of my in one of my earlier lecture that iit kharagpur has has installed or hasdeveloped a private cloud for its research purpose what is meghamala but it is withinmy network premise so what whatever the network security parameters or features are therefor iit kharagpur is also applied for this infrastructureso what what happens that it has a potentially strong security features significant to highupfront cost to migrate into the cloud so that is another issue right whenever you havea private cloud so there is a significant cost in installing maintaining and there ismay be a significant cost in migrating the whole thing into the private cloud your ownsay there is a limited resources all if you have your thing that anything you want toaugment you need to purchase install not only that even to need to properly interoperatewith the existing things right so in doing so you have ah a times you havea limited resources like ah suddenly i can go up or down on the resources so as onsiteprivate cloud any specific time has a fixed computing and storage capacity that can besized to corresponding correspond to the anticipated work loads and cost so what we do wheneveri i install a private cloud so i i have a estimate of the things like storage computingetcetera and then keeps some provision like of it is a buying that the staff at x amounti or i install one point five but ah that is the thing that i am limited to that x onepoint five x amount of the thingso there is another variant of the things i keep this as private but i ah outsourceit so that maintaining installing etcetera i dont ah means organization dont take carebut it is outsource it so outsource without source outsource private cloud has two securityperimeters one implemented by the cloud subscriber whoever is there on the right and the implementedby the provider so one this is a perimeter so what is happening it has a some sort ofa channel which which connects this to this private cloud which is outsource in some otherpremises right or maybe a subset of a cloud service provider rightso i have a channel which hooks into the things but the whole staff at that end is a privateto me right so ah the security of data and processing conducted on the outsource privatecloud depends on the strength and availability of both security perimeters and of the protectedcommunication so what we require that my infrastructure to be secured at the external things anotherthe channel where by the network channel or the network communication link which i talkwhich over which i communicate or over which my organization communicate with the cloudshould be secured in a in up to a particular level at up to a particular level or expectedlevelso there are again some consideration pros and cons of using outsource private cloudone is network dependency ah that again i am dependent on how things will be connectedworkload location are hidden from the client again those type of issues it is from multitenancy the where i am hosting my private cloud other people may be hosting also theprivate cloud so data import export and performance limitation same thing exist potentially strongsecurity from external threat because of you have still have a private ah things it isnot fully public and not all people are jumping on your cloud but never the less you are maybesharing some infrastructure may be more thereat at the much more ah lower level at the highestlevel and so onbut at the higher level you are not a allowing anybody to enter into the things modest tosignificant up front costs to mitigate clouds so those are same as whatever we are havingat the things and most of the cases you need to negotiate in terms sla with the providerwho is providing your or the third party who is provide you this cloud extensive resourceavailability is maybe an advantage because this is not limited i am taking a chance soi request for increase it may it is very much possible to increase at the other end providedthe ah provider is not out of resources usually they have lot of resource at their backbonethe so one side is private one side is public another typical type of cloud is communitycloud right so it basically tries to as we have discussed it basically tries to servea particular community per say it is usually can operate in a public or private both andit basically cater to a particular community which has a some some what same domain ofoperation or same focus of of ah interoperating rightso cloud infrastructure is provision for a exclusive use of a specific community of consumerfrom organization that are shared concerned that means they have a light minded concernthat is there can be same missions security requirement policy compliance considerationetcetera it may be owned managed operated by one or more organization in the communityso a third party or some combination of that it may exist on or off premises ok so it canbe a on premises off premises there are several ah community cloud and which are being providedby different service providerso there are there can be one thing that like there are several abc organization there xy z organization and there can they can form different set of combinations like abc xyzcan be one community a with x y can be another community and so and so forth so there ispossibility of bringing things together there is also possibility that i a community canbe can be existing as some point of time at the some other point of time it may not existingi may be a organization can be more than one community of the things like ah like our dayto day life i may be a part of my office group also i am part of my say residential ah communityrightso there can be different policies and etcetera things are there and but it is the the primaryobjective is that there are like or same type of concerned or same type of workflow it mayso happened that this community ah making them in a single community will help in productivityright so ah there are again lot of characteristics pros and cons etcetera the the participantorganization are connected by a links between the boundary controllers and allow accessthrough their security parameters like whatever the firewall policies or that type of boundarypolicies are there access policy of a community cloud may be a pretty complex because youcan have number of community so at way what way access which you dont access whether thereis a leakage of information i get some information someone community pass it to the other communityso these need to be properly restrictedso policy specification techniques like role based access control attribute based accesscontrol are there like based on my role i access some data right and like other formof deployment models here also we have network dependency subscriber still need some it skillsbecause he need it need to maintain with ah different community thingsworkload location are hidden from the client again data import export performance limitationsthere are issues on that like how between the community ah things etcetera whether thedata or within the community when multiple subscriber come in to play that how thingswill be there and number of cases this communities can be loosely coupled so that things becomesmore critical to manage potentially strong security from the external thing because stillyou are in the one community so that you have a better resistance to the external threatsbased on your community policies along with your own policyhigh variable up front costs to migrate to the cloud so there is a as as we have seenin case of a truly private cloud there is a high variable upfront cost to the migrateof the migration to the cloud because it is not publicly available so you need to createthe things and there can be different sort of ah things like there are three organizationsforming a community with a some boundary controller where with a private subscriber and thoseissues come into play community cloud can be on the premises or we the community cloudcan be ah out of means premises that means the community cloud can be ah out source aswe have seen that in case of a private cloudso once we outsource the network dependency workload location are not known or hiddenfrom the clients risk from multi tenancy data import export and performance limitation issuesthis will come into play potentially strong security from external threats as we havementioned that is still you are on the community modest to significant upfront cost if it isoutsource there are lot of loads are ah taken up by the outsource this is in organizationso there is a there is a chance that the overall loading maybe overall ah upfront cost willbe much less than if you are maintaining in premises and theoretically if you are outsourcingextensive resource ah availability are possible so ah apart from this as we can theoreticallysee or practically see that i can have a cloud which is combination of all those things rightso i can have private public community things specially with the public private cloud ican have a cloud which is combination of such ah more than one type of deployment modelsthe cloud infrastructure is a composition of two more distinct cloud infrastructureprivate community or publicso i have three type of things and then i have i i want to realize a cloud which hasa combination of a these three things why this is important first of all its all alldepends that what sort of ah uses pattern i am having like some of the uses patternwhat i am having is more critical or more vulnerable to security threats that i wantto keep as a more private right i dont want to i have a appropriate network ah boundaryor network perimeter security to be implemented on the things there are some of the resourceswhich may not be i dont i may not want those to be so much secure or i dont care aboutall those security of the all those things and that can be made some of the things publiclike if i say if there are practice sessions for ah say computing labs for students sothe level of security is much less than the when i am keeping say student records or studentsexamination things etcetera right so though same type of operations may be there but onei could have ah gone away with and an outsource this and gone to the public cloud to do itall right and where as the other one ah even it is economical i want to keep those as myprivate things now i I can have a private combinations right as number of cases whatsometimes it happens that you do something with the private and you require some resourcesto be provisioned due to sudden increase of the things then suddenly in a private cloudincreasing the resource provisioning or purchasing etcetera is a long process so you purchasethe thing on a public cloud from a from a for a short period of time so long your processis an place and this goes to the thingsso the infrastructure community that remains unique entities but are bounded together ina standardize or proprietary technology enables data and application to be portable this isimportant so portability not only with respect to data whenever i have this private publiccommunity all together or a combination of two or more together then there are the issueof intra operative come into play like the data which is working fine here when i takesome application from the other whether we still workout the thingsso the both data and at times the applications suppose your application was running on aprivate cloud with some resources now you provision a vm which basically goes to thepublic domain now the type of applications whether the application wants need to be resizedor there are portability issues of the applications need to be looked into so exam there are examplesof hybrid cloud some of the popular windows azure capable of hybrid cloud vmware v cloudthere are capability of hybrid cloud and as i have mentioning that there are several ahother providers which which helps us in which provide this type of thingsso the hybrid cloud is composed of two or more private public etcetera they have a significantvariation in performance reliability security property depending upon the type of cloudchosen to build a hybrid right if it is a if it is a community cloud or public and etceterait will there will be difference in the performance different in the security features etceteraso a hybrid cloud can be extremely complex that is one one of the major things like supposeyour ah suppose your ah a particular application is going on and need to run over over a combinationof public and private cloud then the overall ah underlining architecture maybe very complexso that your application runs seamlessly over the things so at times this private cloudscan be extremely complex a hybrid cloud may change over time with constituent clouds joiningor leaving there is another another another big factor so what we are what we are tryingthat ah it may so happened that you bind a hybrid cloud with your own private cloud andtwo other public clouds right so now what now it may so change that someof the public cloud may go may wants to disconnect base based on your terms and conditions andsubscription ends they dont want to again resubscribe and they have a different pricingmodel even some of the thing may go red right there the organization the cloud may not bethere so in that case your you need to there can be joining leaving and joining of newthings or sometimes you may require more resources so you add some more ah public or communitycloud into the things all this becomes extremely complex phenomena to handle right so thatmeans over time ah the constituent clouds may leave or joined and making the whole processpretty complex rightso now ah what should i choose right what should my should be my deployment model isanother ah big question right it all it totally depends on on your requirement like if i havea small organization or individuals my public cloud may be a good solution so long my businessis not going up front on the ah something which compiles me to go to the to a own privatecloud there are other constant like i I do business for somebody else right i I havesome other subscriber base or client base now this client may be interned looking fora things like suppose i have a storage provider data storage providernow i may either i have a all this storages on my premises or i outsource this resourcesor provision this resources from other other public clouds now it may be so happened thatthe the my clients which may be something miss and critical clients like may be a financialsector or defense sector they want that no no no it it cannot happen you need to haveyour own thing so it all depends that how what should be my way of looking at it righti can have a combination as we have talking about hybrid i can have a combination of privatepublic and so forth based on my requirement or whether i can classify my application intodifferent things my data my applications into different categories and then i say that thisbunch can go to the private this bunch can go to the public this can go to the communityand type of thingsso managing all those things is a another big challenge or ah for the organization orinstitution to handle that so ah with this we will we close this lecture and we willcontinue our lecture on ah other aspects of cloud computing ah in the subsequent talksthank you