Professional Documents
Culture Documents
net/publication/337224711
CITATIONS READS
0 992
1 author:
SEE PROFILE
All content following this page was uploaded by Alfred Tan Yik Ern on 13 November 2019.
GROUP ASSIGNMENT
CT097-3-3-CSVC
UC3F1906IT(ISS)
WEIGHTAGE: 50%
GROUP MEMBERS:
NAME: TP NUMBER:
1
CT097-3-3-CSVC UC3F1906IT(ISS)
Table of Contents
Executive Summary ....................................................................................................................................................... 4
General Assumptions ..................................................................................................................................................... 5
Gantt Chart ....................................................................................................................................................................6
Physical Architecture - Guo Jun Hao ............................................................................................................................ 8
Introduction/Background ...........................................................................................................................................8
Available Infrastructure .............................................................................................................................................8
Hardware and Software Requirements ...................................................................................................................... 8
Server Computing Hardware .................................................................................................................................8
Storage Server Hardware ..................................................................................................................................... 10
Networking Hardware ......................................................................................................................................... 13
Cisco RV042 Dual WAN VPN Router ..................................................................................................................... 13
Cisco RV325 Dual Gigabit WAN VPN Router ....................................................................................................... 13
Cisco Catalyst 2960G 24-Port ..................................................................................................................................... 15
Suggested Network Communication models ........................................................................................................... 15
Client-server ........................................................................................................................................................ 15
Point-to-point ....................................................................................................................................................... 16
Network Design and Topology ................................................................................................................................ 17
Virtualization ............................................................................................................................................................... 18
Compute virtualization techniques, methods and resources – Guo Jun Hao ........................................................... 18
Storage virtualization techniques, methods and resources – Chea Yan Shaw ......................................................... 20
Network virtualization techniques, methods and resources – Tan Yik Ern ............................................................. 22
Internal virtual network ........................................................................................................................................... 23
External virtual network .......................................................................................................................................... 23
Cloud Migration – Chea Yan Shaw ............................................................................................................................. 23
Introduction/Background ......................................................................................................................................... 23
Proposed Cloud Deployment Model........................................................................................................................ 24
Justification .............................................................................................................................................................. 25
Advantage .................................................................................................................................................................... 26
Limitations ............................................................................................................................................................... 27
Proposed Cloud Service Model ............................................................................................................................... 28
Justification .............................................................................................................................................................. 30
Advantages .............................................................................................................................................................. 30
Limitations ............................................................................................................................................................... 31
Proposed Cloud-based Architecture ........................................................................................................................ 32
Security Solutions – Tan Yik Ern ................................................................................................................................ 34
Introduction and Background .................................................................................................................................. 34
Security Concerns, Threats and Solutions ............................................................................................................... 34
Security Threat 1: Data breaches ............................................................................................................................. 34
2
CT097-3-3-CSVC UC3F1906IT(ISS)
3
CT097-3-3-CSVC UC3F1906IT(ISS)
Executive Summary
Amoria Bond company have to implement the cloud computing into the company. The assignment
will discuss about physical architecture, virtualization, cloud migration strategy, security solutions,
cost-benefit analysis, and conclusion.
The physical architecture will write the cloud computing infrastructure, hardware and software
requirements, suggested network communication models and network design and topology. The
document will analysis and recommend the suitable hardware and software for Amoria Bond.
Virtualization will write several types of virtualization such as compute virtualization, storage
virtualization, and network virtualization. The discussed virtualization techniques will be analyzed
and the most suitable virtualization technique will be recommended for the cloud computing
implementation strategy.
Cloud migration will compare and contrast different cloud deployment models and then
recommend the most suitable for Amoria Bond. Proposed cloud service model as well. The
assignment will justify why choose this cloud model for Amoria Bond.
Security solutions will talk about the Amoria Bond possibility cyber threats will affect. Meanwhile,
the assignment will state 3 security concerns and 3 solutions. Lastly, proposed the security model
for Amoria Bond and how to solve the security issues.
Lastly, cost benefits analysis will calculate the cost of physical and virtual layer setup, total cost
of using cloud services, and total cost for security solutions. The assignment will calculate 3 years
return on investment (ROI).
4
CT097-3-3-CSVC UC3F1906IT(ISS)
General Assumptions
• As a result of hosting the IT platform in the Cloud, users at all offices would now connect to
the cloud platform via their own office’s connections.
• The new design should benefit from the current technologies. All necessary hardware and
software should be addressed.
• A RAID configuration is used for the data storage in Cloud’s Storage Area Network (SAN),
ensuring a high level of data resilience and an efficient read/write speed.
• Security for the connections and the applications must be in place.
5
CT097-3-3-CSVC UC3F1906IT(ISS)
Gantt Chart
6
CT097-3-3-CSVC UC3F1906IT(ISS)
7
CT097-3-3-CSVC UC3F1906IT(ISS)
Available Infrastructure
The company's IT department is responsible for the internal maintenance of terminal
servers, file servers, exchange servers and database servers. At the same time, the company's main
server is running, but there is not enough room for upgrades. Currently, this computing
infrastructure is currently provided by a PC that handles all computing tasks. The server storage
infrastructure is a PC with a hard drive. The current network infrastructure includes CAT5 UTP
cables and high-bandwidth DSL lines connected to the WAN, but the drive has no space to add
storage and does not provide any disaster recovery solution Program.
Based on the table above, the Intel Xeon W-2155 is the most suitable processor because it offers
the best price-to-performance ratio.
8
CT097-3-3-CSVC UC3F1906IT(ISS)
For Amoria Bond as a recruitment company which focuses on day-to-day application involving
file-server, mail-server and basic application. The usage compute of Xeon-W2133, …. is enough
for day to day while future proofing with the expansion of two other branches which with existing
of 60 employees.
9
CT097-3-3-CSVC UC3F1906IT(ISS)
Mean Time Between Failures 1.2 million hours 2.5 million hours
(MTBF)
10
CT097-3-3-CSVC UC3F1906IT(ISS)
A comparison of 2 types of server NAS enclosures are made in the table below
SuperChassis 213AC- SuperChassis 847BE1C4-
R1K23LPB R1K23LPB
Drive Bays 16 36
Height 2U 4U
SAN Storage
(SuperChassis 847BE1C4-R1K23LPB)
11
CT097-3-3-CSVC UC3F1906IT(ISS)
4U Chassis for motherboard support size: (12" x 10") (13.68" x 13") (9.6" x 9.6")
36 x 3.5" hot-swap SAS/SATA drive bay with SES3, optional 2 x 2.5" hot-swap drive
bay
12
CT097-3-3-CSVC UC3F1906IT(ISS)
With the 24 bay of SuperChassis 847BE1C4-R1K23LPB storage rack used and 18 Seagate Exos ,
there would be 6 extra bay which can be utilized for migration from previous hard disk to current
infrastructure.
Networking Hardware
Recommended networking hardware
The following table will compare the routers that will be used for providing the cloud service in
the company. (Router Comparison Table)
Cisco RV042 Dual WAN VPN Router Cisco RV325 Dual Gigabit WAN
VPN Router
Dual WAN Configurable for Smartlink backup or ● Dual Gigabit Ethernet Ports
load balancing ● Failover
● Load balancing
13
CT097-3-3-CSVC UC3F1906IT(ISS)
● Static IP ● Static IP
● Point-to-Point Protocol over Ethernet ● Point-to-Point Protocol over
(PPPoE) Ethernet (PPPoE)
● Point-to-Point Tunneling Protocol ● Point-to-Point Tunneling Protocol
(PPTP) (PPTP)
● Transparent bridge ● Transparent bridge
● DNS relay, Dynamic DNS (DynDNS, ● DNS relay, Dynamic DNS
3322) (DynDNS.org, 3322.org), DNS local
database
● IPv6
Protocol Protocols can be bound to a specific WAN Protocols can be bound to a specific
binding port for load balancing WAN port for load-balancing
purposes
Network DMZ port, DMZ host
edge ● DMZ port
(DMZ) ● DMZ host
Price($) $270 $284
14
CT097-3-3-CSVC UC3F1906IT(ISS)
Based on the table above, Cisco RV325 Dual Gigabit WAN VPN Router is suitable for using in
the criteria, as it supports VLAN that can reduce the congestion traffic in the network.
Client-server
Client-server is a "many-to-one" architecture. In this architecture, clients must know the IP address
of the server before a connection can be established. The server can handle many orders without
knowing ahead of time where clients are located. After the request, the server asks the client where
the response should be sent. In the client-server model, each response is tied to a prior request. As
a result, the response can be tailored to each request. In other words, each client makes a request
and each reply is made for one specific client in mind (RTI, 2015).
The client-server network architecture works best when information is centralized, such as in
databases, transaction processing systems, and file servers. However, if information is being
15
CT097-3-3-CSVC UC3F1906IT(ISS)
generated at multiple nodes, a client-server architecture requires that all information are sent to the
server for later redistribution to the clients. This approach is inefficient and precludes deterministic
communications, since the client does not know when new information is available. The time
between when the information is available on the server, and when the client asks and receives it
adds a variable latency to the system.
(Ackotech.com, 2019)
Point-to-point
Point-to-point.is one of the simplest forms of communication. A telephone is an example of a daily
point-to-point communication device. To use the phone, you must know the address (phone
number) of the other party. and point-to-point. networks are dynamic, self-organizing,
anonymizing, etc., but it does not guarantee that all peer instances in the network provide reliable
resources and good services. Some of the networks even exist to solve such problems. Establish a
trust mechanism in a and point-to-point. Network and establish a trust model to establish a trust
relationship between peers. Once the connection is established, you can make a reasonable high-
bandwidth conversation. However, if you have to talk to many people at the same time, the phone
will not work. The phone is essentially one-to-one communication.
16
CT097-3-3-CSVC UC3F1906IT(ISS)
(Ackotech.com, 2019)
17
CT097-3-3-CSVC UC3F1906IT(ISS)
(Ackotech.com, 2019)
Virtualization
Compute virtualization techniques, methods and resources – Guo Jun Hao
Virtualization is a broad term that usually refers to computing components running on a virtual
basis rather than on a real basis. Virtualization technology can expand the capacity of hardware
and simplify the process of software reconfiguration. CPU virtualization technology can simulate
multiple CPUs in parallel with one CPU, allowing one platform to run multiple operating systems
at the same time, and applications can be in separate spaces. Runs without affecting each other,
which significantly improves the efficiency of the computer.
18
CT097-3-3-CSVC UC3F1906IT(ISS)
Para-Virtualization
In order to improve the performance of Virtual Machine Monitor, a new Para-virtualization
technology Para-Virtualizing technology was born. This virtual technology is represented by Xen,
which is characterized by modifying the kernel of the operating system and adding a Xen
Hypervisor layer. It allows installation in this virtual environment, still requires emulation of
hardware devices, installation of the guest operating system, and the need to modify the kernel of
the operating system. Xen can be started simultaneously with respect to multiple systems on the
same hardware device, and resource provisioning by the Xen Hypervisor. In the traditional virtual
machine monitor, the performance is slightly improved, but it is not very significant. To further
improve performance, Intel and AMD have developed separately.
The virtual technology of VT and Pacifica adds virtual instructions to the CPU. Using the hardware
virtualization technology supported by the CPU, it is no longer necessary to modify the operating
system kernel, but the CPU-specific instruction set performs the corresponding conversion
operation.
19
CT097-3-3-CSVC UC3F1906IT(ISS)
The latest virtualization technology has evolved into operating system virtualization, represented
by SWsoft's Virtuozzo/OpenVZ and Sun's Solaris-based Container technology, with Virtuozzo
being a commercial solution and OpenVZ an Virtuozzo-based open source project. They are
characterized by a single node running a unique operating system instance. By installing a
virtualization platform on the system, the system can be divided into multiple isolated containers,
each of which is a virtual operating system. It is called virtual environment (VE, Virtual
Environment), also known as virtual private server (VPS, Virtual Private Server). In operating
system virtualization technology, there is only one system kernel on each node, and no hardware
devices are virtualized. In addition, multiple virtual environments share a file system as a template,
and performance is greatly improved. In a production environment, a server can run one VE/VPS
or hundreds of VE/VPS depending on the environment. Therefore, operating system virtualization
technology is a technology for production environments and commercial operating environments.
From the earliest hardware partitions to the current virtual machines and virtual operating systems,
virtualization technology has been developed for several generations, and different technical routes
have brought different advantages and disadvantages. The choice of technology and products,
users should still make decisions based on their own budget and application practices.
Techniques
There are two main types of storage virtualization, including block-level storage
virtualization and file-level storage virtualization.
20
CT097-3-3-CSVC UC3F1906IT(ISS)
Method
Host-based storage virtualization
It is completed by the logical volume management software under the operating system, and the
logical volume management software of different operating systems is also different. This
implementation allows the server's storage space to span multiple heterogeneous disk arrays, often
used for data mirroring between different disk arrays.
21
CT097-3-3-CSVC UC3F1906IT(ISS)
Resources
A SAN system usually consists of four parts: server connection device, storage network
connection device, storage device and management software. The storage network connection
device can be subdivided into devices such as Fibre Channel hub, Fibre Channel switch and storage
router.
From a design perspective, as long as you purchase a NAS server to join the network through
a standard network protocol, you can enjoy file-level storage services. However, if you plan to use
SAN to design a storage network, you need to purchase not only server connection devices, storage
network connection devices, storage devices, and management software, but also the structure of
the storage network.
22
CT097-3-3-CSVC UC3F1906IT(ISS)
23
CT097-3-3-CSVC UC3F1906IT(ISS)
another, a model called cloud-to-cloud migration. The third type of migration is a non-cloud
migration, also known as a reverse cloud migration, that moves data or applications from the cloud
back to the local data centre.
Cloud computing allocates computing resources on demand through the network.
Computing resources include servers, databases, storage, platforms, architecture, and applications.
• Virtualization: Virtualization is a key factor in enhancing computing power and the overall
security of operations and data.
• Scalability: Cloud-managed resources are used based on demand levels, so there is no need
to maintain high storage or bandwidth requirements to meet peak hour requirements. This
feature allows cloud hosting environments to be more cost effective than traditional hosting
requirements.
• Accessibility: Because computing power is distributed across different servers in the cloud,
different functions can be run on a variety of devices and platforms.
• On-demand pricing: Instead of paying for server resources, an enterprise pays for the
resources it consumes.
Private cloud, a feature of cloud resources that is only used by users within an organization.
It does not stipulate who the ownership, daily management and operation of the cloud belong to,
24
CT097-3-3-CSVC UC3F1906IT(ISS)
may be an organization, may be a third-party organization, or a combination of the two. The cloud
is located inside the organization or hosted elsewhere.
Community cloud, cloud resources are dedicated to users in a fixed number of units, and
these units have the same requirements for the cloud, such as security requirements, cloud
missions, rules and regulations, compliance requirements. The main body of ownership, daily
management and operation of the cloud is one or more units within the community, or it may be a
third-party organization, or a combination of the two. The cloud may be deployed locally or
elsewhere.
Public cloud, cloud resources are open to the public. Cloud ownership, day-to-day
management and operations are a business organization, academic structure, government
department, or several alliances. The cloud may be deployed locally or elsewhere, such as the
cloud of the Kuala Lumpur public cloud may be built in Kuala Lumpur or in Shah Alam.
A hybrid cloud consisting of two or more different types of clouds, such as a private cloud,
a community cloud, or a public cloud. They are combined using proprietary techniques, but they
are independent. These technologies enable smooth transfer of data and applications between
clouds. The combination of multiple clouds of the same type is a cloudy category, such as two
private clouds combined, and the hybrid cloud is a cloudy one. A hybrid cloud consisting of a
private cloud and a public cloud is currently the most popular. When the temporary demand for
private cloud resources is too large, public cloud resources are automatically leased to stabilize the
demand for private cloud resources. For example, when a website has a large number of clicks
during the holiday season, public cloud resources are temporarily used for emergency.
Justification
We recommend that Manchester's cloud deployment model project use a private cloud
model. Because Manchester has too many connections, it has reached the limit of hard-wired
infrastructure. For Manchester, which wants to offer its corporate applications and data on the
cloud, a private cloud is the ideal solution. Compared to public cloud users, it restricts access to
25
CT097-3-3-CSVC UC3F1906IT(ISS)
protect its IT systems by using encryption protocols and firewalls, but private clouds provide an
additional level of security. Private clouds provide scalability and more robust security policies,
compliance requirements, and budget and regulations.
Advantage
Special to the enterprise and encryption management
Data is stored entirely in the private cloud within the enterprise and is not tied to third parties, so
enterprise data is private and enjoys the efficiency that the cloud storage era brings to corporate
offices. When the data is stored on a unique server, the private cloud will securely encrypt the data
stored on the server. Private cloud storage also ensures the security and reliability of user data.
26
CT097-3-3-CSVC UC3F1906IT(ISS)
Limitations
Special to the enterprise and encryption management
Data is stored entirely in the private cloud within the enterprise and is not tied to third parties, so
enterprise data is private and enjoys the efficiency that the cloud storage era brings to corporate
offices. When the data is stored on a unique server, the private cloud will securely encrypt the data
stored on the server. Private cloud storage also ensures the security and reliability of user data.
27
CT097-3-3-CSVC UC3F1906IT(ISS)
Infrastructure as a Service (IaaS) is a cloud computing product that provides users with access to
computing resources such as servers, storage, and networking. Organizations can use their own
platforms and applications in the service provider's infrastructure. For example, Google Docs,
Salesforce.com, and even Web Email are also cloud computing.
28
CT097-3-3-CSVC UC3F1906IT(ISS)
Platform as a Service (PaaS) is a cloud computing product that provides users with a cloud
environment for developing, managing, and delivering applications. In addition to storage and
other computing resources, users can develop, customize, and test their own applications using a
pre-built tool suite. For example, Google App Engine, Force.com, and more.
Software as a Service (SaaS) is a cloud computing product that provides users with access to
vendor cloud software. Users do not need to install an app on their local device. Instead, the
application resides on a remote cloud network and is accessed via the web or API. Through the
application, users can store and analyse data and collaborate on projects. For example, Amazon
EC2, Joyent, and Alibaba Cloud.
29
CT097-3-3-CSVC UC3F1906IT(ISS)
• Data is protected in the cloud; device failures do not result in data loss.
• Resource usage can be expanded based on service needs.
• Applications can be accessed from virtually any device connected to the Internet from
anywhere in the world.
Justification
We recommend using the PaaS cloud service model as a solution for the project because
the infrastructure already exists in the project's office. The PaaS workflow is an early stage of the
provider's development and can effectively accelerate the delivery of its products and services to
consumers.
The service provider we recommend supporting the PaaS model is AWS's Elastic
Beanstalk. AWS's Elastic Beanstalk was chosen because, according to (DevTeam.Space., 2019),
it is one of the top 10 PaaS cloud computing service providers in 2019, which implements
applications in a flexible cloud. Hosting, configuring, deploying, and managing automated
environments. It provides developers with a self-service that makes it easy to deploy applications
on demand.
Advantages
Fast automated configuration
Elastic Beanstalk automatically sets up, configures, and provisions other AWS services
such as EC2, RDS, and Elastic Load Balancing to create web services. This automation saves
valuable time by processing all the work that the production application needs to do, such as Linux
package installation, load balancer configuration, and database setup. The automatic configuration
of Elastic Beanstalk also helps to avoid errors caused by small details when trying to set it
manually.
Powerful customization
The content created is just an AWS service, so you can view the new EC2 instance via an
SSH connection. Not only can the database configuration file be updated, but security groups can
30
CT097-3-3-CSVC UC3F1906IT(ISS)
also be updated for all instances. For example, the entire application or instance can only be
accessed from your office IP address.
Limitations
Deployment speed
For two front-end sites, deployment takes at least five minutes or even fifteen minutes. More server
deployments take longer. This can be important if you want to respond in real time.
Stack upgrade
Elastic Beanstalk always has a new stack version, but there is no release details for the changes.
Sometimes it's obvious that the version of Ruby or Puma will change. But other times, this is just
a normal upgrade.
Unreliable deployment
With the Elastic Beanstalk deployment failure, we all need to troubleshoot and fix it ourselves. We
found and tried a variety of solutions, such as terminating the problematic instance and then letting
Elastic Beanstalk recover. We don't know what went wrong, so we're not sure if the computer is
in good shape.
31
CT097-3-3-CSVC UC3F1906IT(ISS)
Each environment has a URL that points to the load balancer. The alias for this URL in
Amazon Route 53 is the Elastic Load Balancing URL. Amazon Route 53 is a highly available,
scalable Domain Name System (DNS) web service. It provides secure and reliable routing to the
cloud service infrastructure. A domain name registered with a DNS provider forwards the request
to an alias record.
Amazon EC2 Auto Scaling is in front of the instance. It automatically launches more
Amazon EC2 instances to accommodate the increased load on the application during holidays or
32
CT097-3-3-CSVC UC3F1906IT(ISS)
events. If the load on the application is reduced, it stops the instance, but at least one instance is
running.
The software stack running on the instance depends on the container type. The container
type defines the infrastructure topology and software stack that will be used in the environment.
For example, an Elastic Beanstalk environment with an Apache Tomcat container uses the
Amazon Linux operating system, the Apache web server, and the Apache Tomcat software.
The software components of the Host Manager (HM) run on each Amazon EC2 instance.
The host manager is responsible for the following:
Host Manager reports instance status through metrics, errors, events, and servers provided
by the AWS Management Console, APIs, and CLI.
A security group is a firewall rule for an instance. By default, Elastic Beanstalk defines a
security group that allows everyone to connect using ports 80 (HTTP) and 22 (SSH). You can
define one or more security groups. For example, define a security group for the MySQL database
server that allows port 3306 (MySQL) connections.
33
CT097-3-3-CSVC UC3F1906IT(ISS)
34
CT097-3-3-CSVC UC3F1906IT(ISS)
Personal Identity Information (PII), and intellectual property. To mitigate the risk of such data
leakage, providers may deploy a multifactor authentication, encryption techniques, and tightened
network security (SearchSecurity, 2019).
35
CT097-3-3-CSVC UC3F1906IT(ISS)
36
CT097-3-3-CSVC UC3F1906IT(ISS)
Authentication Code (MAC) and hash functions can be employed in data protection to offer data
integrity (Anon, 2019).
Threats detections. Cloud is always attacking by attacker for damage the security system and get
the confidential information. So, provide the CIA (confidentiality, integrity, and availability) in
cloud service. Attacks detection and prevention component and unit should provide the IDS
(Intrusion Detection System) and IPS (Intrusion Prevention System). Malicious insider should be
reduced to minimum to guarantee the maximum availability of business, government, health and
other critical information and services. These are provisions for the next generation of intrusion
detection systems and firewalls in order to protect the resources from malicious intrusions, viruses,
and malwares.
Security services. Using the AAA (authentication, authorization, and accountability) security in
cloud services. SaaS is an industry from which a service contributor integrates security services
into a commercial infrastructure on a subscription basic. SaaS has applications such as anti-virus
software delivered over the internet however the tern can in addition pass on to security
administration provided in-house by an external organization.
Computing Hardware
1. CPU $1440.00
3. RAM $1340
4. Cooling $150
Storage Hardware
37
CT097-3-3-CSVC UC3F1906IT(ISS)
2. Enclosure $2500
Networking Hardware
1. Router $284
2. Switch $3295
Total $18459
38
CT097-3-3-CSVC UC3F1906IT(ISS)
According to the configuration of Figure 3, Figure 4 shows that the cost for a total of three years
is about $90,000, which is about $30,000 per year. It also provides an administrator console that
allows viewing and control of instances. It allows tracking of problems. It has an instance sub state
dashboard with an advanced view that allows you to view resource usage for the entire strength
group. There are also container-as-a-service, access control management, and instance-scoped
event logs.
39
CT097-3-3-CSVC UC3F1906IT(ISS)
Anti-Spam • Identifies and blocks spam $100 per system per year
(unsolicited messages) from
entering your system. Budget cost
• Spam filters, spam blocking, $2,000 per year
quarantining, white listening,
reports
Anti-DDos • Helps to prevent the DDOS $100 per system per year
attacks and website unavailable
service. Budget cost
• Real time/scheduled scanning $2,000 per year
and alerts.
Cloud security • Protects the data, applications, Budget cost
and infrastructures involved in $3,000 per year
cloud computing.
• Real time/scheduled scanning
and alerts.
Cyber insurance • Able to claim the money if Budget cost
company data loss or cyber- $6,000 per year
attack lead to lose money.
• The insurance allows to
compensation money to
company.
40
CT097-3-3-CSVC UC3F1906IT(ISS)
Data backup • Stores a copy of your data that $100 per system per year
can be recovered/restored in case
of emergency. Budget cost
• Automatic file copying, search, $2,000 per year
versioning, file recovery.
Data loss • To prevent “data loss” and “data $100 per system per year
prevention leak”.
• Automatic file copying and save Budget cost
file $2,000 per year
41
CT097-3-3-CSVC UC3F1906IT(ISS)
42
CT097-3-3-CSVC UC3F1906IT(ISS)
YEAR 1 2 3
COSTS $152,459 $134,000 $134,000
ESTIMATED BENEFITS $200,000 $300,000 $400,000
ROI
__(GAIN – COST )__ 31.18% 123.88% 198.50%
COST
In the above table, Amoria Bond's first year cost is $152,459, which includes purchase
hardware, cloud services and maintenance. Since this is the first year of cloud deployment and
migration, we don't think it will bring much revenue, so the return on investment is 31.18%.
However, in the next two years, as the business continues to grow, its revenue will increase and
exceed the first year. However, the fee still to be paid is the annual subscription and maintenance
fee for the cloud service, which costs $134,000. Will not buy any new hardware, the return on
investment is 123.88%. Therefore, with the development of the business, the return on investment
in the third year was 198.5%.
Conclusion
In short, the proposed solution was the problem of security, resilience, redundancy, availability,
backup, disaster recovery planning, connectivity and bandwidth, and scalability, including
hardware and software upgrades in Amoria Bond company. Everything is about the
implementation of cloud services. Amonia Bond will buy hardware and software to substitute the
old IT infrastructure. The hybrid cloud is a combination of public and private clouds that allow
Amoria Bond to choose between two cloud data storage methods based on data confidentially.
Virtualization will be carried out to comply with Amoria Bond company’s requirements and
limitations. Use the SaaS, IaaS, and PaaS in Amoria Bond company purpose to embrace the
security and cloud services. Besides that, the Return of Investment (ROI) is based on the cost of
physical architecture, cloud services and security solutions. The Amoria Bond business will be
spent on higher revenue compared to the old IT infrastructure.
43
CT097-3-3-CSVC UC3F1906IT(ISS)
References
What is storage virtualization? - Definition from WhatIs.com (2019). What is storage
virtualization? - Definition from WhatIs.com. [online] SearchStorage. Available at:
https://searchstorage.techtarget.com/definition/storage-virtualization [Accessed 19 Aug. 2019].
SaM Solutions. (2017). Virtualization in Cloud Computing [Types and Techniques Overview] |
SaM Solutions. [online] Available at: https://www.sam-solutions.com/blog/virtualization-
techniques-in-cloud-computing/ [Accessed 11 Sep. 2019].
What is cloud migration? - Definition from WhatIs.com (2019). What is cloud migration? -
Definition from WhatIs.com. [online] SearchCloudComputing. Available at:
https://searchcloudcomputing.techtarget.com/definition/cloud-migration [Accessed 20 Aug.
2019].
Control Engineering. (2017). Five characteristics of cloud computing. [online] Available at:
https://www.controleng.com/articles/five-characteristics-of-cloud-computing/ [Accessed 22 Aug.
2019].
Rishabh Software. (2019). Types of Cloud Deployment Models & Cloud Computing Models
(Updated 2019). [online] Available at: https://www.rishabhsoft.com/blog/basics-of-cloud-
computing-deployment-and-service-models [Accessed 22 Aug. 2019].
Syneto. (2017). 7 benefits of choosing a private cloud solution - Syneto. [online] Available at:
https://syneto.eu/2016/10/20/benefits-of-choosing-private-cloud/ [Accessed 2 Sep. 2019].
Hind Bouzidi (Outscale (2017). The Limitations of Private Clouds. [online] Outscale.com.
Available at: https://blog.outscale.com/en/the-limitations-of-private-clouds [Accessed 2 Sep.
2019].
Fingent Blog | IT Solutions Blog | Ideas to Motivate Business Growth. (2019). Cloud Service
Models Saas, IaaS, Paas - Choose the Right One for Your Business | Fingent Blog. [online]
44
CT097-3-3-CSVC UC3F1906IT(ISS)
DevTeam.Space. (2019). 10 Top PaaS Providers for 2019 - DevTeam.Space. [online] Available
at: https://www.devteam.space/blog/10-top-paas-providers-for-2019/ [Accessed 3 Sep. 2019].
Camp, A. (2016). Elastic Beanstalk: Advantages and Drawbacks. [online] Medium. Available at:
https://medium.com/@acamp/elastic-beanstalk-advantages-and-drawbacks-be814615af01
[Accessed 4 Sep. 2019].
Amazon.com. (2019). Web Server Environments - AWS Elastic Beanstalk. [online] Available at:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-webserver.html [Accessed 4
Sep. 2019].
SearchSecurity. (2019). What is a data breach? Definition from WhatIs.com. [online] Available
at: https://searchsecurity.techtarget.com/definition/data-breach [Accessed 24 Jul. 2019].
Techopedia.com. (2019). What is Data Loss? - Definition from Techopedia. [online] Available at:
https://www.techopedia.com/definition/29863/data-loss [Accessed 24 Jul. 2019].
Databackuponlinestorage.com. (2016). 7 Greatest Causes of Data Loss | Data Safety Tips. [online]
Available at: https://www.databackuponlinestorage.com/7_Causes_of_Data_Loss [Accessed 24
Jul. 2019].
McCoy, M. (2015). 6 Notorious Cases of Data Loss All Hosting Providers Can Learn From.
[online] R1soft.com. Available at: https://www.r1soft.com/blog/6-notorious-cases-of-data-loss-
all-hosting-providers-can-learn-from [Accessed 25 Jul. 2019].
45
CT097-3-3-CSVC UC3F1906IT(ISS)
Security Intelligence. (2018). These 5 Types of Insider Threats Could Lead to Costly Data
Breaches. [online] Available at: https://securityintelligence.com/these-5-types-of-insider-threats-
could-lead-to-costly-data-breaches/ [Accessed 25 Jul. 2019].
46
CT097-3-3-CSVC UC3F1906IT(ISS)
Workload Matrix
component / Guo JunHao TP046636 Chea Yan Shaw TP045215 Tan Yik Ern TP046566
name
Executive 34% 33% 33%
summary
General 33% 34% 33%
assumption
Physical 100% - -
Architecture
Compute 34% 33% 33%
virtualization
Cloud - 100% -
migration
Storage 33% 34% 33%
virtualization
Security - - 100%
Solutions
Network 33% 33% 34%
virtualization
47
CT097-3-3-CSVC UC3F1906IT(ISS)
Marking Scheme
Student’s Name GuoJunHao Chea Yan Shaw Tan Yik Ern
TP046636 TP045215 TP046566
Group Components (A)
Overall design & structure (10)
Presentation (10)
48