Cloud Computing

For case study 1

Ans1:

The cloud model that has been proposed by the public cloud vendor is in best interests of the

business. The cloud model is proposed for an organization which deals with a data centre

comprising of 64 bit servers running for desktop services, database and file servers. The

organisation now plans to provide the application to around 500 support staff and

administrative users. The cloud model is proposed for 200TB of data and will be used to store

confidential information. The public cloud vendor proposes a cloud model for the

organisation claiming to reduce the operational costs if the cloud model is adapted. Adapting

Infrastructure as a Service (IaaS) cloud model into the organization will definitely help the

organization in adapting to new dimensions of effectiveness, adaptability, and cost investment

funds – especially in the region of redistributed facilitating. Cloud computing is an another

way to deal with the IT framework and a legitimate advance on a way to increasingly

proficient utilization of computing resources and standards. Using cloud computing and its

models in the IT infrastructures and the organisation can initiate cost saving within the

organisation. Regardless of what sort or size the organisation is, by moving to distributed

computing or cloud computing models the organisations can spare generous capital expenses

through a decrease in spending on hardware, framework, and programming. Opting the cloud

model proposed by the public cloud vendor the charity organisation will be able to lease extra

preparing control over the Internet without utilizing dollars on machines as servers. As

opposed to spending enormous cash on equipment, programming or permitting and

recharging charges the organisation will be benefited by opting the cloud model as it will

decrease down both capital and working expenses by utilizing the assets of your services

provided by the Cloud vendor or the specialist. As the organisation also needs to store and

exchange confidential information within the administrative users and the client, the security
is also a must. While adapting the cloud computing models, the cloud service providers

always stick to high-security principles to improve information security by following a

layered methodology that incorporates information encryption, key administration, solid

access controls, and security knowledge and more. Other features that will be beneficial for

the organisation will be features such as high scalability, efficiency, easy access and

continuity.

Ans2. Risk Management Assessment

The business impact analysis for the charity organisation includes prediction of the

consequences of the disturbances and interrupts in the functioning of the charity organisation

after adapting the cloud model in the organisation. The business impact analysis for the

charity organisation involve important predictions that can cause disturbances such as, loss of

governance, isolation failure, frauds, comprises of management interfaces and more. Loss of

administration is a key worry for the selection of distributed computing. Since the

management, capacity and storage, and calculation capacities are redistributed to an outsider

that acts as cloud provider. Isolation Failure is most pertinent for open clouds and less

applicable for private clouds. As open clouds hold information of different occupants, they

are a decent focus for different malicious activities. Thus this causes a major impact on the

business as malicious activities from outsides can cause system failure and thus

unavailability. Further, insider fraud is considered a threat and most happening cases while

adapting cloud. Copies of data can be created, stored and modified, further leading to data

confidentiality and integrity loss. While conducting the business impact analysis, it has also

been concluded that information security is also a major aspect that is affected if there is any

failure in the cloud system. Once an insider gains access to user’s or organisations cloud

credentials, the attacker can target the services as well as try to gain access to the

organisation’s assets. Hence cloud computing and its models can sometimes act as breach to
information security. Stored data can be easily lost due to varied reasons such as malicious

attacks, disasters, cloud service provider and more.

The controls that can be applied to the cloud computing services and the organisation may

include educating the employees and involving the entire company in the cloud services,

creating a secure data backup plan, limiting access to data, in cooperating correct password

and encryption schemes and establishment of cloud governance policies. The provider

options are available as on demand. The provider’s options include more data storage spaces,

security enhancements and more, all these services are provided by the service provided as

demanded by the customer or organisations.

Ans3. Information Security Analysis

The security concepts such as authorization, authentication, confidentiality, integrity, non-

repudiation, and availability are adequate for the IaaS cloud model that is proposed for the

charity organisation. The charity organisation can rely on the security concepts that will be

applied to the cloud model and can proceed with opting the IaaS model for the charity

organisation.

1.Identification and Authentication: The cloud users are to be granted with permissions and

locks based on the access that is needed to be provided to the administrative staff.

Identification and Authentication concept will work on targeting, verifying and validating

whether the person accessing the cloud is an authentic and identified source or not. This

concept helps the cloud with restricting data access to users who are not provided with

permissions to access the data, thus maintain the security of the data stored in cloud.

2.Authorization: Authorization is about providing controls and privileges of accessing the

data that is stored over the cloud. Authorization is the concept that is dealt by the cloud

service provider.
3.Confidentiality: Confidentiality has a noteworthy impact particularly in keeping up power

over associations' information arranged over different conveyed databases. Confidentiality of

data while applying cloud models ensures data protection and even the user’s protection. The

data in the cloud systems can be accessed virtually by any user, thus confidentiality ensures

protection of data and preventing it from being used accessed by unauthorised users.

4.Integrity: Integrity in cloud models require applying the ACID properties (Atomicity,

Consistency, Isolation and Durability). Integrity restricts un privileged users from accessing

and further making modification to the data. The correctness of the data is always maintained

while working with integrity concept.

5.Non-Repudiation: It is achieved by applying the conventional online business security

conventions and token provisioning to information transmission inside cloud applications, for

example, computerized marks, timestamps and affirmation receipts administrations.

6.Availability: The availability concept in cloud computing environment ensures providing

correct data at demanded time to the authorised and authentic users. The concept deals with

providing appropriate data to the users who have right permissions and privileges to access

the data.

The charity organisation is willing to opt the IaaS Cloud Infrastructure. As the organisation

wants to provide access to 500 support and administrative staff, also keeping in mind the

security concerns related to the data, the security concepts that are discussed above are

adequate and can be used to meet all the requirements of the charity organisation.

Ans4. Governance Issues

Apart from issues such as costs, operational readiness, improved access of data for customer

and staff, there are many other governance issues that may persist in the organisation. Loss of

governance is a key worry for the reception of distributed computing. Since the executives

and calculation capacities are redistributed to an outsider, data administration turns out to be
significant. Capability Bandwidth is one of the issue that may persist during cloud migration.

Capability bandwidth is basically shuffling of person’s skills. It is basically a complete

change for the people working in the organisation. New technologies demand trainings,

involvement of the employees, change in working strategy of the employees in the

organisation and delays in the organisation. The greatest concern when moving their

information to the cloud. This is on the grounds that associations are as yet reluctant to hand

over their secret information to the outside supplier, despite the fact that the cloud condition

is completely verified. In case of any mishappening with the cloud service provider, it is very

difficult to switch to the next cloud service provide as it affects the business and working of

the organisation such as, data risks and data management. One of the greatest concern when

moving the information to the cloud is on the grounds that associations are as yet reluctant to

hand over their confidential information to the outsider supplier, despite the fact that the

cloud condition is completely verified. Other issue that is identified is, as the business turns

out to be increasingly reliant on distributed computing, the mechanical foundation of its

workspace is of most extreme significance. Before assessing new programming and software

strategies, proprietors ought to think about whether their structure is prepared for it. Other

than these there are many more issues related to governance such as implementation of new

data policies and adapting them, audits and also business continuity.

Ans5. Assessing the SLA

Assessing the SLA may include methods such as initially identifying the cloud actors which

is basically determining who all are the users involved in using the cloud services, such as,

cloud consumer, provider, broker, carrier and auditor. The next step will be evaluating the

business level policies which includes evaluation of the policies that are mentioned in the

SLA and reviewing features such as data prevention, redundancy, location and privacy

concerns. Reviewing the business level policies of SLA is also an important step that is to be
conducted while assessing the SLA, this step involves reviewing guarantees, the rundown of

administrations not secured, abundance use, instalment and punishment strategies,

subcontracted administrations, authorized programming, and industry explicit gauges.

The next step will be understanding all the types of cloud infrastructures such as SaaS, PaaS

and IaaS so that proper requirements can be met. It is to comprehend what SaaS, PaaS, and

IaaS are about and which kind of cloud it is running on private, public or hybrid. One of the

most important step is to keep a check on the services that are to be provided by the cloud

service providers such as: Availability, the cloud services should be available 365*24*7,

performance and efficiency, security, encryption techniques and privacy of the data over the

cloud, disaster recovery plans, portability of the data, cost of the services that are being

provided by the cloud provider, cloud management such as location of the data stored,

modification and updating location, updates on new cloud services and more. Other step may

involve, considering the security requirements of the charity organisation and comparing

them with what is provided by the service provider, this may include checking legal

requirements of the company. And the final step may involve checking the SLA policies

corresponding to the security, recovery and backup.

Ans6. AWS cloud

As the organisation is planning to shift to AWS cloud services, there are various steps that

will be involved while migration. The steps include:

1.Assessing Applications and Workloads: The initial step towards migration is to check on

all the requirements of the organisation, such as the charity organisation wants to provide

application access to 500 support staff and administrative users, managing 200TB of data,

maintaining confidentiality of the information as the organisation has a huge amount of data

that requires confidentiality. The step should also involve reviewing the workloads in the

organisation, business consideration, application architectures and data technology and

further choosing a cloud service plan keeping the organisation’s requirements in

consideration.

2. Develop Business Case: The next step is to reviewing the previous business in the

organisation and performing analysis on the basis of costs, business and SLA. Considering all

the requirements of the business in the organisation, and according to the usage and the

business requirement the cloud services are to be provided from the AWS cloud service

provider.

3. Develop Technical Approach: According to the demanded cloud service, type of cloud

model, a new infrastructure is to be inaugurated in the organisations. Other technical

approach may include, the new architecture, security management considerations,

programming using different languages, switching to different networks and new software

and database implementation.

4. Create Flexible Integration Model: Distributed computing empowers changes for joining

stages that can make both business and IT slenderer, less exorbitant, progressively light-

footed, and increasingly skilled. Creating flexible integration model requires designing of

process models, presentation models and also data models.

5.Address security and privacy issues: While moving towards cloud infrastructure models,

addressing the security and privacy issues in the organisation is also important. It will further

help the organisation with proposing a perfect security demand to the cloud service provider.

Addressing the security and privacy concerns regarding the data in the organisation and how

confidential the data is can help in applying and demanding tight security processes from the

cloud vendor ensuring safety and confidentiality of the data.

6. Managing the migration: This is the last step in adaption of AWS cloud and moving on

towards the cloud model for data storage in the organisation. This stage is finally migrating
all the data and applications to the cloud infrastructure considering factors such as security,

reliability and also operational costs.

Ans7. SLA for cloud

A cloud SLA (cloud organization level comprehension) is a comprehension between a cloud

pro community and a customer that ensures a base component of the organization is kept up.

It guarantees measurements of steadfast quality, availability, and responsiveness to systems

and applications, while similarly figuring out who will oversee when there is an organization

impedance. The assessment of the SLA for cloud service involves, understanding of the

people involved in the cloud such as cloud providers, broker, carrier and who is using the

cloud services. Further evaluating the business policies that are to be applied while opting for

cloud services. The next point that is to be included in the assessment of the SLA is

understanding about all types of cloud services prior to opting for one. Prior information,

research and analysis of the cloud models will further help in choosing an appropriate cloud

model for the organisation. Further evaluating security and privacy requirements and also the

service management requirements of the organisation will help in assessing the SLA.

Preparation for failure and methods to recover from failures. Analysis of the data recovery

plan and also determining the exit process are major points that are to be considered while

assessing SLA.

For Case Study 2

Ans1: Business Plan for migrating infrastructure and services to cloud

The steps that are to be necessarily taken in moving the services and infrastructure of

Regional Garden Limited company are as follows:

1.Determine the reason for moving to cloud: Rethinking of the suggestion made by a

consulting company, the company plans to use Office 365 as a SaaS service for office

productivity and emails. A suggestion is also made according to which company’s garden
design software could be run as PaaS service for internal users. First step is to determine why

the organisation wants to move towards using cloud.

2.SWOT analysis: A SWOT analysis is to be performed to predict the strengths, weakness,

opportunities and Threats of using the cloud model and environment.

3.Assess the business environment: The organisation have to survey the current IT

foundation, the applications and software the organisation use, the assets, cost, and different

subtleties. This will enable the organisation to settle on choices later during the time spent

moving to the cloud.

4.Cloud Environment Needed: The next step that the organisation has to take is to distinguish

is the cloud condition which will enable you to accomplish your objectives. The primary

choice you have to make is what sort of cloud is appropriate for your applications.

5.Cloud Provider Selection: After the company has recognized the architecture, the company

now have to choose the cloud supplier that will address these issues. Select a supplier which

meets the engineering needs and furthermore remains nearby to the goals the company needs

to accomplish.

6.Plan the migration

7.Execute the plan: Execute the final migration plan in collaboration with the cloud provider.

Ans2. Private Cloud

The steps that will be required to create a public cloud for the organisation are:

1.Analyse the requirements of cloud in the organisation: Before establishing the specialized

framework on which private cloud will be fabricated, cautiously characterize what are the

objectives of the organisation based on technical and organisational standards.

2.Understanding workloads and services of the company: Documentation is critical as

without it, it's hard to unravel connections among frameworks or monitor administration level

understandings, all of which make a group powerless to false suppositions.

3.Following path of virtualisation: Clear information and knowledge about the concepts of

virtualisation and clearing the misconceptions such as private clouds are totally based on

virtualisation. Also clearing the concepts of central storage related to virtualisation and

private cloud.

4. Standardizations: Standardizations are necessary for operating systems and building

servers. It also helps the organisation make suppositions about areas of documents, sizes of

record frameworks and verification systems. In view of those suspicions, you can content the

establishment of utilization programming and middleware, for example, web servers,

application servers, and firewall rules.

Ans3. Critical point in migrating to IaaS

There are many critical factors other than cost that the company needs to consider when

migrating from a local hosted infrastructure to IaaS cloud model. The points to be considered

are:

1.Data Security: On the chances that the application stores and recovers extremely delicate

information in the organisation, the data security and integrity won’t be probably maintained

up in the cloud. There are also many factors that limit one’s choices while using the cloud

infrastructure and model.

2.Technology Changes: The applications, software and technologies that are used in the

organisation prior to migrating into cloud cannot be further deployed in the organisation.

There is a total change of all the technologies, software and also the infrastructure.

3.Operational Changes: A few activities and operations may experience the ill effects of

included idleness when utilizing cloud applications over the web. On the off chance that the

hardware used in the organisation is constrained by another person, one may lose some

straightforwardness and control when investigating execution issues.

4. Vendor lock-in: Once the organisation starts using the cloud services and infrastructure, it

is really difficult or rather impossible for the organisation to back out prior from the vendor

lock in period.

Ans4. Benefits and Drawbacks

Public Clouds are likewise structured as evident in multi-inhabitant situations. This enables

an immense number of clients to share a supplier's processing assets, which additionally

makes open cloud benefits very cost-proficient for clients. Specialists concur that the expense

of an open cloud is ordinarily far lower than a conventional server farm and private cloud in

light of the fact that there is no capital cost. There is likewise more noteworthy adaptability

for clients since associations pay just for the processing assets that the client actually uses.

Security, dependability and administrative consistence remain the foremost worries with open

mists. The idea of multi-tenure backings solid financial aspects by permitting high usage.

There is diligent worry about potential vulnerabilities or assaults that may be utilized to

misuse the hypervisor and affect other clients' sessions. In spite of the fact that there have

been no reports of fruitful assaults, it remains a genuine purpose of dispute for clients

thinking about public clouds.

Ans5. Requirements for:

Remote Administration: The requirements for remote administration is cloud resource

administrator, a cloud resource administrator utilizes the administrative portal to arrange an

effectively rented virtual server to set it up for facilitating. Other requirements of remote

administration include usage and administrative portal, self-service portal, cloud services and

also remote administration system.

Resource Management: The requirements for the resource management are VIM platform

and VM (Virtual machine) image repository. A VIM is basically a business item that can be

utilized to deal with a scope of virtual IT assets over numerous physical servers.
SLA Management: The SLA management system speaks to a scope of economically

accessible cloud the board items that give highlights relating to the organization,

accumulation, stockpiling, revealing, and runtime warning of SLA information. The

requirements for SLA management are cloud resources, usage and administration portal,

remote administration system, SLA manager and also quality of service measurements

repository.

Billing management: The billing management framework takes into account the meaning of

diverse estimating arrangements, just as custom evaluating model on per purchaser or per IT

asset premise. The requirements of Billing management are pricing and contract manager and

pay per user measurement repository.