See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/337224711

Cloud Infrastructure And Services

Thesis · November 2019

DOI: 10.13140/RG.2.2.10148.83849

CITATIONS READS
0 992

1 author:

Alfred Tan Yik Ern

Asia Pacific University of Technology and Innovation
29 PUBLICATIONS   1 CITATION   

SEE PROFILE

All content following this page was uploaded by Alfred Tan Yik Ern on 13 November 2019.

The user has requested enhancement of the downloaded file.

CT097-3-3-CSVC UC3F1906IT(ISS)

GROUP ASSIGNMENT

TECHNOLOGY PARK MALAYSIA

CT097-3-3-CSVC

CLOUD INFRASTRUCTURE AND SERVICES

UC3F1906IT(ISS)

HAND OUT DATE: 8th JULY 2019

HAND IN DATE: 23rd SEPTEMBER 2019

WEIGHTAGE: 50%

LECTURER: SHOUNAK GHOSH

GROUP MEMBERS:

NAME: TP NUMBER:

GUO JUN HAO TP046636

CHEA YAN SHAW TP045215

TAN YIK ERN TP046566

1
CT097-3-3-CSVC UC3F1906IT(ISS)

Table of Contents
Executive Summary ....................................................................................................................................................... 4
General Assumptions ..................................................................................................................................................... 5
Gantt Chart ....................................................................................................................................................................6
Physical Architecture - Guo Jun Hao ............................................................................................................................ 8
Introduction/Background ...........................................................................................................................................8
Available Infrastructure .............................................................................................................................................8
Hardware and Software Requirements ...................................................................................................................... 8
Server Computing Hardware .................................................................................................................................8
Storage Server Hardware ..................................................................................................................................... 10
Networking Hardware ......................................................................................................................................... 13
Cisco RV042 Dual WAN VPN Router ..................................................................................................................... 13
Cisco RV325 Dual Gigabit WAN VPN Router ....................................................................................................... 13
Cisco Catalyst 2960G 24-Port ..................................................................................................................................... 15
Suggested Network Communication models ........................................................................................................... 15
Client-server ........................................................................................................................................................ 15
Point-to-point ....................................................................................................................................................... 16
Network Design and Topology ................................................................................................................................ 17
Virtualization ............................................................................................................................................................... 18
Compute virtualization techniques, methods and resources – Guo Jun Hao ........................................................... 18
Storage virtualization techniques, methods and resources – Chea Yan Shaw ......................................................... 20
Network virtualization techniques, methods and resources – Tan Yik Ern ............................................................. 22
Internal virtual network ........................................................................................................................................... 23
External virtual network .......................................................................................................................................... 23
Cloud Migration – Chea Yan Shaw ............................................................................................................................. 23
Introduction/Background ......................................................................................................................................... 23
Proposed Cloud Deployment Model........................................................................................................................ 24
Justification .............................................................................................................................................................. 25
Advantage .................................................................................................................................................................... 26
Limitations ............................................................................................................................................................... 27
Proposed Cloud Service Model ............................................................................................................................... 28
Justification .............................................................................................................................................................. 30
Advantages .............................................................................................................................................................. 30
Limitations ............................................................................................................................................................... 31
Proposed Cloud-based Architecture ........................................................................................................................ 32
Security Solutions – Tan Yik Ern ................................................................................................................................ 34
Introduction and Background .................................................................................................................................. 34
Security Concerns, Threats and Solutions ............................................................................................................... 34
Security Threat 1: Data breaches ............................................................................................................................. 34

2
CT097-3-3-CSVC UC3F1906IT(ISS)

Security Threats 2: Data loss ................................................................................................................................... 35

Security Threats 3: Malicious insiders..................................................................................................................... 35
Proposed Security Model ......................................................................................................................................... 36
Cost Benefits Analysis................................................................................................................................................. 37
Total Cost of physical and virtual layer setup (Guo Jun Hao) ................................................................................. 37
Total Cost of using cloud services (Chea Yan Shaw) .............................................................................................. 38
Total Cost for security solutions (Tan Yik Ern) ...................................................................................................... 40
Return on Investment (ROI) .................................................................................................................................... 43
Conclusion ................................................................................................................................................................... 43
References ................................................................................................................................................................... 44
Workload Matrix ..................................................................................................................................................... 47
Marking Scheme .......................................................................................................................................................... 48

3
CT097-3-3-CSVC UC3F1906IT(ISS)

Executive Summary
Amoria Bond company have to implement the cloud computing into the company. The assignment
will discuss about physical architecture, virtualization, cloud migration strategy, security solutions,
cost-benefit analysis, and conclusion.
The physical architecture will write the cloud computing infrastructure, hardware and software
requirements, suggested network communication models and network design and topology. The
document will analysis and recommend the suitable hardware and software for Amoria Bond.

Virtualization will write several types of virtualization such as compute virtualization, storage
virtualization, and network virtualization. The discussed virtualization techniques will be analyzed
and the most suitable virtualization technique will be recommended for the cloud computing
implementation strategy.

Cloud migration will compare and contrast different cloud deployment models and then
recommend the most suitable for Amoria Bond. Proposed cloud service model as well. The
assignment will justify why choose this cloud model for Amoria Bond.

Security solutions will talk about the Amoria Bond possibility cyber threats will affect. Meanwhile,
the assignment will state 3 security concerns and 3 solutions. Lastly, proposed the security model
for Amoria Bond and how to solve the security issues.

Lastly, cost benefits analysis will calculate the cost of physical and virtual layer setup, total cost
of using cloud services, and total cost for security solutions. The assignment will calculate 3 years
return on investment (ROI).

4
CT097-3-3-CSVC UC3F1906IT(ISS)

General Assumptions

• As a result of hosting the IT platform in the Cloud, users at all offices would now connect to
the cloud platform via their own office’s connections.
• The new design should benefit from the current technologies. All necessary hardware and
software should be addressed.
• A RAID configuration is used for the data storage in Cloud’s Storage Area Network (SAN),
ensuring a high level of data resilience and an efficient read/write speed.
• Security for the connections and the applications must be in place.

5
CT097-3-3-CSVC UC3F1906IT(ISS)

Gantt Chart

6
CT097-3-3-CSVC UC3F1906IT(ISS)

7
CT097-3-3-CSVC UC3F1906IT(ISS)

Physical Architecture - Guo Jun Hao

Introduction/Background
The era of the rapid development of IT technology has led to incredibly rapid growth in
the development of many companies. The company's IT infrastructure discussed next has
undergone constant upgrades and different stages of server updates, including file servers,
Exchange servers, Terminal servers, and Database servers.

Available Infrastructure
The company's IT department is responsible for the internal maintenance of terminal
servers, file servers, exchange servers and database servers. At the same time, the company's main
server is running, but there is not enough room for upgrades. Currently, this computing
infrastructure is currently provided by a PC that handles all computing tasks. The server storage
infrastructure is a PC with a hard drive. The current network infrastructure includes CAT5 UTP
cables and high-bandwidth DSL lines connected to the WAN, but the drive has no space to add
storage and does not provide any disaster recovery solution Program.

Hardware and Software Requirements

Server Computing Hardware
CPU Comparison Table
The following section will compare 3 mainstream server CPUs to find the most suitable CPU to
use for cloud computing.
Cores / Threads Base Frequency L3 Cache Price (USD)

Xeon W-2145 8/16 3.7 GHz 11.00 $1113

Xeon W-2155 10/20 3.3 GHz 13.75 $1440

Xeon W-2175 14/28 2.5 GHz 19.25 $1947

Based on the table above, the Intel Xeon W-2155 is the most suitable processor because it offers
the best price-to-performance ratio.

8
CT097-3-3-CSVC UC3F1906IT(ISS)

Recommended server computing hardware

CPU Intel Xeon W-2155 $1440.00

Motherboard (C-422 chipset) SuperMicro X11SRA $350

RAM Crucial 32GB DDR4-2666 X $1340

4 = 128GB

Cooling Corsair H115i $150

Power Supply Corsair HX750 $140

Hard Drive Crucial MX500 500GB SSD $70

Video Card ASUS Strix GTX 980 $600

Total Price Estimate $4100

For Amoria Bond as a recruitment company which focuses on day-to-day application involving
file-server, mail-server and basic application. The usage compute of Xeon-W2133, …. is enough
for day to day while future proofing with the expansion of two other branches which with existing
of 60 employees.

9
CT097-3-3-CSVC UC3F1906IT(ISS)

Storage Server Hardware

Storage hardware recommended will be oriented toward high performance and reliability. The
proposed storage solution will be a SAN with a minimum of 100TB of storage to meet business
requirements.

Storage Hardware Comparison Table

A comparison of 2 types of hard disk drives are made in the table below
Seagate IronWolf Pro Seagate Exos

Capacity 12TB 12TB

Spindle Speed (RPM) 7200 7200

Multi-User Optimisation 300 TB/year 550 TB/year

Mean Time Between Failures 1.2 million hours 2.5 million hours
(MTBF)

Price $480 $460

10
CT097-3-3-CSVC UC3F1906IT(ISS)

A comparison of 2 types of server NAS enclosures are made in the table below
SuperChassis 213AC- SuperChassis 847BE1C4-
R1K23LPB R1K23LPB

Drive Bays 16 36

Height 2U 4U

Power Supply Included Included

Price $1000 $2500

SAN Storage

(SuperChassis 847BE1C4-R1K23LPB)

11
CT097-3-3-CSVC UC3F1906IT(ISS)

4U Chassis for motherboard support size: (12" x 10") (13.68" x 13") (9.6" x 9.6")

36 x 3.5" hot-swap SAS/SATA drive bay with SES3, optional 2 x 2.5" hot-swap drive
bay

12-port 2U SAS3 12Gbps single-expander backplane, support up to 8x 3.5-inch

SAS3/SATA3 HDD/SSD and 4x NVMe/SAS3/SATA3 storage devices

24-port 4U SAS3 12Gbps single-expander backplane, support up to 24x 3.5-inch

SAS3/SATA3 HDD/SSD
1U 1200W/1000W Titanium Power Supply W/PMbus W76xL336xH40mm

7 low-profile expansion slot(s)

7 x 80mm high-performance fan(s)

Recommended storage hardware

Disk Drives Seagate Exos X 18 = 108TB $460 X 18
storage

12
CT097-3-3-CSVC UC3F1906IT(ISS)

Enclosure SuperChassis 847BE1C4- $2500

R1K23LPB

Total Price Estimate $10780

With the 24 bay of SuperChassis 847BE1C4-R1K23LPB storage rack used and 18 Seagate Exos ,
there would be 6 extra bay which can be utilized for migration from previous hard disk to current
infrastructure.

Networking Hardware
Recommended networking hardware
The following table will compare the routers that will be used for providing the cloud service in
the company. (Router Comparison Table)
Cisco RV042 Dual WAN VPN Router Cisco RV325 Dual Gigabit WAN
VPN Router

Dual WAN Configurable for Smartlink backup or ● Dual Gigabit Ethernet Ports
load balancing ● Failover
● Load balancing

Standards ● 802.3, 802.3u ● 802.3, 802.3u

● IPv4 (RFC 791) ● IPv4 (RFC 791)
● Routing Information Protocol (RIP) v1 ● IPv6 (RFC 2460)
(RFC 1058) and v2 (RFC 1723)

Network ● Dynamic Host Configuration Protocol ● Dynamic Host Configuration

protocols (DHCP) server, DHCP client, DHCP Protocol (DHCP) server, DHCP
relay agent client, DHCP relay agent

13
CT097-3-3-CSVC UC3F1906IT(ISS)

● Static IP ● Static IP
● Point-to-Point Protocol over Ethernet ● Point-to-Point Protocol over
(PPPoE) Ethernet (PPPoE)
● Point-to-Point Tunneling Protocol ● Point-to-Point Tunneling Protocol
(PPTP) (PPTP)
● Transparent bridge ● Transparent bridge
● DNS relay, Dynamic DNS (DynDNS, ● DNS relay, Dynamic DNS
3322) (DynDNS.org, 3322.org), DNS local
database
● IPv6

Routing ● Static ● Routing Information Protocol (RIP)

protocols v1 and v2, and RIP for IPv6 (RIPng)
● RIP v1 and v2
● Inter-VLAN routing
● Static routing, VLANs supported: 7

Network ● Port Address Translation (PAT) ● Port Address Translation (PAT)

Address ● Network Address Port Translation ● One-to-one NAT
Translation (NAPT), NAT traversal, one-to-one NAT ● NAT traversal
(NAT)

Protocol Protocols can be bound to a specific WAN Protocols can be bound to a specific
binding port for load balancing WAN port for load-balancing
purposes
Network DMZ port, DMZ host
edge ● DMZ port
(DMZ) ● DMZ host
Price($) $270 $284

14
CT097-3-3-CSVC UC3F1906IT(ISS)

Based on the table above, Cisco RV325 Dual Gigabit WAN VPN Router is suitable for using in
the criteria, as it supports VLAN that can reduce the congestion traffic in the network.

Recommended Networking Hardware

Router Cisco RV325 Dual Gigabit WAN VPN Router $284

Switch Cisco Catalyst 2960G 24-Port $3295

Total Price Estimate $3579

Suggested Network Communication models

The following paragraphs will examine two network communication models for client-server and
point-to-point. Through analysis, the most suitable network communication model for the Amoira
Bond cloud is the client-server model. Because centralized data centers require a client-server
model to provide control.

Client-server
Client-server is a "many-to-one" architecture. In this architecture, clients must know the IP address
of the server before a connection can be established. The server can handle many orders without
knowing ahead of time where clients are located. After the request, the server asks the client where
the response should be sent. In the client-server model, each response is tied to a prior request. As
a result, the response can be tailored to each request. In other words, each client makes a request
and each reply is made for one specific client in mind (RTI, 2015).

The client-server network architecture works best when information is centralized, such as in
databases, transaction processing systems, and file servers. However, if information is being

15
CT097-3-3-CSVC UC3F1906IT(ISS)

generated at multiple nodes, a client-server architecture requires that all information are sent to the
server for later redistribution to the clients. This approach is inefficient and precludes deterministic
communications, since the client does not know when new information is available. The time
between when the information is available on the server, and when the client asks and receives it
adds a variable latency to the system.

(Ackotech.com, 2019)

Point-to-point
Point-to-point.is one of the simplest forms of communication. A telephone is an example of a daily
point-to-point communication device. To use the phone, you must know the address (phone
number) of the other party. and point-to-point. networks are dynamic, self-organizing,
anonymizing, etc., but it does not guarantee that all peer instances in the network provide reliable
resources and good services. Some of the networks even exist to solve such problems. Establish a
trust mechanism in a and point-to-point. Network and establish a trust model to establish a trust
relationship between peers. Once the connection is established, you can make a reasonable high-
bandwidth conversation. However, if you have to talk to many people at the same time, the phone
will not work. The phone is essentially one-to-one communication.

16
CT097-3-3-CSVC UC3F1906IT(ISS)

(Ackotech.com, 2019)

Network Design and Topology

A star topology is a common network topology in which all network nodes are connected to a
central point, such as a server or switch. There are many advantages to implementing a star
topology, such as when a computer in the network goes down (International Research Journal,
other computers will keep running and receive network packets from the central point. In addition,
the star topology also facilitates network scalability.)Amoria Bond, because it's easy to add another
device to the network.
In this case, the device under the database segment or user segment of the headquarters is
connected to the switch before it reaches the core switch. This will ensure network continuity with
other devices if any devices on the current network are compromised.

17
CT097-3-3-CSVC UC3F1906IT(ISS)

(Ackotech.com, 2019)

Virtualization
Compute virtualization techniques, methods and resources – Guo Jun Hao
Virtualization is a broad term that usually refers to computing components running on a virtual
basis rather than on a real basis. Virtualization technology can expand the capacity of hardware
and simplify the process of software reconfiguration. CPU virtualization technology can simulate
multiple CPUs in parallel with one CPU, allowing one platform to run multiple operating systems
at the same time, and applications can be in separate spaces. Runs without affecting each other,
which significantly improves the efficiency of the computer.

Hardware partitioning technology

Hardware partitioning technology: Hardware resources are divided into several partitions, each
partition has independent CPU, memory, and installs a separate operating system. On one server,
there are multiple system instances and multiple operating systems are started at the same time.
The main disadvantage of this partitioning approach is the lack of flexibility and the inability to
efficiently allocate resources. With the advancement of technology, the particle size of resources
has been greatly improved. For example, on the IBM AIX system, the CPU resources can be
divided into 0.1 CPUs. This zoning method has been widely adopted in the current financial field,
such as in the bank information center.

18
CT097-3-3-CSVC UC3F1906IT(ISS)

Virtual Machine Monitor

In Virtual Machine Monitor, the underlying hardware resources are no longer divided, but a unified
Host system is deployed. On the Host system, Virtual Machine Monitor is installed, and the virtual
layer exists as application-level software and does not involve the operating system kernel. The
virtual layer will simulate a set of independent hardware devices for each virtual machine,
including CPU, memory, motherboard, graphics card, network card, and other hardware resources,
and install the so-called Guest operating system. The end user's application runs in the Guest
operating system. This virtual machine runs in a way that has certain advantages, such as the ability
to install multiple different types of operating systems on a single node; but the disadvantages are
also obvious, virtual hardware devices consume resources, and a large amount of code needs to be
translated and executed, resulting in performance. The loss makes it more suitable for special
environments such as laboratories. Its representative products include EMC's VMware series and
Microsoft's Virtual PC/Server series.

Para-Virtualization
In order to improve the performance of Virtual Machine Monitor, a new Para-virtualization
technology Para-Virtualizing technology was born. This virtual technology is represented by Xen,
which is characterized by modifying the kernel of the operating system and adding a Xen
Hypervisor layer. It allows installation in this virtual environment, still requires emulation of
hardware devices, installation of the guest operating system, and the need to modify the kernel of
the operating system. Xen can be started simultaneously with respect to multiple systems on the
same hardware device, and resource provisioning by the Xen Hypervisor. In the traditional virtual
machine monitor, the performance is slightly improved, but it is not very significant. To further
improve performance, Intel and AMD have developed separately.
The virtual technology of VT and Pacifica adds virtual instructions to the CPU. Using the hardware
virtualization technology supported by the CPU, it is no longer necessary to modify the operating
system kernel, but the CPU-specific instruction set performs the corresponding conversion
operation.

Operating system virtualization technology

19
CT097-3-3-CSVC UC3F1906IT(ISS)

The latest virtualization technology has evolved into operating system virtualization, represented
by SWsoft's Virtuozzo/OpenVZ and Sun's Solaris-based Container technology, with Virtuozzo
being a commercial solution and OpenVZ an Virtuozzo-based open source project. They are
characterized by a single node running a unique operating system instance. By installing a
virtualization platform on the system, the system can be divided into multiple isolated containers,
each of which is a virtual operating system. It is called virtual environment (VE, Virtual
Environment), also known as virtual private server (VPS, Virtual Private Server). In operating
system virtualization technology, there is only one system kernel on each node, and no hardware
devices are virtualized. In addition, multiple virtual environments share a file system as a template,
and performance is greatly improved. In a production environment, a server can run one VE/VPS
or hundreds of VE/VPS depending on the environment. Therefore, operating system virtualization
technology is a technology for production environments and commercial operating environments.
From the earliest hardware partitions to the current virtual machines and virtual operating systems,
virtualization technology has been developed for several generations, and different technical routes
have brought different advantages and disadvantages. The choice of technology and products,
users should still make decisions based on their own budget and application practices.

Storage virtualization techniques, methods and resources – Chea Yan Shaw

Storage virtualization helps automate storage capacity augmentation. Without manual
configuration, storage virtualization can leverage policies to allocate more storage capacity to the
applications it needs. Storage virtualization can also allow storage resources to be changed or
upgraded during the transfer process without disrupting application performance and reducing the
downtime required for repair and maintenance.

Techniques
There are two main types of storage virtualization, including block-level storage
virtualization and file-level storage virtualization.

20
CT097-3-3-CSVC UC3F1906IT(ISS)

Block-level storage virtualization is implemented in a storage area network (SAN), which

provides a translation layer between the host and the storage array in the SAN. In this type of
storage virtualization, servers are redirected to virtualized LUNs rather than LUNs on a single
storage array. These virtualized LUNs are on the virtualization device.

File-level storage virtualization occurs in Network Attached Storage (NAS), helping to

resolve problems by eliminating the dependency between data accessed at the file level and the
actual storage location of the file. It makes it very easy to move files, which keeps users or
applications from being affected by where the files are stored. This type of storage virtualization
forms a logical storage pool and enables users to access files using logical paths instead of physical
paths.

Method
Host-based storage virtualization
It is completed by the logical volume management software under the operating system, and the
logical volume management software of different operating systems is also different. This
implementation allows the server's storage space to span multiple heterogeneous disk arrays, often
used for data mirroring between different disk arrays.

21
CT097-3-3-CSVC UC3F1906IT(ISS)

Storage-based storage virtualization

Add virtualization to the storage controller, which is common in mid- to high-end storage devices.
Its purpose is to optimize the user-oriented application, which can integrate different storage
systems of users into a single platform, solve data management problems, and realize information
lifecycle management through hierarchical storage, thereby further optimizing the application
environment.

Network-based storage virtualization

Network-based storage virtualization is achieved by adding a virtualization engine to the storage
area network (SAN). Mainly used for the integration and unified data management of
heterogeneous storage systems.

Resources
A SAN system usually consists of four parts: server connection device, storage network
connection device, storage device and management software. The storage network connection
device can be subdivided into devices such as Fibre Channel hub, Fibre Channel switch and storage
router.

From a design perspective, as long as you purchase a NAS server to join the network through
a standard network protocol, you can enjoy file-level storage services. However, if you plan to use
SAN to design a storage network, you need to purchase not only server connection devices, storage
network connection devices, storage devices, and management software, but also the structure of
the storage network.

Network virtualization techniques, methods and resources – Tan Yik Ern

Network virtualization is a platform to combine hardware and software into one. It can be
either assigned to a particular server or device or stay unassigned completely – all in real time.
Creation the network virtualization is benefits to disguises the true complexity of the network by
separating it into parts that are easy to manage, much like the network by separating it into parts
that are easy to manage (SaM Solutions, 2017).

22
CT097-3-3-CSVC UC3F1906IT(ISS)

Internal virtual network

Internal virtual network provides for software. For instance, the common virtualization
produces liked VMWare server or Microsoft Virtual PC. The connection of internal virtual
network uses the bridge and NAT based networking. Nevertheless, internal virtual virtualization
maybe rather more advanced and with the software package itself you will offer virtual shift,
virtual networking and even virtual firewall solutions. One nice huge advantage of internal
virtualization network is that it is not hardware dependent. Internal virtual virtualization has
constant blessings to that as any virtualization answer like storage virtualization. This kind of
virtualization is extremely helpful in disaster recovery and business continuity models supported
by virtualization. Datacenters and enterprises area unit currently progressively implementing this
kind of network virtualization (Virtualizationtutor.com, 2012).

External virtual network

External Network Virtualization involves and actual physical device that caters to your
network. this sort of virtualization has been around for a few times currently, a typical example of
this could be a CISCO networking switch that gives VLAN (virtual LAN) capabilities through its
internal CISCO iOS code. a complicated CISCO routing example includes providing automatic
QOS and packet instrument service that helps you to rank network traffic yet as diagnose network
connected issues. The advantage of getting AN external virtualization answer is that it's a really
little footprint because of its “dedicated” nature, its resources aren't shared by different tasks and
burdens of your virtualization infrastructure (Virtualizationtutor.com, 2012).

Cloud Migration – Chea Yan Shaw

Introduction/Background
Cloud migration is the migration of enterprises from traditional platforms to cloud
platforms. Compared with traditional application platforms, cloud computing platforms have the
advantages of powerful computing power, storage capacity, diversified services, and high-cost
performance.
Enterprises can choose different types of cloud migrations. The most common model is to
transfer data and applications from a local data centre to a public cloud. However, cloud migration
may also require the migration of data and applications from one cloud platform or provider to

23
CT097-3-3-CSVC UC3F1906IT(ISS)

another, a model called cloud-to-cloud migration. The third type of migration is a non-cloud
migration, also known as a reverse cloud migration, that moves data or applications from the cloud
back to the local data centre.
Cloud computing allocates computing resources on demand through the network.
Computing resources include servers, databases, storage, platforms, architecture, and applications.

The characteristics of cloud computing are as follows:

• Resource pool: Enterprises can effectively use server resources.

• Virtualization: Virtualization is a key factor in enhancing computing power and the overall
security of operations and data.

• Scalability: Cloud-managed resources are used based on demand levels, so there is no need
to maintain high storage or bandwidth requirements to meet peak hour requirements. This
feature allows cloud hosting environments to be more cost effective than traditional hosting
requirements.

• Accessibility: Because computing power is distributed across different servers in the cloud,
different functions can be run on a variety of devices and platforms.

• On-demand pricing: Instead of paying for server resources, an enterprise pays for the
resources it consumes.

Proposed Cloud Deployment Model

There are four deployment models for cloud computing: private, community, public, and
hybrid.

Private cloud, a feature of cloud resources that is only used by users within an organization.
It does not stipulate who the ownership, daily management and operation of the cloud belong to,

24
CT097-3-3-CSVC UC3F1906IT(ISS)

may be an organization, may be a third-party organization, or a combination of the two. The cloud
is located inside the organization or hosted elsewhere.

Community cloud, cloud resources are dedicated to users in a fixed number of units, and
these units have the same requirements for the cloud, such as security requirements, cloud
missions, rules and regulations, compliance requirements. The main body of ownership, daily
management and operation of the cloud is one or more units within the community, or it may be a
third-party organization, or a combination of the two. The cloud may be deployed locally or
elsewhere.

Public cloud, cloud resources are open to the public. Cloud ownership, day-to-day
management and operations are a business organization, academic structure, government
department, or several alliances. The cloud may be deployed locally or elsewhere, such as the
cloud of the Kuala Lumpur public cloud may be built in Kuala Lumpur or in Shah Alam.

A hybrid cloud consisting of two or more different types of clouds, such as a private cloud,
a community cloud, or a public cloud. They are combined using proprietary techniques, but they
are independent. These technologies enable smooth transfer of data and applications between
clouds. The combination of multiple clouds of the same type is a cloudy category, such as two
private clouds combined, and the hybrid cloud is a cloudy one. A hybrid cloud consisting of a
private cloud and a public cloud is currently the most popular. When the temporary demand for
private cloud resources is too large, public cloud resources are automatically leased to stabilize the
demand for private cloud resources. For example, when a website has a large number of clicks
during the holiday season, public cloud resources are temporarily used for emergency.

Justification
We recommend that Manchester's cloud deployment model project use a private cloud
model. Because Manchester has too many connections, it has reached the limit of hard-wired
infrastructure. For Manchester, which wants to offer its corporate applications and data on the
cloud, a private cloud is the ideal solution. Compared to public cloud users, it restricts access to

25
CT097-3-3-CSVC UC3F1906IT(ISS)

protect its IT systems by using encryption protocols and firewalls, but private clouds provide an
additional level of security. Private clouds provide scalability and more robust security policies,
compliance requirements, and budget and regulations.

Advantage
Special to the enterprise and encryption management
Data is stored entirely in the private cloud within the enterprise and is not tied to third parties, so
enterprise data is private and enjoys the efficiency that the cloud storage era brings to corporate
offices. When the data is stored on a unique server, the private cloud will securely encrypt the data
stored on the server. Private cloud storage also ensures the security and reliability of user data.

Massive file and hierarchical management

The file data of each PC is centrally managed, so you don't have to worry about computer damage
and reinstalling the system to make enterprise data loss. The private cloud is equipped with a
powerful rights management system, which allows employees in each department and each
position to have different permissions.

Improve resource utilization and reduce costs

By centralizing data, users can access data from anywhere, on a stand-alone or mobile device.
Realize resource sharing and collaborative work within the network, reduce traditional resource
exchange, and improve resource utilization. Significantly reduce the use of mobile storage devices
and reduce business costs.

26
CT097-3-3-CSVC UC3F1906IT(ISS)

Reliable and secure, easy to expand

Data synchronization effectively avoids the problem of lost data loss. At the same time, the disk
array and tape offline backup mode are adopted for the server, which ensures the security of the
cloud storage. The storage space is expanded in time according to the number of users and space
of the server and does not affect the user's use.

Fast and safe

The private cloud storage built inside the enterprise greatly improves the speed of access, upload,
and download by relying on the high-speed LAN. Private cloud storage self-management, data
physics security and anti-leakage risks are further enhanced.

Limitations
Special to the enterprise and encryption management
Data is stored entirely in the private cloud within the enterprise and is not tied to third parties, so
enterprise data is private and enjoys the efficiency that the cloud storage era brings to corporate
offices. When the data is stored on a unique server, the private cloud will securely encrypt the data
stored on the server. Private cloud storage also ensures the security and reliability of user data.

Massive file and hierarchical management

The file data of each PC is centrally managed, so you don't have to worry about computer damage
and reinstalling the system to make enterprise data loss. The private cloud is equipped with a
powerful rights management system, which allows employees in each department and each
position to have different permissions.

Improve resource utilization and reduce costs

By centralizing data, users can access data from anywhere, on a stand-alone or mobile device.
Realize resource sharing and collaborative work within the network, reduce traditional resource
exchange, and improve resource utilization. Significantly reduce the use of mobile storage devices
and reduce business costs.

27
CT097-3-3-CSVC UC3F1906IT(ISS)

Reliable and secure, easy to expand

Data synchronization effectively avoids the problem of lost data loss. At the same time, the disk
array and tape offline backup mode are adopted for the server, which ensures the security of the
cloud storage. The storage space is expanded in time according to the number of users and space
of the server and does not affect the user's use.

Fast and safe

The private cloud storage built inside the enterprise greatly improves the speed of access, upload,
and download by relying on the high-speed LAN. Private cloud storage self-management, data
physics security and anti-leakage risks are further enhanced.

Proposed Cloud Service Model

(Figure shows Cloud Service Model)

Infrastructure as a Service (IaaS) is a cloud computing product that provides users with access to
computing resources such as servers, storage, and networking. Organizations can use their own
platforms and applications in the service provider's infrastructure. For example, Google Docs,
Salesforce.com, and even Web Email are also cloud computing.

28
CT097-3-3-CSVC UC3F1906IT(ISS)

Its main functions include:

• Users pay IaaS on demand, eliminating the need to purchase a complete set of hardware.
• The infrastructure can be extended based on processing and storage needs.
• Save the cost of buying and maintaining hardware.
• Since the data is in the cloud, there is no single point of failure.
• Support management task virtualization to free up time for other transactions.

Platform as a Service (PaaS) is a cloud computing product that provides users with a cloud
environment for developing, managing, and delivering applications. In addition to storage and
other computing resources, users can develop, customize, and test their own applications using a
pre-built tool suite. For example, Google App Engine, Force.com, and more.

Its main features include:

• PaaS provides a platform with tools to test, develop, and run applications in the same
environment.
• Enables organizations to focus on development without worrying about the underlying
infrastructure.
• The vendor is responsible for managing security, operating system, server software, and
backup.
• Promote close collaboration, even if the team works remotely.

Software as a Service (SaaS) is a cloud computing product that provides users with access to
vendor cloud software. Users do not need to install an app on their local device. Instead, the
application resides on a remote cloud network and is accessed via the web or API. Through the
application, users can store and analyse data and collaborate on projects. For example, Amazon
EC2, Joyent, and Alibaba Cloud.

Its main features include:

• SaaS vendors offer software and applications to users through a subscription model.
• Users do not have to manage, install or upgrade the software; this is all the responsibility
of the SaaS vendor.

29
CT097-3-3-CSVC UC3F1906IT(ISS)

• Data is protected in the cloud; device failures do not result in data loss.
• Resource usage can be expanded based on service needs.
• Applications can be accessed from virtually any device connected to the Internet from
anywhere in the world.

Justification
We recommend using the PaaS cloud service model as a solution for the project because
the infrastructure already exists in the project's office. The PaaS workflow is an early stage of the
provider's development and can effectively accelerate the delivery of its products and services to
consumers.
The service provider we recommend supporting the PaaS model is AWS's Elastic
Beanstalk. AWS's Elastic Beanstalk was chosen because, according to (DevTeam.Space., 2019),
it is one of the top 10 PaaS cloud computing service providers in 2019, which implements
applications in a flexible cloud. Hosting, configuring, deploying, and managing automated
environments. It provides developers with a self-service that makes it easy to deploy applications
on demand.

Advantages
Fast automated configuration
Elastic Beanstalk automatically sets up, configures, and provisions other AWS services
such as EC2, RDS, and Elastic Load Balancing to create web services. This automation saves
valuable time by processing all the work that the production application needs to do, such as Linux
package installation, load balancer configuration, and database setup. The automatic configuration
of Elastic Beanstalk also helps to avoid errors caused by small details when trying to set it
manually.

Powerful customization
The content created is just an AWS service, so you can view the new EC2 instance via an
SSH connection. Not only can the database configuration file be updated, but security groups can

30
CT097-3-3-CSVC UC3F1906IT(ISS)

also be updated for all instances. For example, the entire application or instance can only be
accessed from your office IP address.

Price and flexibility

The instance size can be chosen, and the front-end server can be easily added to the load
balancer so that server requirements can be matched to the service load balance. Elastic Beanstalk
has built-in automatic scaling to save extra money for large applications by providing additional
servers only when needed.

Limitations
Deployment speed
For two front-end sites, deployment takes at least five minutes or even fifteen minutes. More server
deployments take longer. This can be important if you want to respond in real time.

Stack upgrade
Elastic Beanstalk always has a new stack version, but there is no release details for the changes.
Sometimes it's obvious that the version of Ruby or Puma will change. But other times, this is just
a normal upgrade.

Unreliable deployment

With the Elastic Beanstalk deployment failure, we all need to troubleshoot and fix it ourselves. We
found and tried a variety of solutions, such as terminating the problematic instance and then letting
Elastic Beanstalk recover. We don't know what went wrong, so we're not sure if the computer is
in good shape.

31
CT097-3-3-CSVC UC3F1906IT(ISS)

Proposed Cloud-based Architecture

Figure shows Elastic Beanstalk architecture (Amazon.com., 2019)

When creating an environment, Elastic Beanstalk pre-configures the required resources to

run the application. According to Figure 2, the AWS resources created for the environment include
Elastic Load Balancer (ELB), Auto Scaling Group, and Amazon Elastic Compute Cloud (Amazon
EC2) instances.

Each environment has a URL that points to the load balancer. The alias for this URL in
Amazon Route 53 is the Elastic Load Balancing URL. Amazon Route 53 is a highly available,
scalable Domain Name System (DNS) web service. It provides secure and reliable routing to the
cloud service infrastructure. A domain name registered with a DNS provider forwards the request
to an alias record.

Amazon EC2 Auto Scaling is in front of the instance. It automatically launches more
Amazon EC2 instances to accommodate the increased load on the application during holidays or

32
CT097-3-3-CSVC UC3F1906IT(ISS)

events. If the load on the application is reduced, it stops the instance, but at least one instance is
running.

The software stack running on the instance depends on the container type. The container
type defines the infrastructure topology and software stack that will be used in the environment.
For example, an Elastic Beanstalk environment with an Apache Tomcat container uses the
Amazon Linux operating system, the Apache web server, and the Apache Tomcat software.

The software components of the Host Manager (HM) run on each Amazon EC2 instance.
The host manager is responsible for the following:

• Deploy the application

• Aggregate events and metrics for retrieval via the console, API, or command line
• Generate instance-level events
• Monitor for critical errors in the application log file
• Monitoring application server
• Patch instance component
• Rotate your app log files and post them to Amazon S3

Host Manager reports instance status through metrics, errors, events, and servers provided
by the AWS Management Console, APIs, and CLI.

A security group is a firewall rule for an instance. By default, Elastic Beanstalk defines a
security group that allows everyone to connect using ports 80 (HTTP) and 22 (SSH). You can
define one or more security groups. For example, define a security group for the MySQL database
server that allows port 3306 (MySQL) connections.

33
CT097-3-3-CSVC UC3F1906IT(ISS)

Security Solutions – Tan Yik Ern

Introduction and Background
Cloud computing security services is really important in this era. As the technology is getting
stronger, the technology would more benefits to human, meanwhile it also brings the side effect to
the world. Some people may use their computing knowledge to launch the cyber threats. So, the
cyber police have to stop the cybercrime and investigate the cybercriminal’s footprints. Cyber
prevention will help to deter the cyber threats. The cloud computing companies liked Amazon web
services, Google cloud, Alibaba, and Microsoft services. They have provided cloud computing
services are categorized into three types. Infrastructure as a Service (IaaS), Platform as a Service
(PaaS), and Software as a Service.
Cloud computing is an innovation technology in the information technology field that has affected
every method and technique in computing from infrastructure and software deployment to
application maintenance and availability (Anon, 2019). Cloud services can dynamically scale to
meet the needs of its users, and because the service provider supplies the hardware and software
necessary for the service. For example, of cloud services include online data storage and backup
solutions, Web-based e-mail services, hosted office suites and document collaboration services,
database processing, managed technical support services and other.

Security Concerns, Threats and Solutions

Security threats has always been a topic worthy of our attention. It always a big challenge for IT
professional. Regardless of the size of the company or the sector of the sector it operates in, all
businesses will now be target for criminals looking to steal data, disrupt operations or just wreak
havoc.

Security Threat 1: Data breaches

Data breaches is an incident in which an unauthorized entity, attacker, gains access to a cloud
consumer’s confidential data stored on the cloud infrastructure. An attacker may gain unauthorized
access to consumers’ confidential data in various ways, such as a compromised password database,
poor application design, poor segregation of network traffic, poor encryption implementation, or
through a malicious insider. A data breach may involve unauthorized access to any kind of
information including personal health information (PHI), financial information, trade secrets,

34
CT097-3-3-CSVC UC3F1906IT(ISS)

Personal Identity Information (PII), and intellectual property. To mitigate the risk of such data
leakage, providers may deploy a multifactor authentication, encryption techniques, and tightened
network security (SearchSecurity, 2019).

Security Threats 2: Data loss

Data loss is any process or event that results in data being corrupted, deleted, and made unreadable
by a user and software or application (Techopedia.com, 2019). It is also known as data leakage.
The provider is often responsible for data loss resulting from these causes and appropriate
measures such as data backup can reduce the impact of this incident. Sometimes, data loss also
destruction resulting from natural disasters. Data loss can occur for these 7 biggest reasons
(Databackuponlinestorage.com, 2016).

1. Deleting files accidentally.

2. Viruses and damaging malware.
3. Mechanical damages or hard drive.
4. Power failures.
5. Theft of computer.
6. Spilling coffee, and other water damages.
7. Fire accidents and explosions.

Security Threats 3: Malicious insiders

Malicious insiders’ attacks can be current or former employees, contractors or business that gains
access to an organizations network, system or data and release this information without permission
by the organization (Anon, 2019). Countermeasures liked anti malware software; Intrusion
detection systems can minimize the risk of attacks from outsiders. However, these measures do
not reduce the risk of attacks from malicious insiders. Insider collaboration with malicious external
threat actors is likely the rarest form of criminal insider risk, but it’s still an important
cybercriminal to recruit employees via the dark web (Security Intelligence, 2018).

35
CT097-3-3-CSVC UC3F1906IT(ISS)

Proposed Security Model

Cloud security model is providing a benefit for cloud customer, meanwhile, the client’s
confidential is secure. Cloud security falls into a shared cloud responsibility model, meaning that
both the provider and customer possess responsibility in securing the cloud. Also meant as Public
clouds have a multi-tenant architecture, which means client share computing or storage resources
with others.

Diagram 2: Security concepts

Privilege controls. This security component is necessary to control cloud usage by different
individuals and organizations. It protects user’s privacy and ensures data integrity and secrecy by
applying an anthology of rules and policies. Cloud users are granted different levels of access
permissions and resource ownerships based on their account type. Only authorized users will
access the approved elements of the encrypted information through identity-based decoding
algorithmic program. (Bartleby.com, 2016).
Data protection. Data stored in the cloud storage resources may be very sensitive and critical.
This may also store critical banking information liked clients account, balances and transactions
or national security information. Using cloud security model to protect data loss or data breaches
by provide safe storage servers. However, there servers should secure data retrieval and removal
from the cloud. Securing data storage, a processing is important since cloud users have no idea
about data’s location. Next, encryption techniques can also be employed for data security. Message

36
CT097-3-3-CSVC UC3F1906IT(ISS)

Authentication Code (MAC) and hash functions can be employed in data protection to offer data
integrity (Anon, 2019).
Threats detections. Cloud is always attacking by attacker for damage the security system and get
the confidential information. So, provide the CIA (confidentiality, integrity, and availability) in
cloud service. Attacks detection and prevention component and unit should provide the IDS
(Intrusion Detection System) and IPS (Intrusion Prevention System). Malicious insider should be
reduced to minimum to guarantee the maximum availability of business, government, health and
other critical information and services. These are provisions for the next generation of intrusion
detection systems and firewalls in order to protect the resources from malicious intrusions, viruses,
and malwares.
Security services. Using the AAA (authentication, authorization, and accountability) security in
cloud services. SaaS is an industry from which a service contributor integrates security services
into a commercial infrastructure on a subscription basic. SaaS has applications such as anti-virus
software delivered over the internet however the tern can in addition pass on to security
administration provided in-house by an external organization.

Cost Benefits Analysis

Total Cost of physical and virtual layer setup (Guo Jun Hao)
No. Description Price($)

Computing Hardware

1. CPU $1440.00

2. Motherboard (C-422 chipset) $350

3. RAM $1340

4. Cooling $150

5. Power Supply $140

6. Hard Drive $70

7. Video Card $600

Sub Total $4100

Storage Hardware

37
CT097-3-3-CSVC UC3F1906IT(ISS)

1. Disk Drives $460 X 18

2. Enclosure $2500

Sub Total $10780

Networking Hardware

1. Router $284

2. Switch $3295

Sub Total $3579

Total $18459

Total Cost of using cloud services (Chea Yan Shaw)

Figure 1: Instance Configuration (Awstcocalculator.com., 2019)

38
CT097-3-3-CSVC UC3F1906IT(ISS)

Figure shows 3 Years Cost Breakdown (Awstcocalculator.com., 2019)

According to the configuration of Figure 3, Figure 4 shows that the cost for a total of three years
is about $90,000, which is about $30,000 per year. It also provides an administrator console that
allows viewing and control of instances. It allows tracking of problems. It has an instance sub state
dashboard with an advanced view that allows you to view resource usage for the entire strength
group. There are also container-as-a-service, access control management, and instance-scoped
event logs.

39
CT097-3-3-CSVC UC3F1906IT(ISS)

Total Cost for security solutions (Tan Yik Ern)

Item/Function Description Cost
Antivirus • Helps detect and remove $100 per system per year.
malware including viruses,
worms, and Trojans. Budget cost
• Real-time/scheduled scanning, $2,000 per year
file quarantine, alerts.

Anti-Spam • Identifies and blocks spam $100 per system per year
(unsolicited messages) from
entering your system. Budget cost
• Spam filters, spam blocking, $2,000 per year
quarantining, white listening,
reports
Anti-DDos • Helps to prevent the DDOS $100 per system per year
attacks and website unavailable
service. Budget cost
• Real time/scheduled scanning $2,000 per year
and alerts.
Cloud security • Protects the data, applications, Budget cost
and infrastructures involved in $3,000 per year
cloud computing.
• Real time/scheduled scanning
and alerts.
Cyber insurance • Able to claim the money if Budget cost
company data loss or cyber- $6,000 per year
attack lead to lose money.
• The insurance allows to
compensation money to
company.

40
CT097-3-3-CSVC UC3F1906IT(ISS)

Data backup • Stores a copy of your data that $100 per system per year
can be recovered/restored in case
of emergency. Budget cost
• Automatic file copying, search, $2,000 per year
versioning, file recovery.
Data loss • To prevent “data loss” and “data $100 per system per year
prevention leak”.
• Automatic file copying and save Budget cost
file $2,000 per year

• Protects the data and information.

Disaster • Prevent the data loss and data Budget cost
recovery leak. $5,000 per year
Endpoint • Protection of computer networks Budget cost
security that are remotely bridged to client $4,000 per year
devices.
Hire internal • Manual function the security in Budget cost
security staff company. $25,000 per year
• Prevention if power loss or
hardware has problem, internal
security staff can manage.
Hire external • Helps to conduct the evaluation Budget cost
consultant the security system and security $25,000 per year
architecture.
• A leader to provide a good
security solution to company.
Identity and • This software tools make it Budget cost
access possible to manage user accounts, $5,000 per year
management set user access controls, fix
privilege rights, and restrict

41
CT097-3-3-CSVC UC3F1906IT(ISS)

unauthorized user access and

misuse of employee or partner
accounts.
Mobile security • Secure data on mobile devices Budget cost
including laptops, tables, and $3,000 per year
smart watches.
• It allows identifies vulnerabilities
and detects malware threats to
mobile devices.
Network security • Covers a broad range of areas Budget cost
including network monitoring, $3,000 per year
firewalls to filter traffic, anti-
malware applications, and data
backup and recovery.
Server backup • Copy data stored on a server to Budget cost
guard against data loss. $15,000 per year
• Backup scheduling, continuous
backup, encryption, disaster
recovery.
Total budget $104,000
cost:

42
CT097-3-3-CSVC UC3F1906IT(ISS)

Return on Investment (ROI)

YEAR 1 2 3
COSTS $152,459 $134,000 $134,000
ESTIMATED BENEFITS $200,000 $300,000 $400,000
ROI
__(GAIN – COST )__ 31.18% 123.88% 198.50%
COST

In the above table, Amoria Bond's first year cost is $152,459, which includes purchase
hardware, cloud services and maintenance. Since this is the first year of cloud deployment and
migration, we don't think it will bring much revenue, so the return on investment is 31.18%.
However, in the next two years, as the business continues to grow, its revenue will increase and
exceed the first year. However, the fee still to be paid is the annual subscription and maintenance
fee for the cloud service, which costs $134,000. Will not buy any new hardware, the return on
investment is 123.88%. Therefore, with the development of the business, the return on investment
in the third year was 198.5%.

Conclusion
In short, the proposed solution was the problem of security, resilience, redundancy, availability,
backup, disaster recovery planning, connectivity and bandwidth, and scalability, including
hardware and software upgrades in Amoria Bond company. Everything is about the
implementation of cloud services. Amonia Bond will buy hardware and software to substitute the
old IT infrastructure. The hybrid cloud is a combination of public and private clouds that allow
Amoria Bond to choose between two cloud data storage methods based on data confidentially.
Virtualization will be carried out to comply with Amoria Bond company’s requirements and
limitations. Use the SaaS, IaaS, and PaaS in Amoria Bond company purpose to embrace the
security and cloud services. Besides that, the Return of Investment (ROI) is based on the cost of
physical architecture, cloud services and security solutions. The Amoria Bond business will be
spent on higher revenue compared to the old IT infrastructure.

43
CT097-3-3-CSVC UC3F1906IT(ISS)

References
What is storage virtualization? - Definition from WhatIs.com (2019). What is storage
virtualization? - Definition from WhatIs.com. [online] SearchStorage. Available at:
https://searchstorage.techtarget.com/definition/storage-virtualization [Accessed 19 Aug. 2019].

SaM Solutions. (2017). Virtualization in Cloud Computing [Types and Techniques Overview] |
SaM Solutions. [online] Available at: https://www.sam-solutions.com/blog/virtualization-
techniques-in-cloud-computing/ [Accessed 11 Sep. 2019].

What is cloud migration? - Definition from WhatIs.com (2019). What is cloud migration? -
Definition from WhatIs.com. [online] SearchCloudComputing. Available at:
https://searchcloudcomputing.techtarget.com/definition/cloud-migration [Accessed 20 Aug.
2019].

Control Engineering. (2017). Five characteristics of cloud computing. [online] Available at:
https://www.controleng.com/articles/five-characteristics-of-cloud-computing/ [Accessed 22 Aug.
2019].

Rishabh Software. (2019). Types of Cloud Deployment Models & Cloud Computing Models
(Updated 2019). [online] Available at: https://www.rishabhsoft.com/blog/basics-of-cloud-
computing-deployment-and-service-models [Accessed 22 Aug. 2019].

Syneto. (2017). 7 benefits of choosing a private cloud solution - Syneto. [online] Available at:
https://syneto.eu/2016/10/20/benefits-of-choosing-private-cloud/ [Accessed 2 Sep. 2019].

Hind Bouzidi (Outscale (2017). The Limitations of Private Clouds. [online] Outscale.com.
Available at: https://blog.outscale.com/en/the-limitations-of-private-clouds [Accessed 2 Sep.
2019].

Fingent Blog | IT Solutions Blog | Ideas to Motivate Business Growth. (2019). Cloud Service
Models Saas, IaaS, Paas - Choose the Right One for Your Business | Fingent Blog. [online]

44
CT097-3-3-CSVC UC3F1906IT(ISS)

Available at: https://www.fingent.com/blog/cloud-service-models-saas-iaas-paas-choose-the-

right-one-for-your-business [Accessed 2 Sep. 2019].

DevTeam.Space. (2019). 10 Top PaaS Providers for 2019 - DevTeam.Space. [online] Available
at: https://www.devteam.space/blog/10-top-paas-providers-for-2019/ [Accessed 3 Sep. 2019].

Camp, A. (2016). Elastic Beanstalk: Advantages and Drawbacks. [online] Medium. Available at:
https://medium.com/@acamp/elastic-beanstalk-advantages-and-drawbacks-be814615af01
[Accessed 4 Sep. 2019].

Amazon.com. (2019). Web Server Environments - AWS Elastic Beanstalk. [online] Available at:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-webserver.html [Accessed 4
Sep. 2019].

Awstcocalculator.com. (2019). TCO Calculator. [online] Available at:

https://awstcocalculator.com/.

SearchSecurity. (2019). What is a data breach? Definition from WhatIs.com. [online] Available
at: https://searchsecurity.techtarget.com/definition/data-breach [Accessed 24 Jul. 2019].

Techopedia.com. (2019). What is Data Loss? - Definition from Techopedia. [online] Available at:
https://www.techopedia.com/definition/29863/data-loss [Accessed 24 Jul. 2019].

Databackuponlinestorage.com. (2016). 7 Greatest Causes of Data Loss | Data Safety Tips. [online]
Available at: https://www.databackuponlinestorage.com/7_Causes_of_Data_Loss [Accessed 24
Jul. 2019].

McCoy, M. (2015). 6 Notorious Cases of Data Loss All Hosting Providers Can Learn From.
[online] R1soft.com. Available at: https://www.r1soft.com/blog/6-notorious-cases-of-data-loss-
all-hosting-providers-can-learn-from [Accessed 25 Jul. 2019].

45
CT097-3-3-CSVC UC3F1906IT(ISS)

Anon, (2019). [online] Available at: https://www.igi-global.com/dictionary/cloud-security/44678

[Accessed 25 Jul. 2019].

Security Intelligence. (2018). These 5 Types of Insider Threats Could Lead to Costly Data
Breaches. [online] Available at: https://securityintelligence.com/these-5-types-of-insider-threats-
could-lead-to-costly-data-breaches/ [Accessed 25 Jul. 2019].

46
CT097-3-3-CSVC UC3F1906IT(ISS)

Workload Matrix
component / Guo JunHao TP046636 Chea Yan Shaw TP045215 Tan Yik Ern TP046566
name
Executive 34% 33% 33%
summary
General 33% 34% 33%
assumption
Physical 100% - -
Architecture
Compute 34% 33% 33%
virtualization
Cloud - 100% -
migration
Storage 33% 34% 33%
virtualization
Security - - 100%
Solutions
Network 33% 33% 34%
virtualization

Total Cost of 100% - -

physical and
virtual layer
setup
Total Cost of - 100% -
using cloud
services
Total Cost for - - 100%
security
Return on 33% 34% 33%
Investment
Conclusion 33% 33% 34%

47
 CT097-3-3-CSVC UC3F1906IT(ISS)

Marking Scheme
Student’s Name GuoJunHao Chea Yan Shaw Tan Yik Ern
TP046636 TP045215 TP046566
Group Components (A)
Overall design & structure (10)

Current trends & best practices

(10)
Executive summary (5)

Coherence & integration (5)

Total Marks (30)

Individual Components (B)

Technical accuracy (15)

Critical analysis & justification (20)

Research & completeness (15)

Referencing & original work (10)

Presentation (10)

Total Marks (70)

Guo JunHao Chea Yan Shaw Tan Yik Ern

TP046636 TP045215 TP046566
Group Components (A)
Individual Components (B)
Overall Marks (A + B)

48

View publication stats